Kaspersky Sues US Government Over Antivirus Ban

Status
Not open for further replies.

NewbieGeek

Reputable
Oct 11, 2015
306
1
4,860
Stupid. If the government doesn't want to use a piece of software for whatever reason... It shouldn't be forced to use that software... The government has the authority to chose what software to use and what software not to use.
 

IndignantSkeptic

Distinguished
Apr 19, 2011
507
0
18,980
What I want to know is why they even had to delete their copies of this guy's files. If their software was doing its job, then they wouldn't even need to delete those files because they wouldn't even have had them. Whether they are doing it for the Russian government or not, they are not allowed to just take copies of other people's files! Am I being naive?
 

TJ Hooker

Titan
Ambassador

I can only assume the lawsuit will be with regard to the accusations (or insinuations) that Kapersky was engaging in espionage/colluding with the Russian government. Maybe alleging slander or libel, resulting in damages to Kapersky's reputation and therefore profits. Because you're right, suing the government just for not using your software doesn't make any sense.
 
This raises the question in my mind of whether the government documents in question somehow triggered Kaspersky's antivirus to suspect they had possibly malicious code in them. Virus sample submission back to anti-virus software vendors seems pretty typical and I personally wouldn't consider possession of the documents by Kaspersky to be outside of the normal operation for this type of security software, provided the right set of circumstances.

The government could very well be the instigator here, embedding things in their files to see where they end up.
 

therealduckofdeath

Honorable
May 10, 2012
783
0
11,160
No matter if the document was containing suspect code, Kaspersky is in no right to just yank files for testing in Russia without asking permission. A permission they'd never been granted in this case. That is the reason the US doesn't trust them. They have admittedly taken US government documents to servers based in Russia.
 

justmy2cents

Prominent
Dec 18, 2017
1
0
510
I mean.. kaspersky is cloud-based antivirus. Isn't it normal practice for cloud-based AV to automatically upload questionable file based on their heuristics for further investigation? I don't think kaspersky is the only one that doing this. There's many more other AV that depends on cloud-based protection
 
By installing and using Kaspersky, the operator of the computer is bound by the licensing terms, which can include automatic sample submission. Are there reputable antivirus offerings that don't have some sort of sample submission? The permission is also often tacitly expressed by the use of default settings. In this case, we don't even know if the user was ever presented the opportunity to enable or disable such a feature, so we can only assume whether Kaspersky had been explicitly granted permission. Furthermore, if users are ignorant of what the software they are installing is going to do, is it really the fault of the software developer? In some cases I would say, sure, when the behavior can't be known by the user, but there are far more cases of plain laziness or ignorance on the part of the user.

The user in this case, Reality Winner, took documents from her work facility, which she wasn't supposed to do. This doesn't exactly strike me as the behavior of the most stellar computer user or employee. It isn't as though Kaspersky breached any sort of high security measures to acquire the documents. The initial breach seems to have been via sneaker net.

Finally, cloud based software solutions have to be expected to be hosted and operate, in the cloud, which means it can be anywhere in the world. Since Kaspersky Lab is headquartered in Moscow, it doesn't strike me as a far fetched idea that perhaps their cloud based servers are somewhere in say, Russia.

If you want cloud based antivirus software, but don't want it based in Russia, don't use Kaspersky. If however you choose to use Kaspersky, you don't exactly have a lot of room to complain when a document that triggers automatic sample submission ends up in Russia. I think ultimately it boils down to the poor decisions made by the NSA agent.
 

therealduckofdeath

Honorable
May 10, 2012
783
0
11,160
bigpinkdragon286, is it explicitly stated that files are transferred abroad? Being a "cloud service" doesn't mean it's stored abroad at any instance and I presume that, since Kaspersky apparently were on the OK list before this there is a good chance they've sold their service without disclosing where the customer's data is sent.
 

Olle P

Distinguished
Apr 7, 2010
720
61
19,090
The files in question were malware developed by the US government.
The AV program is there to look for malware, and its heuristic algoritms were successful in identifying this previously unknown malware as such.
As per standard practice any new malware found is transmitted to Kaspersky for further evaluation and also to be more easily recognized when found later on.

Once Kaspersky realised that this was "secret" software developed by the user and intentionally placed on the computer they deleted their own copies.

Yes, the gov can use what software they want, but they can't publicly defame a brand without proof.

I can only assume that this goes both ways: Assuming Kaspersky does have ties to the Russian gov one must also take for granted that US based companies have similar ties to the US government and thus should be banned for use outside the US. ... and that won't be a problem for those companies, right?
 
What do you mean, Kaspersky was on the OK list? What home users install on their personal computers isn't usually a concern of the US government, especially when the employees have agreed not to do stupid things like take documents home for the purposes of leaking them.

On the other hand, why would you not assume if you otherwise do not know, that a company based abroad would not send your files abroad? Nothing about cloud services presumes or requires that a server be located in a particular geographic area unless this is a stipulation of agreement in the cloud services contract. Does it really matter where in fact Kaspersky sent the files? Whether Russians are looking at the files in say, America, or Russia, or if the files first went to cloud servers in the USA, would hardly make the fact that the files were in Russian hands any less problematic. Why would a Moscow based company store and analyze sample submissions in the United States?

Here are Kaspersky's own words on the subject:

The incident where the new Equation samples were detected used our line of products for home users, with KSN enabled and automatic sample submission of new and unknown malware turned on.
The Kaspersky Security Network service is a kind of "cloud" technologies.

Participating in Kaspersky Security Network (KSN) allows Kaspersky Lab quick collecting of data concerning new threats and developing methods to protect computers from new threats. The more users participate in KSN, the more your computer is protected.

Kaspersky Lab does not collect, process and store any personal user information. You can decide by yourself whether you wish to participate in Kaspersky Security Network. During installation of Kaspersky Internet Security 2014, the Setup Wizard suggests to participate in Kaspersky Security Network. You can change your decision whether to participate in the service after installation whenever you wish.
 

Zaporro

Honorable
Jan 23, 2014
249
0
10,710
Lol all these people offended by cloud analysis and sending samples, yet they cant be bothered to what they install and what they agree too.

During installation of KAV there is a giant checkbox that allows you to either turn on or turn off Kaspersky Security Network.

If you did not turn it off you have no right to act all offended that "hurr durr Kaspersky takes my files".

Also, GJ, KAV, sue them well. Antivirus found out NSA malware which is exactly what its supposed to do and US gov made a shitstorm out of it based on "anonymous sources" (as always) and their lackey media agencies all referring to same "anonymous source".
 

Zaporro

Honorable
Jan 23, 2014
249
0
10,710


Its one thing to internally change policies in gov sector and issue a swap of software, its completely other thing to make public announcemen and start a media shitstorm that hurts company public image.
 
Why would you use a foreign anti-virus program anyway?
I've never recommended Kaspersky to anyone, even when I worked at Best Buy and they wanted me to push software like that.

Malwarebytes for the win!
Or you can do what I do... Infection? Format c:\
 
One major issue is that Kaspersky had an agreement to help protect the US Govt's interests. The moment they discovered leaked NSA malware, there was a choice to be made. Honor that partnership and inform immediately, or delete delete delete and pretend like it never happened. That's the real and only issue in my opinion.

The NSA person screwed up. The Kaspersky software reacted exactly as it was meant to do, it was the decision making processes at home base that are in question, again imho.
 
People blaming Kaspersky Lab for not protecting the US government seem to be putting too much responsibility on the antivirus company and too little on the US government.

How far is Kaspersky Lab required to go in the protection of each client? Are they required to inform all of their users when documents that are supposed to be on Computer A end up triggering automatic sample submission on Computer B? Personally, that's more information about documents than I feel any antivirus company should be in possession of. If antivirus companies started emailing me every time my data files moved from one computer to another, not only would that cause a massive spike in network traffic, that would be a significant nuisance, which would end up being relegated to the ignore list, to the point the notices would lose their effectiveness.

Kaspersky has no preordained knowledge of what files belong on which computers when they are scanning it, other than the standard fare on all PCs running the same OS. Saying it is in Kaspersky's duty to start acting like a nanny would go a long way toward damaging their brand image.

When NSA documents were found in their possession, Kaspersky deleted them. How much further they are required to go is something that can be argued about, but unless the US government was specifically contracting for more than the standard services being offered, I would say Kaspersky upheld their end of the deal.
 

Co BIY

Splendid
This lawsuit is probably a last ditch effort to get the US courts to force the relevant agencies to put forward some of the technical proof they have that led to the decision. That technical proof is important intelligence. Of course the publicly released information relies heavily on already public information.

Many here have commented with the assumption the Reality Winner made "errors" or used "poor judgement". Her stealing and releasing of NSA documents was deliberate. I find it an interesting and unlikely coincidence that she was a deliberate mole and also happened to use Kasperkey software on her home computer. I wonder if that was recommended to her by someone? Perhaps by one of the organizations she leaked the documents too or others. The fact that the software may be adversarial to and good at detecting American spyware would recommended it from those perspectives.

Others have said that the the documents that Kaspersky loaded and then identified as NSA secure documents must have been "malware" or NSA spyware. I don't see that supported anywhere in the public record.
 

therealduckofdeath

Honorable
May 10, 2012
783
0
11,160
bigpinkdragon286, for instance here in the EU it's illegal for a person or organisation to use cloud services for storing customer's personal data on services that cannot guarantee the data won't leave the EU borders. There are a lot of related and similar rules for various data types.
Again, if Kaspersky has previously sold their services without explicitly disclosing that they've been moving client data outside a country they would obviously not have been on such ban list. This revelation would obviously have changed that.
 

thejanitor

Commendable
Apr 7, 2017
6
0
1,510
It's a nice attempt at using the Constitution against us, but Kaspersky is not a US company or citizen, and is therefore not protected by our constitution. Their argument seems to be that the US Government should have continued to allow them access to sensitive information until they had indisputable proof that they were stealing data. Silly. And specious...
 


You gave them that permission when you installed the software and elected to participate in the "kaspersky network".

It is not far-fetched in any way for an anti-virus company to want a copy of something its software flags as suspicious but not something they can match to a specific virus in their definition files..
All the other large anti-virus companies do the same thing, that is how you be as proactive as possible in a reactive business.

Now I think it is just plum stupid that USG uses foreign made security products on any systems with even just personal or official data on it, let alone anything classified; you just don't know so you don't take the risk.
Blacklisting a product on a matter of uncertainty though is a far different scenario then publicly accusing them on very shaky evidence.

 
Status
Not open for further replies.