Evening Reading: Kaspersky Lab, Spying, & the Risks of Telemetry
by Ryan Smith on October 13, 2017 8:30 PM EST- Posted in
- Software
In a little bit of cross-site synergy for the evening, Paul Wagenseil from our sister site Tom’s Guide has put together an interesting report discussing the recent developments surrounding Kaspersky Lab and the company’s antivirus software, which in recent days has been accused of spying on behalf of Russia’s intelligence services. Software & services is not really in AnandTech’s editorial purview, but I thought this was an interesting article that was worth sharing.
As a bit of background, Kaspersky Lab has been under the proverbial microscope off and on over the past half-decade or so due to concerns about close ties to the Russian government amidst ongoing geopolitical issues. More recently, on October 5th, the Wall Street Journal published an article claiming that Russian identified files from the United States National Security Agency (NSA) using Kaspersky Lab’s antivirus software, then using that information to steal said files. This has in turn called into question just how complicit Kaspersky Lab may have been in the endeavor, and whether their antivirus software is safe to use on consumer systems.
Writing for Tom’s Guide, Wagenseil reached out to a number of experts in the security field, ranging from the Electronic Frontier Foundation to former NSA staffers in order to get a broad look at the issue. Due to a lack of direct evidence in the matter – all of the major stories written so far have been based off of anonymous sources in the US government – there’s little in the way of hard facts to deal with. However across all of Wagenseil’s respondents, both named and unnamed, most agreed that people and businesses working in sensitive matters should not use Kaspersky Lab’s software, essentially taking a “why risk it?” stance on the matter. Things are a little less obvious for consumers however; some respondents recommended against the software entirely, while others noted that consumers probably aren’t the target of Russian signals intelligence efforts.
One notable and broad point that was made, however, is that regardless of Kasperksy Lab’s involvement, similar risks exist with all antivirus software. All modern AV software includes telemetry for reporting on new software as a means to more rapidly detect new forms of malware, and due to the deep reach of AV scanners, those telemetry processes can access virtually any piece of software or documents. So for the paranoid – or even just the privacy minded – disabling telemetry can help to reduce the risk at least somewhat by terminating regular reporting to AV software vendors, which in the case of Kasperksy Lab, is how the attack was believed to be carried out.
In any case, you can find more on this interesting matter and on the security experts’ responses over at Tom’s Guide.
Source: Tom's Guide
Facebook
Twitter
RSS
61 Comments
View All Comments
Reflex - Monday, October 16, 2017 - link
1) The program is not just an audit program. It is complete access to the source code of Windows. No, they are not permitted to compile it and make their own builds, MS is a closed source company and that would permit some governments, such as China, to build custom Windows for their citizens that they could snoop on. MS is not in the business of aiding repressive governments. They do provide the tools and information needed for any government to verify that the builds MS releases are built from the code that they are permitted to analyze. That is a reasonable compromise and is why most governments feel secure enough to use Windows. It may not be what *you* want, but it does address your concerns and others that they have raised.2) You are going to need to be more specific about your claims about Windows being a mess. That is a subjective statement the way you are using it. You also contradict yourself when you state that the 'redundancies' are kept for speed and responsiveness, then in the next sentence claiming Microsoft keeps them for 'no good reason at all'. If they provide speed and responsiveness (and backwards compat as you mention later) then they would indeed provide a purpose, and are not inherently 'a mess' but instead a feature. That said, I honestly have no idea what redundancies you are speaking of.
prophet001 - Saturday, October 14, 2017 - link
If you're in Russia you do what they say or they take it from you.It's not like the US where you can say "No Mr. Leader I'm not going to give you that."
The Russian government takes what it wants so if they want the files that Kaspersky has then they get it. End of story.
versesuvius - Saturday, October 14, 2017 - link
Yes, it is cold, cold, cold out there :)Hurr Durr - Saturday, October 14, 2017 - link
I`d love to see at least moderately prominent company in US denying US government any kind of information. Should be really fun to watch, not least because of all the shitlib delusions shattering loudly.linuxgeex - Saturday, October 14, 2017 - link
Run a Linux host, Windows in VMWare, revert to snapshot after each use - no antivirus, no firewall, no windows updates, no system restore - in that condition it will run faster in the VM than it would on bare metal for anything but 3D games. Use a folder share for persistent documents. In a separate VM, mount the share read-only, disconnect the internet, run the antivirus to scan the share for threats. No virus can infect the Windows VM beyond a session. Files cannot be shared to 3rd party by the AV software, or infected by the AV software.ddriver - Saturday, October 14, 2017 - link
Linux is vulnerable too, lots of software doesn't work well or at all in a VM.The solution is to keep your windoze system completely offline, and do internet stuff on a linux box with a read only system. The linux box should have antivirus, if possible, from multiple vendors, for incoming data. The linux box should connect to the internet through a managed router with open source firmware, so you can block as many vectors of attack as possible. Data exchange between the windoze and linux boxes should be over a custom PHY layer, that is cryptographically secure and requires physical access to enable on a per-transfer basis. Definitely do not use any "industry standard" in connecting the offline box to anything that is connected to the internet, they have all been designed to be hackable. Most routers are backdoored, most network interfaces are backdoored, all x86 CPUs and arm SOCs are backdoored, but you can use simple micro-controllers you can program yourself and implement secure transport layers.
BedfordTim - Saturday, October 14, 2017 - link
Anti-virus from multiple vendors on the same machine is a recipe for disaster.ddriver - Sunday, October 15, 2017 - link
On windoze - sure. It is feasible on linux.BedfordTim - Sunday, October 15, 2017 - link
I am sure AV vendors can screw up on any platform.Reflex - Saturday, October 14, 2017 - link
Um, yeah, no. There are much easier ways and tools to determine if you have malicious access on your network and to prevent it. Also some of what you say there does not work like you seem to believe it does. And some is just nonsense.