Image based on Computer Virus by talksrealfast (licentie: CC BY-NC-SA 2.0)

Image based on Computer Virus by talksrealfast (licentie: CC BY-NC-SA 2.0)

Ton Siedsma

25 oktober 2013 21:40
Door Ton Siedsma


Experts call upon the vendors of antivirus software for transparency

An international coalition of more than 25 civil rights organizations and security experts is concerned about the level of security provided by antivirus software companies. “The users of this software should be ably to rely on the security of their systems. We fear this might be a false feeling of security.” says Ton Siedsma of the Dutch digital rights organization Bits of Freedom.

According to the coalition, these companies have a vital position in providing security and maintaining the trust of internet users engaging in sensitive activities such as electronic banking. There should be no doubt that your antivirus software provides the security needed to maintain this trust.

In the letter, the coalition asks the antivirus companies for transparency on whether there have been any requests by governments to not detect the presence of governmental malware and if so, if they have granted such a request. They furthermore ask how the companies would respond to such a request in the future.

“It has become very clear that governments will do anything to gain acces to as much information as possible” says Siedsma. “Requests like these, coming from law enforcement agencies or secret services, lower the general level of protection of all users of antivirus software. The software isn’t just used by suspects, but by all of us. This is something to be very concerned about, so we have asked the antivirus software vendors for transparancy on this matter.”

The letter has been sent to the following companies: Agnitum, Ahnlab, Avira operations GmbH & Co. KG, AVG, AVAST software a.s., Bullguard Ltd, Bitdefender SRL, F-Secure Corporation, Kaspersky Lab, McAfee Inc, Microsoft Corporation, Norman Shark, ESET spol. S r.o., Panda Security S.L., Symantec Corporation and Trend Micro Incorporated.

Contact: Ton Siedsma – / +31 (0)6 1338 0036

15 reacties

laat een bericht achter

[…] lot of companies have failed to respond. Why? We are curious and will contact them again. We will keep you […]

Alex Maas zegt:

On the surface it looks like at least F-Secure lied to you in their response.

See this post at Bruce Schneiers blog and follow the breadcrumbs…

your forgot lot of name... zegt:

Hi Bof team, why you only targeted these companies ?
What about Fire Eye that is sponsored by NSA ? What about Checkpoint ? What about Palo Alto Networks ? Just these 3 are very big and very used on customer environment ! You focused on AV companies but other security companies are maybe better choice for a state to include backdoor

[…] get an incentive to weaken information security. Bits of Freedom launched a campaign on the role of antivirus companies, which many co-signed, asking whether they will let badly crafted government malware through. […]

On Monday, President Yanukovych’s representative in parliament told the AFP news agency that the president could call early elections if there were no other ways out of the crisis.
Sac Céline Classique

Snorre Fagerland zegt:

If you had a secret malware, what would you do? Disclose that secret to your local civilian AV vendor which also usually happen to be a multinational conglomerate with employees from all corners of the world? You might as well tweet the hash.

That vendor would just be one of many others, so even if you should manage to silence one, the gain would be minimal.

[…] Trend Micro received a request for information from Bits of Freedom that was sent to us and fourteen other security companies. Bits of Freedom asked four specific questions around our interactions with governments in regard […]

Klaus zegt:

Nod32 is not a company, dear “experts”, the company producing the product(!) nod32 is called “eset”…

Ton Siedsma zegt:

Thanks for your reaction. You are obviously right, it has been adjusted in the post above. And it has just been a mistake in the post, not in the letter, which we have sent to ESET spol. S r.o.

Here, let me Google that for you:

It’s only been a matter of public record since 2001!

Folks have even mentioned it in our Wikipedia entry:

Do some homework. Geez.

Ton Siedsma zegt:

Thanks for replying. I’m aware of this. But wouldn’t it be strange if we would ask all the other companies but not F-Secure?

[…] Onderstaande tekst werd eerder vandaag op Bits for Freedom […]

robb zegt:

Am I glad I use Clam AV

Helgi zegt:

Sure, if everyone and noone in particural is responsible for bases you get…. all this random people are all good guys, and they are only stealing detects from all other vendors. No way somebody can influence them @not to detect something@ because they just dont detect anything at all!!! MUAHAHA

Johan Sterk zegt:

Ik denk dat je er zonder meer van uit kunt gaan dat de Amerikaanse bedrijven aan de NSA moeten leveren en dat het hen verboden is op bovenstaande vraag een helder antwoord te geven.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd.


Zoek in blog