Experts call upon the vendors of antivirus software for transparency
An international coalition of more than 25 civil rights organizations and security experts is concerned about the level of security provided by antivirus software companies. “The users of this software should be ably to rely on the security of their systems. We fear this might be a false feeling of security.” says Ton Siedsma of the Dutch digital rights organization Bits of Freedom.
According to the coalition, these companies have a vital position in providing security and maintaining the trust of internet users engaging in sensitive activities such as electronic banking. There should be no doubt that your antivirus software provides the security needed to maintain this trust.
In the letter, the coalition asks the antivirus companies for transparency on whether there have been any requests by governments to not detect the presence of governmental malware and if so, if they have granted such a request. They furthermore ask how the companies would respond to such a request in the future.
“It has become very clear that governments will do anything to gain acces to as much information as possible” says Siedsma. “Requests like these, coming from law enforcement agencies or secret services, lower the general level of protection of all users of antivirus software. The software isn’t just used by suspects, but by all of us. This is something to be very concerned about, so we have asked the antivirus software vendors for transparancy on this matter.”
The letter has been sent to the following companies: Agnitum, Ahnlab, Avira operations GmbH & Co. KG, AVG, AVAST software a.s., Bullguard Ltd, Bitdefender SRL, F-Secure Corporation, Kaspersky Lab, McAfee Inc, Microsoft Corporation, Norman Shark, ESET spol. S r.o., Panda Security S.L., Symantec Corporation and Trend Micro Incorporated.
Contact: Ton Siedsma – ton.siedsma@bof.nl / +31 (0)6 1338 0036
Johan Sterk
Ik denk dat je er zonder meer van uit kunt gaan dat de Amerikaanse bedrijven aan de NSA moeten leveren en dat het hen verboden is op bovenstaande vraag een helder antwoord te geven.
robb
Am I glad I use Clam AV
AV-bedrijven gevraagd om openheid over overheidsspyware « Welke toekomst…
[…] Onderstaande tekst werd eerder vandaag op Bits for Freedom […]
Sean Sullivan
Here, let me Google that for you: http://lmgtfy.com/?q=f-secure%27s+policy+on+detecting+government+spy+programs&l=1
It’s only been a matter of public record since 2001!
Folks have even mentioned it in our Wikipedia entry: http://en.wikipedia.org/wiki/F-Secure#Policy_on_detecting_government_spying_programs
Do some homework. Geez.
Ton Siedsma
Thanks for replying. I’m aware of this. But wouldn’t it be strange if we would ask all the other companies but not F-Secure?
Klaus
Nod32 is not a company, dear “experts”, the company producing the product(!) nod32 is called “eset”…
Ton Siedsma
Thanks for your reaction. You are obviously right, it has been adjusted in the post above. And it has just been a mistake in the post, not in the letter, which we have sent to ESET spol. S r.o.
Trend Micro’s Response to Bits of Freedom - Trend Micro Simply Security
[…] Trend Micro received a request for information from Bits of Freedom that was sent to us and fourteen other security companies. Bits of Freedom asked four specific questions around our interactions with governments in regard […]
Helgi
Sure, if everyone and noone in particural is responsible for bases you get…. all this random people are all good guys, and they are only stealing detects from all other vendors. No way somebody can influence them @not to detect something@ because they just dont detect anything at all!!! MUAHAHA
Snorre Fagerland
If you had a secret malware, what would you do? Disclose that secret to your local civilian AV vendor which also usually happen to be a multinational conglomerate with employees from all corners of the world? You might as well tweet the hash.
That vendor would just be one of many others, so even if you should manage to silence one, the gain would be minimal.
Sac Céline Classique
On Monday, President Yanukovych’s representative in parliament told the AFP news agency that the president could call early elections if there were no other ways out of the crisis.
Sac Céline Classique http://www.sac-celine-marche.com/
9 Problems of Government Hacking: Why IT-Systems Deserve Constitutional Protection | axelarnbak.nl
[…] get an incentive to weaken information security. Bits of Freedom launched a campaign on the role of antivirus companies, which many co-signed, asking whether they will let badly crafted government malware through. […]
your forgot lot of name...
Hi Bof team, why you only targeted these companies ?
What about Fire Eye that is sponsored by NSA ? What about Checkpoint ? What about Palo Alto Networks ? Just these 3 are very big and very used on customer environment ! You focused on AV companies but other security companies are maybe better choice for a state to include backdoor
Alex Maas
On the surface it looks like at least F-Secure lied to you in their response.
See this post at Bruce Schneiers blog and follow the breadcrumbs…
https://www.schneier.com/blog/archives/2014/11/regin_another_m.html#c6683564
AV-vendors: we will act upon detecting govt malware « Bits of Freedom
[…] lot of companies have failed to respond. Why? We are curious and will contact them again. We will keep you […]