+ Reply to Thread
Results 1 to 5 of 5

Thread: Surveying Practices of 17 AV Firms

  1. #1
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581

    Surveying Practices of 17 AV Firms

    Questions ISMG posed to the AV companies:
    1) What steps do you take to secure suspicious file samples when they are transmitted from a user's PC to your researchers? For example, are all such communications encrypted?

    2) Could outside attackers eavesdrop on those communications, and if so, how? What defenses are in place to prevent this?

    3) Do you ever share copies of these files with VirusTotal, law enforcement agencies, or intelligence agencies domestic or foreign?

    4) For a user, is sharing suspicious files with your researchers optional? If so, do users "opt in" - or must they "opt out"?

    5) Do you anonymize the source of suspicious files, and if so, how (and at which point[s] in the submission chain)?

    6) Has your firm engaged in any marketing that suggests that Kaspersky Lab products are not reliable, and does it have any hard evidence - aside from U.S. media reports - that cite anonymous sources) to back up these assertions?

    See here for the answers.

    Interestingly, all of the UK and US AV firms declined to comment their practices.
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    anon (31.10.17) , slikrapid (29.10.17)

  3. #2


    Join Date
    22.06.08
    Location
    astral planes
    P2P Client
    sbi finest
    Posts
    3,125
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss3125
    Quote Originally Posted by article
    3) Do you ever share copies of these files with VirusTotal, law enforcement agencies, or intelligence agencies domestic or foreign?
    they share with each other and with governmental agencies, this is normal, they all want to be up-to-date with malware detection abilities

    6) Has your firm engaged in any marketing that suggests that Kaspersky Lab products are not reliable, and does it have any hard evidence - aside from U.S. media reports - that cite anonymous sources) to back up these assertions?

    Israeli intelligence allegedly hacked into Kaspersky Lab's network and found Russian intelligence was already monitoring the company's communications with endpoints, as well as running searches for interesting-looking files on customers' PCs.
    there is currently a heavy anti-russian propaganda campaign going on, from the usual suspects (usa, nato, eu, israel officials and their major media outlets), so this is probably just fabricated "evidence" as a part of this campaign

    Who to Trust?
    these are all private companies, there is no way to prove their claims, nor to be able to check on the current status of these claims
    under certain conditions all their data can be seized, inspected or monitored by their governments (during wartime or under patriot act or the like)
    Reply With QuoteReply With Quote
    Thanks

  4. #3
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  5. Who Said Thanks:

    Renk (31.10.17)

  6. #4
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581

    I hate when AV are MITM-ing my connection. I check it with SSLEye or with the FF addon CheckMyHttps every time I test any AV.
    Reply With QuoteReply With Quote
    Thanks

  7. #5
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    I disabled all the cipher suites without forward secrecy, SSLv2 and v3, MD5 and mixed content in all my browsers, and also trimmed my list of trusted CAs to the bare minimum (see https://github.com/pyllyukko/user.js...relaxed/CAs.md). These changes break some sites, but that's their fault. You can check your setup at https://www.badssl.com/. Most of the red-colored links should be blocked.

    I also read a ton of articles and papers about TLS this year and learned just as much. It was amazing to find out how ignorant I was about basically everything.

    Also, I just realized you and I have been talking about security for almost a decade! Aren't we just the best
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    Renk (02.11.17)

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •