- Jan 11, 2020
- 220
Eugene Kaspersky Addresses the allegations against Kaspersky Lab.
- Thread starter Bryan320
- Start date
It doesn't really matter who is the victim.
The file shouldn't be automatically uploaded (if it is) without the consent but asking consent in a case by case basis, like after a scan. This is simple logic.
If they cared to do this, Kaspersky won't be in such a bad situation. Instead of whatever Eula or warnings, most people don't even read.
The file shouldn't be automatically uploaded (if it is) without the consent but asking consent in a case by case basis, like after a scan. This is simple logic.
If they cared to do this, Kaspersky won't be in such a bad situation. Instead of whatever Eula or warnings, most people don't even read.
Windows Defender will prompt when a file is to be uploaded for analysis.
Indeed, it is what any AV should do, the uploading feature should even have the option to be disabled.
I agree that the AV should ask, but it's kinda odd that Kaspersky was the only one being called out on this when they weren't even the worst offenders at user-privacy data gathering.
Because they had the sample from a State-Sponsored malware which shouldn't have been collected in the first place, whatever it was intentional or not.
From the reported Kaspersky investigation, his researchers went to him and asking what they should do with it. They obviously suspected this sample to be more than just a piece of malware created by a guy in his basement... they knew it was NSA tools and and they just deleted it, instead of warning the agency...big mistake...
You know it is like you ended up with a bag of cocain you found in your garden and throw it in a trashbin while people are watching you instead of reporting to the authorities...
Kaspersky CEO Knew About Secret NSA Files on Company Servers
Kaspersky Lab releases a detailed internal investigation and admits having secret U.S. government files that were deleted on the CEO's command.
Kaspersky investigation report:
Investigation Report for the September 2014 Equation malware detection incident in the US
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. To assist any independent investigators and all the people who have been asking us questions whether those...
securelist.com
Worth noticing
and
And from this Kaspersky report, we can suppose it wasn't some kind of conspiracy made to discredit Kaspersky, like some here claim...
Last edited by a moderator:
- Dec 27, 2016
- 1,480
I believe you said the underlined as a general statement, and not pointing out to Kaspersky. because during installation, when you agree to KSN Network usage (optional), the user is agreeing to partial or full submission of various files
At the time, a theory prevailed that NSA had directed the whole scenario of the contractor taking one of their weapons (or a dummy) to his home to make this thing happen. Some authority from US wanted the govt to entirely rid of Kaspersky (not that they could not have done it otherwise) and defame it to reduce Kaspersky's might in allied countries where it had been prominent.
On the other hand, we can neither fully dismiss nor take it on face value, the argued charge that strings of digital code that Kaspersky used, that operate in stealth to find malware, could also be written to search computers for potential classified documents, using keywords or acronyms (as stated in my previous post link).
Comodo does it automatically (once the option is selected) and so does Kaspersky and a few others. I agree that it may be a sensitive matter. However, showing an option to user whether to upload or not, every time a suspicious/unknown file is encountered in real-time can be tedious ... as compared to showing that option every time after an initiated scan. Maybe they brought into practicality or hunger for more data.
You know the first sentence can attract a long debate.
In the NSA leak case, the drug addict and the authorities would be the same
I had read the SecureList article earlier and it works to clear speculations of Russian conspiracy at least.Kaspersky CEO Knew About Secret NSA Files on Company Servers
Kaspersky Lab releases a detailed internal investigation and admits having secret U.S. government files that were deleted on the CEO's command.www.secureworldexpo.com
Kaspersky investigation report:
Investigation Report for the September 2014 Equation malware detection incident in the US
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. To assist any independent investigators and all the people who have been asking us questions whether those...
Worth noticing
and
And from this report we can see it wasn't some kind of conspiracy like few here said...
One is expected to not argue, after agreeing to KSN usage, upload of those suspicious/malicious samples from Kaspersky users because Kaspersky proposes that they need it for analysis, but what concerns more is that classified documents were uploaded too. And it may be hard to believe for some - that Eugene did get them just tossed away.
EDIT: As per Kaspersky's statement, the classified non-executable files were compressed with the actual malware inside of a 7zip document, which was subsequently uploaded from user's computer because auto file upload option as per KSN clause was on. That doesn't directly imply that they also upload individual documents to their servers - just staying a fact, on an unbiased note.
Last edited:
yes general statement, i dont care who, just the principle itself.
When you see the report from Kaspersky, it doesn't look very organized or planified, and more like a chain of unfortunate circumstances.
just an option at the end of a scan would have been enough .
i know, i know.
And that is the whole issue, some uninformed people claimed ii is only binaries, but NO, as your screenshot above shown, all kind of files can be uploaded without individual consents and a cloud scanner can be modified to cherry-pick particular files...THIS is the real issue most fails to understand.
Imagine the implication in a corporate environment (intellectual properties and prototypes plans uploaded) that can easily become a valid case of espionage.
Last edited by a moderator:
- May 16, 2018
- 1,363
Yeah, there is fire behind the smoke.
In this case though, if you don't have national security nor sensitive industrial materials on your computer, it does not make much of a difference to you. Unless you feel violated by having your computer searched for 'other stuff' not related to malware.
Often, the NYT is sourced better than the WSJ.
- Aug 4, 2016
- 1,465
Interesting thread & info: I was one that believed the Kaspesky issue was unfounded, my point of view has changed somewhat - Might also explain why Kaspersky are giving up to 75% of their licences whereas you need to sell an organ to afford a single ESET etc licence? Interesting thanks !
- Apr 1, 2015
- 483
@bribon77
In Kaspersky's career, there has only been, this case, that in my opinion, if someone is guilty,
It is the contractor, when he takes work home with a PC, full of crack or pach or whatever.
"It is said that you cannot throw all the stew for a bad chickpea."
I see where everyone is coming from with their opinions, but I kinda agree with this statement above. Kaspersky has been in business for a long time. Their track record has been top notch. All of a sudden (during a political firestorm), they get accused. In a strange way I might add: Assuming a highly educated. highly paid contractor gets caught with top secret company files at home AND supposively has bootleg software on his PC...very very sloppy...you can't make this stuff up. What was this guy thinking, no matter what kind of setup he had at home?
The way it was also presented to the public, was pretty much none existent. Kaspersky is probably the most tested and watched software on the planet after those accusations, but nothing else solid came up after the incident.
In Kaspersky's career, there has only been, this case, that in my opinion, if someone is guilty,
It is the contractor, when he takes work home with a PC, full of crack or pach or whatever.
"It is said that you cannot throw all the stew for a bad chickpea."
I see where everyone is coming from with their opinions, but I kinda agree with this statement above. Kaspersky has been in business for a long time. Their track record has been top notch. All of a sudden (during a political firestorm), they get accused. In a strange way I might add: Assuming a highly educated. highly paid contractor gets caught with top secret company files at home AND supposively has bootleg software on his PC...very very sloppy...you can't make this stuff up. What was this guy thinking, no matter what kind of setup he had at home?
The way it was also presented to the public, was pretty much none existent. Kaspersky is probably the most tested and watched software on the planet after those accusations, but nothing else solid came up after the incident.
Last edited:
this topic broke 2+ years ago it is dead issue
yet still dramas over it on sec forums
says much about peoples on sec forums
Finnish govt can compel F-Secure to subvert user sysetms
Romanian govt can compel Bitdefender to subvert user sysetms
US govt can compel Microsoft to subvert everybody
Don't use your enemy's software on your govt and defense systems
common sense that every child knows
yet still dramas over it on sec forums
says much about peoples on sec forums
Finnish govt can compel F-Secure to subvert user sysetms
Romanian govt can compel Bitdefender to subvert user sysetms
US govt can compel Microsoft to subvert everybody
Don't use your enemy's software on your govt and defense systems
common sense that every child knows
- Jul 6, 2017
- 2,398
Strongly agree, the United States is a country with great technology to use AV from other countries.
Another thing is a normal user, who has nothing confidential that can compromise him or his country.
- Nov 26, 2016
- 699
The problem is normal people still think MUH BAD RUSSIA did it. Because all they heard were manufactured stories made for clearing NSA's cockups. It's not even security forums. Normies are still believing that nonsense after all this time.
that is all Russia bashing then counter-USA bashing
that needs to be taken to Facebook or Twitter, not here
- Nov 26, 2016
- 699
One thing is bashing, another, simply revealing the truth. And the truth is, Kaspersky is not a bad guy here. Then take whatever you want from this story.
I think a lot of people here have an anti-US axe to grind
so that is why these discussions keep continuing on about an issue that is long since irrelevant and inappropriate to this forum
- Nov 26, 2016
- 699
How is "inappropriate"? Do you seriously believe we are alone in here and that no one from outside ever crosses these posts? Or that new users never join that have never participated in these discussions?
- Aug 4, 2016
- 1,465
I don't feel there is anti-US feeling on here, or Russian for that matter. When a major AV vendor has potentially been involved to some degree untoward politics it's interesting - None of the above will change my feelings that Kaspesky is among the best AV there is - However, it's still of interest especially when more information comes to light. If someone doesn't want to discuss issues to do with AV, maybe your in the wrong forum?
All this is just a chain of incidents provoked by a feature that shouldn't be accepted the way it works, also uploading non-executables files really?
There is other AVs with cloud lookup, they don't need to automatically upload every single files they found suspicious...
And putting a technico-babbling warning/EULA that Average Joe will barely understand (if he even read it), is just ludicrous.
Kaspersky deserved it, i'm glad they get this huge backfire, maybe now some in the industry will start thinking before implementing privacy intrusive feature.
There is other AVs with cloud lookup, they don't need to automatically upload every single files they found suspicious...
And putting a technico-babbling warning/EULA that Average Joe will barely understand (if he even read it), is just ludicrous.
Kaspersky deserved it, i'm glad they get this huge backfire, maybe now some in the industry will start thinking before implementing privacy intrusive feature.
Similar threads
