
Kaspersky Antivirus 2009 source code leaked - etix
http://unremote.org/?p=317
======
paraschopra
Some one in the antivirus industry please clarify something for me. Which is
more important/critical for an AV company: the software or regular virus
definition updates. My guess is that the virus signature database is where
they create maximum value?

~~~
sucuri2
I have been in the AV industry for a while and I would say both.

AV companies have a lot of behaviour analysis/decoding/parsing done inside
their code that is as important as their "static" signature set.

In fact, I would say that having access to the code and how they analyze the
files/memory/etc is more valuable to a competitor (and the "bad guys") than
the static signature set.

~~~
tptacek
In what sense have you ever been in the AV industry? I'm not sure whether this
account belongs to David or Dre, but neither of you have an AV company on your
LinkedIn profiles.

I admire you for building a business on cleaning up hacked Wordpress installs
(seriously), but that's not the same game that Kaspersky is playing.

------
alexpeattie
More info here:

[http://news.softpedia.com/news/Former-Kaspersky-Employee-
Res...](http://news.softpedia.com/news/Former-Kaspersky-Employee-Responsible-
for-Leaked-Source-Code-181367.shtml)

It seems it's probably a beta version of AV 2009... Still
embarrassing/potentially harmful to the company though - especially following
the hacking of their website a few months ago
([http://www.computerworlduk.com/news/security/3244882/kaspers...](http://www.computerworlduk.com/news/security/3244882/kaspersky-
website-hacked-in-fake-antivirus-attack/))

~~~
dchest
_...the source code remains the intellectual property of Kaspersky Lab and
downloading, distributing or using it without consent is illegal._

Is it true that downloading it is illegal?

~~~
johkra
Yes, downloading is akin to making a copy without consent of the copyright
owner. (Edit: At least according to the Berne Convention, which most countries
have signed.)

Edit2: I think dchest is right and illegality of the act of downloading does
probably not follow from the Berne Convention, sorry. Distribution (offering
for download) certainly is and I think at least according to German law the
resulting copy has to be destroyed. Mind you, I'm no lawyer and might be
mistaken.

~~~
onnonotme01
What about in the US? Can one be tracked/prosecuted simply for downloading?

~~~
cookiecaper
Theoretically yes but usually they target distributors in preference to users.
It's easier to get a verdict or judgment against the distributor because it
avoids the question of "what is a copy" and how that applies to the digital
space and also because people are less sympathetic to distributors. The thing
with P2P applications is that everyone is also automatically a distributor.

------
dfox
One thing that amazes me at most of commercial codebases I have seen (leaked
or not) is the sheer size of them. How can one spend 1GB of source code on
something like anti-virus program?

~~~
davidu
It's not limited to commercial code... Lots of codebases for complex
applications are substantially large. Often the translation files filled with
strings alone will be 50% of it.

~~~
cookiecaper
Well, the Linux kernel source code is around 71MB compressed, I'd guess maybe
200MB uncompressed. That's quite a difference in source code size, and I think
that the same is true with most OSS projects. The WINE project for instance is
also < 100MB for the full (huge and extensive, including translation) source.

I think that commercial codebases just end up with a lot of cruft and nobody
ever feels like cleaning them up (plus, there is incentive for keeping things
a bit clunky as it buys slack-off time and/or extra hourly pay). As above, I
also think they use other commercial/crappy components like third-party
widgets that had the same treatment, so it all snowballs into a huge/unwieldy
thing.

------
jacquesm
Once again the human element proves to be the hardest to secure.

Three years in jail is a pretty solid sentence, but still, every company with
employees handing sensitive data like this is potentially at risk. All it
takes is one bad leave and your corporate crown jewels could be on the street.

------
nimrody
While the leaked code may ease the work of malware writers, keep in mind that
whoever writes malware _regularly tests against all popular antivirus
software_.

No point in releasing something only to get caught right away.

~~~
borski
This is true, but if a test doesn't work with KAV, arguably it is now much
easier to figure out why and find a workaround.

------
rw2-
The torrent has lots of Chinese leechers.

~~~
levesque
Interesting fact. I wonder what they are up to!

~~~
skinnymuch
Purely academic intentions I presume.

------
qquirrell
Very interesting. This should be obvious, but I'd just like to remind everyone
that given the source, nature, and intended audience of this file, it is
fairly likely that it contains novel malware to catch people from other AV
companies, and that you should not open, compile, or run anything from it
without the full set of malware-safety precautions. Use only a virtual machine
with no network connectivity.

------
scorchin
I realise that this is a pretty dubious request, but a part of me would much
prefer to see a link to either GitHub or BitBucket than a torrent of a zip
file.

~~~
lrm242
Why? Cloning a repository doesn't improve the morality of downloading and
viewing this code. In the same way that it is wrong to receive a stolen radio,
you shouldn't touch this code with a 10 foot pole no matter how it's packaged.

~~~
scorchin
As I said above, I realise it's a dubious request. I know it doesn't improve
the morality either.

It's more for the sake of viewing the code. I associate those 2 brands with
viewing/sharing code.

