08.06.14

Gemini version available ♊︎

Symantec Deserves a Ban in China for Not Reporting US Government Back Doors

Posted in Microsoft, Security, Windows at 10:29 am by Dr. Roy Schestowitz

Tick the box to ban

Symantec logo

Summary: Symantec, a Windows insecurity firm, is miserably trying to divert attention away from reports about distrust that led to a ban in China

According to many reports this week [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], China does not trust some US- and Russia-based companies to take care of ‘security’ in China. It’s about time.

Reports focus on two firms, but another one is seemingly affected (Symantec). While Kaspersky (which we occasionally mention here) does not deny the claims, Symantec does strike back and “Says its Products are Still Allowed in China”. This is a cleverly-worded denial. Some products are definitely banned, but the “Security software developer Symantec Corporation denied its software has been banned in China.” Symantec merely says or emphasises that not everything is banned.

Just to be more specific: “It is important to note that this list is only for certain types of procurement and Symantec products are not banned by the Chinese government.”

Kaspersky is hyping up security threats at the moment and Symantec is trying hard to dodge the negative publicity because trust is fundamental to their sales. Symantec, which has strong Microsoft connections and disdain for FOSS, should not be trusted if China does not trust Microsoft (we already know how China feels about the ‘new’ Microsoft). To quote an IDG report:

Symantec and Kaspersky Lab have become the latest tech firms to be kicked off the Chinese Government’s approved list, according to an unconfirmed report in the country’s media.

The People’s Daily newspaper broke the news at the weekend in a report that claimed that local supplies including Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising would from now on be the preferred software for antivirus duties.

The news seems to have surprised both firms, which have until now have been approved suppliers for desktop security.

Symantec has been overlooking government back doors such as the ones Microsoft puts in place and lets the US government know about. This is an older debate which made a comeback amid NSA leaks (other antivirus makers seemingly exempt government malware and such, e.g. Stuxnet). Here is Wall Street’s press coverage:

That’s a lesson that Microsoft and Symantec are learning right now. An antivirus company from Silicon Valley, Symantec competes in China against local favorites like Beijing-based Qihoo 360 Technology. According to reports by Bloomberg News and the Chinese media, China has instructed government departments to stop buying antivirus software by Symantec and its Moscow-based rival, Kaspersky Lab. Symantec software has backdoors that could allow outside access, according to an order from the Public Security Ministry. Not coincidentally, Qihoo’s New York-traded shares rose 2.7 percent yesterday, following reports of the move against Symantec and Kapersky.

Well, good for them. After being cracked by the NSA they need to secure their systems by better identifying possible moles (in the software sense).

Dan Goodin, who typically slams FOSS over security issues (less severe than in proprietary software), finally writes about Microsoft’s best known back doors that it tells the NSA about (Goodin does not mention the NSA connection):

There’s a trivial way for drive-by exploit developers to bypass the security sandbox in almost all versions of Internet Explorer, and Microsoft says it has no immediate plans to fix it, according to researchers from Hewlett-Packard.

The exploit technique, laid out in a blog post published Thursday, significantly lowers the bar for attacks that surreptitiously install malware on end-user computers. Sandboxes like those included in IE and Google Chrome effectively require attackers to devise two exploits, one that pierces the sandbox and the other that targets a flaw in some other part of the browser. Having a reliable way to clear the first hurdle drastically lessens the burden of developing sophisticated attacks.

What can Symantec do to stop this other than suggest abandoning Windows (its bread and butter)? Symantec must have known about back doors in the form of IE vulnerabilities, but did it properly protect China from it? No, Symantec makes money from the prevalence of Windows and the company’s management is deeply connected to Microsoft’s.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 19/1/2022: ArchLabs 2022.01.18 and KDE's 15-Minute Bug Initiative

    Links for the day



  2. When Twitter Protects Abusers and Abuse (and Twitter's Sponsors)

    Twitter is an out-of-control censorship machine and it should be treated accordingly even by those who merely "read" or "follow" Twitter accounts; Twitter is a filter, not a news/media platform or even means of communication



  3. IRC Proceedings: Tuesday, January 18, 2022

    IRC logs for Tuesday, January 18, 2022



  4. Links 19/1/2022: Wine 7.x Era Begins and Istio 1.12.2 is Out

    Links for the day



  5. Another Video IBM Does Not Want You to Watch

    It seems very much possible that IBM (or someone close to IBM) is trying to purge me from Twitter, so let’s examine what they may be trying to distract from. As we put it 2 years ago, "Watson" is a lot more offensive than those supposedly offensive words IBM is working to purge; think about those hundreds of Red Hat workers who are black and were never told about ethnic purges of blacks facilitated by IBM (their new boss).



  6. What IBM Does Not Want You to Watch

    Let's 'Streisand it'...



  7. Good News, Bad News (and Back to Normal)

    When many services are reliant on the integrity of a single, very tiny MicroSD card you're only moments away from 2 days of intensive labour (recovery, investigation, migration, and further coding); we've learned our lessons and took advantage of this incident to upgrade the operating system, double the storage space, even improve the code slightly (for compatibility with newer systems)



  8. Someone Is Very Desperate to Knock My Account Off Twitter

    Many reports against me — some successful — are putting my free speech (and factual statements) at risk



  9. Links 18/1/2022: Deepin 20.4 and Qubes OS 4.1.0 RC4

    Links for the day



  10. Links 18/1/2022: GNOME 42 Alpha and KStars 3.5.7

    Links for the day



  11. IRC Proceedings: Monday, January 17, 2022

    IRC logs for Monday, January 17, 2022



  12. Links 17/1/2022: More Microsoft-Connected FUD Against Linux as Its Share Continues to Fall

    Links for the day



  13. The GUI Challenge

    The latest article from Andy concerns the Command Line Challenge



  14. Links 17/1/2022: digiKam 7.5.0 and GhostBSD 22.01.12 Released

    Links for the day



  15. IRC Proceedings: Sunday, January 16, 2022

    IRC logs for Sunday, January 16, 2022



  16. Links 17/1/2022: postmarketOS 21.12 Service Pack 1 and Mumble 1.4 Released

    Links for the day



  17. [Meme] Gemini Space (or Geminispace): From 441 Working Capsules to 1,600 Working Capsules in Just 12 Months

    Gemini space now boasts 1,600 working capsules, a massive growth compared to last January, as we noted the other day (1,600 is now official)



  18. [Meme] European Patent Office Space

    The EPO maintains a culture of illegal surveillance, inherited from Benoît Battistelli and taken to a whole new level by António Campinos



  19. Gemini Rings (Like Webrings) and Shared Spaces in Geminspace

    Much like the Web of 20+ years ago, Gemini lets online communities — real communities (not abused tenants, groomed to be ‘monetised’ like in Facebook or Flickr) — form networks, guilds, and rings



  20. Links 16/1/2022: Latte Dock 0.11 and librest 0.9.0

    Links for the day



  21. The Corporate Cabal (and Spy Agencies-Enabled Monopolies) Engages in Raiding of the Free Software Community and Hacker Culture

    In an overt attack on the people who actually did all the work — the geeks who built excellent software to be gradually privatised through the Linux Foundation (a sort of price-fixing and openwashing cartel for shared interests of proprietary software firms) — is receiving more widespread condemnation; even the OSI has been bribed to become a part-time Microsoft outsourcer as organisations are easier to corrupt than communities



  22. EPO's Web Site Constantly Spammed by Lies About Privacy While EPO Breaks the Law and Outsources Data to the United States

    The António Campinos-led EPO works for imperialism, it not only protects the rich; sadly, António’s father isn’t alive anymore and surely he would blast his son for doing what he does to progress his career while lying to staff and European citizens



  23. Links 16/1/2022: Tsunami and Patents

    Links for the day



  24. IRC Proceedings: Saturday, January 15, 2022

    IRC logs for Saturday, January 15, 2022



  25. Links 16/1/2022: Year of the GNU/Linux Desktop and Catch-up With Patent Misinformation

    Links for the day



  26. Patrick Breyer, Unlike Most German Politicians, Highlights the Fact That Unified Patent Court (UPC) and Unitary Patent Are Incompatible With EU Law

    A longtime critic of EPO abuses (under both Benoît Battistelli and António Campinos leadership), as well as a vocal critic of software patents, steps in to point out the very obvious



  27. Links 15/1/2022: Flameshot 11.0 and Libvirt 8.0

    Links for the day



  28. Blogging and Microblogging in Geminispace With Gemini Protocol

    Writing one’s thoughts and other things in Geminispace — even without setting up a Gemini server — is totally possible; gateways and services do exist for this purpose



  29. Links 15/1/2022: Raspberry Pi in Business

    Links for the day



  30. IRC Proceedings: Friday, January 14, 2022

    IRC logs for Friday, January 14, 2022


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts