Kaspersky Source Code In the Wild 154
mvar writes "The source code of an older version of 'Kaspersky Internet Security' has been circulated on the internet. The code was created in late 2007 and was probably stolen in early 2008. Names contained in the source indicate that the stolen code was probably a beta version of the 2008 software package – the current release is Kaspersky Internet Security 2011. According to a Russian language report by CNews (Google translation), the code was copied by a disgruntled ex-employee. The thief has reportedly been trying to sell the code on the black market for some time, and Kaspersky says that the code archive already appeared in various private forums last November."
And, in other news... (Score:2)
And, in other news, Microsoft has released Windows 95 to rapturous applause.
Is there a difference?
How many people (perhaps apart from malware writers) will really be affected by this disclosure of the source for some 4-year-old software?
Re:And, in other news... (Score:5, Insightful)
Re: (Score:2)
Not as much as you imply, seeing that the DOS-based platform and Windows 9x were both abandoned in favor of the NT-based platform (which traces back to OS/2).
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
>>>The designer of NT came from a VMS background but NT was not based on VMS [or OS/2] code.
FTFY. And Netscape's designers came from their previous creation Mosaic for Amiga, Mac, and PC, but Netscape was not based on Mosaic code. Many moons later the Mozilla Suite spun-off from the never-released Netscape 5, and eventually became Seamonkey, but lo the users were not happy with Seamonkey's bloat, so they split-off the browser half and called it Firefox. And it was good.
Thus spake the book of moz
Re: (Score:2)
Not really, the old Navigator was just called the Mozilla suite until Firefox shipped. The Seamokey project is run by a group that still wanted to continue development of the suite, which by the way is now no bigger than today's bloaty Firefox, used the same engine so displays pages exactly as well but offers more features and is an all around SUPERIOR browser. Firefox was good when it was actually smaller but these days is pretty pointless. What the should do is keep the FF name because its well markete
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That may be so, but its not the bottom in kernel level stuff anyone is interested in the Windows code base leaking for (well some crackers and other criminals might be) there are plenty of FOSS kernels that are every bit as good on NT to choose from. What's good about Windows is the stack of libraries. Lots of those are present in WIndows 9x and the complete source to Windows 95 even today would be of great use to someone who wanted to support win32 subsystems on top of some other platform.
Re: (Score:2)
It would probably be a boon to the WINE project, if nothing else.
Re: (Score:1)
Comment removed (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm saying that arbitrary hardware requirements do not have any relation to how well something actually does its job, and the examples you gave are ridiculously off-base for an embedded system in the first place.
As an example, ATMs get new anti-counterfeiting devices all the time (certainly often enough to refer to any particular device as "next-gen"), yet they run old operating systems without significant problems. Sure, there's the occasional virus, but the overall rate of infection is far lower than desk
Re: (Score:2)
Check out this quote: "EOS is Secure. Security for bot
Re: (Score:2)
Also [embeddingwindows.com] industrial control and monitoring, remote instrumentation and telemetry, smart appliances, and research.
An FTP server probably needs a TCP stack, but it likely doesn't need support for laptop power management. On the other hand, a remote monitor might need to run with a backup battery, but communicate over a serial line. Again, embedded systems involve a lot of choices. The field of embedded machines is enormous, and there is certainly no single OS (and especially no single configuration) that will fi
Re: (Score:2)
Re: (Score:2)
No but it should be running a better OS. No issue at all getting linux into something like that, pretty common in the embedded world already.
Re: (Score:2)
It currently runs Debian, stripped down to about 100 megs, and that's with only removing packages. A friend of mine (who is more familiar with the Linux internals) says that figure can easily be cut in half. The spare hard drive I stuck in the box is 2 GB, so I'm not particularly worried. Text recipes don't take that much space.
The first version I set up actually ran Windows 98, because I had originally written my recipe program in Visual Basic. It has since been translated to a language that causes less pa
Re: (Score:2)
I had originally written my recipe program in Visual Basic.
It takes a brave man to write a sentence like that on slashdot.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Still no reason to go adding the risks that come with win9x. Lots of better options available.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
This means the black hats pretty much have a roadmap to use to trash Kaspersky AV. Even if they didn't use much of the previous code it most likely will allow them to see how the Kaspersky AV team treats PC resources like memory, giving them a good idea of where the weak spots are. Bad news for Kaspersky users I'd say.
The moment you give someone your binary you've given them your code, just in a harder to read format. Any black-hat that cares will merely read the disassembly. Original source code not required.
-Malloc
Re: (Score:2)
There's a very limited number of people who can actually read large swathes of disassembled code, though, and I believe the majority of that already small number has more interesting things to do than see what makes another antivirus suite tick.
Well, until Kapersky manages to tick one of them off, that is.
Re: (Score:2)
I don't disagree but I think, by the same token, people that can't (or are too lazy to) read the assembly are less likely to have the m4d sk1lls (or attention span) to do something very serious with/to the anti-virus program. But, as you say, once you get into "ticked the general populace off" territory (instead of just "highly-skilled dude working for evil overlord for big$" territory), having the easier-to-read source laying around won't help.
Re:And, in other news... (Score:4, Insightful)
Here's the thing.
The people who write malware already have this code. They might not have the C source, but they've got a good handle on the IO flow and undoubtedly have it in assembly. Is this a game-changer for the malware writers? Not even remotely. Even if this was the source code for the latest version from 2011, it wouldn't change anything.
"They" have access to the exact same software that we have. They can download Avast! or AVG or Kaspersky or MSE and write the malware to be untraceable under those security suites. Hell, if they really wanted it they could find disgruntled employees or cleaning crews and get access to the repositories for cash monies.
No antivirus software... (Score:1)
Works nowdays anyhow so... i really dont care.
Besides, im on Linux.
Re: (Score:2)
The answer is lots of people. Customers of Kaspersky may suddenly discover themselves infected with malware that sidesteps, disables or otherwise interferes with their AV or firewall software. Other people might receive emails offering "free" and apparently legit Kaspersky software which subsequently holds their machine to ransom, or installs a bot. And everyone else w
Pretty useless now (Score:5, Interesting)
Code to a 4 year old anti virus app, whats that going to be worth? Kaspersky was great until a few years ago. Then one release made my parents older p4 system near unusable. It went from firefox loading in a few seconds to close to 30 seconds. Forums were filled with the same complaints and no real fixes. I changed to Avast and its been great.
Re: (Score:2)
Re: (Score:2)
Buy a faster computer just to run anti-virus?
You windows kids make me laugh.
Re: (Score:2)
I used to be a big fan of Kaspersky, but their 2010 update is a real piece of junk. A failed update should not cause a corrupted database that it can't rollback from. It also should not give up and force you to manually download updates from their support website.
And yet this exact thing kept happening every few months like clockwork until I gave up and dumped it. When it worked, it worked very well, but dang.
Re: (Score:2)
I got hit with something nasty a few years ago, and the first thing it did was disable my CA Antivirus (provided by my ISP) from updating. Lo and behold, there was no way that I could find to manually update CA AV at all. I finally was able to clean the machine using Kaspersky's online virus scanner, and I was sufficently happy with it that I bought the product; I'd be perfectly happy with the occasional manual database download if the alternative was having no way to update the signatures, ever.
Re: (Score:2)
Re: (Score:2)
Avira is also good. But Kaspersky is even better. You should use it with more modern hardware. Otherwise stick with Avast and all is good.
(emphasis mine)
not according to av-comparatives.org. kaspersky has slipped behind quite a bit while avast and avira are still front-runners.
Re: (Score:3)
Open source using companies can be procecuted if the wrong thing slips in.
Closed source companies can't be
See Oracle Vs Google.
G
Re: (Score:2)
Sure they can. Quite common to run strings against binaries to see what you get. The busybox folks have sued more than one closed source vendor.
I just stopped using anti-virus (Score:2)
Re:I just stopped using anti-virus (Score:4, Informative)
It's a very good start. Brain 1.0 is still the best virus scanner out there.
Still, there are threats that can't be defeated that way. Scenario: Exploit in a major flash application that affects all possible plugins (since they are essentially the same with different interfaces to the browser), an iframe hidden in a webpage on a, say, hotel homepage you happen to visit because you are planning your vacation, infection complete. If you happen to dislike plugins, browsers themselves can have their loopholes (IIRC the MHTML hole already made it to /. today), not to mention that browsers do also rely on APIs in the end, which are the same, no matter what browser you use.
I'm not saying get a AV tool. All I say is that there are still vectors you cannot defeat just by being careful. A system's security is the minimum of the user's and the system's ability. Not the average.
Re: (Score:2)
It's a very good start. Brain 1.0 is still the best virus scanner out there.
Still, there are threats that can't be defeated that way. Scenario: Exploit in a major flash application that affects all possible plugins (since they are essentially the same with different interfaces to the browser), an iframe hidden in a webpage on a, say, hotel homepage you happen to visit because you are planning your vacation, infection complete. If you happen to dislike plugins, browsers themselves can have their loopholes (IIRC the MHTML hole already made it to /. today), not to mention that browsers do also rely on APIs in the end, which are the same, no matter what browser you use.
I'm not saying get a AV tool. All I say is that there are still vectors you cannot defeat just by being careful. A system's security is the minimum of the user's and the system's ability. Not the average.
I also use Flash Block :)
You do make a very good point about flash as is your point that nothing is ever full proof. I felt after having done the "right thing" and getting malware, coupled with Mcafee not even allowing me to uninstall it completely, I was sick of the game and decided to try Brain 1.0.
Re: (Score:1)
Re: (Score:2)
Consider this: the legitimate source's website is hacked, and all its downloads are infected with new malware not yet seen in the wild. This remains unnoticed for several days, during which time the malware has been downloaded by hundreds or even thousands of users. By the time the AV companies get a sample, it's too late for all those downloaders...
Sure these things can happen. But they are very rare. Risk am willing to take over the slow down AV software packages add to my nice clean system
Re:I just stopped using anti-virus (Score:5, Insightful)
But that's not what an AV is for, despite the industry trying to market it as such. Antivirus software is reactionary. The company has to receive an unknown virus and analyze it before they can put the virus in the next definition file update. And any heuristics module included is typically useless against all but the most basic attacks.
AV is at best a catch-all for uncontrolled or uncontrollable situations. Office computers, shared family home machines, etc. that are subject to illogical users' whims would benefit from AV. But AV cannot stop zero-day exploits, cannot prevent malicious JS, and is completely useless against a determined attacker with physical access to a machine.
Proper computer security addresses each attack vector separately. A properly-configured software firewall will take care of most of the threats though the network. In fact, hiding behind a NAT will take care of 99% of the zero-day threats; whitelisting outbound traffic is just good security practice. Noscript and safe surfing habits will guard against anything coming in through the browser. Obviously, preventing unauthorized physical access to the system requires physical security.
All AV will do is maybe stop that infected autorun from your kid's buddy's flash drive, or delete that exe file you accidentially downloaded from a questionable site you were surfing. But that's what's it's really there for:all the cases you don't really know or expect to have to guard against.
Re: (Score:2)
Not recommended.
A bunch of malware nowadays appears on:
1. Hacked Websites
2. Advertising
Yeah, if you disable JavaScript and Flash you might have a 'safe experience'. But then if your favourite news website gets hacked, you'll catch a virus.
Its not worth it , truly. Or, your flash drive might get infected from someone (there was a printing bureau which actually had this sort of worm on their pcs - infected tons of people).
Re: (Score:2)
So... how much do you trust that flash plugin you got? How about silverlight?
And McAfee is really quite mediocre as AVs go. Avast | AVG | MSSE are all far better.
Re: (Score:2)
Well, if your assertion is correct, then wouldn't the 4 year code be worth quite a lot? Seeing as it is a better version before it went downhill?
Re: (Score:2)
I know it's never likely to be popular on these message boards, but I've actually been having a good experience with Microsoft Security Essentials on the one machine I've tried it on. I've got other machines with AVG Free and avast! on, and MSE has come across relatively simple and light-weight. I'm told it has reviewed pretty well in AV testing too.
Not that I have any complaints from any of the main free AV programmes I've used, but it's nice to see another decent option in the line up.
Re: (Score:2)
Or maybe use a better OS. Upgrading a PC just for antivirus is a hilarious concept.
Pay developers more! (Score:5, Funny)
Re:Pay developers more! (Score:4, Funny)
Perhaps he has only misplaced his gruntle, and is not fully disgruntled.
Re: (Score:2)
it clearly states he was disgruntled. I therefore assume he had his gruntle stolen and that's why he went and stole the code off them. you know, in a "you take my gruntle I'll take your code" kind of way...
Re: (Score:1)
Re: (Score:2)
In Soviet My House, wife beats me!
Stolen?? (Score:5, Funny)
I wish them luck recovering it so they don't have to rewrite it from scratch.
(Copyright infringement is not theft.)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Why.....if their source code was stolen then they don't have it anymore. If their source code is gone they will have to rewrite it. Unless they recover it somehow.
Get it yet?
Re: (Score:2)
WTS: Sense of humour, stolen from nicholas22. Barely used.
Re: (Score:2)
whoosh
Re: (Score:2)
Reactionary - extreme conservatism or rightism in politics; opposing political or social change.
Re: (Score:2)
I bet now they wish that software could be multiplied easily. If that was only possible, I'd have this great idea where you could create a copy of your software, then store it somewhere safe in case some thief gets in, empties out your servers and makes it away with that big bag with that huge $$ sign on it.
I'll be rich when this finally becomes possible!
Dammit, I should have patented it before posting here...
Re: (Score:3, Insightful)
Re: (Score:1)
Here's another one: Identity theft. Language evolves. Deal with it.
Calling copyright infringement theft is a deliberate attempt to equate infringers with criminals (or the result of having been influenced by same) -- not an accidental evolution of language -- whereas identity theft is, in fact, a crime.
Furthermore, if someone copies your code then at worst you've "lost sales" but at least your program still works. If someone steals your identity, then your identity itself is compromised (in its function as a unique identifier) and your ability to use your identity is redu
Re: (Score:2)
Re: (Score:2)
The legal and economic definitions of theft indicate the loss of a physical item. If I steal something from a store, that item needs to be replaced. If I infringe your copyright by downloading your music, you've at worst lost a sale. The economic impact is a lot less because you're not actually losing real goods that already have work invested into them.
Is it wrong? Yes.
Does it suck? Yes.
Is it a theft. No.
Re: (Score:2, Informative)
Here's another one: Identity theft. Language evolves. Deal with it.
Heck no... framing bank fraud as "identity theft" puts the onus on the victim instead of where it properly belongs.
The bad news is (Score:1)
Re:The bad news is (Score:5, Funny)
That won't work. The source for Ubuntu has already leaked.
Re: (Score:1)
Re:The bad news is (Score:4, Funny)
Dammit, now Linux is hellish insecure!
Why didn't anyone inform the community? That's so irresponsible!
Re: (Score:2, Insightful)
You know what?
Ubuntu can get viruses just as easily as other OSes. The Apache servers that control botnets aren't running IIS. Wine is a weak point, and Flash is a cross-platform single-point-of-failure. How many times have you blindly added a repository based on what some random untrusted person on the Internet tells you to do? I know I have.
The only reason that it's not as 0wn3d as Windows is that Windows was easy pickings and has huge market share. Now the bad guys are going to focus on smartphones
Re: (Score:1)
Certain people keep saying the only reason there's no such thing as Linux malware is market share.
The fact that applications running on Linux can't alter system files has absolutely nothing to do with it.
Prove it. Release your exploit already.
BTW, Wine is notoriously bad at running malware.
Re: (Score:3)
Drop an executable in ~, change ~/.profile and ~/.bashrc to put those directories first, pwned.
Easy to clean, true, but if you're not looking for it, it's not there. Also defeatable by mounting home noexec but how many user installs do that?
Re: (Score:2)
That's still not an example of modifying system files. So you're dropping an executable in root then running some code to edit some files so you can run the executable. Isn't there some kind of circular reference problem there?
Re: (Score:2)
You can't modify the system files. Notice I said run from ~, not /.
Arbitrary file write in a browser or plugin or mail client, and you're in, compromise. Granted, just for that user but that's all you need for most personal systems. It's more than good enough for a botnet - you can make connections out and harvest any e-mail addresses / private data from ~.
There's actually an additional hole in *nix that's not present in Windows (or more accurately, Firefox on those systems). You can write a browser plugin
Re: (Score:2)
This is mainly because Wine is notoriously bad at running anything.
Re: (Score:1)
You seem to be confused about how botnets are currently being controlled.
Hint: It's not through Apache.
Re: (Score:2)
Re: (Score:2)
Oh wait, you wanted to be fed.. My bad.
Re: (Score:2)
You don't spend much time on Ubuntu boards, do you?
I've seen questions that make me cringe (after years and years of support, you usually can stomach even questions that eventually lead up to "Are you really, really sure it is plugged in?"), but the people there answer even the tenth identical question with the same stoic patience as the first time.
I can't remember seeing a RTFM or LMGTFY on a Ubuntu board.
Re: (Score:2)
Are you kidding?? I tried to install ubuntu 10.10 today. It crashed twice during install and once after install...
Probably a bad burn... Burn it at an insanely low speed, and verify (I use ImgBurn, generally). I went through this with a Windows 7 a week ago, I burned over 5 DVDs with varying speeds and never got one to actually work. They were from an official source, using an official downloader, even (Digital River, we got the student discount shortly after release, and they lied about sending the actu
Copied, not stolen... (Score:1)
"The source code of an older version of 'Kaspersky Internet Security' has been circulated on the internet. The code was created in late 2007 and was probably copied in early 2008. Names contained in the source indicate that the copied code was probably a beta version of the 2008 software package - the current release is Kaspersky Internet Security 2011. According to a Russian language report by CNews (Google translation), the code was copied by a disgruntled ex-employee. The copier has reportedly
Re: (Score:1)
Everybody here understands exactly what happened. Nobody cares about the semantics. You have contributed nothing.
Re: (Score:2)
Tomayto, tomahto. If it were your credit card number being passed around and being used to buy goat porn, you'd probably tell your credit card company it was stolen. Even if some self-rationalizing freeloader came along and pointed it that it can't be stolen since it's still in your wallet. Semantics, at least in this case, really are unimportant.
Re: (Score:2)
Disgruntled employee steals? (Score:1)
I have a lovely stapler at home.
Like Netscape.... (Score:1)
Someone... (Score:2)
Someone check this out to see the quality of this closed code!
Code quality is often a excuse for commercial software to sell VS OSS, and I am interested on how "higher" the quality of this stuff is.
here is the source code: (Score:5, Funny)
#include <stdio.h>
#include <kaspersky.h>
char make_prog_look_big[1600000];
main()
{
if (detect_cache())
disable_cache();
if (fast_cpu())
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
printf("Please wait, Kaspersky is scanning your computah)\n");
if (system_ok())
crash(to_dos_prompt);
else
system_memory = open("a:\swp0001.swp", O_CREATE);
while(1) {
sleep(5);
scan_a_single_file();
sleep(5);
update_progress_bar();
sleep(5);
if (rand() < 0.9)
crash(complete_system);
}
return(unrecoverable_system);
}
}
Re: (Score:1)
Kaspersky security?? (Score:1)
Re: (Score:2)
Why? You have to balance security with usability - in this case the ability to actually do your job - which fundamentally means you have to trust your developers with your source code.
If you're a larger company you can break your code down and only allow people access to the module they're working on, for smaller to mid sized companies that's not such a viable option; people generally work on whatever bit of code needs working on. I doubt Kaspersky actually employees that many developers.
That's assuming i
Re: (Score:3)
Linux is not inherently more secure. Why would it be?
You might notice now and then that an exploit gets discovered in a Linux program. BIND and sendmail have for some time been the poster child for "yet another Linux security hole". Even BIND 9 has its issues. Now, why BIND and sendmail? Are they so horribly insecure compared to the rest of the system?
No. But compromising them is profitable. Simple as that.
Likewise, finding security holes in Windows is profitable. The average Windows user is less clued than