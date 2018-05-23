Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Government United States

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks (thedailybeast.com) 80

Posted by msmash from the reality-check dept.
The law says American agencies must eliminate the use of Kaspersky Lab software by October. But U.S. officials say that's impossible as the security suite is embedded too deep in our infrastructure, The Daily Beast reported Wednesday. From a report: Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware -- and nobody is certain how to get rid of it. "It's messy, and it's going to take way longer than a year," said one U.S. official. "Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with."

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of "any hardware, software, or services developed or provided, in whole or in part," by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed "Kaspersky-branded" products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky's presence in federal networks in the wake of Russia's 2016 election interference campaign.

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks More | Reply

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks

Comments Filter:
  • We must read the story of Helen of Troy, and the Trojan horse. Most bolshy applicable.

    • It's Trojan horses all the way down....

  • wipe the drives of EVERYTHING!!!

    install Linux, problem solved, tell all the users they need to brush up on their computer skills and quit surfing porn for 6 months, that should give them time to learn their way around the basics of using Linux for a desktop workstation operating system, libreoffice or openoffice whatever the user chooses,

    • , libreoffice or openoffice whatever the user chooses,

      Step 1 in using Linux in an environment beyond your personal use: Make all those decisions for the users.

      Step 2: Recognize that making 22 million people take even a 1 hour class (let alone "6 month") is a cost of more than half a billion dollars. Therefore, anything you can do to make it easier to learn is worth doing.

      • Are trying to some how say those same 22 million people aren't wasting at least an hour or more a week on unofficial breaks and chat sessions? Just think of the inefficiencies!!! If the environment was setup correctly, with limited but specific programs needed to get the job done, then most people would do fine on most any operating system. This is especially true if you spend most of your time in a web browser or specific application for most of your work. At my work MS office, outlook and IE are pretty m

  • The question to ask.. (Score:3)

    by lionchild ( 581331 ) on Wednesday May 23, 2018 @03:43PM (#56661174) Journal

    The question to ask, as both a taxpayer and an IT guy is this: What's the "penalty" for failing to make the October deadline?

    • The question to ask, as both a taxpayer and an IT guy is this: What's the "penalty" for failing to make the October deadline?

      For federal IT folks the penalty is public execution.

    • Nothing, you just apply for an extension and it's typically granted.

    • The question to ask, as both a taxpayer and an IT guy is this: What's the "penalty" for failing to make the October deadline?

      You have to manage a network using McAfee HBSS [wikipedia.org].

      • Re: (Score:3)

        by flink ( 18449 )

        The question to ask, as both a taxpayer and an IT guy is this: What's the "penalty" for failing to make the October deadline?

        You have to manage a network using McAfee HBSS [wikipedia.org].

        You joke, but that is, in fact, the apporved DoD solution:
        https://www.disa.mil/cybersecu... [disa.mil]

  • Wondering if they'll replace it with TrendMicro, because that would be so much more secure....

  • If this had been an actual emergency (Score:3, Insightful)

    by Sloppy ( 14984 ) on Wednesday May 23, 2018 @03:57PM (#56661276) Homepage Journal

    The government is lucky this Kaspersky scare is bullshit, then. If this had been an actual emergency (e.g. the software were doing something bad, whether by design or due to some random bug that you can't fix because it's proprietary), sounds like everything would be totally fucked.

    • Yes, unfortunately the surest sign that Kapersky refused to act on behalf of the Russian government (and ours, apparently) is that this is even being considered in the first place.

    • Re:If this had been an actual emergency (Score:4, Insightful)

      by Aighearach ( 97333 ) on Wednesday May 23, 2018 @04:38PM (#56661530) Homepage

      It is a known fact that you don't have the information needed to determine it is "bullshit."

      And you never would have it. And the second part of what you said is therefore the whole part that isn't bullshit; it might be an emergency, in which case the network is fucked.

      Since knowledge of the evidence for the concern is classified, you don't know about it; and even if you had a security clearance, we know your job doesn't involve knowledge of these particulars because then you wouldn't be allowed to tell us. So by definition, you can't know it is bullshit; you either have reasons to believe it is a problem, because there is public information about what the danger is in losing control of a network, or you don't fucking know.

      I'll give you a hint: If your opinions about network security are based on your domestic politics, you're a fucking idiot.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Actually, the entire backstory of this whole farse is very widely known in cybersecurity circles, including the so-called "classified" facts (which are widely disseminated outside the US where said "classification" of otherwise widely known information is not relevant).

        Here are the crib notes and timeline, without dates:

        - Equation group leaks
        - Equation Group software widely attributed to NSA in cybersecurity circles
        - Kaspersky researchers tie Equation Group to creators of both stuxnet and Flame via forensic

  • Virus or Anti-Virus (Score:5, Insightful)

    by coolmoose25 ( 1057210 ) on Wednesday May 23, 2018 @03:57PM (#56661278)
    If you can't get your Anti-Virus software off of your equipment, is it really anti-virus, or has it just become another virus?

  • Huh? (Score:4, Insightful)

    by rsilvergun ( 571051 ) on Wednesday May 23, 2018 @04:01PM (#56661314)
    bullshit. Do a week of training with one of their competitors, uninstall the old stuff, install the new stuff, call it a day. None of this is difficult. These are software programs designed to take care of security for end users.

    • Re: (Score:2)

      by AvitarX ( 172628 )

      And if the issue is a piece of security software embedded in the equipment?

      It sounds like it's a budgeting issue more than a capability one. They can't do it within their existing budget, not that they can't do it at all.

      • Re: (Score:2)

        by Ichijo ( 607641 )

        And if the issue is a piece of security software embedded in the equipment?

        Then you use the "training" charge code to order new equipment because you've just been educated to demand open source hardware from now on!

    • You know that, and so do the admins of govt networks. But without the whining, their departments won't get that hundred million bucks of extra budget.

    • Re: (Score:3)

      by dyfet ( 154716 )

      I think you missed the part about "embedded in routers", etc...

      • The article wasn't at all clear about what "code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware" means
      • it's a bloody national security issue. Get the money for new hardware out of the Defense budget. There's no shortage of money there.

  • If it wasn't government, there would be a solution (Score:4, Interesting)

    by xxxJonBoyxxx ( 565205 ) on Wednesday May 23, 2018 @04:03PM (#56661324)
    >> Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with

    In the real world, I'd go to Kaspersky's biggest competitors and say, "if you replace these guys on a one-to-one basis (at no charge this year), we'll give you their support contracts in future years."
  • A government agency with no slack in their budget? Inability to remove third party software because it's embedded too deeply? This has all the look and feel of another tax payer shakedown.

  • "We thought it was just the White House computers crawling with stuff helpful to Putin but it's worse than we thought!"

  • LoL, it's called "uninstall".
    Of course, if you're still afraid they left some kind of spyware, then just Nuke & Pave.

    Tossing the hardware because you can't figure out how to use an uninstall something is only a solution for a rich moron that's a complete computer illiterate.
    Sure a bunch of the higher ups more or less fit that category, but it's not like they're the ones that'll be doing any of it in the first place.

    For that matter, even if they buy new hardware, it'll still have to be configured and hav

  • ... compared to removing Avast.

Slashdot Top Deals

This process can check if this value is zero, and if it is, it does something child-like. -- Forbes Burkowski, CS 454, University of Washington

Close