59 comments

[ 3.1 ms ] story [ 128 ms ] thread
All Russian software should have been banned back in 2014.
(comment deleted)
Why?
because the 1980s didn't actually call to get their foreign policy back?
For the same reason that the Russians ban our NGOs. They're not neutral groups independent of their sovereign.

To say otherwise is naive.

Telegram is a big source of news within Russia for Osint, banning access would be detrimental to journalism
TG isn't Russian, I believe they are based in Dubai
It doesn't matter where the shell company is formally registered.

The founder and CTO is Durov, whose previous project, VKontakte (Facebook clone) has been effectively confiscated by Russian government.

Telegram is a Russian project. People are hoping that because it's made by a "good" Russian who isn't in Russia anymore, and holds a grudge against Russian government, Telegram won't have Russian backdoors.

I'd say, that is rather optimistic.

If we’re going that far, wouldn’t one then logically assume that all US software has US backdoors? What does that mean for other countries?
>If we’re going that far, wouldn’t one then logically assume that all US software has US backdoors?

Critical one probably has.

>What does that mean for other countries?

That if they are involved in an armed conflict with the US, they would be better off not having US software where they don't want the US to have presence.

Which brings us to where we started: the reason for the ban is that Russia has invaded Ukraine and is waging war there, and the US isn't on Russia's side.

The US invaded 7 different countries and killed upwards of a million civilians by some estimates in this century alone. Should the same measures be applied to it, or is it “different” and I “don’t understand”. How about Israel?
>The US invaded 7 different countries and killed upwards of a million civilians by some estimates in this century alone. Should the same measures be applied to it, or is it “different” and I “don’t understand”

By the countries the US invaded, during the invasion - you bet.

>How about Israel?

I'm guessing Iran isn't a big user of Israeli software.

The US is a major user of Israeli software and hardware though, Mossad notwithstanding. Seems imprudent from the “national security” perspective
Last time I checked, Israel wasn't waging a war with the US or any of the countries US allies or partners with for security.

Conversely, the US and Israel are security partners.

How much mental gymnastics does one have to do to ignore the fact that the entire thing is about Russia waging a war in which the US is on the other side?

Israel controls US foreign policy lock stock and barrel, and increasingly its domestic policy as well. If there ever was a threat to national security, this is it.
The formulation you've chosen here is rather crudely hyperbolic, and not particularly helpful.

"Israel controls certain aspects of ..." would be somewhat more in the direction of a fair statement. But it's still not accurate. It's definitely quite fair to talk about something called the "Israel lobby", which by definition is made up of American citizens, and not even necessarily Jewish, which obviously does exert a great degree of control over, to be clear -- certain aspects of policy within the U.S.

But the Israeli government per se does not.

But the Israeli government per se does not.

Though we may need to qualify that:

https://www.theguardian.com/world/article/2024/jun/24/israel...

Yes, government engages in PR work.

How unusual.

Depends what you mean by "public relations":

Haaretz and the New York Times recently revealed that Chikli’s ministry had tapped a public relations firm to secretly pressure American lawmakers. The firm used hundreds of fake accounts posting pro-Israel or anti-Muslim content on X (formerly Twitter), Facebook and Instagram.

Oh no, not the FB an Instagram posts! By a public relations[1] firm, at that.

Posting content on social media is totally an example of checks notes[2]

>"Israel controls US foreign policy lock stock and barrel, and increasingly its domestic policy as well. If there ever was a threat to national security, this is it."

I am now absolutely convinced that Israel is an evil regime, very different from any other government on planet Earth.

[1] https://en.wikipedia.org/wiki/Public_relations

[2] https://news.ycombinator.com/item?id=40756391

>Israel controls US foreign policy lock stock and barrel, and increasingly its domestic policy as well. If there ever was a threat to national security, this is it.

Ah, I love the smell of antisemitic conspiracy theories in the morning.

That's just Protocols of the Elders of Zions with extra steps though.

[1] https://en.wikipedia.org/wiki/International_Jewish_conspirac...

Telegram is barely russian. The founder is basically a russian dissident and a French citizen.
Some other antivirus is about to make bank in the US. Can’t wait for all the special first-year offers.
Serious question: do people still use antivirus software?
Non technical project managers love it.
we run clamav on our linux boxes, it has caught things
Kaspersky is more than AV - we use their Safe Kids app to gain some control over our kids' devices.
Definitely. As a developer, I was totally fucked by one of our customers' antivirus software.

That AV software has very poor performance. It significantly slows down the DLL/file loading. And the firewall component just simply add delay to all HTTP requests. The “Exclusion” function is also useless as expected. It cost me a lot of meaningless time to investigate the performance issue reported by customers.

And you cannot even imagine that as an AV software, their self-protection component is running as a simple Windows service. You can easily disable that by setting a wrong user account to that service. After restart, you can do whatever you want.

Honestly, if I am the one who writes virus. I would give credit to the company who make such poor antivirus software and sell to thousands of customers. They do make life easier.

A lot of times, the antivirus is part of the crapware that comes with a new windows computer. After a month of free tryal, it start shiwing scarry reminders. And as John reminds us, it may be difficult to uninstall https://www.youtube.com/watch?v=bKgf5PaBzyg
(comment deleted)
[flagged]
Totally makes sense, since Kaspersky is not just an anti-virus company and it's not just "part-Russian"

They're literally a contractor and consultant to russian military.

https://informnapalm.org/en/alabugaleaks-part-2-kaspersky-la...

So, like Symantec?
Do you have sources of Symantec working for russian military?
You probably think intentionally missing the analogy is clever.
It would be an analogy if US currently was in the middle of exterminating a nation.
Obviously this decision is political- it's expressly because of sanctions.

You are raising a "what about" question here. "If you do this then what-about that?" Or perhaps "before you do this perhaps worry about that."

But these issues are completely unrelated. One is political (and trivial to deal with) another is technical (and a vastly bigger, and more complicated topic).

For starters if congress set out to "prevent spyware", I'd suggest they lack the skillset to even define "spyware" much less the technical expertise to effectively ban it in some way. I certainly would not expect them to somehow ban "spyware" whole at the same time leabing all "not spyware" unaffected.

>one of the most reputable

That's quite the stretch.

...and also ban the antivirus maker from distributing software updates and malware signatures to existing Stateside customers after September 29

Some percentage of customers won't bother to switch to a competing product, letting the stale signatures linger instead, and ironically that'll make them more vulnerable to hackers and state adversaries.

My first thought was "what do they know about Kaspersky that makes them suddenly want to burn it to the ground?"

This article talks about some possible reasons:

https://www.wired.com/story/us-kaspersky-ban-evidence/

> Stories in the New York Times and Wall Street Journal have since cited anonymous sources accusing Kaspersky of siphoning American secrets, including the files of an NSA staffer, to its own servers, where the Russian government then accessed them.

To be clear, the article doesn't consider this a smoking gun, and instead is demanding a more concrete statement of the government's reasons.

But, personally, I'm completely fine with erring on the side of not trusting a security company operating in Russia with access to my computer. Let's say Kaspersky has the most honest and best intentions in the world, and would never voluntarily cooperate with Putin's government to spy on or harm foreign computers. Does anyone think their protests would matter at all, if push came to shove? This is like the TikTok argument, but with a more obvious attack vector if the software came under direct control of a hostile government.

Right, it's not about whether Kaspersky has done or spread any malware so far, it's about what they could do if Russian government threatens to throw their managers out of 13th-floor window. It's a threat especially because AV-apps have full control of people's machines.

And Russia is sanctioned by US in many other ways because Russia started a war against Ukraine. So why not sanction Russian software companies as well. Makes sense if you think starting wars should be discouraged.

We may be moving towards a situation in which the West and the China/Russia block end up being completely disjoint as far as proprietary software goes (whether cloud or on-premise), due to each banning the proprietary software of the other, although still sharing open source in common. The long-term consequences could be interesting.
That's a good insight. The likely consequence will be that security services on both sides increasingly target open source projects as a zone of conflict, both by trying to inject security vulnerabilities that they can exploit when used by the other side and by trying to detect vulnerabilities prior to use on their side. The maintainers and code committers on major open source projects will be targeted for recruitment as intelligence assets.
It's an opportunity to move to open source software. As an example, if uBlock Origin can be open and work for the world, why can't something else?
a few days ago when kremlin asked mozilla to remove anti-circumvention tools from mozilla store, the internet exploded with "sold outs" and "succumbed to pressure of the oppressive government" but now here we are.

isn't this hypocrisy? on your part, i mean the HN crowd

[flagged]
Now let's investigate JetBrains. Untill recently they had huge presence in St Petersburg and relocated their Russian staff after war broke out.

IMO it is supply chain risk which ought to be carefully audited.

"the program searched for terms as broad as 'TOP SECRET'"

It is a good line for the script in a second part of the movie with the same name. As a excuse to justify the banning of an Antivirus... weak as the Intelligence of some Chief Commander in the New World. Not a Big-EEndian. Swift...