Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Bloomberg)   So the House Science Committee apparently had a classified briefing yesterday on Russian cyber security firm, Kaspersky Labs. Time to find a new anti-virus software   ( bloomberg.com) divider line
    More: Interesting, Federal government of the United States, Kaspersky Lab, Kaspersky Lab Inc., Government agency, Kaspersky Lab software, certain Kaspersky officials, Independent agencies of the United States government, Central Intelligence Agency  
•       •       •

941 clicks; posted to Politics » on 27 Sep 2017 at 9:50 PM (3 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



56 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
2017-09-27 10:53:31 AM  
Not a computer science guy, but when the federal government bans your software from their computers there may be something more going on than just politics. I'm open other people's interpretations, however.
 
2017-09-27 11:05:32 AM  
Now we know why Kaspserky's anti-virus products were so highly regarded for so long:  it turned out that
it was being written by the same guys who wrote the viruses it was supposed to clean.
 
2017-09-27 11:09:12 AM  
Just guessing here, but I would suspect that the NSA reverse-engineered their code, and discovered that if your source IP address matched anything on DoD network space, then encryption and exfiltration routines would kick in, gathering small chunks of local data, and uploading it during antivirus update routines.

AV software has to run with kernel-level access permissions in order to be effective.  It also makes it very easy to craft shims that bypass other authentication and encryption tools, since it has direct access to processes and memory.
 
2017-09-27 12:04:11 PM  
No problem, you can just use Symantec.  Surely they know what they're--oh wait, tons of buffer overflows.  And McAfee... lol.  Just switch to linux and use VMs for everything, including web browsing.
 
2017-09-27 12:23:57 PM  

markie_farkie: Just guessing here, but I would suspect that the NSA reverse-engineered their code, and discovered that if your source IP address matched anything on DoD network space, then encryption and exfiltration routines would kick in, gathering small chunks of local data, and uploading it during antivirus update routines.


While not impossible, it seems unlikely they're quite that blatant.

What seem more likely is that the Kapersky Labs "updates" effectively is an arbitrary remote code execution exploit, running whatever code the Kapersky server hands out. They may not actively be spying, but the Russians are sufficiently likely to engage in hostilities that you don't want their government having any access to potential for that on any of your machines.
 
2017-09-27 12:37:09 PM  

abb3w: markie_farkie: Just guessing here, but I would suspect that the NSA reverse-engineered their code, and discovered that if your source IP address matched anything on DoD network space, then encryption and exfiltration routines would kick in, gathering small chunks of local data, and uploading it during antivirus update routines.

While not impossible, it seems unlikely they're quite that blatant.

What seem more likely is that the Kapersky Labs "updates" effectively is an arbitrary remote code execution exploit, running whatever code the Kapersky server hands out. They may not actively be spying, but the Russians are sufficiently likely to engage in hostilities that you don't want their government having any access to potential for that on any of your machines.


"Hey wait a sec, why is it that when my AV updates its sending more then its receiving?"

Certainly doesn't help that they're all moving towards cloud based defenses...ie uploading 'suspicious' files to their processing hub to 'evaluate' it.
 
2017-09-27 02:04:39 PM  
I don't trust anti-virus programs. Never will.

I also can't remember the last piece of software I had to install after my browser, other than games. Everything happens in the browser, now. I just keep myself up to date. It's also really easy for me to reinstall my operating system if something goes wrong.
 
2017-09-27 06:16:23 PM  

Tr0mBoNe: I don't trust anti-virus programs. Never will.

I also can't remember the last piece of software I had to install after my browser, other than games. Everything happens in the browser, now. I just keep myself up to date. It's also really easy for me to reinstall my operating system if something goes wrong.


I've only ever used AVG and I've never been hit with anything bad. Of course there's nothing on this computer I really care about, so if I got something fatal I'd just reformat and start over again.
 
2017-09-27 06:28:29 PM  
Windows Defender.  It ain't that complicated.
 
2017-09-27 07:43:58 PM  
I never could trust them, so I never used  their software.
 
2017-09-27 09:53:19 PM  
Avast ye maties
 
2017-09-27 09:54:36 PM  
There's always Norton (unless of course it's a Norton plot).

img.fark.net
 
2017-09-27 09:54:50 PM  

koder: No problem, you can just use Symantec.  Surely they know what they're--oh wait, tons of buffer overflows.  And McAfee... lol.  Just switch to linux and use VMs for everything, including web browsing.


I'm using Bitdefender...which originates out of Romania.

-_-

Still trust it over Norton/Symantec.  And of course, there's Malwarebytes, who has yet to fail me on PC (their Android app is a different story).
 
2017-09-27 09:58:42 PM  
Now what will Best Buy sell?
 
2017-09-27 09:59:44 PM  

Catlenfell: Now what will Best Buy sell?


Norton, of course.

Something's gotta get the computers back into Geek Squad's hands.
 
2017-09-27 10:04:22 PM  
Jokes on you,  i don't have any!

That's how it works right?
 
2017-09-27 10:07:12 PM  
At work:

www.satisnet.co.uk
 
2017-09-27 10:08:08 PM  
Well, shiat.
 
2017-09-27 10:08:24 PM  
I've found Comodo Cloud Antivirus has been lightweight and reliable for personal use. Heuristic-based engines are the way to go. Comodo, Webroot, etc. I currently manage 1200+ Webroot endpoints. Pretty sweet.
 
2017-09-27 10:08:43 PM  
Norton, McAfee, etc. It is and always was a scam.

Installing their stuff was paying to make a back door into your personal info.

Nothing is encrypted for the long term, and consolidating guarantees that it will be hacked.
 
2017-09-27 10:15:15 PM  
Relax, it's the HOUSEscience committee. Not much science going on there. They believe Jeebus  and Noah rode the dinosaurs on the Ark of the Covanent... or something like that.
 
2017-09-27 10:16:02 PM  

koder: No problem, you can just use Symantec.  Surely they know what they're--oh wait, tons of buffer overflows.  And McAfee... lol.  Just switch to linux and use VMs for everything, including web browsing.


While that's not really a viable thing for most people, you could just use Qubes to do exactly that.

No AV on my Windows box. Don't download random shiat, definitely don't run it. Don't do your daily junk as admin. Not that hard.
 
2017-09-27 10:21:05 PM  

NateAsbestos: koder: No problem, you can just use Symantec.  Surely they know what they're--oh wait, tons of buffer overflows.  And McAfee... lol.  Just switch to linux and use VMs for everything, including web browsing.

While that's not really a viable thing for most people, you could just use Qubes to do exactly that.

No AV on my Windows box. Don't download random shiat, definitely don't run it. Don't do your daily junk as admin. Not that hard.


A decent combo for AV protection is Microsoft Security Essentials/WIndows Defender and Malwarebytes.  Last I checked, you can still get Malwarebytes free - it just doesn't update after the trial ends.  And as software goes, it's not that expensive.

Combine that with what you said, and you're not bulletproof, but you can take the hits a lot easier.
 
2017-09-27 10:21:31 PM  

runwiz: There's always Norton (unless of course it's a Norton plot).

[img.fark.net image 190x266]


For some reason, I suddenly have an almost insatiable hunger for dog food luncheon meat.
 
2017-09-27 10:22:59 PM  
Between AVG, Spybot, and malwarebytes, my ancient windows 7 systems that are many, many years old run perfectly fine... so hopefully I'm doing something right?
 
2017-09-27 10:24:45 PM  

Clutch2013: NateAsbestos: koder: No problem, you can just use Symantec.  Surely they know what they're--oh wait, tons of buffer overflows.  And McAfee... lol.  Just switch to linux and use VMs for everything, including web browsing.

While that's not really a viable thing for most people, you could just use Qubes to do exactly that.

No AV on my Windows box. Don't download random shiat, definitely don't run it. Don't do your daily junk as admin. Not that hard.

A decent combo for AV protection is Microsoft Security Essentials/WIndows Defender and Malwarebytes.  Last I checked, you can still get Malwarebytes free - it just doesn't update after the trial ends.  And as software goes, it's not that expensive.

Combine that with what you said, and you're not bulletproof, but you can take the hits a lot easier.


MBAM free version will still update after its trial period, it just won't do the active, real-time protection. But yeah, agreed on all points
 
2017-09-27 10:26:55 PM  

Herb Utsmelz: Windows Defender.  It ain't that complicated.


I see a couple of Funnies on this post, and old WD indeed sucked balls, but the Windows 8/8.1/10 versions of Windows Defender are an offshoot of System Center Endpoint Protection, which is actually pretty legit. It's as least as competent as any other AV solution you might install these days, and tends to have a quieter, smaller footprint.
 
2017-09-27 10:36:47 PM  
I have seen zero evidence that Kasperky does anything nefarious.
 
2017-09-27 10:43:45 PM  

Alucard1191: Between AVG, Spybot, and malwarebytes, my ancient windows 7 systems that are many, many years old run perfectly fine... so hopefully I'm doing something right?


Si, comrade.
 
2017-09-27 10:46:10 PM  

Alucard1191: Between AVG, Spybot, and malwarebytes, my ancient windows 7 systems that are many, many years old run perfectly fine... so hopefully I'm doing something right?


In a "I drink beer everyday and that's why I don't have Ebola" sort of way, yes.
 
2017-09-27 10:48:45 PM  
really?  not one mention of the kidnapping and recovery of Eugene Kaspersky's son?
 
2017-09-27 10:51:47 PM  
Windows Defender and Adblock Plus here. Not so much as a sniffle in ages.
 
2017-09-27 10:56:57 PM  
It's worth remembering that "traditional" computer viruses (virii?) are relatively rare these days. What causes the most common problems is advertising malware and email phishing, which common antivirus software often don't catch.
 
2017-09-27 10:57:19 PM  

KRSESQ: Windows Defender and Adblock Plus here. Not so much as a sniffle in ages.


shiat, thanks for bringing up Adblock Plus.  I was so happy to find that Microsoft Edge is compatible with it.
 
2017-09-27 11:02:20 PM  

KingBiefWhistle: Herb Utsmelz: Windows Defender.  It ain't that complicated.

I see a couple of Funnies on this post, and old WD indeed sucked balls, but the Windows 8/8.1/10 versions of Windows Defender are an offshoot of System Center Endpoint Protection, which is actually pretty legit. It's as least as competent as any other AV solution you might install these days, and tends to have a quieter, smaller footprint.


Serious question though: As the protection that comes on every Windows machine, wouldn't it be the biggest target for any malware/virus?  If I were writing something malicious, I'd want it to be able to bypass WD, at least for awhile.  Most bang for your buck, effort-wise.
 
2017-09-27 11:05:50 PM  
ESET was fantastic when I used it, very low profile and fast...and also from a former soviet republic.    These days I can't see much purpose going beyond built in windows defender, Microsoft isn't as pathetic as they once were.
 
2017-09-27 11:07:03 PM  
ESET and Malwarebytes on  the work computers. Works great for us. I like antivirus software that stays the fark out of your way until it actually needs you to do something. I hate getting constant notifications from antivirus software. And it doesn't use 3/4 of the system's resources to work, either.
 
2017-09-27 11:19:23 PM  

Greek: I like antivirus software that stays the fark out of your way until it actually needs you to do something. I hate getting constant notifications from antivirus software.


Sadly that's how they all start out. Norton was streamlined and beautiful in the early days. I still use Avast, even though they're slowly but surely bloating out. AntiVirus companies always look to expand their business models in the most annoying ways.
 
2017-09-27 11:25:42 PM  
Demolishing my opsec here, and identifying myself as a security professional.

Kapersky has accomplished a great number of useful things in the field of information security.  Things have been a little bit iffier lately.

All it takes to be co-opted by the Russian government is to have someone show up at the company party and say "Gentlemen, you've been co-opted by the Russian government."  In that respect, it's unfortunately almost identical to how things work in the United States.
 
2017-09-27 11:29:00 PM  
Time to find a new anti-virus software

Yes, but the lost revenue from decreased sales will only cause them to ratchet up their nefarious activities to keep the cold hard cash flowing.
 
2017-09-27 11:30:09 PM  

Jz4p: Kapersky has accomplished a great number of useful things in the field of information security.  Things have been a little bit iffier lately.

All it takes to be co-opted by the Russian government is to have someone show up at the company party and say "Gentlemen, you've been co-opted by the Russian government."  In that respect, it's unfortunately almost identical to how things work in the United States


You'd be crazy to not consider what might happen if they suddenly did start abusing their position and reputation.
 
2017-09-27 11:35:17 PM  
 
2017-09-27 11:37:54 PM  

NateAsbestos: Clutch2013: NateAsbestos: koder: No problem, you can just use Symantec.  Surely they know what they're--oh wait, tons of buffer overflows.  And McAfee... lol.  Just switch to linux and use VMs for everything, including web browsing.

While that's not really a viable thing for most people, you could just use Qubes to do exactly that.

No AV on my Windows box. Don't download random shiat, definitely don't run it. Don't do your daily junk as admin. Not that hard.

A decent combo for AV protection is Microsoft Security Essentials/WIndows Defender and Malwarebytes.  Last I checked, you can still get Malwarebytes free - it just doesn't update after the trial ends.  And as software goes, it's not that expensive.

Combine that with what you said, and you're not bulletproof, but you can take the hits a lot easier.

MBAM free version will still update after its trial period, it just won't do the active, real-time protection. But yeah, agreed on all points

MalwareBytes used to have a cool program called MBAE (MalwareBytes Anti-Exploit), which worked in a completely different way from anti-malware, and worked in conjunction with their own or any other anti-malware. It worked by hardening against exploit methods rather than looking for malware signatures. It would automatically harden your more common web browser(s), Email client(s), etc. in the free version, and any other program you told it to in the pay version.

Unfortunately, something about Windows 10 starting with Creators Update keeps it from working, and they discontinued it as a separate program (its functionality is now bundled in the pay version of MBAM). They're beta-testing a new stand-alone version available to users of MBAM Free. Plus, there's an update that seems to work okay in Windows 10 Creators Update here: http://downloads.malwarebytes.com/file/mbae
They also have an Anti-Ransomware (MBARW) in beta. The combination of MBAE and MBARW blocked WannaCry even on systems with no traditional anti-malware at all, and which had no Microsoft security updates.
 
2017-09-27 11:47:49 PM  
Get a Mac.
 
2017-09-27 11:52:25 PM  

This Face Left Blank: KingBiefWhistle: Herb Utsmelz: Windows Defender.  It ain't that complicated.

I see a couple of Funnies on this post, and old WD indeed sucked balls, but the Windows 8/8.1/10 versions of Windows Defender are an offshoot of System Center Endpoint Protection, which is actually pretty legit. It's as least as competent as any other AV solution you might install these days, and tends to have a quieter, smaller footprint.

Serious question though: As the protection that comes on every Windows machine, wouldn't it be the biggest target for any malware/virus?  If I were writing something malicious, I'd want it to be able to bypass WD, at least for awhile.  Most bang for your buck, effort-wise.


I suppose, but WD typically updates daily (or more) as threats emerge like most other AV software. SCEP was no different.

Greek: ESET


ESET is what my current job uses. It isn't bad, and has configurable settings for how much it reveals itself to end-users. It can be hidden and automated to the point that some users will never even know it's there. Management console could be a little less clunky, but that may be due more to our settings than their software.

What drives me farking nuts is that some of our sysadmins are still stuck in their old ways where if a user reports a "virus" they want to drop the computer off-network (not really a problem) and then scan it with various old shiatty free(!) AV solutions they liked as individuals, basically invalidating ESET entirely. I keep telling them if they aren't willing to trust the software they spent some five figures to license for the University to do it's farking job properly they wasted the school's money.
 
2017-09-28 12:11:10 AM  

Tr0mBoNe: I don't trust anti-virus programs. Never will.

I also can't remember the last piece of software I had to install after my browser, other than games. Everything happens in the browser, now. I just keep myself up to date. It's also really easy for me to reinstall my operating system if something goes wrong.


Have fun with that ransomware attack, you edgy motherfarker, you...
 
TWX
2017-09-28 12:57:43 AM  

BumpInTheNight: abb3w: markie_farkie: Just guessing here, but I would suspect that the NSA reverse-engineered their code, and discovered that if your source IP address matched anything on DoD network space, then encryption and exfiltration routines would kick in, gathering small chunks of local data, and uploading it during antivirus update routines.

While not impossible, it seems unlikely they're quite that blatant.

What seem more likely is that the Kapersky Labs "updates" effectively is an arbitrary remote code execution exploit, running whatever code the Kapersky server hands out. They may not actively be spying, but the Russians are sufficiently likely to engage in hostilities that you don't want their government having any access to potential for that on any of your machines.

"Hey wait a sec, why is it that when my AV updates its sending more then its receiving?"

Certainly doesn't help that they're all moving towards cloud based defenses...ie uploading 'suspicious' files to their processing hub to 'evaluate' it.


Corporations should take a layered approach. From the Internet to the workstation there should be DNS security,ie, using a DNS server that is managed for security and will block domain resolutions for known threats, Internet Firewall security with subscription to to a threat list for both inbound and outbound threats, some kind of access control security on the network, certainly with some strong ACLs for things that never have any business ever talking to each other, and possibly some kind of dynamic system, possibly even something like private VLANs or SGACL to prevent end-notes from talking to each other to prevent or at least reduce the propensity for worms and scanning, and finally some kind of process management on the end PC that can check signatures and observe software behavior.

The problem is, this kind of layered approach is extremely expensive, like for large networks (say 50,000 end workstations) millions of dollars a year. Some of these tools are freely available (Cisco OpenDNS comes to mind) so one doesn't necessarily have to pay, but packages that allow these various functions to talk with each other do not come cheap.
 
2017-09-28 01:33:35 AM  
"Russia-owned software company suspected of intelligence links"

img.fark.net

You had to be farking stupid to not be suspicious of Russian based... any-farking-thing.
Alabama... er... GOP is probably their best client base.

i1377.photobucket.com
 
2017-09-28 02:34:24 AM  
Managed corporate AV is a hive of scum and villainy.
 
2017-09-28 06:35:16 AM  

KingBiefWhistle: Herb Utsmelz: Windows Defender.  It ain't that complicated.

I see a couple of Funnies on this post, and old WD indeed sucked balls, but the Windows 8/8.1/10 versions of Windows Defender are an offshoot of System Center Endpoint Protection, which is actually pretty legit. It's as least as competent as any other AV solution you might install these days, and tends to have a quieter, smaller footprint.


I've been using MS's built in stuff for years now going from win7's to win10's, at the end of the day any individual AV only catches about 70% of the content and MS's stuff was free and I have at least some reservation its not in their best interest to use it to make computers perform worse or side-load it with adware etc.

CSB about Defender:  Back in 2011 I had an ITS college course where we learned about a bunch of common blackhat tools like password crackers etc.  Fast foward to last month:  MS Defender pings I have malware onboard...and it points to my school archive, specifically one of those password crackers.  It took 6 years and three OS installations to make that decision.  Now I realize they must have recently changed the category said cracker was listed as, but still its funny to me.
 
Displayed 50 of 56 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report