Aardvark DailyNew Zealand's longest-running online daily news and commentary publication, now in its 24th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.
Content copyright © 1995 - 2018 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk
Please visit the sponsor!
What is it about anti-virus software that attracts so many rogues and bad actors?
We all know the McAfee story and Symantec has come in for some very bad press in recent times for "mis-issuing" security certificates.
Well now Kaspersky are coming under the spotlight for alleged collusion with Russian authorities to spy on US government and other parties.
Of course Kaspersky have denied any involvement but reports in the media seem quite damning.
Of course using anti-virus software to do your spying for you is a stroke of genius and Russia ought to be at least given recognition for this clever approach.
What better way to inspect every file on a potential victim's computer than to do so whilst also scanning for viruses?
I mean... AV software is trustworthy, right?
Also, whilst any other application with a trojan in it would immediately ring alarm bells if it began accessing files without authority -- reading every single file on your network is exactly what you'd be expecting AV software to do.
It gets better...
People expect AV software to report back to HQ and upload potential new signatures as well as downloading an update to its own signature database of known malware -- so if it encrypts the juicy bits of your files and uploads them to a foreign server that's also going to fly under the radar.
I wonder just how much valuable and sensitive information has been siphoned out of machines which gave their AV software full access rights and authority to run wild in a sea of "top secret" data.
So that's McAfee, Symantec, Kaspersky... gosh, just who can you trust these days?
What about Linux?
Well, as most of us know, the NSA has actually contributed significant amounts of the code for Linux and although this stuff is supposed to be peer reviewed and open to the close scrutiny of the entire Linux community... how can we be sure that something isn't buried deep inside?
The reality is that these days, nothing is safe once it's committed to a computer.
I've seen quite a few examples of security leaks even with air-gapped computers thanks to devices that pick up the extremely weak electromagnetic signals that travel from keyboard or LCD into the ether.
Perhaps the only slightly satisfying aspect of this situation is that even big brother has lost his privacy. However, I'm sure that governments around the world will feel much better after reading the reassuring phrase: "Only those with something to hide have anything to fear".
Please visit the sponsor!
Have your say in the Aardvark Forums.