Home Open Sauce Source code reviews: does Symantec have something to hide?

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Source code reviews: does Symantec have something to hide?

When Symantec chief executive Greg Clark decided this week to explain his company's 2016 change of policy over allowing governments to review the source code of its software, was he not aware that his comments could be interpreted as Symantec having something to hide?

There has been much talk of encryption backdoors and source code inspection recently, with the most recent being the news that HPE allowed Russia to review the source code of ArcSight, software that is used by the US military.

Was Clark unaware of all this?

On Wednesday, The Wall Street Journal ran a story that hinted strongly that the Russian Government had gained access to the source code of Kaspersky Lab's A-V products.

The report claimed the program had been modified into a tool for espionage and used to search for terms like "top secret".

In a detailed interview, Clark told Reuters that while Symantec was willing to sell its products in any country, “that is a different thing than saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’.”

Referring to source code, he said: “These are secrets, or things necessary to defend (software). It’s best kept that way.”

greg clark big

Greg Clark: “We just have taken a policy decision to say, ‘Any foreign government that wants to read our source code, the answer is no’.”

So does Symantec, an American company, have anything to hide? If Kaspersky, a Russian company, is accused of allowing Moscow to fiddle with its source code in order to spy on others, then could not Symantec be accused of having backdoors in its code that would help the American Government conduct espionage activities?

After all, installing anti-virus software on a computer is the equivalent of installing a rootkit – the software has carte blanche when it comes to file inspection and upload. It can do anything and everything, and the user has to rely on only one thing when he or she makes a choice as to which A-V to run - trust.

If Symantec does not allow other countries to inspect its code when asked, the likelihood of it doing business in those jurisdictions is likely to evaporate.

HPE allowed the inspection of the source code for ArcSight — which is now owned by British mainframe company Micro Focus — because it wanted to sell the product in Russia.

Another big American technology company, Microsoft, had to allow China to inspect the source code of Windows, a process that took two years, before it was allowed to craft a product — Windows 10 China Government Edition — that could be sold to the Chinese public sector.

A good deal of the paranoia over privacy has come in the wake of the revelations by Edward Snowden, a former NSA contractor, in June 2013, that the NSA was conducting blanket surveillance of all Americans – plus most of the rest of the world. Privacy has slowly come to figure more and more in the conversation of ordinary people.

Recent attacks by Western governments on encryption have not helped to boost public confidence about their intentions.

Foreign companies have grown wary about dealing with US corporations, fearful that having their data within the US will mean that it will be open slather for the NSA. And US companies have suffered as a result.

With this being the current situation, Symantec's stance does not seem to make business sense.

Photos: courtesy Symantec

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications