Best Buy Pulls Kaspersky's Antivirus Software from Its Shelves

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Best Buy is stopping the sale of Kaspersky products in its stores amid concerns that the Moscow-based firm may be vulnerable to Russian government influence: the no. 1 US electronics retailer felt there were "too many unanswered questions" surrounding the company following Congress’ probe and possibility that Kaspersky software could be used to carry out “nefarious activities against the United States.”

A Best Buy spokesman confirmed that the products will no longer be sold at Best Buy, but offered no further information because the company doesn't comment on its relationships with vendors. Best Buy will allow customers who have bought Kasperksy software from it, and who still have active subscriptions, to exchange it for free for another product in the next 45 days. Customers can also uninstall it themselves or have a Geek Squad agent do it for free within that time window.
 
fucking hell people. when are companies going to realize that political stunts like this only hurt them!
 
phawkins633 said:
"The decision was prompted by media reports, congressional testimony and industry discussion raising questions about Moscow-based Kaspersky, a respected cybersecurity firm....."

But not actual proof. None of this is based on hard evidence.
Click to expand...

Perception is key here. We may never know how involved Russia is here but you drop that word these days and it gets toxic quick
 
Eugene himself has told the US Govt that he will openly let them see the full source code of his AV which the US govt still hasnt done...............ive never had a issue i really doubt that Kaspersky is going to single me out of the millions of users to spy on me thats what the NSA and win 10 is for LULZ !!!!!!!!!!!!!!!!!
 
fightingfi said:
Eugene himself has told the US Govt that he will openly let them see the full source code of his AV which the US govt still hasnt done...............ive never had a issue i really doubt that Kaspersky is going to single me out of the millions of users to spy on me thats what the NSA and win 10 is for LULZ !!!!!!!!!!!!!!!!!
Click to expand...

This alone is a proof that the whole Kaspersky debacle is nothing but fear mongering. They have been offered to see and analyze the source code but media still drums about FBI's "concerns of russian governement involvement" or something with no proofs to back them. And this is coming from a Finnish guy who may really have some concerns about how our eastern neighbour is doing things in the world.
 
phawkins633 said:
"The decision was prompted by media reports, congressional testimony and industry discussion raising questions about Moscow-based Kaspersky, a respected cybersecurity firm....."

But not actual proof. None of this is based on hard evidence.
Click to expand...

so.. which is it?? a respected firm or not??

LOL
 
Russians again? I thought this month they should be pulling it off the shelves for being racist?
 
It's simple. Kaspersky is subject to vender analysis same as everyone else

1. Snapshot image the registry. Look for changes
2. Snapshot the disk image. Look for changes
3. Run every function on kaspersky. See which Code Sections are not executing and send them to deep hand analysis (reverse compile) to check for dormant code. See if any code to shift CS and DS registers. If found analyze the DS.
4. Run a port analysis. Analyze traffic by Fiddler.
5. Check for root privileges, and attempts to access low level system io including UEFI


Unfortunately this does not mean a future update will not subject to malicious code.
 
One of my company's clients (it's a state that rhymes with Maliformia) already demanded Kaspersky AV products be removed from their servers asap. Since it's the main AV product used the scramble is on to find a new vendor for replacement. I have no real say in that battle, but smart money is either on Trend or Symantec to pick up a whole lot of unexpected AV biz.

But I agree it's probably all fear mongering.
 
Well Kaspersky is rated the best.

What's #2 these days? Bitdefender?
 
DigitalGriffin said:
It's simple. Kaspersky is subject to vender analysis same as everyone else

1. Snapshot image the registry. Look for changes
2. Snapshot the disk image. Look for changes
3. Run every function on kaspersky. See which Code Sections are not executing and send them to deep hand analysis (reverse compile) to check for dormant code.
4. Run a port analysis. Analyze traffic by Fiddler.
Click to expand...

5.) Find nothing as any decent nation state actor won’t leave dormant code or be utilizing it outside the expected norms when you’re there.
 
Burticus said:
One of my company's clients (it's a state that rhymes with Maliformia) already demanded Kaspersky AV products be removed from their servers asap. Since it's the main AV product used the scramble is on to find a new vendor for replacement. I have no real say in that battle, but smart money is either on Trend or Symantec to pick up a whole lot of unexpected AV biz.

But I agree it's probably all fear mongering.
Click to expand...
Depending on the scale of the company...no they're not remotely considering anything from Symantec or Trend. Enterprise AV is an entirely different ball game.
 
Mchart said:
Lots of Russia supporters on here.
Click to expand...
It's just intrinsic now for a certain group of people, like 30% of the nation - we all know who.

That said I've used Kap for a long time and never had concerns that the Russians are spying on me. If they are get ready for a bombshell of boring!
 
haste. said:
It's just intrinsic now for a certain group of people, like 30% of the nation - we all know who.

That said I've used Kap for a long time and never had concerns that the Russians are spying on me. If they are get ready for a bombshell of boring!
Click to expand...

If you are worried about it that much, run a VM of Linux with low privilege account, and restore the image from a detachable USB each time when you use the net. Or completely air gap your system.

Defeating a VM Linux is pretty hard to do. (Not impossible, just hard.) And restoring it each time from a secure safe image is easy.
 
Seeing the source code doesn't really mean anything. It has admin creds and can pull back files to it's "cloud" and can quarantine and remove malware. Or anything else it is told to.

It literally can do anything to your file system. And pull anything back to Russia.
 
Mchart said:
Stuxnet is not same type of software, and you should read up on how/why it was eventually found.
Click to expand...

I am not incorrect though.

I will acquiesce that downloading new packages from a C&C server might be dangerous. But I noted that.
 
haste. said:
It's just intrinsic now for a certain group of people, like 30% of the nation - we all know who.

That said I've used Kap for a long time and never had concerns that the Russians are spying on me. If they are get ready for a bombshell of boring!
Click to expand...

It’s more of the fact that it provides them with a free redirector platform. Every computer with Kaspersky installed is a free C2/redirector for Russia.
 
Mchart said:
It’s more of the fact that it provides them with a free redirector platform. Every computer with Kaspersky installed is a free C2/redirector for Russia.
Click to expand...

that is easily detectable using Fiddler.
 
DigitalGriffin said:
I am not incorrect though.

I will acquiesce that downloading new packages from a C&C server which might be dangerous is an issue. But I noted that.
Click to expand...

You’re incorrect because you’re point is idiotic. STUXNET was tailored malware. Kaspersky software that you choose to run is likely utilized for different purposes.
 
Mchart said:
And again you’d never detect anything until it’s too late and your machine has already been burned.
Click to expand...

Look you have two abilities as a state actor.

1. Leave something installed hidden DEEP. Possibly UEFI, SCADA, USB Exploits etc... These go look for mom every once in a while to receive new commands. This is what STUXNET did. But if you need 24 hour surveillance without being actively attached, then this is the way. If you are constantly sending traffic, the chance of you being detected increases.

2. Hack the system through a zero day exploit and actively intrude and then erase your tracks when done. This could be risky because you have an active connection which can be picked up on.

Both have their place. But Kaspersky is a stay resident piece of software. It can be reverse analyzed. But again, a future package could easily become malicious.

If Eugene from Kasper Sky offered source, then it could be easy enough to compile and run a direct binary analysis against products in the wild as well.

And my point isn't idiotic.
 
DigitalGriffin said:
Look you have two abilities as a state actor.

1. Leave something installed hidden DEEP. Possibly UEFI, SCADA, USB Exploits etc... These go look for mom every once in a while to receive new commands. This is what STUXNET did. But if you need 24 hour surveillance without being actively attached, then this is the way. If you are constantly sending traffic, the chance of you being detected increases.

2. Hack the system through a zero day exploit and actively intrude and then erase your tracks when done. This could be risky because you have an active connection which can be picked up on.

Both have their place. But Kaspersky is a stay resident piece of software. It can be reverse analyzed. But again, a future package could easily become malicious.

If Eugene from Kasper Sky offered source, then it could be easy enough to compile and run a direct binary analysis against products in the wild as well.

And my point isn't idiotic.
Click to expand...
You aren't seeing the fact that as a piece of anti-virus software installed on your system with full admin privileges an actor doesn't need to do anything to implant your system. Your system is already implanted if you have Kaspersky installed and analyzing the source code means nothing. The source code will tell you that you have anti-virus software installed on your system that can do whatever it wants. Cool. Now all Russia has to do if they need a C2 platform out on the internet is just pop over to Kaspersky's servers (Which they've likely been given full access to) and choose one. Nevermind the fact that Kaspersky A/V is likely sending back to Kaspersky's servers every service that is running on your computer, your usage habits, etc. It's easy to pick a client at that point that they will likely not get caught using as a redirector.

You keep bringing up Stuxnet / targeted malware which is completely irrelevant to this discussion. Your computer isn't the target. Your computer is just a jump-off platform.
 
How hard would it be for Russia to disable every box with kav on it in the US?

It's not. Probably a good reason the government does not use it......
 
thebufenator said:
How hard would it be for Russia to disable every box with kav on it in the US?

It's not. Probably a good reason the government does not use it......
Click to expand...

If things got tense with Russia, I'm sure most systems would have it uninstalled any way
 
this is bullshit. I have used Kaspersky for years. Better than McCrappy. Until my machine becomes RED then I'll switch to windows internal bullshit.
 
MaZa said:
Before we jump into conclusions and calling them witches we need proof. We should first check if your Kaspersky disc floats. Like a duck.
Click to expand...
Don't you mean small pebbles? They float...
 
You must log in or register to reply here.
Back
Top