[morsch]

There is no single source for the article.

It refers to a "person familiar with the case" when they explain how an NSA guy exposed his malware to Kaspersky.

It refers to different sources which discuss how any malware might have made its way from Kaspersky to the NSA -- unnamed "information security analysts" (they think the KGB hacked Kaspersky), "other experts" (they say the Russian's version of PRISM picked it up) and Steven Hall, a former spook with no disclosed ties to the case (he says Kaspersky is "likely to be beholden to the Kremlin").

[stickdogg]

It is obvious to me that Kaspersky is beholden to the Kremlin. The founders of Kaspersky are after all Russian.

[thewhitetulip]

Why would a hacker not use Mac or Linux for sensitive stuff?

[andreif]

Why would a NSA guy use Russian security software?

[leereeves]

Why would an NSA guy put secret government tools on his personal laptop?

[YouKnowBetter]

Stupid as it may sound, but my experience with many many "why did you take the data there" dramas, the answer is:

To get things done you can not do at the office or you just lack the office time to get it done.

[marcosdumay]

Too restrictive corporate policies?

[marcusjt]

User error

[_e]

Why would a NSA guy even run any AV? Isolate and compartmentalize everything based on the task and its dependencies. You should assume everything you run could be bad or that you are already compromised.

[wetghost]

He works for the NSA, but he was on his home computer which is unlikely to stay air-gapped unless he's content with making mspaint art and playing skifree :)

[stickdogg]

Straight up. They spew forth this stupid reasoning so that the general public will become frightened. Most people don't understand what any AV does, or how it operates anyway. For them to understand compartmentalization based on dependencies is way too far out there. The US government might have granted access as well in another effort to spread fear amongst the uneducated American populus.

[thecrazyone]

Is this reasonable to do with number of softwares even average people use?

There was a person on the docker team, who had dockerized every other applications like chrome, firefox, ALSA sound server, and more. But even she found it hard to sandbox everything.

I'm using docker as a leading sandboxing tech. Do you mean something else when you mean sandbox?

[codedokode]

I should warn that Docker was never planned as a security tool. If you read the documentation on Linux containers you will see that they are pretty complicated and therefore can have vulnerabilities.

[SEJeff]

Because he's a RIS mole pretending to be incompetent.

[13of40]

I assume if you voluntarily give Kaspersky root access to your laptop, they don't care whether it's Windows, Mac, or Linux.

[marcosdumay]

Does Karpersky sell that run on Macs or desktop Linux?

[13of40]

According to Google they have both, and based on the descriptions they probably follow the same model as the Windows one. That said, it would be kind of ironic if the original comment actually meant, "Use Mac or Linux for sensitive stuff because there's a good chance Kaspersky doesn't exist (or work very well) on them."