The Impact of the Kaspersky Ban(bitsight.com)
bitsight.com
The Impact of the Kaspersky Ban
https://www.bitsight.com/blog/impact-kaspersky-ban
79 comments
Could be using something like Microsoft Defender Threat Intelligence, which claims to use a map of the entire internet.
From their marketing: "Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet."
From their marketing: "Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet."
Perhaps Augury.
This is kind of an aside, but the huge AI-generated image at the top immediately stops me in my tracks, and kills any desire to read the rest of the article. Is the text AI too? Is this just AI slop to spam up Google? It's so offputting.
It's a really offensive website. Cookie thing takes up half the screen on mobile and Manage button just opens a blank white dialog, dings and buttons coming up with alerts 20 seconds after loading the page...
It's because the author doesn't know why they should use images in an article, they just do. SEO and bad coffee table books killed everything.
Leaving aside the valuable politics concern, I honestly love Kaspersky, it's the only AV that doesn't suck or become too spammy. Which alternative would you recommend? Please don't say Norton
ESET is pretty good. Has a low false positive rate too which I loved about Kaspersky.
ESET has my recommendations for the same reason. Really good and way more light weight than many other solutions. Though I'd say anything more than Windows Defender for home users really isn't needed.
Defender is slow, that affects all home users
The company I used to work for switched to Microsoft’s solution (Defender?) when it came out, to save on governmental interference and money.
As a user I couldn’t really see any difference.
As a user I couldn’t really see any difference.
From an enterprise perspective (only because I don't use it on my personal machines), TrendMicro has really been improving. I highly recommend it.
I use the free Microsoft Defender that comes with the OS. Why isn't this being recommended here? Is there something super wrong with it?
It's slow and was very bad for a long time, so some of that bad reputation lingers, maybe?
How is it slow? I've never noticed a difference with or without it enabled.
Slows down various file operations (download, copy, archive, build, etc) and has a high CPU utilization doing that
E.g. see this test from a few years ago
https://www.av-comparatives.org/tests/performance-test-octob...
Though it seems they've improved recently and are average now in more recent tests
E.g. see this test from a few years ago
https://www.av-comparatives.org/tests/performance-test-octob...
Though it seems they've improved recently and are average now in more recent tests
I put Sophos on my relatives computers, because it can be remotely managed from a web page.
Ubuntu
Is this retaliation for that time they detected unreleased NSA spyware? Has there ever been shown to be a security breach related, or is this just Russia bad? genuinely curious.
Antivirus software typically requires some level of privileged access. Given Kaspersky's deep collaboration with the Kremlin it's a serious attack vector.
Right but Chrome isnt?
Correct. The US government is not going to compel Alphabet to use Chrome as an attack vector against the US. Therefore the US is not concerned about Chrome.
This isn't a technology issue, it's a governance issue.
This isn't a technology issue, it's a governance issue.
Google is an American company, so how is that an attack vector the US government should be concerned about?
Chrome doesn't run in kernel space
Russia is bad though, they just bombed a children's cancer hospital yesterday.
The US government, DoD, CIA, etc are all "bad" too. I'm not excusing Russia's actions, but if you're going the moral high ground, on civilian murder, you should be avoid US companies as well.
It’s not about morals. Russia and China are waging a hybrid war with the US/EU at the moment.
Any US or European company absolutely should not trust a Russian or Chinese company at the moment. Especially not for antivirus.
Just like any company based in Russia or China shouldn’t trust western companies.
But also you are comparing autocracies to democracies. Don’t pretend that the control the US is able to exert over their companies is in anyway comparable to what is common place in Russia/China. Remember the rash of murder/suicides of Russian oligarchs where they decided to kill their families and then off themselves. Or how about when Jack Ma was disappeared for a year.
Russia/China is in no way equivalent to western democracies on this issue. So please stop the whataboutism.
Any US or European company absolutely should not trust a Russian or Chinese company at the moment. Especially not for antivirus.
Just like any company based in Russia or China shouldn’t trust western companies.
But also you are comparing autocracies to democracies. Don’t pretend that the control the US is able to exert over their companies is in anyway comparable to what is common place in Russia/China. Remember the rash of murder/suicides of Russian oligarchs where they decided to kill their families and then off themselves. Or how about when Jack Ma was disappeared for a year.
Russia/China is in no way equivalent to western democracies on this issue. So please stop the whataboutism.
> Russia and China are waging a hybrid war with the US/EU at the moment.
Russia is at war with Ukraine. The EU is at war with nobody. Who's at war with the US?
You seem to be using the world "war" very lightly in a context where actual war is also happening.
And that's the aspect that's hitting me the most: people get into a "we're at war" mindset without needing their government to actually make official steps nor actually engage their responsibility. Banning TikTok is ok because of that "war but not really" atmosphere, where China is not an actual diplomatic enemy with open proof and potential discussions of them, but companies can still be punished purely on the grounds of involvement with China.
Russia is at war with Ukraine. The EU is at war with nobody. Who's at war with the US?
You seem to be using the world "war" very lightly in a context where actual war is also happening.
And that's the aspect that's hitting me the most: people get into a "we're at war" mindset without needing their government to actually make official steps nor actually engage their responsibility. Banning TikTok is ok because of that "war but not really" atmosphere, where China is not an actual diplomatic enemy with open proof and potential discussions of them, but companies can still be punished purely on the grounds of involvement with China.
> Who's at war with the US?
We are not in a direct conflict with Russia. But Russia has invaded a neighbor in order to steal the land, people and property. And is currently bombing children hospitals in the process of achieving its goals.
We are at war with the idea that in this day and age, this is normal and OK.
Since WW-II, the world has lived in "relative" safety. No national boundaries have been changed by force. Russia is not on-board with this plan and wants to go back to the old way of expanding borders.
We are at war with this ideology.
We are not in a direct conflict with Russia. But Russia has invaded a neighbor in order to steal the land, people and property. And is currently bombing children hospitals in the process of achieving its goals.
We are at war with the idea that in this day and age, this is normal and OK.
Since WW-II, the world has lived in "relative" safety. No national boundaries have been changed by force. Russia is not on-board with this plan and wants to go back to the old way of expanding borders.
We are at war with this ideology.
I said hybrid war.
The US/EU is definitely in a proxy fight with Russia in Ukraine. Russia is definitely running disinformation campaigns and funneling money across the US and EU to try and tilt elections to their far right allies. There have been several high profile breaches of US institutions recently traced back to Russia and Chinese hacker groups.
So that covers actual fighting, political attacks, and cyber attacks. This is literally the definition of hybrid warfare. Here is the Wikipedia page on this: https://en.wikipedia.org/wiki/Hybrid_warfare
The US/EU is definitely in a proxy fight with Russia in Ukraine. Russia is definitely running disinformation campaigns and funneling money across the US and EU to try and tilt elections to their far right allies. There have been several high profile breaches of US institutions recently traced back to Russia and Chinese hacker groups.
So that covers actual fighting, political attacks, and cyber attacks. This is literally the definition of hybrid warfare. Here is the Wikipedia page on this: https://en.wikipedia.org/wiki/Hybrid_warfare
Nations throwing espionage and disinformation campaigns at each other happens all year long, the only nations not doing it are the ones who can't afford it.
The US also spies and runs disinformation campaigns in EU countries. Are we at hybrid war with the US ? Is the US at hybrid war with Japan since the actual war ended ? Or is the point to always be at hybrid war with somewhere ?
The US also spies and runs disinformation campaigns in EU countries. Are we at hybrid war with the US ? Is the US at hybrid war with Japan since the actual war ended ? Or is the point to always be at hybrid war with somewhere ?
> You seem to be using the world "war" very lightly in a context where actual war is also happening.
There is pretty good precedent for that usage.
e.g https://en.wikipedia.org/wiki/Cold_War
There is pretty good precedent for that usage.
e.g https://en.wikipedia.org/wiki/Cold_War
Yes, and a ton of internal abuse was perpetrated in the name of that "war".
That's not something I'd be longing to repeat from a citizen perspective.
That's not something I'd be longing to repeat from a citizen perspective.
"the control the US is able to exert over their companies"
You have that relationship inverted. The US gov't is a mere shell at this point, having outsourced all its core functions to private companies. There is no "medicare" budget or "defense" budget, there is only the capital allocated to and embezzled by the medical & military industrial complex.
And rest assured they do their own set of overt disappearances, notably the Boeing whistleblower and Epstein. There is an obvious playbook they follow in such cases, first they bribe, blackmail, or discredit - before being indiscreet.
You have that relationship inverted. The US gov't is a mere shell at this point, having outsourced all its core functions to private companies. There is no "medicare" budget or "defense" budget, there is only the capital allocated to and embezzled by the medical & military industrial complex.
And rest assured they do their own set of overt disappearances, notably the Boeing whistleblower and Epstein. There is an obvious playbook they follow in such cases, first they bribe, blackmail, or discredit - before being indiscreet.
I don't want to get into a whole thing, but just its maybe a bad moment to try to make the points your making!
The amount of "control over companies" one state has over another is not going to be a strong debate point when your good guys here are, as we speak, sustaining an extreme act of at this point inarguable mass murder. All while, it should probably go without saying, sustaining a complete harmony in the respective state and private institutions at play. What a lovely coincidence I guess!
This is not even get into maybe the not so fine details of USA democracy these days.
I know you really felt like you had a point and some ground to stand at one time, but you gotta remain vigilant. History can move fast, and it does not reward loyalists.
The amount of "control over companies" one state has over another is not going to be a strong debate point when your good guys here are, as we speak, sustaining an extreme act of at this point inarguable mass murder. All while, it should probably go without saying, sustaining a complete harmony in the respective state and private institutions at play. What a lovely coincidence I guess!
This is not even get into maybe the not so fine details of USA democracy these days.
I know you really felt like you had a point and some ground to stand at one time, but you gotta remain vigilant. History can move fast, and it does not reward loyalists.
Did I miss when US invaded a country with the explicit intention of exterminating its population?
fair point: routine USA military invasions tend to not have any credible objectives
Classic whataboutism.
Jeffrey Dahmer killed people but Matthew Broderick did too, so you should never watch "Ferris Bueller's Day Off"
Jeffrey Dahmer killed people but Matthew Broderick did too, so you should never watch "Ferris Bueller's Day Off"
I literally said I'm not excusing Russia. They are fucking monsters, no doubt about it.
You literally compared Jeffrey Dahmer to Matthew Broderick
Three meta-level points:
(1) Public discussion in the web about what is, has and will happen in global / security / foreign politics is completely broken.
(2) The reason is not and cannot be one-sided. However it may be better to think of groups with "mind control" powers and entities with not than any nation states or international organizations.
(3) I have never seen an attempt by anyone to do something about this; it seems that hope of rational (web) discussions and analysis is, has always been, and will for foreseeable future buried by whatever this is.
(1) Public discussion in the web about what is, has and will happen in global / security / foreign politics is completely broken.
(2) The reason is not and cannot be one-sided. However it may be better to think of groups with "mind control" powers and entities with not than any nation states or international organizations.
(3) I have never seen an attempt by anyone to do something about this; it seems that hope of rational (web) discussions and analysis is, has always been, and will for foreseeable future buried by whatever this is.
greenavocado(1)
Forget the ongoing military conflict, and Russia is a hostile US IC rival. We did much the same thing with Huawei, for reasons much more complex than "China bad".
Huawei was selling sanctioned hardware to Iran, and hiding it.
That's not why they were banned in Europe!
One could say it's similar to the reasons for banning TikTok (concerns about state control of software), but in general, it's an expanding of existing trade sanctions against Russia.
Tik-Tok and an Anti-virus program have pretty different privilege levels I would think. And generally one doesn't install Tik-Tok on servers in the data center, but I guess I could be surprised.
Yeah, TikTok is worse -- it can potentially enable exploits at layer 8!
Facebook facilitated a genocide. Did TT?
That’s a good example of the influence possible.
But remember, the US governments job is to protect the US, not Myanmar. And Facebook is within the legal jurisdiction of US officials.
But remember, the US governments job is to protect the US, not Myanmar. And Facebook is within the legal jurisdiction of US officials.
Kaspersky has been in FSB's pocket since forever. Banning hostile foreign intelligence from providing security services to your country is one of the very rare pieces of regulation even a staunch minarchist would support.
Following this argument, the whole world needs to stop using software from the USA (and china, and Russia and ...).
The whole world is not hostile to the USA to the same level as USA/Russia, although if they're concerned about espionage yes they may need to. I'm actually a bit surprised the Snowden leaks didn't lead to a bigger push for FOSS in government, but I guess there's a cost/benefit analysis and fully keeping yourself out of reach of the US tech industry is probably too hard to be worth in general.
Not the whole world, just competing powers. And if you've been watching what China and Russia have been doing domestically to prop up their own tech sectors, that's exactly what they are doing.
North Korea makes their own operating system for this reason.
OK. They can do that.
The clearest most specific summary explanation I have seen is:
https://arstechnica.com/information-technology/2017/10/kaspe... Note the Israeli findings and the months of experiments by US intel agencies after the fact and the conclusions they drew.
The initial counterargument from Kaspersky (which seems to address some but not other concerns raised in the above link) apparently was something like the following:
https://arstechnica.com/information-technology/2017/11/kaspe...
Both the above are from 2017 in the months after the issues about Kaspersky concerns first came to light. This triggered the ban of Kaspersky from US government computers back then. Not sure what info may or may not have come to light since then but most people are not even aware of the above.
The official 2024 USG reasons which impact are outlined in four bullets in the press release here: https://www.bis.gov/press-release/commerce-department-prohib... which in turn points to an ODNI (Office of the Director of National Intelligence) public-facing PDF/slide of the reasons: https://www.dni.gov/files/CTIIC/documents/products/Kaspersky... and the US Commerce department's findings at https://oicts.bis.gov/pdfs/AppendixA.pdf (mostly blacked out but you get a sense of the back-n-forth reasoning justifying what steps short of a ban could be taken at least a little bit) and the Commerce Department Kaspersky FAQ at https://oicts.bis.gov/kaspersky/faq/
I have no first/secondhand knowledge of any of this stuff but this is what my curiosity turned up when I went poking around.
Having observed corporate US security practices, my perception is that a lot of protection involves scanning things using very low-level OS and/or network techniques. Remember that phrase "who guards the guardians? ( https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%... ) The Kaspersky ban by the US Commerce department appears to be essentially a concession that "who scans the scanners?" is not something the US can particularly do for products with the type of low-level access provided to AV/malware products, particularly products from entities with a concrete history of specific adverse (2014-2017) behavior from a particularly skilled hostile country (in this case Russia).
https://arstechnica.com/information-technology/2017/10/kaspe... Note the Israeli findings and the months of experiments by US intel agencies after the fact and the conclusions they drew.
The initial counterargument from Kaspersky (which seems to address some but not other concerns raised in the above link) apparently was something like the following:
https://arstechnica.com/information-technology/2017/11/kaspe...
Both the above are from 2017 in the months after the issues about Kaspersky concerns first came to light. This triggered the ban of Kaspersky from US government computers back then. Not sure what info may or may not have come to light since then but most people are not even aware of the above.
The official 2024 USG reasons which impact are outlined in four bullets in the press release here: https://www.bis.gov/press-release/commerce-department-prohib... which in turn points to an ODNI (Office of the Director of National Intelligence) public-facing PDF/slide of the reasons: https://www.dni.gov/files/CTIIC/documents/products/Kaspersky... and the US Commerce department's findings at https://oicts.bis.gov/pdfs/AppendixA.pdf (mostly blacked out but you get a sense of the back-n-forth reasoning justifying what steps short of a ban could be taken at least a little bit) and the Commerce Department Kaspersky FAQ at https://oicts.bis.gov/kaspersky/faq/
I have no first/secondhand knowledge of any of this stuff but this is what my curiosity turned up when I went poking around.
Having observed corporate US security practices, my perception is that a lot of protection involves scanning things using very low-level OS and/or network techniques. Remember that phrase "who guards the guardians? ( https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%... ) The Kaspersky ban by the US Commerce department appears to be essentially a concession that "who scans the scanners?" is not something the US can particularly do for products with the type of low-level access provided to AV/malware products, particularly products from entities with a concrete history of specific adverse (2014-2017) behavior from a particularly skilled hostile country (in this case Russia).
I mean… I was being told 20 years ago that Kaspersky was sketch..
How is Bitsight "observing" here?