Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Germany Warns Kaspersky Software Risks Being Exploited by Russia (bloomberg.com) 44

Germany warned against using anti-virus software from Moscow-based Kaspersky Lab due to risks it could be exploited by Russia for a cyber attack. From a report: The Federal Office for Information Security, or BSI, issued the warning on Tuesday, saying that companies and authorities with special security status and operators of critical infrastructure could be "particularly at risk." The danger has increased since Russia's invasion of Ukraine, the Bonn-based agency said in a press release, citing threats made by Moscow against NATO, the European Union and Germany. In 2017, the U.S. government banned all use of Kaspersky Lab software in federal information systems, citing concerns about the firm's links to the Russian government and espionage. The company denied any wrongdoing in that case and pushed back against Germany's move now.
This discussion has been archived. No new comments can be posted.

Germany Warns Kaspersky Software Risks Being Exploited by Russia

Comments Filter:
  • by wakeboarder ( 2695839 ) on Tuesday March 15, 2022 @10:11AM (#62359409)

    I used it years ago and I thought they made a good product. However, they might not have a choice when the KGB comes knocking at their door and threatens Kaspersky to do whatever the KGB wants. So I'm going to have to agree with germany on this one.

    • I uninstalled it right after Russia attacked Ukraine.

    • The potential for them to be exploited by the KGB has been there since the start and it'd be foolish to believe a company based in the country hasn't been long ago.
    • Comment removed based on user account deletion
    • Kaspersky's software was so good it quarantined and uploaded all the NSA zero-day exploits a contractor lifted and brought home with him, which is why the US is so hysterical about it. I'll bet every US-based antivirus vendor whitelists them unconditionally.

      • Kaspersky is going to do whatever Putin wants. Think about that.

        • US AV firms are going to do whatever Defense Production Act and Biden wants. Think about that.

          But US firms don't even need that, their consent is manufactured voluntarily, same propaganda you're clearly susceptible to.

    • by AmiMoJo ( 196126 )

      What is the alternative though? If you are worried about attacks by state level actors you have to rule out all the Chinese and American ones. Then filter out the ones that are crapware or sell your internet history (e.g. Avast), and that leaves you with... F-Secure?

      • At least in theory, a US based company cannot be compelled by the CIA, NSA, etc. to plant backdoors or do other nasty things. And in general, the workers don't have to worry about about disappearing, or their families being sent to a labor camp, if they tell the government to fuck off.

        But in reality nobody in Russia (or elsewhere) has to worry about the KGB. (You should probably avoid pissing off the FSB though.)

        • No, but I suspect that the CIA or NSA just plants 'moles' in US companies to plant exploits.

        • by AmiMoJo ( 196126 )

          Not even with a National Security Letter?

          In any case, the NSA loves hacking US companies. Wouldn't trust British either.

          • Not even with a National Security Letter?

            You bring this idea up a lot. That is not how a National Security Letter works.

            A National Security Letter compels an organization to turn over information that is has, and not tell anyone that it has done so. It is essentially a subpoena with a gag order attached.

        • A US judge ordered a "no logging" company to start logging all their user's activity just so they could turn it over in a copyright spat with the recording industry. I don't know what hope companies have when agents coming knocking with a FISA court order with gag provisions. The Supreme Court just reaffirmed all the government has to do is say the magic word "National Security", and it doesn't even matter if everybody already knows what they're trying to protect. If they defied a court's gag order, they're
      • If I live in north America I am much less worried about being attacked by a country in north america than I am a country (russia) that has actively cyber attacked and runs bot networks in western countries.

        I used to love avira, a good German company that made a great product with a low profile, until they got bought out. I still use them but I'm looking for another alternative.

      • What is the alternative though? If you are worried about attacks by state level actors you have to rule out all the Chinese and American ones. Then filter out the ones that are crapware or sell your internet history (e.g. Avast), and that leaves you with... F-Secure?

        US companies are less likely to be asked by their government, and they're more likely to push back. Though it probably still happens though not so much to individuals/companies in the West.

        But in Russia? The Russian government has zero qualms about forcing companies to do unethical things on behalf of the government.

        Frankly, I suspect the only reason that Kapersky hasn't been forced to install a backdoor or something is that the Russian government has realized that it's a one-time play and then the company

      • The difference for corporations (rather than individuals) is liability. If you're a CISO and you went with Kaspersky, despite it being an outdated product not competitive with USA options on Gartner such as Microsoft and CrowdStrike, and then you get breached because of this -- that's your fault. You can be sued easily for data breaches etc from there. If you went with made-in-USA CrowdStrike and then the NSA hacked you, who's getting sued in what court? You think CMS is going to sue for HIPAA violatio
    • by UpnAtom ( 551727 )

      Current events aside, I think it's still the best free AV. I'm here reading comments to help me make a decision.

      Can we just stop Kaspersky updating anything other than malware definitions?

      Or just go with Defender for a bit.

      • Current events aside, I think it's still the best free AV. I'm here reading comments to help me make a decision.

        Can we just stop Kaspersky updating anything other than malware definitions?

        Or just go with Defender for a bit.

        Are you doing regular backups?

        If Moscow is looking to retaliate against sanctions then encrypting the hard-drives of millions of Kapersky users is one way they could do it.

        • by UpnAtom ( 551727 )

          Are you doing regular backups?

          What do you think? LOL

          Though my important stuff is on Dropbox, GMail etc.

          It's great advice though and I'll see what more I can do.

    • by UpnAtom ( 551727 )

      Kaspersky announced a new version today from within the app. Says nothing about opposing potential Putin demands for malware. Think I'm going to uninstall.

      https://usa.kaspersky.com/free... [kaspersky.com]

  • Perhaps for the future of their company it'd be wise to move out of Russia.

    • And change the name
    • Hard to quickly move 4000+ employees out of the country. Would take quite a bit of time. Also quite a massive resource commitment to replace them (ignoring the negative impacts of laying off so many left there). Not sure what the ideal solution is, but none of them are great.
    • by Ilgaz ( 86384 )

      They moved the HQ to Switzerland. It isn't enough, Kaspersky needs to open the source and switch to Apache license now. VirtualBox, Android, Open Office are all the good examples out there. You can be commercial and be open source same time and still make tons of money.

  • They had some pretty good removal tools once upon a time, but I stopped using them the first time I had a client get crypto-ransomed a little over a decade ago. (Not our fault, they were using administrator and no password on a critical piece of hardware, and we were engaged to clean up AFTER the fact.)

    We (the FBI guy working with us, and I) figured out that the perpetrator was operating out of Belarus. After an abundance of research and an increase in my general level of paranoia, I decided to only use sof

  • Comment removed based on user account deletion
  • How many Steam games are made by and/or hosted in Russia?

    • They have this wicked cool war game, where you invade a neighboring country that you share a long history with

      Just remember to play as the blue/gold team as they seem to be winning, if you auto sort to a Z or V team, just kill the toon and keep trying until you get blue/gold

    • War Thunder is a clear, big example. Worse yet it has this "updater' that runs in the background all the time. Talk about something that could be exploited, you probably don't need to look any further.

  • "Germany Warns Kaspersky Software Risks Being Exploited by Russia" should be "Germany Warns Kaspersky Software Presents Russian Exploit Risk"

  • whatabouting about National Security Letters and gitmo and Assange and Snowden.

    Nevermind that America foreswore wars of conquest over a century ago.

  • If you're still using Kaspersky today, you deserve every virus, trojan or spyware that Russia puts on your computer.
    • You're funny, there is zero evidence Kaspersky does such things. Look no further than the US government for an entity that actually does such things.

  • They are clever to use Linux/Kubuntu/(open)SUSE in government but they don't do a sizeable donation/support to something like Clamav.

    Here is a crazy idea. Acquire a well known, respected German AV makers code. Cleanup the code. Re-release it similar to VirtualBox, e.g. source is open but for extra commercial/secret things, require a separate binary module.

In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker

Working...