Comments Locked

61 Comments

Back to Article

  • shabby - Friday, October 13, 2017 - link

    So an nsa contractor took some classified files home... who cares about this tidbit right?

    Anyway i'm pretty sure the russian's also aren't using any software made in america because the nsa probably knows the ins and outs of it too, so if some kgb schmuck put some classified files on his win 10 machine with full telemetry enabled and intel management engine enabled i'm sure the nsa would have some insight on it too. Nothing new here, both sides do it, move along.
  • Zok - Friday, October 13, 2017 - link

    Da. Problem no here. Move along, comrade.
  • Notmyusualid - Saturday, October 14, 2017 - link

    @ Zok

    Was thinking something similar.
  • edzieba - Saturday, October 14, 2017 - link

    NSA malware is still malware after all. If your AV software flags up a machine with a pile of malware incorporating several unknown 0-days and a bunch of documentation for the frameworks that malware uses, then that is something that SHOULD be investigated, regardless of whether that malware may originate.
  • BedfordTim - Saturday, October 14, 2017 - link

    If some idiot contractor develops malware on a machine with Kaspersky installed, it would be disturbing if they didn't report it to the authorities. The reassuring thing is that the AV spotted his work.
  • edw - Sunday, October 15, 2017 - link

    The takeaway here is that Kaspersky correctly identified a formerly unknown (NSA-) Maleware as dangerous software. The heuristik worked.
    So if you're looking for a good AV software that also can deal with unknown Maleware - get Kaspersky. Especially if you might be a target of NSA - i.e. the whole rest of the world.

    PS: Thanks NSA for publically confessing that you 1) still produce Maleware and 2) still have serious security problems with contractors taking home very sensitive work to unsecure computers.
  • usernametaken76 - Thursday, October 19, 2017 - link

    No thanks, I prefer my spying done by the government through which I pay taxes.
  • mikato - Friday, October 20, 2017 - link

    "So an nsa contractor took some classified files home... who cares about this tidbit right?"
    I don't think nobody cares about that. The article just isn't about that. You are changing the subject.
  • RaichuPls - Friday, October 13, 2017 - link

    Just asking, but are we going to see any reviews this side of 2017/2018? A10 Deep dive, iPhone 8, U11, S8, Note 8, GTX 1050/Ti, Macbook Pros, iPad Pro etc...
  • Ryan Smith - Friday, October 13, 2017 - link

    iPhone 8: Yes
    U11: No
    S8: Yes (already did it)
    Note 8: Later this year
    GTX 1050/Ti: We'll do something once we add the low-end cards to GPU Bench 2017, but not a full review
    Macbook Pros: Later this year
    iPad Pro: Likely not
  • linuxgeex - Saturday, October 14, 2017 - link

    TY, looking forward to your iPhone 8 review.

    For the folks looking for a quality U11 review, see dxomark.
  • name99 - Sunday, October 15, 2017 - link

    The A9/iPhone 6S deep dive only appeared in early Nov.
    The timeline for the iPhone8 is not yet worrying.
  • Amemkdm - Monday, October 16, 2017 - link

    what about iOS 11 review?
  • RaichuPls - Monday, October 16, 2017 - link

    Thanks for the info. Did we actually get a S8 review? I only saw a brief first look and the 835 vs Exynos article.
  • Ian Cutress - Monday, October 16, 2017 - link

    I have a U11 sample, but I'm not the smartphone guy (and I'm snowed under). Might see some experiential content after I run it for a bit. I've been using it as part of a real world photo comparison story I'm thinking of writing comparing to three other phones. If that would interest anyone.
  • BurntMyBacon - Wednesday, October 18, 2017 - link

    It would interest me. I'd also like, at some point, to see a comparison of smartphone cameras, compact cameras, and entry level DSLR. It would be nice to quantify how far smartphones have come and what gains can be had from carrying a dedicated camera.
  • peevee - Friday, October 20, 2017 - link

    Yes, that!
  • Foeketijn - Saturday, October 14, 2017 - link

    Overall I don't like the transition to Purge, reoccurring Browser hijackers and even worse the humiliating clickbait ad's on a used to be very honourable (but probably not profitable) website, really annoys me. But I do applaud the synergy with your sistersite. You both have some great writers and you both still have you own audience. I prefer Anandtech for the more simple layout and would have probably missed this interesting article if it wasn't mentioned her.
  • linuxgeex - Saturday, October 14, 2017 - link

    Block 3rd party scripts if you don't like those clickbaits.
  • sonny73n - Saturday, October 14, 2017 - link

    The US has been accusing Russia of many things. But if there's no proof, it's just bs. And how exactly one of Tom's bs articles get on here?

    This also reminds me there was one article on Tom's years ago about ad blocker "If you're using ad blocker on Tom's, you're stealing". That was the last article I ever read from that site. And if I was a lawyer, I would sue their asses off for injecting my devices with malwares, adwares without my consent to the point that my devices were rendered useless/frozen.
  • ddriver - Saturday, October 14, 2017 - link

    What do you need proof for? Is the word of chronic liars not enough for ya?

    Ironically, they could chose to block browsers with adblockers, but that would most likely result in a massive drop in traffic, and the more traffic you have the better deal you will get for the ads that you get to show. Which is why they don't block browsers with adblock, even vising that site is a favor to them, so you can have a clear conscience ;)
  • mikato - Friday, October 20, 2017 - link

    Maybe some accusations have no proof. But you probably could learn a bit more about this since there is a lot going on.

    "Facebook says it sold political ads to Russian company during 2016 campaign"
    https://www.washingtonpost.com/politics/facebook-s...

    "The Agency
    From a nondescript office building in St. Petersburg, Russia,
    an army of well-paid “trolls” has tried to wreak havoc all
    around the Internet — and in real-life American communities."
    https://www.nytimes.com/2015/06/07/magazine/the-ag...

    "Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground"
    http://www.npr.org/2017/06/22/533951389/experts-su...

    "In attempt to sow fear, Russian trolls paid for self-defense classes for African Americans"
    http://money.cnn.com/2017/10/18/media/black-fist-r...

    "Exclusive: Fake black activist accounts linked to Russian government"
    http://money.cnn.com/2017/09/28/media/blacktivist-...

    "Russian-funded Facebook ads backed Stein, Sanders and Trump"
    http://www.politico.com/story/2017/09/26/facebook-...

    Hamilton68 TRACKING RUSSIAN INFLUENCE OPERATIONS ON TWITTER
    http://dashboard.securingdemocracy.org/
  • Hurr Durr - Saturday, October 14, 2017 - link

    Unanonymous source(my ability to notice things) tells me that McAffee is spying for Mossad, and intel is an Israeli company as well.
  • versesuvius - Saturday, October 14, 2017 - link

    That is rich coming from a country and government that has legalized spying and eavesdropping on its own citizens and spies and intervenes religiously when it comes to other nations. Even the German Chancellor's mobile phone is not off limits to American spying efforts. Every OS that is produced in America has a backdoor and a key is given to the NSA or CIA or FBI or to any one of the other hundreds of espionage and control outfits that operate under the auspices of the American constitution. The America government just looks ridiculous and more the hypocrite for it when it advances this silly propaganda and starts playing the victim too. So, if Kaspersky did it, then good on them. Patriotism is not the property of America.
  • Reflex - Saturday, October 14, 2017 - link

    As someone who was a kernel engineer on Windows, um, no, there is no intentional backdoor. If you really believe there is, feel free to install Wireshark and snoop your own network traffic. It's not that hard to do.

    The problem with theories like that is that if they were true we'd know already, there are tens of thousands of independent network security specialists out there and its a pretty trivial task.
  • versesuvius - Saturday, October 14, 2017 - link

    Wireshark? I'm on it!
  • Reflex - Sunday, October 15, 2017 - link

    Paranoia aside, Wireshark is pretty illuminating in general. Put it on a OnePlus phone and watch just how many Chinese servers it's calling out to without your knowledge...
  • versesuvius - Sunday, October 15, 2017 - link

    So, you think that is doings of the OS on OnePlus? I for one would say not likely. We are talking doors not holes that are oozing data all the time. It is more probably the preinstalled software on the device, which OnePlus or for that matter any brand does not tell you about.

    And one question. From your experience at Microsoft, how does the American government certifies the operating systems that it uses? How does it make sure that they do not have a backdoor? It works both ways you know. Does NSA have people at Microsoft? Given the gigantic mess that Windows code base is, it should be a lengthy process. They should not be content with just an audit.
  • Reflex - Sunday, October 15, 2017 - link

    http://bgr.com/2017/10/11/oneplus-user-data-collec...

    Here is some background on the OnePlus situation, a colleague of mine also noticed this on his phone.

    To your other questions -

    - The US government, along with many other world governments (including China, Russia, most of the EU, and several others) participates in a program that was launched first in 2003 called the "Government Security Program" which gives governments auditing ability over the source code to Windows and several other key products. This provides them with both the ability to view the code of any given build of Windows, and auditing tools to ensure that the compiled binaries are produced from the visible code. This is a major reason that despite Microsoft being US based, foreign governments continue to use it (although sometimes they like to rumble about spying concerns). The initial press release is here, I'm not certain how the program has evolved since 2011 or so when I left Microsoft: https://news.microsoft.com/2003/01/14/microsoft-an...

    - I know people often assert that Windows code base is a giant mess, however from my time there I can say that that is a statement that needs qualification. There are certainly areas of legacy code that are messy by today's standards, the core and the vast majority of what people consider "windows" is well maintained and documented. There has been an active effort, especially since Vista, to deprecate and eliminate code that was produced under the older build lab system which did not build in the security/stability checks that were implemented during the production of Vista. As I have been gone for nearly seven years now, I can't speak to how far along they are, but by Windows 8 they had completed the vast majority of that project.

    In general the perception of the code as low quality or messy has always been an external narrative not supported by the evidence. There was a major leak of Windows source code back in 2004, and those who bothered to analyze it found it to be generally high quality. Read up on that here: https://www.theinquirer.net/inquirer/news/1030335/...
  • versesuvius - Monday, October 16, 2017 - link

    The document that you are referring to is still an audit program. It does not commit Microsoft to provide its source code to be compiled as a whole by any other party which they can customize and compile and assemble into a final working product. It is better than nothing and that is just that. The 2004 source code could not be compiled into anything useful whatsoever. It was just "high quality" code, as the article puts it.

    Windows is a mess because of the redundancies that Microsoft decided to incorporate into the operating system in the name of speed and responsiveness. The redundancies are still there in abundance and Microsoft insists on keeping them for no good reason at all except perhaps backward compatibility, a business decision.
  • Reflex - Monday, October 16, 2017 - link

    1) The program is not just an audit program. It is complete access to the source code of Windows. No, they are not permitted to compile it and make their own builds, MS is a closed source company and that would permit some governments, such as China, to build custom Windows for their citizens that they could snoop on. MS is not in the business of aiding repressive governments. They do provide the tools and information needed for any government to verify that the builds MS releases are built from the code that they are permitted to analyze. That is a reasonable compromise and is why most governments feel secure enough to use Windows. It may not be what *you* want, but it does address your concerns and others that they have raised.

    2) You are going to need to be more specific about your claims about Windows being a mess. That is a subjective statement the way you are using it. You also contradict yourself when you state that the 'redundancies' are kept for speed and responsiveness, then in the next sentence claiming Microsoft keeps them for 'no good reason at all'. If they provide speed and responsiveness (and backwards compat as you mention later) then they would indeed provide a purpose, and are not inherently 'a mess' but instead a feature. That said, I honestly have no idea what redundancies you are speaking of.
  • prophet001 - Saturday, October 14, 2017 - link

    If you're in Russia you do what they say or they take it from you.

    It's not like the US where you can say "No Mr. Leader I'm not going to give you that."

    The Russian government takes what it wants so if they want the files that Kaspersky has then they get it. End of story.
  • versesuvius - Saturday, October 14, 2017 - link

    Yes, it is cold, cold, cold out there :)
  • Hurr Durr - Saturday, October 14, 2017 - link

    I`d love to see at least moderately prominent company in US denying US government any kind of information. Should be really fun to watch, not least because of all the shitlib delusions shattering loudly.
  • linuxgeex - Saturday, October 14, 2017 - link

    Run a Linux host, Windows in VMWare, revert to snapshot after each use - no antivirus, no firewall, no windows updates, no system restore - in that condition it will run faster in the VM than it would on bare metal for anything but 3D games. Use a folder share for persistent documents. In a separate VM, mount the share read-only, disconnect the internet, run the antivirus to scan the share for threats. No virus can infect the Windows VM beyond a session. Files cannot be shared to 3rd party by the AV software, or infected by the AV software.
  • ddriver - Saturday, October 14, 2017 - link

    Linux is vulnerable too, lots of software doesn't work well or at all in a VM.

    The solution is to keep your windoze system completely offline, and do internet stuff on a linux box with a read only system. The linux box should have antivirus, if possible, from multiple vendors, for incoming data. The linux box should connect to the internet through a managed router with open source firmware, so you can block as many vectors of attack as possible. Data exchange between the windoze and linux boxes should be over a custom PHY layer, that is cryptographically secure and requires physical access to enable on a per-transfer basis. Definitely do not use any "industry standard" in connecting the offline box to anything that is connected to the internet, they have all been designed to be hackable. Most routers are backdoored, most network interfaces are backdoored, all x86 CPUs and arm SOCs are backdoored, but you can use simple micro-controllers you can program yourself and implement secure transport layers.
  • BedfordTim - Saturday, October 14, 2017 - link

    Anti-virus from multiple vendors on the same machine is a recipe for disaster.
  • ddriver - Sunday, October 15, 2017 - link

    On windoze - sure. It is feasible on linux.
  • BedfordTim - Sunday, October 15, 2017 - link

    I am sure AV vendors can screw up on any platform.
  • Reflex - Saturday, October 14, 2017 - link

    Um, yeah, no. There are much easier ways and tools to determine if you have malicious access on your network and to prevent it. Also some of what you say there does not work like you seem to believe it does. And some is just nonsense.
  • ddriver - Sunday, October 15, 2017 - link

    Nope, standard equipment and standard protocols are extremely vulnarable, literally riddled with vulnerabilities. The only solution is a full software reimplementation running on invulnarable hardware. Of course, expecting a mediocre dummy like you to get it is pushing it, which also explains your inability to get the "sense" and operational principle.
  • Reflex - Sunday, October 15, 2017 - link

    Standard protocols are published and open. Please define the standard protocols you are referring to and point out a vulnerability that would impact a common user of a desktop OS. Given what you are proposing and what you claim to have done, this should be a trivial ask.
  • Manch - Monday, October 16, 2017 - link

    That is the most nonsensical comment I've ever seen you post!!!! LOL It's two people typing on a KB/NCIS bad!
  • Drazick - Sunday, October 15, 2017 - link

    @Reflex, could you elaborate on easy methods to know if your computer is infected with something which allows 3rd party access?

    Thank You.
  • Reflex - Sunday, October 15, 2017 - link

    Easy is a relative term, but for those who are very worried about it here are a couple of tools that are doable by people with a reasonable amount of experience -

    1) Wireshark. Set that up on your PC and you can monitor all traffic on any interface. You can find the free version here: https://www.wireshark.org/download.html

    2) Use pfSense as your boundary firewall/NAT solution. pfSense is based on the open source FreeBSD, and has a large number of plugins that will permit you to thoroughly analyze inbound and outbound traffic to your network. I strongly recommend Snort as a good start, but when you look through the library of available plugins you will find several more that are relevant. You will need compatible hardware for this.

    pfSense download: https://www.pfsense.org/download/
    Protectli hardware: https://www.amazon.com/dp/B072ZTCNLK/

    Those two items will take you to a position where you are 99% certain of what is going on with your network with a high degree of both detection and prevention. That extra 1% is also achievable, but it would require a lot more time and money investment than is probably worth it if you are not storing classified data. If you want to go there as well, we can talk about internal network firewall rules, traffic routing, and intrusion detection appliances, but that is overkill for even me.
  • BrokenCrayons - Sunday, October 15, 2017 - link

    Pretty much this stuff. Intrusion detection systems on passive taps (start simple in network security) can pick up on most odd or unusual activity leaving the network from local systems that might be compromised. Yeah, the easy-to-get and easy-to-implement IDS hardware is mostly pattern-based, but you can setup your own scanning and reporting rules. Products like TippingPoint or SourceFire are the start. You can build a DIY IDS as well without a lot of effort and there's always gathering up the activity logs of your core routers and servers for analysis.

    Basically, if something on a network like say a Windows OS or an AV suite is phoning home or permitting backdoor access for a government actor, someone somewhere will figure it out and blow the lid off it as a huge conspiracy since a lot of IT employees are just drooling over being at the heart of some big hushy-hush secret. If a company like Microsoft was actually up to that sorta thing and that was discovered, it'd screw their reputation badly. They can't afford to risk that kind of thing or allowing a cache of zero day holes continue to exist so an alphabet agency can exploit them.

    Honestly ddriver, you really don't have the background or knowledge to comment on this sort of thing with any authority. I know you're here posting so you can feel like you're affirming your notion that you're somehow more intelligent than anyone else, but at least if you're going to do that, stick to hardware. Anyone can learn that and present themselves as if they're an expert to impress other people.
  • ddriver - Monday, October 16, 2017 - link

    Your mediocrity is mind-boggling. Still resorting to the flimsy mainstream solutions, which is the best people like you can do.

    Here is news for you - there are vectors of attack that bypass software and hardware alike, and hijack systems at a low level you don't have ANY access to.

    The only way to secure against those is at electrical signal level.

    Seriously, how many times do I have to repeat until you get it? Just because YOU can't make sense of something doesn't mean it is nonsense. You just lack the knowledge to make sense of it.
  • BrokenCrayons - Monday, October 16, 2017 - link

    Reading comprehension is as limited as your understanding of system security, I see.
  • ddriver - Monday, October 16, 2017 - link

    Whatever helps you feel better about yourself ;)
  • Reflex - Monday, October 16, 2017 - link

    I am eagerly awaiting your highlighting of the specific holes you have identified in standard protocols. Furthermore, I'm mildly curious how you expect to create 'custom' PHY's and protocols that can still communicate with the actual internet, which relies on standard protocols.
  • danjw - Saturday, October 14, 2017 - link

    Why would anyone want to use software that was at least reasonably likely going to allow a government to spy on you. I don't care if that government is yours or not. Just no reason for anyone to take that risk.
  • vladx - Saturday, October 14, 2017 - link

    Paranoia is high, when in doubt always blame the russians. Like NSA or FBI can't be manufacturing facts to fit their agenda.
  • milkod2001 - Friday, October 20, 2017 - link

    Russians have also voted for Trump. Well , they would if they could....
  • yannigr2 - Sunday, October 15, 2017 - link

    AMERICAN companies, and sources in AMERICAN government, are investigating and talking about Russian(or Chinese) software. I wonder what the verdict will be.

    Thank God that AMERICAN companies, agencies and governments do NOT spy on other, countries, leaders, companies and consumers, even when those are part of NATO for example, or American citizens.
    Hypocrisy level: Infinite.
  • RedGreenBlue - Tuesday, October 17, 2017 - link

    Remember, only you can prevent cyber espionage.
    Protect your democracy, uninstall today.

    https://intelnews.org/2017/10/11/01-2194/
  • Antikapitalista1 - Tuesday, October 17, 2017 - link

    Obviously, this just yet another baseless U.S. bullshit propaganda stunt aimed at the U.S. brainwashed public.

    In fact, the story is absolutely ridiculous – reportedly Israeli hackers penetrating into Kaspersky Lab networks and collecting evidence there, what a load of brain-damaged nonsense!

    Besides, the Kaspersky Lab has already refused these baseless accusations. It actually needs to be stressed that the accusations are baseless.

    Obviously, I trust the Kaspersky Labs. Who could believe the all-too-often lying U.S. government, if it even cannot even publish the evidence for the experts to examine, but prefers to mull baseless accusations?

    The only plausible explanation is that the U.S. government is lying again.

    Look, one does not need hackers, much less a totally implausible story about some Israeli ones, which reeks of some bloody cheap spy novel, nothing more.

    The Kaspersky products are installed on their computers, on millions of computers. It is very easy do a pinpoint analysis of the Kaspersky suite. One does not even need the Eugene Kaspersky generous offer, anyone could do it, with a lot of time on their hands, or, most likely, with a lot o man-hours at their disposal, such as the NSA itself or its security contractors. It can be disassembled and decompiled. There is no need for hackers, except in U.S. government paranoid fantasies.

    Obviously, the Kaspersky Lab security suite "stole" NSA malware. I even remember it. It was a particularly nasty piece of malware, which infected the firmware of hard drives.

    And Kaspersky detected it, analyzed it... and broke the news.

    Kaspersky behaviour is absolutely normal – heuristic detection with sending of unknown samples back to the Kaspersky Labs for further analysis – that is where antivirus companies compete, after all. I heuristics and analyses of new threats.
    And Kaspersky was, apparently, the best. (Maybe this was based on pure luck, maybe it was built on solid competence, but I would definitely lean toward the latter.)

    So, the Kaspersky Labs ran across NSA malware and were the first to analyze, or at least the first to break the news.
    Maybe because they are not in bed with the U.S. mafia, so they published it, instead of incorporating an NSA backdoor.

    Customer running away in droves from Kaspersky Labs? Quite the opposite! In fact, I have even downloaded their security suite from a trustworthy Russian site together with a "medicine", as the Russians call it (a crack), but I have not tried it yet...
    Kaspersky has not offered any free antivirus, I mean, perpetually free, or with easily extensible trials, so that has kept me away from recommending it to others. And it has seemed to me rather expensive... but if the U.S. government is fulmination about it, then, I assume, it must be really good... and perhaps even worth a try, to say the least.

    Thus, it is now obvious that the Kaspersky Lab security suite ought to be a very reliable choice, because the U.S. cannot control it.

    You know, I would rather have the Russian government to hoard my private data, then letting my government or its NATO or Five Eyes allies have a peek at them.

    It is the same with smart mobile devices. Huawei is now my only choice when i comes to smartphones. While there have been other rumours about other Chinese competitors, some of them possibly selling your private data for advertisement purposes, only Huawei has been firmly established as having links with the People's Liberation Army, and hence the government of the People's Republic of China. The U.S.A. or its allies fear Huawei devices, which means that the U.S.A has no control over Huawei devices, which is a very good thing.

    Remember, the U.S.A. spied on Airbus (via its European colony named Germany) in favour of Boeing, so products under U.S control are also inherently dangerous, when it comes to to protecting trade secrets.
  • Reflex - Tuesday, October 17, 2017 - link

    Great points Ivan!
  • peevee - Friday, October 20, 2017 - link

    MS provides (even includes with newer Windows) antivirus and anti-malware software for free for a long time now. How all these companies are not dead yet? I suspect kickbacks in corporate and government purchases.
  • twtech - Monday, October 23, 2017 - link

    US companies can be asked to provide information by US government entities, and are required by law to disclose it. The same thing happening in Russia shouldn't be overly surprising.

    Rather than framing this as a good guy/bad guy type of question, the lesson learned should probably be that relying on security technology provided by foreign companies is generally a bad idea.
  • RedGreenBlue - Monday, October 23, 2017 - link

    I would not trust a statement by someone with Antikapitalist in their username in any controversial matter regarding a Russian entity. That post is nothing but disinformation, subjective interpretations, and assumptions hanging by a thread. There is no substantial argument there. To suggest this is something out of a spy novel so it can't be true, is just assinign. To say that Kaspersky denied it so it can't be true is ridiculous. Israel is not some weak and stupid country, they worked with the U.S. To develop Stuxnet. A disproportionately large sector of their economy is microprocessor and software development.
    The Kaspersky integrity problem with the Russian government has been going on for at least a year. Once more, the US government hardly said anything about this, they just wanted it removed from government computers. The press picked up the story. If you're an IT worker for a large corporation with any sensitive information, you should have been aware of this for at least a year. Just by googling I could find stories of IT workers turning down Kaspersky meetings in 2014 because of Russian government actions.

    Kaspersky has been on the US government's radar for a long time as a possible threat to national security. As it should be. It may be a good security software, that doesn't mean it isn't a threat. The suggestion that it found NSA exploits, could just as easily be because they were stolen and passed on by the Russian government and Russia wanted their government computers protected.

    http://foreignpolicy.com/2017/01/31/arrested-russi...
  • Lazhoke - Thursday, January 28, 2021 - link

    Good day! I had a similar problem with persistent spam in my work email! About half a year ago, I was able to solve this problem using <a href="https://blog.mspy.com/mxspy-app-reviews-2018-how-i... target="_blank">mxSpy</a>, which makes it possible to block not only spam mail for certain keywords but also allows you to regulate incoming traffic! There is a cool feature - the ability to customize the same on your family's devices!

Log in

Don't have an account? Sign up now