![](\"https:\/\/images.idgesg.net\/images\/article\/2018\/08\/teamwork_code_review_developers_programmers_group_conversation_gesturing_by_nesa_by_makers_cc0_via_unsplash_1200x800-100768009-large.3x2.jpg?auto=webp&quality=85,70\"\/)
<\/p>\n
Credit to Author: Susan Bradley| Date: Mon, 14 Mar 2022 08:56:00 -0700<\/strong><\/p>\n Where does your software come from?<\/p>\n That\u2019s one of the questions online users at AskWoody.com<\/a> have asked in recent weeks. Obviously, this comes up as the world sees what\u2019s going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties \u2014 and as far back as 2017<\/a>, the US Government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.<\/p>\n The concern over foreign software isn\u2019t new. In 2018, the Pentagon put together a \u201cdo not buy<\/a>\u201d list of software companies anyone working with defense contractors should avoid. Specifically, defense officials wanted to ensure that no software with Chinese or Russian provenance would be purchased. Often, to sell software in a particular country, vendors have to provide source code or additional information. But it\u2019s often hard to know exactly where software is coded, given the world-wide nature of technology. Case in point: I once used software in my office network that was sold by Microsoft but partially coded in Shanghai<\/a>. It\u2019s enough to make you think of the potential code written in places that your country might not have the greatest of relationship with.<\/p>\n The most obvious one that comes to mind is the Russian firm Kaspersky, which has been gotten a lot of complaints about its lack of response to the Ukrainian crisis. For many years, the company\u2019s ties to the Russian government have been a concern. I\u2019ve even wondered about other pieces of software I\u2019ve purchased over the years.<\/p>\n For example, there are password-cracking programs built by developers (or even entire firms) located in Russia. For many years, I\u2019ve used software from Elcomsoft for various tools to break into various software for legitimate reasons. In my firm, we examine various types of files without access to the passwords needed to open them. Rather than play games with attorneys, we\u2019ve found it easier to just use various tools to break the passwords. While some, such as Word documents, may take a long time to crack \u2014 and you might need specialized equipment to make the process faster \u2014 basic, everyday business software like QuickBooks is relatively easy to break into. Let this be a lesson: never consider your QuickBooks files protected if you lose them because they\u2019re password-protected. Online tools can remove the password and prompt for a new one to be set up; that still gives me full access to a file you thought was protected. For me, these password-cracking tools<\/a> are for business, not hacking. But the fact that many of these tools come from firms connected to Russia does gives me pause. Even though the firm appears to have relocated to Czechoslovakia, it still leaves me wondering.<\/p>\n Other companies are asking whether they should provide services to Russian firms. Avast antivirus, for example, has openly stated\u00a0it will no longer offer products to Russian customers<\/a>. Microsoft has said it will not sell new services\u00a0to customers in Russia<\/a>, stopping short of stating it will cut off services to \u00a0anyone with existing contracts. Microsoft hasn\u2019t yet taken the drastic step of cutting off Windows updates or continuing support and maintenance for existing operating systems.<\/p>\n Microsoft has often opened up its crown jewel source code to government agencies to get sign-off from various governments. Over the years, there have been a number of times hackers have been able to access to the Microsoft source code<\/a>\u00a0to study how Windows works at a deeper level. So, even our core Windows operating system has been closely examined by Russian software engineers over the years, even if the underlying software hasn\u2019t been written there.<\/p>\n What should you do if you\u2019re concerned about a software vendor? First, do your due diligence and research where your vendors, and their employees, are located. Clearly, it\u2019s a personal decision to support or sanction a vendor based on their actions or government connections. Use your dollars to find tech vendors that act ethically and responsibly.<\/p>\n Secondly, uninstall potentially problematic software from your system and ensure there are no traces left. Often, vendors are a bit messy when they install software and don\u2019t clean up after themselves. I\u2019ve often had to rely on Revo Uninstaller<\/a> to clean up after a messy vendor. It\u2019s a good idea to keep this tool in mind when uninstalling software. Many times, registry keys and files are left behind, as are vulnerabilities that won\u2019t be patched. While you don\u2019t need to take the drastic step of reinstalling your operating system, it\u2019s relatively easy to rebuild a computer from scratch with Windows 10. If your computer comes from a major vendor, you can easily download any drivers needed once you rebuild the system.<\/p>\n Even hardware needs to be examined; you may find that a specific laptop or device is built in a country you aren\u2019t comfortable doing business with. (I use a Lenovo laptop even though there have been \u00a0concerns from some<\/a>\u00a0that it could be a source of cyber risk; Lenovo purchased the PC and server businesses from IBM in 2005 and 2014, restively.)<\/p>\n Bottom line: research where your software is coded and where your hardware is built. This isn\u2019t always easy. Vendors can hide where their offices are located and may use a workforce that\u2019s disbursed around the world. You may have to ask on support forums where a vendor is really located. These days, software can, and usually is, coded anywhere. You might be surprised that your favorite tool isn\u2019t developed where you thought it was.<\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Susan Bradley| Date: Mon, 14 Mar 2022 08:56:00 -0700<\/strong><\/p>\n Where does your software come from?<\/p>\n That\u2019s one of the questions online users at AskWoody.com<\/a> have asked in recent weeks. Obviously, this comes up as the world sees what\u2019s going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties \u2014 and as far back as 2017<\/a>, the US Government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.<\/p>\n<\/p>\n