Trump Signs Bill Banning Kaspersky Products on Government Computers

[LASER_oneXM]

President Donald Trump has signed a bill into law on Tuesday that also includes a clause that officially bans the use of Kaspersky products on US federal government computers.

The prohibition is detailed in section 1634 of the National Defense Authorization Act for Fiscal Year 2018.


---------------------------------------------------------------------------------------------------------------------------------------------
SEC. 1634. Prohibition on use of products and services developed or provided by Kaspersky Lab.

(a) Prohibition.—No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by—

(1) Kaspersky Lab (or any successor entity);
(2) any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(3) any entity of which Kaspersky Lab has majority ownership.

(b) Effective date.—The prohibition in subsection (a) shall take effect on October 1, 2018.
------------------------------------------------------------------------------------------------------------------------------------------------



The bill comes after in September, the DHS also issued a Binding Operational Directive that banned the use of Kaspersky software on the Department of Defense (DOD) computer network. The 2018 National Defense Authorization Act will apply to all government computer networks, not just the DOD.

UK's NCSC, a branch of the UK Government Communications Headquarters (GCHQ), the country's official intelligence and security agency, has also issued an advisory instructing the public and private sector not to use Kaspersky Labs software if they handle classified information.

US government convinced Kaspersky is to blame
The ban on Kaspersky software comes after the US government has accused the Russian antivirus vendor of working with Russian secret services to steal classified data from US computers using its product.

The US government never published any evidence to sustain its claims, all of which became public only through leaks to the US press.

Kaspersky denied all allegations and, in a report, claimed that US secrets might have been exposed online after an NSA employee took classified files home and stored them on a computer infected with other malware families.

The US Department of Justice charged a former NSA employee with taking classified documents home at the start of December, but it appears they still believe the files probably made it into FSB hands via Kaspersky, rather than the Russian cyber-criminal underground, which is known to have close ties to FSB operatives.

 

[Deleted member 65228]

I like Kaspersky and the following doesn't change that but reading this made me think of something... I recall that the story from Kaspersky mentioned that Eugene Kaspersky insisted on the uploaded source code being deleted immediately. If it was securely deleted, how was it stolen/uncovered when Kaspersky were breached in the first place?

The whole thing from both sides smells a bit fishy to me. Oh well... Drama is drama. Average users are fine at-least, many businesses will still continue to use Kaspersky. Luckily they aren't banning it globally for all US citizens, that would be outrageous. Avast aren't used by the US government and they're doing fine, so will Kaspersky.

At the end of the day, the NSA employee was responsible. That is obvious. If he wasn't responsible, he wouldn't have been arrested and charged. He was arrested and charged for stealing the classified documents, he had poor cyber-security practices and Kaspersky was only doing its job by trying to protect him. Else, why have the security package installed in the first place? Clearly, as we can see, the NSA employee needed Kaspersky more than most.

 

[DeepWeb]

But.... what is the alternative? McAfee? Symantec? Crowdstrike? I know they have great teams, but other than McAfee you can't really take your endpoint home on your computer.

 

[Vasudev]

But.... what is the alternative? McAfee? Symantec? Crowdstrike? I know they have great teams, but other than McAfee you can't really take your endpoint home on your computer.

ESET, ZAM, MBAM, Dr. web are few alternatives.

 

[DeepWeb]

ESET, ZAM, Malwarebytes Anti-Malware, Dr. web are few alternatives.

Are those cleared by the DoD? If yes, there's still hope.

 

[mlnevese]

ESET, ZAM, Malwarebytes Anti-Malware, Dr. web are few alternatives.

At least until they notice Dr. Web is Russian as well...

 

[In2an3_PpG]

Are those cleared by the DoD? If yes, there's still hope.

Only McAfee is DoD approved and has been under contract for years. NASA however is contracted with Symantec.

 

[Deleted member 65228]

Malwarebytes Anti-Malware

I still like Malwarebytes Anti-Malware and they are improving slowly now after their down-fall with the v3 release but I don't think they are using their resources to their full potential. They used to be amazing with signatures back in the day and then they bought Junkware Removal Tool and AdwCleaner, so they've improved with adware detection - they are still very good with adware/PUPs in general, but not so much zero-day malware anymore. The reason being is because they aren't very good with dynamic yet I do not think.

Malwarebytes use a third-party hooking engine which is premium, it isn't Microsoft Detours Professional (which probably costs like 5+ grand apparently) but they could do so much with it... Intercept and prevent process hollowing for example. But they don't.

If MBAM improve with dynamic, that'll be the nail in the coffin for them getting back up to where they used to be before the v3 release. I think the issue was that they jumped into trying to replace AVs too early, and that had a downfall effect on them.

 

[Vasudev]

I still like Malwarebytes Anti-Malware and they are improving slowly now after their down-fall with the v3 release but I don't think they are using their resources to their full potential. They used to be amazing with signatures back in the day and then they bought Junkware Removal Tool and AdwCleaner, so they've improved with adware detection - they are still very good with adware/PUPs in general, but not so much zero-day malware anymore. The reason being is because they aren't very good with dynamic yet I do not think.

Malwarebytes use a third-party hooking engine which is premium, it isn't Microsoft Detours Professional (which probably costs like 5+ grand apparently) but they could do so much with it... Intercept and prevent process hollowing for example. But they don't.

If Malwarebytes Anti-Malware improve with dynamic, that'll be the nail in the coffin for them getting back up to where they used to be before the v3 release. I think the issue was that they jumped into trying to replace AVs too early, and that had a downfall effect on them.

I didn't like the extra things that MBAM 3.x offered, so still on MBAM 2.x. If they make v2 EOL then it'll be uninstalled.
Is this the tool Download Detours Express from Official Microsoft Download Center

 

[bribon77]

Thanks for the news .. But for me, nothing changes with respect to Kaspersky.

 

[Antimalware18]

Doesn't worry me. Sounds like scare tactics.

 

[low L!fe]

Bitdefender is alternative kaspersky

 

[Anupam]

It's not about the antivirus. If the employee is breaching security protocol by taking classified document in home and putting it in personal computer then it's his fault.
Seems like even the small IT firms imposes better security policy than NSA. It's not always about the security products. Most of the time it's ignorance of the people.
Or this might all together be another plan of the US government to ban Russian products.

 

[Windows Defender Shill]

It's not unthinkable that the FSB could have compromised key Kaspersky personnel without Eugene's knowledge. At which point the FSB most likely knows who a lot of NSA employees are and could cross reference their names with Kaspersky's user base and then periodically extract data from that machine or at least examine very closely the malware reported from it.

Just my theory.