Evening Reading: Kaspersky Lab, Spying, & the Risks of Telemetry
by Ryan Smith on October 13, 2017 8:30 PM EST- Posted in
- Software
In a little bit of cross-site synergy for the evening, Paul Wagenseil from our sister site Tom’s Guide has put together an interesting report discussing the recent developments surrounding Kaspersky Lab and the company’s antivirus software, which in recent days has been accused of spying on behalf of Russia’s intelligence services. Software & services is not really in AnandTech’s editorial purview, but I thought this was an interesting article that was worth sharing.
As a bit of background, Kaspersky Lab has been under the proverbial microscope off and on over the past half-decade or so due to concerns about close ties to the Russian government amidst ongoing geopolitical issues. More recently, on October 5th, the Wall Street Journal published an article claiming that Russian identified files from the United States National Security Agency (NSA) using Kaspersky Lab’s antivirus software, then using that information to steal said files. This has in turn called into question just how complicit Kaspersky Lab may have been in the endeavor, and whether their antivirus software is safe to use on consumer systems.
Writing for Tom’s Guide, Wagenseil reached out to a number of experts in the security field, ranging from the Electronic Frontier Foundation to former NSA staffers in order to get a broad look at the issue. Due to a lack of direct evidence in the matter – all of the major stories written so far have been based off of anonymous sources in the US government – there’s little in the way of hard facts to deal with. However across all of Wagenseil’s respondents, both named and unnamed, most agreed that people and businesses working in sensitive matters should not use Kaspersky Lab’s software, essentially taking a “why risk it?” stance on the matter. Things are a little less obvious for consumers however; some respondents recommended against the software entirely, while others noted that consumers probably aren’t the target of Russian signals intelligence efforts.
One notable and broad point that was made, however, is that regardless of Kasperksy Lab’s involvement, similar risks exist with all antivirus software. All modern AV software includes telemetry for reporting on new software as a means to more rapidly detect new forms of malware, and due to the deep reach of AV scanners, those telemetry processes can access virtually any piece of software or documents. So for the paranoid – or even just the privacy minded – disabling telemetry can help to reduce the risk at least somewhat by terminating regular reporting to AV software vendors, which in the case of Kasperksy Lab, is how the attack was believed to be carried out.
In any case, you can find more on this interesting matter and on the security experts’ responses over at Tom’s Guide.
Source: Tom's Guide
Facebook
Twitter
RSS
61 Comments
View All Comments
ddriver - Saturday, October 14, 2017 - link
What do you need proof for? Is the word of chronic liars not enough for ya?Ironically, they could chose to block browsers with adblockers, but that would most likely result in a massive drop in traffic, and the more traffic you have the better deal you will get for the ads that you get to show. Which is why they don't block browsers with adblock, even vising that site is a favor to them, so you can have a clear conscience ;)
mikato - Friday, October 20, 2017 - link
Maybe some accusations have no proof. But you probably could learn a bit more about this since there is a lot going on."Facebook says it sold political ads to Russian company during 2016 campaign"
https://www.washingtonpost.com/politics/facebook-s...
"The Agency
From a nondescript office building in St. Petersburg, Russia,
an army of well-paid “trolls” has tried to wreak havoc all
around the Internet — and in real-life American communities."
https://www.nytimes.com/2015/06/07/magazine/the-ag...
"Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground"
http://www.npr.org/2017/06/22/533951389/experts-su...
"In attempt to sow fear, Russian trolls paid for self-defense classes for African Americans"
http://money.cnn.com/2017/10/18/media/black-fist-r...
"Exclusive: Fake black activist accounts linked to Russian government"
http://money.cnn.com/2017/09/28/media/blacktivist-...
"Russian-funded Facebook ads backed Stein, Sanders and Trump"
http://www.politico.com/story/2017/09/26/facebook-...
Hamilton68 TRACKING RUSSIAN INFLUENCE OPERATIONS ON TWITTER
http://dashboard.securingdemocracy.org/
Hurr Durr - Saturday, October 14, 2017 - link
Unanonymous source(my ability to notice things) tells me that McAffee is spying for Mossad, and intel is an Israeli company as well.versesuvius - Saturday, October 14, 2017 - link
That is rich coming from a country and government that has legalized spying and eavesdropping on its own citizens and spies and intervenes religiously when it comes to other nations. Even the German Chancellor's mobile phone is not off limits to American spying efforts. Every OS that is produced in America has a backdoor and a key is given to the NSA or CIA or FBI or to any one of the other hundreds of espionage and control outfits that operate under the auspices of the American constitution. The America government just looks ridiculous and more the hypocrite for it when it advances this silly propaganda and starts playing the victim too. So, if Kaspersky did it, then good on them. Patriotism is not the property of America.Reflex - Saturday, October 14, 2017 - link
As someone who was a kernel engineer on Windows, um, no, there is no intentional backdoor. If you really believe there is, feel free to install Wireshark and snoop your own network traffic. It's not that hard to do.The problem with theories like that is that if they were true we'd know already, there are tens of thousands of independent network security specialists out there and its a pretty trivial task.
versesuvius - Saturday, October 14, 2017 - link
Wireshark? I'm on it!Reflex - Sunday, October 15, 2017 - link
Paranoia aside, Wireshark is pretty illuminating in general. Put it on a OnePlus phone and watch just how many Chinese servers it's calling out to without your knowledge...versesuvius - Sunday, October 15, 2017 - link
So, you think that is doings of the OS on OnePlus? I for one would say not likely. We are talking doors not holes that are oozing data all the time. It is more probably the preinstalled software on the device, which OnePlus or for that matter any brand does not tell you about.And one question. From your experience at Microsoft, how does the American government certifies the operating systems that it uses? How does it make sure that they do not have a backdoor? It works both ways you know. Does NSA have people at Microsoft? Given the gigantic mess that Windows code base is, it should be a lengthy process. They should not be content with just an audit.
Reflex - Sunday, October 15, 2017 - link
http://bgr.com/2017/10/11/oneplus-user-data-collec...Here is some background on the OnePlus situation, a colleague of mine also noticed this on his phone.
To your other questions -
- The US government, along with many other world governments (including China, Russia, most of the EU, and several others) participates in a program that was launched first in 2003 called the "Government Security Program" which gives governments auditing ability over the source code to Windows and several other key products. This provides them with both the ability to view the code of any given build of Windows, and auditing tools to ensure that the compiled binaries are produced from the visible code. This is a major reason that despite Microsoft being US based, foreign governments continue to use it (although sometimes they like to rumble about spying concerns). The initial press release is here, I'm not certain how the program has evolved since 2011 or so when I left Microsoft: https://news.microsoft.com/2003/01/14/microsoft-an...
- I know people often assert that Windows code base is a giant mess, however from my time there I can say that that is a statement that needs qualification. There are certainly areas of legacy code that are messy by today's standards, the core and the vast majority of what people consider "windows" is well maintained and documented. There has been an active effort, especially since Vista, to deprecate and eliminate code that was produced under the older build lab system which did not build in the security/stability checks that were implemented during the production of Vista. As I have been gone for nearly seven years now, I can't speak to how far along they are, but by Windows 8 they had completed the vast majority of that project.
In general the perception of the code as low quality or messy has always been an external narrative not supported by the evidence. There was a major leak of Windows source code back in 2004, and those who bothered to analyze it found it to be generally high quality. Read up on that here: https://www.theinquirer.net/inquirer/news/1030335/...
versesuvius - Monday, October 16, 2017 - link
The document that you are referring to is still an audit program. It does not commit Microsoft to provide its source code to be compiled as a whole by any other party which they can customize and compile and assemble into a final working product. It is better than nothing and that is just that. The 2004 source code could not be compiled into anything useful whatsoever. It was just "high quality" code, as the article puts it.Windows is a mess because of the redundancies that Microsoft decided to incorporate into the operating system in the name of speed and responsiveness. The redundancies are still there in abundance and Microsoft insists on keeping them for no good reason at all except perhaps backward compatibility, a business decision.