Background Image

Blog Post

Dec 13

Why Kaspersky Is Now Banned From US Government Computers


Kaspersky Labs has a rich history as the maker of the worlds first true antivirus product. The company introduced heuristics based antivirus ages ago and long before any of it's competition. The company is based in Moscow and has operated well above the expected standard for a normal antivirus product. So why has the US government banned it's use recently? Are they really working with Russian government? Where is the evidence?

Israel

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers. Excerpted from NYT Granted we don't often cite stories from NYT but today is a fair exception as this article seems largely correct and unbiased.

The Reaction

Kaspersky has now repeatedly denied any involvement offering to have their software source code reviewed independently, so what is the truth here? Would a software company offer their code up to review if it was compromised? Yes they would. The truth is that even if Kaspersky weren't guilty the source code could in no way guarantee that the regular updates to their product wouldn't or didn't include backdoors, trojans, or even more serious and dangerous payloads meant for use in the field of espionage. Even if they were 100% guilty of such espionage, the source code wouldn't reflect anything significant because the product as a standalone is not the delivery system for whatever tools were potentially in use.

 How It Works

Target user has known antivirus product with signed backdoor for updates, which are generally delivered by a server that has the signing key. Agent has signing key and can access that backdoor as a result and gets x amount of access to the target system and can see every file ever scanned by the log on the antivirus product. The result is unmitigated access - and in many systems, antivirus products aside from Kaspersky's the antivirus are just one of several targeted and well documented vectors for an attack when the victim's PC is of significance - like a US government laptop potentially would be.

My Usual Rant In Favor Of Linux

While it's true that this exact vector is hopeless against a Linux operating system, I won't pretend that out of the box any system is fool proof. There are ways to bypass user controls, and even reset passwords on a Linux system unless or until special measures have been taken. However as it is far less prone to viruses, malware, trojans, etc. I'll say again, Linux is best. Learn to use it and use Chattr to lockdown those pesky shadow and password files, change your ssh keys, and you are much closer to a safer network topology.


 
Add Comment:
Please login or register to add your comment or get notified when a comment is added.
1 person will be notified when a comment is added.