Sophos: If You'd Like A Copy Of Our Free AV Software, You'll Need To Prove You're Not A Terrorist

from the the-trickledown-effect-of-post-9/11-paranoia dept

The US hasn't officially adopted its proposed rewrite of the Wassenaar Arrangement, but it looks as though its plan to regulate certain software like guns and bombs is already pushing some businesses to start treating potential users like enemies of national security.

John Leyden at The Register is reporting that one of the site's readers has been denied permission to download Sophos' free antivirus software, apparently because the name "Hasan Ali" is setting off "terrorist" alarms at the software maker's headquarters.

Ali brought the issue to our attention, complaining that Sophos had applied an "anti-Muslim name filter” that places hurdles in the way of his attempts to download the security software firm’s freebie Mac malware detection tool.
A screenshot of the attempted download shows Sophos asking Ali to jump through a bunch of additional hoops to gain access to the free AV software. According to the text displayed, Sophos "must" conduct further "compliance checks" (which include asking Ali for additional personal information) before allowing him to download the software.

Sophos has confirmed that it does, indeed, block certain users from downloading its software.
We are sorry Mr Ali has had difficulty downloading our free Mac Antivirus software. Like many companies operating on a global scale, Sophos is required to adhere to the export laws and regulations of the United States, European Union, and every country in which it conducts business.

As such, we screen all requests for software downloads in accordance with a number of export lists, such as the US Export Administration Regulations, which affects all companies trading in the US and includes the requirement to ensure that the requester is not included on any US government denied persons list.

Like many companies, we used a third party to check all requests. Because this particular request only included the requester’s name, which matched with a number of names and aliases on the denied persons list, it was flagged as something we needed to check.

Our policy, in accordance with the US Export Regulations and other similar EU and UK regulations, is to ask for additional information to check if it is a true match or if it is, as in almost all cases, a ‘false positive’ match.

At that point we can clear the requester to be able to access the software.
Sophos claims that less than 0.05% of potential users are subjected to these compliance checks, so it's really kind of a non-issue. Not so, claims Ali, who points out his name is extremely common, as would be any number of other "foreign-sounding" names. Running a verification process that starts with only a name is a terribly inefficient way to run a verification process. For that matter, consumer-grade antivirus software really isn't subject to the majority of export restrictions.

On top of that, Ali and The Register point out that downloading this software directly from Sophos isn't the only way to acquire it. Other services provide copies of the AV software, but without all the "compliance" chicanery.
"Sophos also makes its software available on CNET (here), and possibly other download sites without mandating this process," he said.
Sophos responded to this seeming disparity with an answer that only raises further questions… mostly about Sophos' strict adherence to regulations that seems more arbitrary than mandatory.
In response, the company said: "All our download products go through the same screening process as highlighted in our previous statement. We can’t really comment on why Mr Ali doesn’t experience the same situation with other vendors, or when he downloads our software from third party sites such as CNET. Sophos adheres strictly to US, EU and other jurisdictions' export regulations, and complies with all requirements. Companies can be heavily fined for non-compliance."
Ali points out that this verification process -- which asks for information like date of birth and passport numbers -- could be used by third parties as phishing scams. All someone would have to do is host the free software and start asking personal questions via email of the potential downloader. Goodbye, AV protection. Hello, identity theft.

If Sophos is being extra-cautious because of the impending Wassenaar Arrangement adoption, it's somewhat understandable. The proposal by the US government looks to outlaw the export of plenty of security-related software and will turn security researchers' work into regulated "weaponry." But clamping down on downloads of consumer-grade AV software isn't going to do much more than push potential customers away. If the entities targeted by these regulations want security-related software, they'll find a way to get it, and they'll find much more potent stuff. Flagging names from a database that likely sees only occasional vetting (like any "terrorist/criminal" database the US maintains) does nothing more than irritate legitimate users.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anti-virus software, filter, fud, questions, terrorism
Companies: sophos


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 10 Aug 2015 @ 4:15am

    Stupid or worrisome, take your pick

    If they're blocking people from downloading their software based upon names, there's two possibilities I can see.

    Either they're trusting that people will provide their real name, which is a laughable 'obstacle' if the aim is to prevent 'dangerous' people from using their software, or they're requiring verification of personal information for a simple download, which is more than a little absurd and intrusive.

    link to this | view in chronology ]

    • icon
      Bamboo Harvester (profile), 10 Aug 2015 @ 7:09am

      Re: Stupid or worrisome, take your pick

      "If they're blocking people from downloading their software based upon names"

      No. They SAY it's a name check. Sophos deals with some very tight encryption and other software.

      They're using a "third party" (which could very well be NSA, CIA, or DHS) to check who is accessing their systems.

      I suspect it's NOT a simple name check. Something about either the information the guy entered, or his IP/MAC, route to server, etc. threw up flags.

      link to this | view in chronology ]

      • icon
        Richard (profile), 10 Aug 2015 @ 7:20am

        Re: Re: Stupid or worrisome, take your pick

        I suspect it's NOT a simple name check. Something about either the information the guy entered, or his IP/MAC, route to server, etc. threw up flags.

        Even so the result seems to be no less stupid!

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 8:38am

      Re: Stupid or worrisome, take your pick

      Either they're trusting that people will provide their real name, which is a laughable 'obstacle'
      This must be what they're doing. Look at the screenshot again: they even suggest the workaround. "If you think you may have entered incorrect information, please re-submit your request with the correct details:
      ...
      - The Individual's Name has been highlighted as a potential 'denied person'

      link to this | view in chronology ]

    • identicon
      Michael, 10 Aug 2015 @ 9:05am

      Re: Stupid or worrisome, take your pick

      I'm even more concerned that they are stopping the download of anti-virus software to terrorists.

      If my name and personal information happens to have landed in a terrorist's database, I, for one, would like my personal information protected from criminals and government agencies that attempt to hack into that database.

      There could be information about children in there - come on man, think of the children!!

      link to this | view in chronology ]

    • icon
      tracyanne (profile), 11 Aug 2015 @ 3:34pm

      Re: Stupid or worrisome, take your pick

      I tried a couple of 'Muslim names' and had no problem downloading AV software (not that I need any on my computers, but that's another story).

      So obviously there is another component to the filter. For the record I created accounts each for an ordinary person with a New Zealand address.

      link to this | view in chronology ]

  • icon
    BentFranklin (profile), 10 Aug 2015 @ 5:46am

    What list are they comparing names to? Why does Sophos or its third party screener) get access to a list of terrorist names?

    link to this | view in chronology ]

    • identicon
      Quiet Lurcker, 10 Aug 2015 @ 6:01am

      Re:

      More to the point, who is this mysterious 'third-party screener'?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 7:10am

      Re:

      "Why does Sophos or its third party screener) get access to a list of terrorist names?"

      I believe the point is that "Ali" and "Hasan" are names mainly associated with middle-eastern descent.

      So basically the "terrorist list" Sophos is using stems from a list of common arabic names.

      My question is, given that shining example of blacklisting, how their actual software operates...

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 10 Aug 2015 @ 6:06am

    Because we can't have terrorists using AV technology, then they we couldn't keep spending billions on buying zero days and spying on them, other governments, citizens, corporations.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 6:07am

    Excuses

    "Like many companies, we used a third party to check all requests."

    The law does not require the use of a "third party" scape goat, so that excuse just doesn't fly. At all.

    "...the denied persons list."

    What "denied persons list"? A list of persons you have denied?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 5:31pm

      Re: Excuses

      > "...the denied persons list."

      You might recall an earlier discussion regarding the Right To Be Forgotten? Well, those people have been forgotten...

      link to this | view in chronology ]

  • identicon
    Ragnarredbeard, 10 Aug 2015 @ 6:30am

    LL

    Lesson Learned: When they ask for your name, you are John Smith.

    link to this | view in chronology ]

  • identicon
    christenson, 10 Aug 2015 @ 6:34am

    Actually complicates terrorism search

    Why does Sophos think, after they set off my personal, gray-matter-based phishing scam filter that any answers I provide them aren't one-time throwaway random answers?

    I'm already doing that to complicate identity theft....with Apple and Facebook. I wasn't actually born on 1/1/00, you know!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 6:53am

    I Never put my real date of birth on websites ,
    registration forms ,
    People have been hacked from putting their birth date on
    facebook.
    Why make it easy for id theft ,hackers .
    do Sophos sell your data , email ,birthdate , to other companys and advertisers .
    Theres american companys and uk websites hacked
    every week ,
    why give them your real birth date just to get one product.
    Theres some names which are very common ,eg ali hussain ,
    1000,s of people might have that name .

    link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 10 Aug 2015 @ 10:55am

      Age gates

      I'm quite fond of December 7th, 1941.

      That way any human being that sees it pretty much gets the secret message intended for them.

      link to this | view in chronology ]

  • identicon
    avideogameplayer, 10 Aug 2015 @ 6:56am

    I can see upswing in torrents...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 6:58am

    I don't think Sophos is to blame on this.

    Sophos, as a company that deals with strong encryption is subject to stringent controls on what they, as a company, directly distribute, where they distribute it, and to whom they distribute to. Forms of encryption with keys larger than 56 bits are restricted. Sophos wouldn't want to put itself out of the running for government contracts or on the 'bad side of the law' by breaking any rules concerning the export of encryption software.

    Whether (currently industry standard) encryption should be considered as a type of sensitive technology or not should be the story, not Sophos having to follow stupid rules it didn't create.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 7:10am

      Re: I don't think Sophos is to blame on this.

      And just what has strong encryption to do with anti-virus software?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Aug 2015 @ 7:31am

        Re: Re: I don't think Sophos is to blame on this.

        Parts of the software are encrypted and decrypted, naturally. Almost all AV has this built in in some fashion or another, otherwise it would be trivial to defeat (not saying it isn't by other means, but this would be a base-level protection.)

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 10 Aug 2015 @ 7:57am

          Re: Re: Re: I don't think Sophos is to blame on this.

          Other than public key signing of definitions, the encryption they use in useless for any other purposes. Whether the NSA have the signing key or an agreement with Sophos to allow them to misuse the protection is a separate question, as is that of whether they are the third party doing the checking of people.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 10 Aug 2015 @ 8:24am

            Re: Re: Re: Re: I don't think Sophos is to blame on this.

            You're arguing against the wrong person here; I'm simply stating that the software doesn't meet export restrictions for one reason or another. What it does internally isn't visible to me and frankly I don't care. Whether or not what it does with encryption is useful to any third party could be debated, but that's not what I'm trying to get at.

            For anyone who would actually like to read up on exporting encryption hardware or software, read the following from the Dept. of Commerce:
            https://www.bis.doc.gov/index.php/forms-documents/doc_download/951-ccl5-pt2
            I'm fairly sure one of the exceptions is not met by their software, or Sophos needs to fire their Regulatory Compliance head.

            Realistically, and back to my original point: the rules are stupid and need to be changed. Sophos has business reasons for doing what it does or it wouldn't do it. My company (not Sophos, a subsidiary, or anything of the sort) has to jump through similar hoops with our products. I sincerely doubt Sophos is going through all the trouble to hire a third party and do any type of verification for shits and giggles, that would be too much work and too much money for no good reason.

            link to this | view in chronology ]

            • icon
              Uriel-238 (profile), 10 Aug 2015 @ 11:01am

              There are plenty of effective, open source, internationally available encryption schemes.

              Maybe Sophos and your company should use ones that cannot be plausibly regulated by the Department of Commerce.

              Or move your distro offshore.

              Cooperation with United States agencies is not necessarily a good thing, since they have made public their fondness for backdoors, kill switches and control over other people's software.

              I now have cause not to trust Sophos.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 10 Aug 2015 @ 11:31am

                Re:

                Following the law as written/enforced and "cooperation" with government agencies are not equivalent terms of engagement.

                You have cause not to trust anyone, so why bother singling anyone out?

                link to this | view in chronology ]

                • icon
                  Uriel-238 (profile), 11 Aug 2015 @ 4:40pm

                  Encryption restrictions on US exports in the post Snowden era sounds fishy.

                  I'm pretty sure these export restrictions are not valid anymore, or couldn't possibly be enforced.

                  It would give offshore software a considerable edge that they were allowed to use larger keys where US-developed applications could not. Even then, US-developed applications that could plug in external encryption mods would provide an awkward workaround.

                  Maybe this is a mechanism in order to keep small businesses out of the software market, since larger houses could create offshore sites by which to develop their international versions.

                  link to this | view in chronology ]

                  • icon
                    John Fenderson (profile), 12 Aug 2015 @ 2:14pm

                    Re: Encryption restrictions on US exports in the post Snowden era sounds fishy.

                    "I'm pretty sure these export restrictions are not valid anymore, or couldn't possibly be enforced."

                    They are valid. The export restrictions were eased, but not eliminated.

                    "It would give offshore software a considerable edge that they were allowed to use larger keys where US-developed applications could not."

                    US-developed apps can use very strong encryption. They just can't export it. And yes, it does give offshore software a considerable advantage, which is how it came to be that the really cutting-edge crypto development is not done in the US.

                    link to this | view in chronology ]

                    • icon
                      Uriel-238 (profile), 12 Aug 2015 @ 4:57pm

                      Re: Re: Encryption restrictions on US exports in the post Snowden era sounds fishy.

                      Oh.

                      That sounds like another economic Whoops, kinda like when ICE shut down Megaupload without any consideration for its clients.

                      Sucks to be Sophos then.

                      link to this | view in chronology ]

          • icon
            Coyne Tibbets (profile), 10 Aug 2015 @ 9:37pm

            Re: Re: Re: Re: I don't think Sophos is to blame on this.

            It does not matter.

            The encryption export restrictions apply to all use of encryption, no matter how it is used by the software and no matter how its use is restricted. If the software contains encryption code, it's subject to the restrictions.

            link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 7:15am

      Re: I don't think Sophos is to blame on this.

      "Forms of encryption with keys larger than 56 bits are restricted."

      AES-256 begs to differ.

      "Sophos, as a company that deals with strong encryption is subject to stringent controls on what they, as a company, directly distribute, where they distribute it, and to whom they distribute to."

      And so their use of what appears to a wiki entry on common arab names as a blacklist should mean they should be forbidden to handle encrypted software at all on basis of extreme incompetence in security matters coupled with stupidity?

      Let me wager a guess that had Ali actually been a bad man and stated his name to be John Doe his download would have proceeded without a hitch.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Aug 2015 @ 7:29am

        Re: Re: I don't think Sophos is to blame on this.

        Send something that uses AES256 to Iran with the customs forms filled out and see how far it gets.

        link to this | view in chronology ]

      • icon
        Sheogorath (profile), 10 Aug 2015 @ 8:22am

        Re: Re: I don't think Sophos is to blame on this.

        No, the name John Doe would have triggered a check as well. Something about dead people without ID.

        link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 10 Aug 2015 @ 11:07am

          Re: Re: Re: I don't think Sophos is to blame on this.

          How about:

          John Hunter
          Betty Smith
          Amber Clinton
          Roger Bach
          Christine Lee
          Joseph Spalding
          Mary Wilson
          Peter West
          James McCoy
          Leonard Nelson
          Anne Miller
          Francis Costner

          I could go on and on and on.

          link to this | view in chronology ]

    • icon
      Richard (profile), 10 Aug 2015 @ 7:17am

      Re: I don't think Sophos is to blame on this.

      Sophos, as a company that deals with strong encryption is subject to stringent controls on what they, as a company, directly distribute, where they distribute it, and to whom they distribute to. Forms of encryption with keys larger than 56 bits are restricted. Sophos wouldn't want to put itself out of the running for government contracts or on the 'bad side of the law' by breaking any rules concerning the export of encryption software.

      The 1990's ended 15 years ago you know....

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Aug 2015 @ 7:28am

        Re: Re: I don't think Sophos is to blame on this.

        The government doesn't seem to think so.

        link to this | view in chronology ]

      • icon
        John Fenderson (profile), 10 Aug 2015 @ 7:53am

        Re: Re: I don't think Sophos is to blame on this.

        Crypto export controls were eased after that, but not eliminated. You still need an export license for "military grade equipment", tempest-approved electronics, custom crypto, and crypto consulting services.

        Also, you need to register (but not get a license) with BIS if you are exporting mass market commodities or crypto exceeding 64 bits.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 10 Aug 2015 @ 8:27am

          Re: Re: Re: I don't think Sophos is to blame on this.

          See my reply to another person above, linking to the 5d002 exceptions; there isn't an across the board lifting of restrictions, that's an oversimplification. There are still restrictions. I think it is clear the software in question trips one of those or we get back to 'why would they bother if they don't need to?'

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 10 Aug 2015 @ 9:01am

            Re: Re: Re: Re: I don't think Sophos is to blame on this.

            " I think it is clear the software in question trips one of those or we get back to 'why would they bother if they don't need to?'"

            I don't think that's clear at all.

            However, if they are tripping a restriction, then the next obvious question is "what the hell are they doing?"

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 10 Aug 2015 @ 9:32am

              Re: Re: Re: Re: Re: I don't think Sophos is to blame on this.

              Whatever they're doing, it seems like a lot of AV companies do the same. Also, Sophos has a history of integrating
              several products, like their Cloud Security and FDE software. That might be where the hang up is, if they have to do something for a substantial part of the product line they may simplify the business processes by doing the same validation described in the article.

              Kaspersky has similar restrictions on their 'strong encryption' versions. I'm not terribly familiar with many others, but I'd be surprised if the U.S. based commercial vendors behaved in a different fashion (strong/weak encryption versions, etc, etc.) Also, Sophos is a British company, so there may be rules/regs we just aren't aware of.

              But again we're getting well off the discussion point I tried to raise and running around in the weeds of the issue; why are these rules still in place for software, specifically basic security software?

              link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 7:37am

      Re: I don't think Sophos is to blame on this.

      Most of you don't seem to realize it isn't just the Wassenaar Arrangement, there is also ITAR and the USML. I don't see those mentioned in the article but they probably should be.

      link to this | view in chronology ]

  • icon
    Agonistes (profile), 10 Aug 2015 @ 7:02am

    Are authorities and their corporate arms going to start needing identification before you can buy a rabbit's foot or pick a four-leaf clover now?

    link to this | view in chronology ]

  • identicon
    David, 10 Aug 2015 @ 7:12am

    Unlimited possibilities!

    Ali brought the issue to our attention, complaining that Sophos had applied an "anti-Muslim name filter” that places hurdles in the way of his attempts to download the security software firm’s freebie Mac malware detection tool.

    Oooooh. Instead of an anti-Muslim name filter, how about a Gamer Gate refusing to provide game downloads to persons with a male name?

    Maybe the necessity to identify as female for game access will make certain gamers more compassionate?

    Just like the necessity to identify as Christian in order to get virus protection will make certain Muslims swear off terrorism?

    This sounds like a foolproof plan.

    link to this | view in chronology ]

  • identicon
    Jake, 10 Aug 2015 @ 7:16am

    Guess I'll be sticking to Avast then.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 7:30am

    Sophos = 3 Letter agency?

    link to this | view in chronology ]

  • icon
    Paul Renault (profile), 10 Aug 2015 @ 7:46am

    Me: If you want me to use your Free AV Software...

    ...You'll Need To Prove That It Works!

    link to this | view in chronology ]

    • identicon
      David, 10 Aug 2015 @ 8:14am

      Re: Me: If you want me to use your Free AV Software...

      Just try to log in as "Hasan" to your computer after installing the software. It's as sophosticated as that.

      link to this | view in chronology ]

  • icon
    Seegras (profile), 10 Aug 2015 @ 7:54am

    Making the world less secure

    When everyone that lands on some kind of "blacklist" isn't able to protect its own machine, then we might assume that their machines are soon part of some botnet, making everyone else less secure. Stupid gits.

    Of course, that is assuming that AV products really work.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 8:19am

    That leaves out all US citizens

    After all, we're all being investigated by the NSA as possible terrorists. All 321,477,519 of us........

    link to this | view in chronology ]

  • icon
    Sheogorath (profile), 10 Aug 2015 @ 8:36am

    I don't have any crApple devices myself, but I'm going to warn people I know who do to avoid Sophos software on the basis that entering the wrong thing can trigger a phishing attempt. If Sophos wanna pull this shit, then they'd best be prepared for the consequences. ;D

    link to this | view in chronology ]

  • identicon
    PM, 10 Aug 2015 @ 8:50am

    Antivirus for Mac? Why?

    The user could avoid this issue by not attempting to use antivirus software on a Mac. It causes more trouble than its worth. The safest way to use a Mac is to keep it updated to the latest version and leave Gatekeeper with the default settings.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Aug 2015 @ 5:27am

      Re: Antivirus for Mac? Why?

      The two most common reasons are dumb corporate policies and to protect surrounding windows machines from viruses being passed through without infecting the Mac (which is what the person in TFA wanted it for).

      link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 10 Aug 2015 @ 8:50am

    Get what you deserve.

    Sophos will get what it deserves - lower revenues and negative profits. I hope their CEO gets his just deserts as well!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 9:19am

    Why would anyone trust security software from a company like this?

    link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 10 Aug 2015 @ 9:24am

    Spread your legs and place your hands in the yellow circles, please.

    WARNING
    Citizen, you have been selected for Compliance testing.
    Would you like to exercise your Constitutional rights?
    [ ]no [✓]yes

    COMPLIANCE CHECK FAILED
    A SWAT team has been dispatched to your location for "enhanced" Compliance testing.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 9:30am

    Stallman was right

    Free software is necessary more than ever.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 9:57am

    How nice, the start of a no-fly list for A/V downloading. So I gotta wonder, what are they trying to sneak into the anti-virus? Some sort of zeroday for those on the list? You know, just to check the contents of your computer to make sure you're not a terrorist.

    This is another fine example of security gone crazy. A sort of "We'd rather have you unprotected because you live in the wrong country or have the wrong name. One of those, "We can't do things that would prevent our third party from checking you".

    If you ever needed an example of why weakening security for all computer users is such a bad idea, you're looking at it right here. The idea that no one should be protected because the state should have the right to infect your computer to see what's in it. The same mentality that leaves the door open for any hacker to just waltz right into your computer. The same reason and mentality of why magic golden keys don't work, are an extremely bad idea, and are useless in practice to the general public.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 10:45am

      Re:

      what are they trying to sneak into the anti-virus?
      Yeah, I was wondering why they're blocking downloads for 'terroristy' names. It'd be a lot more productive for the TLAs (I guess GCHQ is a FLA) if Sophos let the download proceed, but with a 'special version' of the AV software that's chock full of backdoors.

      link to this | view in chronology ]

  • icon
    Sheogorath (profile), 10 Aug 2015 @ 10:58am

    Hang on, I've just had a thought. What if the 'third party' Sophos mentioned is one of its subsidiaries?

    link to this | view in chronology ]

  • icon
    OldGeezer (profile), 10 Aug 2015 @ 11:39am

    Muslims seem to only allow a couple dozen names and the most popular is Muhammad. There are only so many combinations and the chance of many duplicates are very likely. It's like Smith, Jones or Brown in many countries.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Aug 2015 @ 2:29pm

      Re:

      "Muslims seem to only allow a couple dozen names and the most popular is Muhammad."

      Ah, yes, and "Muslim" is synonymous with "terrorist".

      link to this | view in chronology ]

      • icon
        OldGeezer (profile), 10 Aug 2015 @ 4:04pm

        Re: Re:

        Only about 15 to 20% of them. Of course it is the largest religion in the world so that's still millions that want to kill us and don't care if our women and children die. I still remember the massive celebrations of hundreds of thousands of Muslims in the streets all over the middle east on 9/11. There have been cases of pregnant Muslim women strapping on bomb vests. The families of "martyrs" who die in suicide attacks receive permanent financial support from the Muslim leadership. Kindergarten age children are taught songs about the honor of dieing for Allah.
        How horrible that politically incorrect label Muslims as terrorists when it's not all of them . Just a lot of them.

        link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 10 Aug 2015 @ 8:18pm

          There's a cure for islamic hatred of the US.

          STOP BOMBING THEM!

          link to this | view in chronology ]

          • icon
            OldGeezer (profile), 11 Aug 2015 @ 3:25am

            Re: There's a cure for islamic hatred of the US.

            Yes, many mistakes and collateral damage has been caused by drones and other anti terrorist actions. At least an attempt is made on our part to go after after guilty individuals and not just indiscriminate murder of bombing crowded market places and transportation like the terrorists. Are we to take no action to take out the leadership of these organizations?

            Innocent people died on both sides in WWII but who was more to blame, the allies or the Nazis? I served in the army stationed in Germany in the 70's and many older Germans told me that the majority of the people hated Hitler and even when our bombs fell on their cities they blamed him for the destruction and death.

            link to this | view in chronology ]

            • icon
              Uriel-238 (profile), 11 Aug 2015 @ 10:39am

              Re: Re: There's a cure for islamic hatred of the US.

              An attempt is made on our part to go after after guilty individuals and not just indiscriminate murder of bombing crowded market places and transportation like the terrorists.

              Fifty civilian casualties for every person of interest is the average for our drone strike program. I call bullshit.

              And incidentally, pinpoint bombing in WWII still only dropped less than 30% of the bombs into designated target zones, to speak nothing of massacres like Dresden.

              Why is it that we armchair historians have to remind hawks of the timeless truth that War. Is. Hell.? Why is it that our leaders resort to military action like it's this weeks beer-bong party and everyone is going to get laid?

              War and killing should always be a last resort, and since WWII we've pretty much jumped over thwarting enemy plans or preventing them from unifying straight to seiging their cities.

              No, we pretend that Islam peoples hate us for our freedoms or our perversity or our affluent, when we'd never be able to tell if those are issues because they have plenty of cause to hate us for attacking them relentlessly.

              And the answer to your question is no. We don't do anything defuse their radical elements. Rather we help the moderate elements modernize and industrialize and westernize. And watch the recruits into their radical groups dwindle. We haven't tried that, and I bet you it'd be cheaper than our protracted military campaign in the middle east.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 1:08pm

    And if you use GNU/Linux – to avoid antivirus – you are a terrorist too.

    link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 10 Aug 2015 @ 8:16pm

      GNU/Linux users are terrorists

      Which is what happens when we ambiguously define the enemy as we do in the war on terror.

      We might as well be in a War on Zombies*.

      * Philosophical zombies at that.

      link to this | view in chronology ]

  • icon
    got_runs? (profile), 10 Aug 2015 @ 4:19pm

    NSA backdoor software love affair.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Aug 2015 @ 5:06pm

    I wonder if the name Sophos is on the no fly list. I hope Mr. Hasan Ali knows better than to trust an outfit that conducts business in such a manner. "Free" my proverbial ass, about as free as Windows X. Try Avast or Avira, personally I don't use an Anti-virus, flash, Java, and at times java script on any but one machine, and yes Windows is the OS on that lone wolf.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2015 @ 1:30am

    "to ensure that the requester is not included on any US government denied persons list."


    Denied persons list? That sounds an awful lot like a black list of persons being compiled by the US government.

    link to this | view in chronology ]

  • identicon
    Nurfgod, 12 Jun 2018 @ 8:09pm

    Its a conspiracy

    The location of this location is classified information. - The Simpsons

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.