Do you know where your software comes from?

Do you know where your software comes from?

Where does your software come from?

That’s one of the questions online users at have asked in recent weeks. Obviously, this comes up as the world sees what’s going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties — and as far back as 2017, the US government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.

The concern over foreign software isn’t new. In 2018, the Pentagon put together a “do not buy” list of software companies anyone working with defense contractors should avoid. Specifically, defense officials wanted to ensure that no software with Chinese or Russian provenance would be purchased. Often, to sell software in a particular country, vendors have to provide source code or additional information. But it’s often hard to know exactly where software is coded, given the world-wide nature of technology. Case in point: I once used software in my office network that was sold by Microsoft but partially coded in Shanghai. It’s enough to make you think of the potential code written in places that your country might not have the greatest relationship with.

The most obvious one that comes to mind is the Russian firm Kaspersky, which has gotten a lot of complaints about its lack of response to the Ukrainian crisis. For many years, the company’s ties to the Russian government have been a concern. I’ve even wondered about other pieces of software I’ve purchased over the years.

For example, there are password-cracking programs built by developers (or even entire firms) located in Russia. For many years, I’ve used software from Elcomsoft for various tools to break into various software for legitimate reasons. In my firm, we examine various types of files without access to the passwords needed to open them. Rather than play games with attorneys, we’ve found it easier to just use various tools to break the passwords. While some, such as Word documents, may take a long time to crack — and you might need specialized equipment to make the process faster — basic, everyday business software like QuickBooks is relatively easy to break into. Let this be a lesson: never consider your QuickBooks files protected if you lose them because they’re password-protected. Online tools can remove the password and prompt for a new one to be set up; that still gives me full access to a file you thought was protected. For me, these password-cracking tools are for business, not hacking. But the fact that many of these tools come from firms connected to Russia does give me pause. Even though the firm appears to have relocated to the Czecho Republic, it still leaves me wondering.

Other companies are asking whether they should provide services to Russian firms. Avast antivirus, for example, has openly stated it will no longer offer products to Russian customers. Microsoft has said it will not sell new services to customers in Russia, stopping short of stating it will cut off services to  anyone with existing contracts. Microsoft hasn’t yet taken the drastic step of cutting off Windows updates or discontinuing support and maintenance for existing operating systems.

Copyright © 2022 IDG Communications, Inc.

Source link

Leave a Reply

Your email address will not be published.