In a little bit of cross-site synergy for the evening, Paul Wagenseil from our sister site Tom’s Guide has put together an interesting report discussing the recent developments surrounding Kaspersky Lab and the company’s antivirus software, which in recent days has been accused of spying on behalf of Russia’s intelligence services. Software & services is not really in AnandTech’s editorial purview, but I thought this was an interesting article that was worth sharing.

As a bit of background, Kaspersky Lab has been under the proverbial microscope off and on over the past half-decade or so due to concerns about close ties to the Russian government amidst ongoing geopolitical issues. More recently, on October 5th, the Wall Street Journal published an article claiming that Russian identified files from the United States National Security Agency (NSA) using Kaspersky Lab’s antivirus software, then using that information to steal said files. This has in turn called into question just how complicit Kaspersky Lab may have been in the endeavor, and whether their antivirus software is safe to use on consumer systems.

Writing for Tom’s Guide, Wagenseil reached out to a number of experts in the security field, ranging from the Electronic Frontier Foundation to former NSA staffers in order to get a broad look at the issue. Due to a lack of direct evidence in the matter – all of the major stories written so far have been based off of anonymous sources in the US government – there’s little in the way of hard facts to deal with. However across all of Wagenseil’s respondents, both named and unnamed, most agreed that people and businesses working in sensitive matters should not use Kaspersky Lab’s software, essentially taking a “why risk it?” stance on the matter. Things are a little less obvious for consumers however; some respondents recommended against the software entirely, while others noted that consumers probably aren’t the target of Russian signals intelligence efforts.

One notable and broad point that was made, however, is that regardless of Kasperksy Lab’s involvement, similar risks exist with all antivirus software. All modern AV software includes telemetry for reporting on new software as a means to more rapidly detect new forms of malware, and due to the deep reach of AV scanners, those telemetry processes can access virtually any piece of software or documents. So for the paranoid – or even just the privacy minded – disabling telemetry can help to reduce the risk at least somewhat by terminating regular reporting to AV software vendors, which in the case of Kasperksy Lab, is how the attack was believed to be carried out.

In any case, you can find more on this interesting matter and on the security experts’ responses over at Tom’s Guide.

Source: Tom's Guide

Comments Locked


View All Comments

  • danjw - Saturday, October 14, 2017 - link

    Why would anyone want to use software that was at least reasonably likely going to allow a government to spy on you. I don't care if that government is yours or not. Just no reason for anyone to take that risk.
  • vladx - Saturday, October 14, 2017 - link

    Paranoia is high, when in doubt always blame the russians. Like NSA or FBI can't be manufacturing facts to fit their agenda.
  • milkod2001 - Friday, October 20, 2017 - link

    Russians have also voted for Trump. Well , they would if they could....
  • yannigr2 - Sunday, October 15, 2017 - link

    AMERICAN companies, and sources in AMERICAN government, are investigating and talking about Russian(or Chinese) software. I wonder what the verdict will be.

    Thank God that AMERICAN companies, agencies and governments do NOT spy on other, countries, leaders, companies and consumers, even when those are part of NATO for example, or American citizens.
    Hypocrisy level: Infinite.
  • RedGreenBlue - Tuesday, October 17, 2017 - link

    Remember, only you can prevent cyber espionage.
    Protect your democracy, uninstall today.
  • Antikapitalista1 - Tuesday, October 17, 2017 - link

    Obviously, this just yet another baseless U.S. bullshit propaganda stunt aimed at the U.S. brainwashed public.

    In fact, the story is absolutely ridiculous – reportedly Israeli hackers penetrating into Kaspersky Lab networks and collecting evidence there, what a load of brain-damaged nonsense!

    Besides, the Kaspersky Lab has already refused these baseless accusations. It actually needs to be stressed that the accusations are baseless.

    Obviously, I trust the Kaspersky Labs. Who could believe the all-too-often lying U.S. government, if it even cannot even publish the evidence for the experts to examine, but prefers to mull baseless accusations?

    The only plausible explanation is that the U.S. government is lying again.

    Look, one does not need hackers, much less a totally implausible story about some Israeli ones, which reeks of some bloody cheap spy novel, nothing more.

    The Kaspersky products are installed on their computers, on millions of computers. It is very easy do a pinpoint analysis of the Kaspersky suite. One does not even need the Eugene Kaspersky generous offer, anyone could do it, with a lot of time on their hands, or, most likely, with a lot o man-hours at their disposal, such as the NSA itself or its security contractors. It can be disassembled and decompiled. There is no need for hackers, except in U.S. government paranoid fantasies.

    Obviously, the Kaspersky Lab security suite "stole" NSA malware. I even remember it. It was a particularly nasty piece of malware, which infected the firmware of hard drives.

    And Kaspersky detected it, analyzed it... and broke the news.

    Kaspersky behaviour is absolutely normal – heuristic detection with sending of unknown samples back to the Kaspersky Labs for further analysis – that is where antivirus companies compete, after all. I heuristics and analyses of new threats.
    And Kaspersky was, apparently, the best. (Maybe this was based on pure luck, maybe it was built on solid competence, but I would definitely lean toward the latter.)

    So, the Kaspersky Labs ran across NSA malware and were the first to analyze, or at least the first to break the news.
    Maybe because they are not in bed with the U.S. mafia, so they published it, instead of incorporating an NSA backdoor.

    Customer running away in droves from Kaspersky Labs? Quite the opposite! In fact, I have even downloaded their security suite from a trustworthy Russian site together with a "medicine", as the Russians call it (a crack), but I have not tried it yet...
    Kaspersky has not offered any free antivirus, I mean, perpetually free, or with easily extensible trials, so that has kept me away from recommending it to others. And it has seemed to me rather expensive... but if the U.S. government is fulmination about it, then, I assume, it must be really good... and perhaps even worth a try, to say the least.

    Thus, it is now obvious that the Kaspersky Lab security suite ought to be a very reliable choice, because the U.S. cannot control it.

    You know, I would rather have the Russian government to hoard my private data, then letting my government or its NATO or Five Eyes allies have a peek at them.

    It is the same with smart mobile devices. Huawei is now my only choice when i comes to smartphones. While there have been other rumours about other Chinese competitors, some of them possibly selling your private data for advertisement purposes, only Huawei has been firmly established as having links with the People's Liberation Army, and hence the government of the People's Republic of China. The U.S.A. or its allies fear Huawei devices, which means that the U.S.A has no control over Huawei devices, which is a very good thing.

    Remember, the U.S.A. spied on Airbus (via its European colony named Germany) in favour of Boeing, so products under U.S control are also inherently dangerous, when it comes to to protecting trade secrets.
  • Reflex - Tuesday, October 17, 2017 - link

    Great points Ivan!
  • peevee - Friday, October 20, 2017 - link

    MS provides (even includes with newer Windows) antivirus and anti-malware software for free for a long time now. How all these companies are not dead yet? I suspect kickbacks in corporate and government purchases.
  • twtech - Monday, October 23, 2017 - link

    US companies can be asked to provide information by US government entities, and are required by law to disclose it. The same thing happening in Russia shouldn't be overly surprising.

    Rather than framing this as a good guy/bad guy type of question, the lesson learned should probably be that relying on security technology provided by foreign companies is generally a bad idea.
  • RedGreenBlue - Monday, October 23, 2017 - link

    I would not trust a statement by someone with Antikapitalist in their username in any controversial matter regarding a Russian entity. That post is nothing but disinformation, subjective interpretations, and assumptions hanging by a thread. There is no substantial argument there. To suggest this is something out of a spy novel so it can't be true, is just assinign. To say that Kaspersky denied it so it can't be true is ridiculous. Israel is not some weak and stupid country, they worked with the U.S. To develop Stuxnet. A disproportionately large sector of their economy is microprocessor and software development.
    The Kaspersky integrity problem with the Russian government has been going on for at least a year. Once more, the US government hardly said anything about this, they just wanted it removed from government computers. The press picked up the story. If you're an IT worker for a large corporation with any sensitive information, you should have been aware of this for at least a year. Just by googling I could find stories of IT workers turning down Kaspersky meetings in 2014 because of Russian government actions.

    Kaspersky has been on the US government's radar for a long time as a possible threat to national security. As it should be. It may be a good security software, that doesn't mean it isn't a threat. The suggestion that it found NSA exploits, could just as easily be because they were stolen and passed on by the Russian government and Russia wanted their government computers protected.

Log in

Don't have an account? Sign up now