Stoxnet was discovered by Belorussian anti-virus company, Duqu & Project Sauron were discovered by Kaspersky Lab. Are US-based anti-virus companies that bad or ...?
I think that is a bit of a skewed sample. Stuxnet infected mostly Iranian computers, not a lot of US AV companies there. Duqu and Sauron also infected mostly Russian companies, which are far more likely to use Kaspersky Labs than a US AV company. Similarly, most of the reveals of Russian state-sponsored malware is done by US AV companies, for instance the DNC hacks, because Russian state-sponsored malware will tend to target US entities.
DNC hacks are actually leaks. :) Attribution is still not clear for me as any proficient hacking group could do this. It's not NSA after all.
>Russian state-sponsored malware will tend to target US entities.
I haven't heard of any. So its either 1) there is no such malware, 2) it stays undetected, 3) it is detected, but now is wrong timing to disclose it.(if ever)
I don't really afraid of Russians. Snowden's leak & Kaspersky research shows that NSA is far more superior threat to anybody, citizens included. And US-based anti-virus companies fail to protect me regardless of what their reason is.
Or what? I'm not following, but I think its clear that state malware disclosure is political.
If Kaspersky finds a Russian FSB trojan, they won't go to the press. They'll call their pals at the FSB and ask what to do. In an authoritarian state, revealing such a thing could be life threatening. In other words, Kaspersky isn't going to report on Russian state malware, which we certainly know exists considering the documented attacks on Ukraine, Baltics, Georgia, etc.
The US/EU has a stronger freedom of the press tradition and doesn't often follow autocratic staples like murdering inconvenient journalists and serving them polonium tea, but obviously jail-time can be in the cards if laws were violated. I imagine its just safer to report on Western state sigint compared to autocratic/authoritarian state sigint, thus we hear about Western sigint efforts a lot more, especially in the Western press. One of the downsides of having an open society is that you see the warts and all, but a more closed autocratic one has better infomation and propaganda control, so the perception of "those things don't happen here" is easy to sell to low-information constituents, and special efforts are made to keep them low-information.
Also, I think its clear Russia uses Kaspersky to make western intelligence look bad. Its more demoralizing to have a AV vendor point this stuff out than one's own security apparatus and its a good cover for the FSB's own hacking. Wired has written about the FSB/Kaspersky connection before. Note its almost always Kaspersky finding Western state malware, not the dozens of other competent AV firms and thousands of top tier researchers. Funny how that works.
Anyone stumbling across their own state's payload and attempting to publish details is likely to rapidly receive a visit and be put in the picture that they've to drop it.
Admittedly there's no actual murders or suspected ones (that I've ever heard of) but the polonium tea example was not about computer virus revelations either.
>I think its clear Russia uses Kaspersky to make western intelligence look bad. Its more demoralizing to have a AV vendor point this stuff out than one's own security apparatus and its a good cover for the FSB's own hacking. Wired has written about the FSB/Kaspersky connection
This seems like the most relevant part -- it's not that Kaspersky is THAT much better, but that they have a lot of help from the state, which has way more resources than an anti-virus company. How much of that is true, I have no idea.
Also, "free" in the way you use it is a pretty shaky concept: In theory, you're "free" to record police officers acting in the course of their duty, but that doesn't mean the authorities won't ruin your life because of it. (To say nothing of how eerily easy it is for the government to issue gag orders.)