Is Kaspersky Still Safe to Use?
I’ve been asked this a lot because of recent stories in the news. The answer is yes, it is safe to use. The complete story with analysis is reprinted below. However, for those short on time, I will summarize:
What Happened?
An employee of the U.S National Security Agency illegally (and stupidly) took government software home and put it on his home computer. What software? Oh, nothing much, just government designed malware! Bear in mind, the kind of malware governments make is not your run-of-the-mill virus. Think Super-Virus. Viruses that governments create are used for counter-espionage, or perhaps for taking down power plants, electrical grids or nuclear reactors. Stuxnet is a perfect example of a state-sponsored virus, a worm that targeted programmable logic controllers that manage industrial control systems. We don’t know what this brand of U.S. created malware did. That would be classified, but we can be sure it was something powerful. This wasn’t some irritating little bug designed by kids to mess up your home computer. This was stuff developed by some of the brightest minds working in our intelligence community. We can presume that it was designed to be able to be used to spy on, prevent attack from, or initiate attack, on other countries. Very dangerous super-secret stuff.
What Has That To Do With Kaspersky?
Back to the NSA contractor – the one that should win the idiot-of-the-year award – his home computer was protected with Kaspersky, which is made in Russia. Of course when he put the super-virus on his home computer, which by the way was totally illegal, Kaspersky detected and quarantined the virus, just as it was designed to do. The real story here is how careless this guy was. How could an NSA agent with top-security clearance do something so dumb? Have they been fired? Arrested? I don’t know. I couldn’t find out because the news is concentrating instead on how EVIL Russia is, which probably sells more papers. In other words, pay no attention to the man behind the curtain, look over there!
All Anti-Virus software packages ask a question when they are installed. That question goes something like this: “Would you like to help make this product better? Any detected viruses will be sent to our labs for analysis if you click ‘Yes.’ Click ‘No’ if you don’t want information sent to our labs.” This is one of the main ways that all anti-virus software learns about newly created viruses. Any junior computer tech knows this. I always click ‘Yes.’ Apparently this employee had clicked ‘Yes’ also. As a result, the detected state-sponsored super-virus was sent to Kaspersky Labs for analysis. Nobody had to hack in and get it. The Kaspersky software sent it in to their labs just as it was supposed to.
No doubt the detection of a government super-virus set off alarms at Kaspersky, as can well be expected. The article below says, “The Russian hackers then targeted the contractor’s home machine and copied the NSA files.” Another article says that “Kaspersky opened the machine up to Russian hackers.” Those are all blatant lies. No such thing happened! It didn’t need to happen for them to get the virus. Kaspersky received the NSA-created virus because the employee had approved for Kaspersky to send any infected files to them for analysis. Kaspersky did not hack into anyone’s computer. They received the virus by completely legitimate, legal and moral means. But when reporters who know nothing about the technology they are talking about try to sound like they are in-the-know, you get these outrageous distortions of fact. I would think those in our government who know would be quick to point out this blatant misrepresentation of facts, but then again, it’s conceivable that the organization that allowed something so imbecilic to happen would prefer to let the blame get passed off on another country. The bigger the story of “Russian hackers” is made to be, the smaller the story becomes of those responsible for another stupid breach of government security.
Now let’s think about what happened next and let’s put the shoe on the other foot. Let’s pretend that it was an American company, say Norton for example, that detected a state-sponsored virus in another country. And Norton received that dangerous state-sponsored super-virus by totally legitimate means. What should they do? What would an American patriot feel responsible to do? What if the virus was found to have come from North Korea? Can you see where an American company might feel obligated, maybe even required, to report this information to our government? I certainly think that would be reasonable.
We don’t know how exactly things happened in Russia, but apparently this situation did get escalated into the Russian government. Maybe. We don’t really know, even though some say we do. Understand, we are dealing with highly classified material and it may be that both governments are issuing disinformation in this regard. The point is, when we are dealing with government spy agencies we can’t always take the info being released at face value. But even if it did get reported to Russian intelligence, that is not out of the ordinary or anything that would not happen in America. Governments of all countries have to use all means necessary to keep abreast of all cyber threats, especially when it involves a government created virus that was loaded onto a private internet-connected personal computer!
Eugene Kaspersky, founder of Kaspersky Labs said, “We never betray the trust that our users place in our hands. If we were ever to do so just once, it would immediately be spotted by the industry and it would be the end of our business — and rightly so.” Much is made of the fact that Kaspersky labs has helped their government with security issues. I say, so what? Would we think it strange if we heard that Norton had helped our government with security? This whole story is a big nothing-burger.
Follow The Money
Who benefits from making more of this story than is really there? Kaspersky, by virtue of its superior detection algorithms, has won a major share of the American anti-virus software market, cutting deeply into the pockets of Symantec/Norton, McAfee and other American products. I can imagine that these American companies are gleeful over this recent fake news. Their revenue has increased exponentially as a result. News outlets also capitalize on this kind of story. It sells papers, magazines and makes great evening news that is guaranteed to boost ratings. All that translates into dollars.
Follow the Politics
I think everyone realizes that today most of our news comes to us filtered through a political lens. People that own news outlets are just humans like you and me and they have a certain political bent. They naturally reward reporters who formulate stories that align with their particular world view. It would be naïve not to take into account the current Russian hysteria in the political climate surrounding this story. There is a current FBI investigation that deals with alleged collusion between Russia and President Trump to affect the election outcome. Without going into what I think of that, or the facts, or should I say lack of facts, suffice it to say that we should ask ourselves this question: Who benefits if Russia is made to look bad in this incident? This would not be the first time a story is skewed to benefit a politician.
The Moral of the Story
Part of this story is that the U.S. government is considering banning the use of Kaspersky software on their computers, and this tends to give the whole story credibility. So people are thinking, if the U.S. government doesn’t trust it, should I?
Should the U.S. government use Kaspersky software? No, absolutely not. A United States entity should never use any foreign software for protection, at least not a branch of government that deals with sensitive data. The government should be making their own protection software and not buying it from anyone. And if they do buy it, they should be buying American. That should be a no-brainer! Neither do I think our military should be using Russian-made AK-47s. We should make and use our own weapons, and we do. But that doesn’t mean an AK-47 isn’t a good rifle. Government should not use another country’s protection software, but private use of Kaspersky is another matter entirely.
Just because our secret spy agencies shouldn’t use Kaspersky does not mean that the average home user should not use it. It is still, in my opinion and in the opinion of many other experts, the best anti-virus software available. There is nothing in the software that causes a computer to be spied upon. It does not open up your computer to the Russians. If you don’t want your viruses reported, click ‘No’ When you install it.
The real moral of the story is, if you are the United States National Security Agency, don’t hire dimwits that take super-secret dangerous government software home to put on a personal computer. If you are a government agency or an employee doing government business, don’t use foreign made protection software and don’t use your own private email server. I would think every agency of our government would have that memo by now.
I trust Kaspersky and I will continue to use it on my own personal computer and to recommend it to others. It has never let me down. I love buying American, but right now, the Russian-made Kaspersky software is the best protection out there. Consider also the large presence Kaspersky has in our country. Most of the money spent on Kaspersky stays right here in the states. If things ever change I will be the first to let you know. But I don’t think things will change. It’s not likely that a large billion-dollar company like Kaspersky, that is doing international business, will commit suicide.
Sincerely,
Mark, Your Computer Guy
480-430-778 Zero
CertifiedOnlineComputerRepair.com
Following is a typical news story about the incident. Take some of the things with a grain of salt…
____________________________________________________________________________________________________________________________________________________________________________________________________________________
This story, originally published on July 21, 2017, has been updated to reflect recent developments.
The Wall Street Journal last night (Oct. 5) posted a bombshell story that may explain why the U.S. government wants to purge Kaspersky antivirus software from its systems. In the spring of 2015, a private contractor working for the NSA’s hacking wing took home classified materials and put them on his home computer, multiple unnamed sources told the Journal. Kaspersky antivirus software running on the contractor’s computer noticed the NSA files, which may have contained NSA-designed malware, and somehow tipped off Russian state-sponsored hackers to its presence. The Russian hackers then targeted the contractor’s home machine and copied the NSA files.
However, catching NSA malware on a user’s computer is exactly what antivirus software is supposed to do. Kaspersky Lab has exposed several likely NSA cyberespionage efforts in the past few years, as well as some Russian ones, and it knows what state-sponsored spyware looks like. A former NSA staffer told the Journal that Kaspersky antivirus software is “aggressive” in its search for malware on user machines. But for anyone who didn’t have copies of NSA files on his or her computer, this would be a good thing. “We make no apologies for being aggressive in the battle against malware and cybercriminals,” company head Eugene Kaspersky said in a personal blog posting put up shortly after the Journal story ran. “If our technologies detect anything suspicious and this object is identified as malware, in a matter of minutes all our customers — no matter who or where they are — receive protection from the threat.”
So did Kaspersky do it or not?
Left unanswered in the Journal’s story, and in a companion story in the Washington Post, was the question of whether Kaspersky Lab itself actively told the Russian government about the NSA files on the contractor’s machines.
It’s possible that the company was compromised by the Russian government without its knowledge — or that Kaspersky Lab knew the Russian security services were listening in, but couldn’t do anything about it.
“The key question is what triggered the Kaspersky APT investigation. Was it because he’s an NSA employee? Looking at docs? If so, Kaspersky is toast,” tweeted Matt Tait, a British cybersecurity expert and former staffer at GCHQ, the U.K.’s equivalent of the NSA. “But if it’s just signatures on NSA implants and NSA exploits, then this is Kaspersky just doing its job, and not at all a Kaspersky-Russia thing.”
Both Kaspersky the man and Kaspersky Lab the company have consistently denied any active collusion with the Russian government. In his blog post last night, Eugene Kaspersky said that doing so would make his job impossible.
“We never betray the trust that our users place in our hands,” he wrote. “If we were ever to do so just once, it would immediately be spotted by the industry and it would be the end of our business — and rightly so.”
In the face of this new information, our own position remains the same: Don’t run Kaspersky antivirus software if you or your close family members work for the U.S. government, for a defense contractor or for a company involved in running or maintaining critical infrastructure. But for everyone else, Kaspersky antivirus software can’t be beat. Until we have a real smoking gun — and this story isn’t it — we will continue to recommend it.
Our original story:
Russian antivirus firm Kaspersky Lab has been in the news a lot lately, and not in a good way. The U.S. Congress may ban Kaspersky products from the Pentagon. The federal bureaucracy has removed Kaspersky Lab from its list of approved vendors. And FBI agents have interviewed some of Kaspersky’s U.S. employees at their homes. All this has happened mainly because Kaspersky Lab and its CEO and co-founder, Eugene Kaspersky, are perceived as being close to the Kremlin. Reports in major Western news outlets have alleged strong ties between Kaspersky Lab and the Russian security services, though there’s not much of a smoking gun. Eugene Kaspersky has fired back, insisting that his company is free from government interference. He’s even offered to show the U.S. government the source code of his company’s products. So far, the pushback isn’t working.
Not much evidence
I don’t know how close Kaspersky Labs is to the Kremlin. I’ve met Eugene Kaspersky a few times, and I think he talks too much to make a good spy. But I do know one thing for sure: Kaspersky antivirus software is excellent, and unless you’re running a nuclear power plant, designing a jet fighter or operating the New York Stock Exchange, it should be safe to use.