The Impact of the Kaspersky Ban (opens in new tab)

(bitsight.com)

22 pointscyberlurker1y ago78 comments

78 comments

29 comments · 5 top-level

mmmlinux1y ago· 12 in thread

Is this retaliation for that time they detected unreleased NSA spyware? Has there ever been shown to be a security breach related, or is this just Russia bad? genuinely curious.

alfalfasprout1y ago

Antivirus software typically requires some level of privileged access. Given Kaspersky's deep collaboration with the Kremlin it's a serious attack vector.

lionkor1y ago

Right but Chrome isnt?

3 more replies

axpvms1y ago

Russia is bad though, they just bombed a children's cancer hospital yesterday.

jmprspret1y ago

The US government, DoD, CIA, etc are all "bad" too. I'm not excusing Russia's actions, but if you're going the moral high ground, on civilian murder, you should be avoid US companies as well.

3 more replies

Xen91y ago

Three meta-level points:

(1) Public discussion in the web about what is, has and will happen in global / security / foreign politics is completely broken.

(2) The reason is not and cannot be one-sided. However it may be better to think of groups with "mind control" powers and entities with not than any nation states or international organizations.

(3) I have never seen an attempt by anyone to do something about this; it seems that hope of rational (web) discussions and analysis is, has always been, and will for foreseeable future buried by whatever this is.

tptacek1y ago

Forget the ongoing military conflict, and Russia is a hostile US IC rival. We did much the same thing with Huawei, for reasons much more complex than "China bad".

TiredOfLife1y ago

Huawei was selling sanctioned hardware to Iran, and hiding it.

1 more reply

bdcravens1y ago

One could say it's similar to the reasons for banning TikTok (concerns about state control of software), but in general, it's an expanding of existing trade sanctions against Russia.

fred_is_fred1y ago

Tik-Tok and an Anti-virus program have pretty different privilege levels I would think. And generally one doesn't install Tik-Tok on servers in the data center, but I guess I could be surprised.

1 more reply

golergka1y ago

Kaspersky has been in FSB's pocket since forever. Banning hostile foreign intelligence from providing security services to your country is one of the very rare pieces of regulation even a staunch minarchist would support.

ahofmann1y ago

Following this argument, the whole world needs to stop using software from the USA (and china, and Russia and ...).

4 more replies

gregw21y ago

The clearest most specific summary explanation I have seen is:

https://arstechnica.com/information-technology/2017/10/kaspe... Note the Israeli findings and the months of experiments by US intel agencies after the fact and the conclusions they drew.

The initial counterargument from Kaspersky (which seems to address some but not other concerns raised in the above link) apparently was something like the following:

https://arstechnica.com/information-technology/2017/11/kaspe...

Both the above are from 2017 in the months after the issues about Kaspersky concerns first came to light. This triggered the ban of Kaspersky from US government computers back then. Not sure what info may or may not have come to light since then but most people are not even aware of the above.

The official 2024 USG reasons which impact are outlined in four bullets in the press release here: https://www.bis.gov/press-release/commerce-department-prohib... which in turn points to an ODNI (Office of the Director of National Intelligence) public-facing PDF/slide of the reasons: https://www.dni.gov/files/CTIIC/documents/products/Kaspersky... and the US Commerce department's findings at https://oicts.bis.gov/pdfs/AppendixA.pdf (mostly blacked out but you get a sense of the back-n-forth reasoning justifying what steps short of a ban could be taken at least a little bit) and the Commerce Department Kaspersky FAQ at https://oicts.bis.gov/kaspersky/faq/

I have no first/secondhand knowledge of any of this stuff but this is what my curiosity turned up when I went poking around.

Having observed corporate US security practices, my perception is that a lot of protection involves scanning things using very low-level OS and/or network techniques. Remember that phrase "who guards the guardians? ( https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%... ) The Kaspersky ban by the US Commerce department appears to be essentially a concession that "who scans the scanners?" is not something the US can particularly do for products with the type of low-level access provided to AV/malware products, particularly products from entities with a concrete history of specific adverse (2014-2017) behavior from a particularly skilled hostile country (in this case Russia).

ReDeiPirati1y ago· 8 in thread

Leaving aside the valuable politics concern, I honestly love Kaspersky, it's the only AV that doesn't suck or become too spammy. Which alternative would you recommend? Please don't say Norton

mathisdiego1y ago

ESET is pretty good. Has a low false positive rate too which I loved about Kaspersky.

PenguinCoder1y ago

ESET has my recommendations for the same reason. Really good and way more light weight than many other solutions. Though I'd say anything more than Windows Defender for home users really isn't needed.

1 more reply

SanjayMehta1y ago

The company I used to work for switched to Microsoft’s solution (Defender?) when it came out, to save on governmental interference and money.

As a user I couldn’t really see any difference.

jmprspret1y ago

From an enterprise perspective (only because I don't use it on my personal machines), TrendMicro has really been improving. I highly recommend it.

cheema331y ago

I use the free Microsoft Defender that comes with the OS. Why isn't this being recommended here? Is there something super wrong with it?

eviks1y ago

It's slow and was very bad for a long time, so some of that bad reputation lingers, maybe?

1 more reply

LeoPanthera1y ago

I put Sophos on my relatives computers, because it can be remotely managed from a web page.

TaylorAlexander1y ago

Ubuntu

kelsolaar1y ago· 2 in thread

> Looking back into the recent weeks, we observed over 14 million unique IP addresses communicating with Kaspersky update servers, making a total of over 100 million connections.

How is Bitsight "observing" here?

w_for_wumbo1y ago

Could be using something like Microsoft Defender Threat Intelligence, which claims to use a map of the entire internet.

From their marketing: "Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet."

petemc_1y ago

Perhaps Augury.

LeoPanthera1y ago· 2 in thread

This is kind of an aside, but the huge AI-generated image at the top immediately stops me in my tracks, and kills any desire to read the rest of the article. Is the text AI too? Is this just AI slop to spam up Google? It's so offputting.

rkagerer1y ago

It's a really offensive website. Cookie thing takes up half the screen on mobile and Manage button just opens a blank white dialog, dings and buttons coming up with alerts 20 seconds after loading the page...

BoredPositron1y ago

It's because the author doesn't know why they should use images in an article, they just do. SEO and bad coffee table books killed everything.

pbj19681y ago

I mean… I was being told 20 years ago that Kaspersky was sketch..

j / k navigate · click thread line to collapse

78 comments

29 comments · 5 top-level

mmmlinux1y ago· 12 in thread

Is this retaliation for that time they detected unreleased NSA spyware? Has there ever been shown to be a security breach related, or is this just Russia bad? genuinely curious.

alfalfasprout1y ago

Antivirus software typically requires some level of privileged access. Given Kaspersky's deep collaboration with the Kremlin it's a serious attack vector.

lionkor1y ago

Right but Chrome isnt?

3 more replies

axpvms1y ago

Russia is bad though, they just bombed a children's cancer hospital yesterday.

jmprspret1y ago

The US government, DoD, CIA, etc are all "bad" too. I'm not excusing Russia's actions, but if you're going the moral high ground, on civilian murder, you should be avoid US companies as well.

3 more replies

Xen91y ago

Three meta-level points:

(1) Public discussion in the web about what is, has and will happen in global / security / foreign politics is completely broken.

(2) The reason is not and cannot be one-sided. However it may be better to think of groups with "mind control" powers and entities with not than any nation states or international organizations.

tptacek1y ago

Forget the ongoing military conflict, and Russia is a hostile US IC rival. We did much the same thing with Huawei, for reasons much more complex than "China bad".

TiredOfLife1y ago

Huawei was selling sanctioned hardware to Iran, and hiding it.

1 more reply

bdcravens1y ago

One could say it's similar to the reasons for banning TikTok (concerns about state control of software), but in general, it's an expanding of existing trade sanctions against Russia.

fred_is_fred1y ago

Tik-Tok and an Anti-virus program have pretty different privilege levels I would think. And generally one doesn't install Tik-Tok on servers in the data center, but I guess I could be surprised.

1 more reply

golergka1y ago

ahofmann1y ago

Following this argument, the whole world needs to stop using software from the USA (and china, and Russia and ...).

4 more replies

gregw21y ago

The clearest most specific summary explanation I have seen is:

https://arstechnica.com/information-technology/2017/10/kaspe... Note the Israeli findings and the months of experiments by US intel agencies after the fact and the conclusions they drew.

The initial counterargument from Kaspersky (which seems to address some but not other concerns raised in the above link) apparently was something like the following:

https://arstechnica.com/information-technology/2017/11/kaspe...

I have no first/secondhand knowledge of any of this stuff but this is what my curiosity turned up when I went poking around.

ReDeiPirati1y ago· 8 in thread

Leaving aside the valuable politics concern, I honestly love Kaspersky, it's the only AV that doesn't suck or become too spammy. Which alternative would you recommend? Please don't say Norton

mathisdiego1y ago

ESET is pretty good. Has a low false positive rate too which I loved about Kaspersky.

PenguinCoder1y ago

1 more reply

SanjayMehta1y ago

The company I used to work for switched to Microsoft’s solution (Defender?) when it came out, to save on governmental interference and money.

As a user I couldn’t really see any difference.

jmprspret1y ago

From an enterprise perspective (only because I don't use it on my personal machines), TrendMicro has really been improving. I highly recommend it.

cheema331y ago

I use the free Microsoft Defender that comes with the OS. Why isn't this being recommended here? Is there something super wrong with it?

eviks1y ago

It's slow and was very bad for a long time, so some of that bad reputation lingers, maybe?

1 more reply

LeoPanthera1y ago

I put Sophos on my relatives computers, because it can be remotely managed from a web page.

TaylorAlexander1y ago

Ubuntu

kelsolaar1y ago· 2 in thread

> Looking back into the recent weeks, we observed over 14 million unique IP addresses communicating with Kaspersky update servers, making a total of over 100 million connections.

How is Bitsight "observing" here?

w_for_wumbo1y ago

Could be using something like Microsoft Defender Threat Intelligence, which claims to use a map of the entire internet.

From their marketing: "Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet."

petemc_1y ago

Perhaps Augury.

LeoPanthera1y ago· 2 in thread

rkagerer1y ago

BoredPositron1y ago

It's because the author doesn't know why they should use images in an article, they just do. SEO and bad coffee table books killed everything.

pbj19681y ago

I mean… I was being told 20 years ago that Kaspersky was sketch..

j / k navigate · click thread line to collapse