Archive for Kaspersky

Should You Uninstall Kaspersky From Your Computer?

Posted in Commentary with tags on October 12, 2017 by itnerd

With the revelation that Russian spies have been using the beleaguered Kaspersky anti-virus software for years to troll for secrets, the question is, should you uninstall it from your computer or is it safe to leave on your system.

My answer would be to uninstall it. Instructions on how to do that can be found here.

Here’s my logic. Despite the company’s repeated denials of any connection to the Russian government, it doesn’t make sense to have this potentially dangerous piece of software on any system that you own given what we now know. Now let me be clear, the chances are low that Russian spies are going to be targeting you. But why take that chance? Dump it and be safer.

Besides, there’s a ton of other AV software that’s out there. If you run Windows 10. For Windows 7, look at downloading Microsoft Security Essentials. If you run Windows 8 or later, you get Windows Defender as part of the OS. On the Mac side, macOS does come with rudimentary malware protection. But I tend to recommend Sophos Home For Mac as that is pretty lightweight and provides great protection.

Oh, by the way, all the above won’t cost you anything more than your time as they are all free.

The fact is that given what we now know about this situation, you have to assume the worst and protect yourself accordingly. Perhaps this is paranoia at work here. But these days you can never be too careful.




Israeli Spies Pwned Kaspersky & Caught Russian Spies Using AV Tool To Pwn Others

Posted in Commentary with tags on October 11, 2017 by itnerd

This isn’t going to be good news for Kaspersky who has been battling accusations that their anti-virus software is used by Russian spies to spy on the west. According to the New York Times, Israel pwned Kaspersky. In the process of doing that, they discovered that Russian spies were using the anti-virus software as a gateway to pwn others:

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

How do we know that it was Israel? Well, there’s this:

Kaspersky Lab did not discover the Israeli intrusion into its systems until mid-2015, when a Kaspersky engineer testing a new detection tool noticed unusual activity in the company’s network. The company investigated and detailed its findings in June 2015 in a public report.

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded. Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet.

If this report is accurate, then Kaspersky is done like dinner in most places on planet Earth. There’s no way that anyone will install their software. Though I will say that the employee who got pwned by Russian spies needs a kick in the you know where for allowing this to happen.

There’s also one other thing. Since a nation state or anyone else pwning anti-virus software so that they can use it as a bride to pwn a network has gone from being theory to fact, anti-virus vendors are going to let a lot less people look at their code. Symantec was the first to do this with its CEO Greg Clark telling Reuters this week it will no longer let governments inspect its source code. That will help, but seeing as the Russians and Israelis were in the Kaspersky network for up to 2 years, it cannot be the only line of defense.

Meanwhile, let us watch the fall of Kaspersky as I cannot see a scenario at this point where they survive this.

BREAKING: US Government Bans Kaspersky Software

Posted in Commentary with tags on September 13, 2017 by itnerd

The ongoing battle between the US Government and Kaspersky software took a new turn today. The Washington Post is reporting that the latter has been banned from the US government over fears of espionage:

Acting Homeland Security Secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal government networks while giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

Now this has been going on for months as evidenced by these posts on the subject. But this is a major escalation. And one that is sure to get a response from not just the software company, but the Russian government too. In terms of the former, this is what they had to say:

In a statement to The Washington Post on Wednesday, the company said: “Kaspersky Lab doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it’s being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,” the firm said.

I would recommend watching this story as it’s going to get interesting. Very interesting.

Kaspersky Punted From Feds List Of Approved Vendors

Posted in Commentary with tags on July 13, 2017 by itnerd

Following up on this story from yesterday which suggested that Russian antivirus company Kaspersky had ties to Russian intelligence, it seems that Kaspersky has a full blown crisis on its hands as it has apparently been removed from the US government’s list of approved vendors:

The delisting represents the most concrete action taken against Kaspersky following months of mounting suspicion among intelligence officials and lawmakers that the company may be too closely connected to hostile Russian intelligence agencies accused of cyber attacks on the United States.

Kaspersky products have been removed from the U.S. General Services Administration’s list of vendors for contracts that cover information technology services and digital photographic equipment, an agency spokeswoman said in a statement.

Here’s why this happened:

The action was taken “after review and careful consideration,” the spokeswoman said, adding that GSA’s priorities “are to ensure the integrity and security of U.S. government systems and networks.”

Translation: We don’t trust Kaspersky.

You have to wonder how much of this comes from actual proof that the company and how much comes from politics? Either way, it’s not a good situation.

If You Run Kaspersky Products, You MAY Want To Switch To Something Else

Posted in Commentary with tags on July 12, 2017 by itnerd

Bloomberg has made a stunning accusation that Russian based antivirus company Kaspersky has a tight relationship with the FSB which is the Russian spy service. And I do mean TIGHT:

Internal company emails obtained by Bloomberg Businessweek show that Kaspersky Lab has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted. It has developed security technology at the spy agency’s behest and worked on joint projects the CEO knew would be embarrassing if made public. The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.

The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors.

Given the current political climate in the US, this is simply stunning if true as Kaspersky products are extremely popular. But it’s a safe bet that with this news, Kaspersky products may become very unpopular very quickly. Thus it won’t shock you that the company has issued a statement in response to Bloomberg’s report. Here’s part of it:

Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime. In the internal communications referenced within the recent article, the facts are once again either being misinterpreted or manipulated to fit the agenda of certain individuals desperately wanting there to be inappropriate ties between the company, its CEO and the Russian government, but no matter what communication they claim to have, the facts clearly remain there is no evidence because no such inappropriate ties exist.

So, what’s true and what’s “misinterpreted”? Who knows, but it’s a safe bet a lot of people are trying to find out as we speak.

Several Major AV Products Have A Common Flaw

Posted in Commentary with tags , on December 10, 2015 by itnerd

If you run McAfee VirusScan Enterprise version 8.8, Kaspersky Total Security 2015, and AVG Internet Security 2015, you need to update your software right now. According to enSilo via a a blog post, all three AV apps allocate memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system. On top of that, enSilo has created a free checking utility called AVulnerabilityChecker and stuck it on Github for anyone to use to see if they are affected.

Intel, owner of McAfee, and Kaspersky have now fixed the issue. Ditto for AVG. If you haven’t updated your AV apps lately, you should do so now.

Kaspersky Update Punts Windows XP Users Off The Internet

Posted in Commentary with tags , on February 6, 2013 by itnerd

If you use Kaspersky Anti-Virus and you run Windows XP, I suspect that you could be reading this on some other device right now. That’s because a recent update of the popular anti-virus app has disabled Internet access for those users.

That’s a bit of a #fail.

But Kaspersky has stepped up to the table. They’ve put out a statement that offered a workaround. Then late yesterday a fix was offered. I have to hand it to Kaspersky for reacting quickly to this. Of course, I got a couple of calls on this yesterday from panicked clients of mine.  So I would recommend to Kaspersky that they do some extra QA on their updates as I don’t like seeing customers spending money they don’t have to.