Home Open Sauce Source code reviews: does Symantec have something to hide?

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Source code reviews: does Symantec have something to hide?

When Symantec chief executive Greg Clark decided this week to explain his company's 2016 change of policy over allowing governments to review the source code of its software, was he not aware that his comments could be interpreted as Symantec having something to hide?

There has been much talk of encryption backdoors and source code inspection recently, with the most recent being the news that HPE allowed Russia to review the source code of ArcSight, software that is used by the US military.

Was Clark unaware of all this?

On Wednesday, The Wall Street Journal ran a story that hinted strongly that the Russian Government had gained access to the source code of Kaspersky Lab's A-V products.

The report claimed the program had been modified into a tool for espionage and used to search for terms like "top secret".

In a detailed interview, Clark told Reuters that while Symantec was willing to sell its products in any country, “that is a different thing than saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’.”

Referring to source code, he said: “These are secrets, or things necessary to defend (software). It’s best kept that way.”

greg clark big

Greg Clark: “We just have taken a policy decision to say, ‘Any foreign government that wants to read our source code, the answer is no’.”

So does Symantec, an American company, have anything to hide? If Kaspersky, a Russian company, is accused of allowing Moscow to fiddle with its source code in order to spy on others, then could not Symantec be accused of having backdoors in its code that would help the American Government conduct espionage activities?

After all, installing anti-virus software on a computer is the equivalent of installing a rootkit – the software has carte blanche when it comes to file inspection and upload. It can do anything and everything, and the user has to rely on only one thing when he or she makes a choice as to which A-V to run - trust.

If Symantec does not allow other countries to inspect its code when asked, the likelihood of it doing business in those jurisdictions is likely to evaporate.

HPE allowed the inspection of the source code for ArcSight — which is now owned by British mainframe company Micro Focus — because it wanted to sell the product in Russia.

Another big American technology company, Microsoft, had to allow China to inspect the source code of Windows, a process that took two years, before it was allowed to craft a product — Windows 10 China Government Edition — that could be sold to the Chinese public sector.

A good deal of the paranoia over privacy has come in the wake of the revelations by Edward Snowden, a former NSA contractor, in June 2013, that the NSA was conducting blanket surveillance of all Americans – plus most of the rest of the world. Privacy has slowly come to figure more and more in the conversation of ordinary people.

Recent attacks by Western governments on encryption have not helped to boost public confidence about their intentions.

Foreign companies have grown wary about dealing with US corporations, fearful that having their data within the US will mean that it will be open slather for the NSA. And US companies have suffered as a result.

With this being the current situation, Symantec's stance does not seem to make business sense.

Photos: courtesy Symantec

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.