In the Depths of the Cloud, Open Source and Proprietary Leviathans Fight to the Death
Jono Bacon Asked Google Home ‘Who Founded Linux?’ You Won’t Believe What Happened Next!
Red Hat's Women in Open Source Award Winners, 2017
Imagine an Android Phone Without Linux Inside
Linus Torvalds Talks to Debian Users
Mozilla Relents, Thunderbird Can Stay
Heed the Prophet Stallman, oh Software Sinners!
June 25th, 2015

The NSA, Windows & Antivirus

Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.

Boris and NatashaIronically, this side door is intended to be a security door for third party add-ons that every Windows machine needs to keep it safe from cracker hackers — if that’s indeed possible. And this security tool is usually more trusted by Microsoft system admins, especially those outside the U.S., than Windows itself.

That tool, of course, is your garden variety antivirus program.

According to an article published Monday on The Intercept, the spooks have been busy figuring out ways to exploit antivirus software, used on absolutely every Windows server in every data center on the planet.

“The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which…claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.”

If I were Kaspersky, I’d be really pissed right about now.

It seems that the NSA, along with Brit spies at Government Communications Headquarters (GCHQ), have had their noses so far up Kaspersky’s…er, code, that they know what every sub-routine in it’s software smells like.

The information comes from — where else? — documents supplied by the NSA’s nightmare-that-won’t-go-away, Edward Snowden.

The spooks have been reverse engineering. They’ve been dismantling Karpersky’s software, searching for weaknesses. They’ve been mining sensitive data by monitoring the email chatter between Kaspersky client and server software. In other words, while IT security folks outside the U.S. have been keeping a wary eye on their Windows servers while trusting their antivirus to be a tool to help them secure the unsecurable…well, their antivirus software has been being a Trojan in the truly Homeric sense of the word.

Although this week’s article concentrates on the NSA’s activities against Karpersky, it indicates that antivirus software from other companies has also been under scrutiny, as all antivirus software is a thorn in spy agencies’ sides.

“Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.”

Although it’s not known exactly what the NSA and GCHQ have gained from the man-hours they’ve put into examining Kaspersky’s and others’ code, my guess is that they’re primarily interested in the heuristics — that part of antivirus programs that attempts to identify a potential threat not through virus definitions but by looking for suspicious behavior within the system. By knowing exactly what the heuristic programs are monitoring, they hope to be able to avoid triggering an alarm.

In the meantime, Windows becomes less safe by the minute for corporations and governments hoping to keep private data private. I’m certain that Red Hat, SUSE, and even Ubuntu are taking advantage.

Help keep FOSS Force strong. If you like this article, become a subscriber.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Latest posts by Christine Hall (see all)

9 comments to The NSA, Windows & Antivirus

  • tracyanne

    I’m glad I stopped using anti virus software on my computers.

  • Richard Thornton

    In my view Snowden just keeps digging his own grave – it’s really naive to imagine him as a “whistleblower.”

  • Mike

    I’m thankful for Snowden’s revelations. Too bad most people just bury their head in the sand instead of do something about the rampant abuses of privacy and freedom the intelligence agencies now enjoy.

    Snowden – regardless of whatever anyone feels his motives might be, did everyone a favor.

  • Timon19

    Richard, can you elaborate?

    Can you tell us how Snowden relates to previous attempted NSA whistleblowers who not only did not succeed but in many respects had their lives badly messed with/ruined, such as William Binney and Thomas Drake?

  • Eddie G.

    I will say this…..Mr. Snowden is playing a dangerous game. Regardless of whether or not the government is guilty of these accusations, eventually it will get to the point where the government will HAVE to act to keep their secrets…which could get ugly for Snowden….I’m just sayin’….

  • Timon19

    Sorry, Eddie G., but that post reads exactly like someone who’s never had a clearance and has no clue how actual “government secrets” work. Implying that Snowden will be “disappeared” is by equal measure naive and ignorant of the actual level of ineptitude at work in government secret-keeping and the concomitant enforcement of such.

    I can think of one very prominent person who, regardless of actual data that may have been exposed, very seriously violated a whole raft of laws and policies written by the very department that person was in charge of. That person will ultimately not suffer for their actions.

  • Arby

    The NSA’s constant push to make computers more vulnerable rather than more secure directly leads to 14 million US Gov employees having their data stolen. That’s 14 million potential blackmail victims. Likewise the Sony hack for political reasons. Likewise Target — straight up economics, and so on.

    That’s a lot of blood on NSA’s hands.

  • tracyanne

    @Eddie G. Umm you do realise that Ed Snowden isn’t the person writing these articles, and he doesn’t have the data those articles are based on. He gave all the files to reporters such as Glenn Greenwald and Laura Portius, so there’s nothing the government of any nation can do to Ed Snowden that will stop these revelations… It’s too late the cat is out of the bag. Fortunately.

  • […] I wrote a couple of weeks ago in another antivirus related story: Poor Microsoft can’t catch a […]