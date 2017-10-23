Kaspersky Lab To Open Software To Review, Says Nothing To Hide (reuters.com) 38
Moscow-based Kaspersky Lab will ask independent parties to review the security of its anti-virus software, which the U.S. government has said could jeopardize national security, citing concerns over Kremlin influence and hijacking by Russian spies. From a report: Kaspersky, which research firm Gartner ranks as one of the world's top cyber security vendors for consumers, said in a statement that it would submit the source code of its software and future product updates for review by a broad cross-section of computer security experts and government officials. It also vowed to have outside parties review other aspects of its business, including software development. Reviews of its software, which is used on some 400 million computers worldwide, will begin by the first quarter of next year, it said. "We've nothing to hide," Chairman and CEO Eugene Kaspersky said on Monday. "With these actions we'll be able to overcome mistrust and support our commitment to protecting people in any country on our planet." Kaspersky did not name the outside reviewers, but said they would have strong software security credentials and be able to conduct technical audits, source code reviews and vulnerability assessments.
If they really wanted vindication.... (Score:4, Interesting)
And I don't mean sue them through civil court for damages, I mean actually file real criminal charges against them. Since the government appears to want to keep being mum about why they are saying this about Kaspersky, their only defense against this would then be to go on-record as saying that this is in their opinion only, and not based on any actual findings.
Of course, none of this would necessarily prove that Kaspersky software can actually be trusted, but it would force the US government to shut up about it, unless they are prepared to reveal exactly *why* they believe the company is less than trustworthy (which I don't think they want to do).
Very good (Score:3)
If they do that, then that's absolutely great and reason alone to switch to Kaspersky. Everybody should welcome this.
Closed-source Antivirus and other security products (encryption, voting machines, credit card processing, etc.) tend to be fairly insecure for lack of external auditing. Companies go at great length to claim how careful they are etc., but the sad truth is that without any external auditing they will allow all kinds of blunders, fix vulnerabilities late and secretly, etc. This has been proven again and again.
It's definitely a step in the right direction. To say more about it, we'll need to see the printed results of the audits and who conducted them.
I don't think that was the point (Score:4, Interesting)
So what's an analysis of the source code going to show? That Kapersky sends back Word DOC files? Well... DERP.
The CEO of Kapersky has already defended his software's actions that pulled back code that looked like it was malicious and that they make no apologies for being aggressive in tracking cyber-crime.
More importantly will this release of the source code include their data tables for the signatures and key phrases they detect?
Better than the rest (Score:2)
Everybody here seems to be falling how they still can't trust them, because they can't build the code. Although that is true, they still do more than Norton and others.
How do you know they are not infiltrated by the Russians? Perhaps they are and they are also infiltrated by the NSA. Do you think the NSA would tell you not to use it?
The only thing I am sure about is that Kasperski is not infiltrated by the NSA as they seem to be making such a fuzz about it.
Indeed we can't be sure about any of the software t
