Kaspersky

kartvelo

Well-Known Member
Lifetime Member
SoSH Member
Aug 12, 2003
10,461
At home
There has been some, not much, discussion in the media regarding Kaspersky and its Russian origins. Now there's a story about an NSA contractor being hacked because he brought conf. info home to his Kaspersky-"protected" home computer.

What is the takeaway for consumers regarding Kaspersky?
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
Don't use it. Don't use Windows if you can avoid it in general (if you can't stomach buying a Mac, use an iPad), but definitely don't use a Russian anti-virus suite.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
You might as well just use Microsoft's built-in stuff. It's adequate, and adequate is about all you can ask for when your proposition is "I have a system that doesn't want to be secure, how do I make it secure?".

But the real answer is to stop using Windows, and stop using computers (in lieu of sandboxed, high-security devices, which basically means iOS, and no, not Android) if you are really worried about this and aren't able to adequately defend yourself structurally.
 

kartvelo

Well-Known Member
Lifetime Member
SoSH Member
Aug 12, 2003
10,461
At home
So what you're saying is, if you're going to live in Windows land, you just need to find a way to live with this constant possibility of being hacked, that you should learn to be aware of your surroundings, and you should learn to "get small" if you need to?
:)
 

AlNipper49

Huge Member
Dope
SoSH Member
Apr 3, 2001
44,851
Mtigawi
Don’t allow your account administrative access to the PC you are on and you will avoid 99.999999% of the potential issues out there. We manage a few thousand desktops and have had approximately zero security incidents as a result of someone running on Windows.
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
Don’t allow your account administrative access to the PC you are on and you will avoid 99.999999% of the potential issues out there. We manage a few thousand desktops and have had approximately zero security incidents as a result of someone running on Windows.
This.
Standard windows the way it's set up on 99% of home PCs is terrible. But if you can run in a limited privileged account, and run stuff sandboxed when needed then it's fine.
 

NortheasternPJ

Member
SoSH Member
Nov 16, 2004
19,271
Don’t allow your account administrative access to the PC you are on and you will avoid 99.999999% of the potential issues out there. We manage a few thousand desktops and have had approximately zero security incidents as a result of someone running on Windows.
Also enforce that they can only run signed apps, which helps a ton. I think your 99.999999% is a tad high, it's probably 98% of it, which is 98% more than if you don't do it. I was in a multi-thousand user global organization yesterday and their CISO made the comment "nobody really takes admin rights away on user systems do they?" I sadly informed him that yes, many do and he was incorrect.
 

AlNipper49

Huge Member
Dope
SoSH Member
Apr 3, 2001
44,851
Mtigawi
If you don’t take admin right away from your users and you are in a business environment then you are negligently running your business.
 

AlNipper49

Huge Member
Dope
SoSH Member
Apr 3, 2001
44,851
Mtigawi
Also, using only poisoned DNS servers like OpenDNS will help you avoid everything else

Then you can run a $400 box that is effectively the same a $3500 Mac and you don’t need to deal with the Fisher Price interface. I’d suggest running a variant of Linux but I’ve pounded my balls with a hammer enough time trying to get every driver working right (in a distributed environment where it’s impossible to have everyone on the same platform) that I don’t even try anymore.
 

NortheasternPJ

Member
SoSH Member
Nov 16, 2004
19,271
Also, using only poisoned DNS servers like OpenDNS will help you avoid everything else

Then you can run a $400 box that is effectively the same a $3500 Mac and you don’t need to deal with the Fisher Price interface. I’d suggest running a variant of Linux but I’ve pounded my balls with a hammer enough time trying to get every driver working right (in a distributed environment where it’s impossible to have everyone on the same platform) that I don’t even try anymore.
There's nothing more simple than running OpenDNS, I don't understand why most companies don't. Even the free version gets you a lot.
 

Couperin47

Member
SoSH Member
If you are running any 'consumer grade' router that's more than 2 years old (DLink, Netgear, USR etc.) seriously consider an upgrade, many/most never allowed any name but 'admin' and it's been way way too easy to crack them, poison the firmware and otherwise pwn that stuff. Of course you also need to make sure shit like uPnP is turned off in whatever you're running.
 

AlNipper49

Huge Member
Dope
SoSH Member
Apr 3, 2001
44,851
Mtigawi
There's nothing more simple than running OpenDNS, I don't understand why most companies don't. Even the free version gets you a lot.
Starting next year we are pushing through a mandatory $2/user surcharge on all clients. OpenDNS is such a home run that if a client can’t invest $2/user/month on their security then there are IT firms out there more aligned with their values (break/fix places that make money every time they pick up the phone....those places love virii)
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,885
Alexandria, VA
There's nothing more simple than running OpenDNS, I don't understand why most companies don't.
There's no way I'd use them in a security conscious environment. Until like 2 years ago it was broken by design and hijacked DNS requests instead of returning errors correctly. They still hijack google predictive search and do a bunch of other shady stuff.

And they have enough general sloppiness (e.g. breaking geolocation frequently) in their coding that I don't trust them to be at all secure even when they're not intentionally hijacking things.
 

NortheasternPJ

Member
SoSH Member
Nov 16, 2004
19,271
There's no way I'd use them in a security conscious environment. Until like 2 years ago it was broken by design and hijacked DNS requests instead of returning errors correctly. They still hijack google predictive search and do a bunch of other shady stuff.

And they have enough general sloppiness (e.g. breaking geolocation frequently) in their coding that I don't trust them to be at all secure even when they're not intentionally hijacking things.
The ads thing is well known and was shut off 3 years ago now and that was before Cisco bought them. I know others that still hold this against them but it was years ago and they didn't try to hide anything.

I'm not aware of the predictive search issue and haven't found anything about it and would love to read more if you have a link.

They're one of the largest and fastest DNS providers out there and have a massive level of threat intel layered on top of it. I'd rather use that then what my ISPs are providing or see a reason to trust them less than google. Every customer we've turned it on for, including environments with good security already, found a ton of value in it both in network and off network. Cisco security has some really shitty products, but I don't see this being one. It's not perfect (their URL categorization needs to be better and their AD connector as well)

Are you concerned with someone attacking an organization by hacking OpenDNS, providing invalid results and either infecting someone with malware or stealing credentials that way?
 
Last edited: