Deutsch
English
Last week, a piece of news shook the IT world. The US government had banned federal agencies from using security software from Russian company Kaspersky as the Department of Homeland Security was worried about potential connections between Kaspersky and the Russian secret service. In an unprecedented move, all Kaspersky software now has to be removed from all government PCs within 150 days. Looking closer, a couple a questions arise the most important of which is: is there anything left that is safe to install?
Since the 2016 US election, one topic has come up time and again on the web: Russian hackers. Though evidence is hard to find, many surmised Russia massively interfered in the 2016 election. Born out of this fear of uncertainty, Kaspersky quickly fell into the crosshairs of US intelligence agencies. A Russian security software used by over 400 million users including 27,000 business customers would be the perfect backdoor after all! This sentiment had been boiling under the surface for months and led to agents questioning Kaspersky employees and even cracking parts of the software to track down hidden features. It was an all-out effort to uncover the "Russian conspiracy" - and it was all for nothing.
The FBI has yet to come up with substantial proof to support the claims against Kaspersky. Reading between the lines, it becomes apparent that this is not about the software currently running on PCs around the world as no irregularities were found. It's not about what is or was but what might be. The mere thought that the Russian intelligence service might use Kaspersky software to sneak spy tools into US governments robs many of their sleep. All it took was the nationality of a company combined with a general mistrust of Putin's power apparatus to trigger this boycott. Following this line of thought, you may experience mild paranoia as you ask yourself how this scenario may apply to other companies, e.g. Microsoft, and the traditionally unscrupulous NSA. Is that too much of a stretch or should you avoid US software altogether because this scenario is a possibility?
To avoid misunderstandings: we don't entertain any business relations with Kaspersky. They're just another competitor to us. Yes, we could welcome this development as it may mean more antivirus license sales for us but that would be taking too narrow a view of this affair. Is it OK to publicly defame a company for no reason other than fear and suspicion? A company that secures jobs and constitutes a life's work for many? This goes against my sense of justice. What happened to innocent until proven guilty? Some of the suspicions are not without an element of comedy. For example, they criticize that Kaspersky software requires administrator privileges to work properly but fail to mention, or are unaware, that this is the case with every antivirus program. Likewise, any contact with Russian authorities is frowned upon yet, again, they blithely forget that the exchange of information between security vendors and national / international authorities is standard practice to warn and alert against threats and vulnerabilities. So what can you do? Uninstall everything until the screen stays black? You'd certainly be safer then!
Even more disturbing is the advice the US government has for private individuals. While government agencies have just 60 days for planning and 90 days for the implementation of the new regulation, home users are simply told to keep calm. After all, this only concerns companies and the feds they say. But once allegations that a company is the Kremlin's secret espionage department are made, wouldn't it make sense to also warn private consumers? Is their security worth nothing? Moreover, researchers, universities and their staff are most likely using Kaspersky programs on their private computers too. Is that irrelevant? Just a political decision after all?
What remains is the uneasy feeling that the suspicions are plenty yet the facts are few. German authorities have praised the close and constructive relations with Kaspersky and pointed out the various attacks that were successfully repelled with the company's help. This includes multiple attacks by Russian hackers against government officials. So whom can you trust? Let's hope defamation and mistrust won't undermine the combined global efforts in the fields of science, trade and security that have developed across national borders over the years. Imposing a product ban based on company nationality alone invokes unpleasant memories of the Cold War era in me. Back then, Russian software would have been a no-go and who'd want to return to those dark times?
What I would like to know: how will this affair influence your future buying decisions?
It won't.
I generally take a government's condemnation of a security tool as a sign that security company refuses to play ball with whatever the current administration's pet topic du jour is.
Hi Sven ,it will not bother me at all,we do not use anything made in the usa,i do not trust them at all. Lyall from Tasmania.
A very good article, thank you.
I think this raises a question about all propriety, closed-source software: what is it doing that I don't know about?
I think many people are aware of amount of data that Windows 10 sends and stores on Microsoft's servers, and the amount of data it collects is scary. Ah, if you're concerned about Windows 10 stalking you, get Ashampoo's WinOptimizer and turn off many of the hidden data collection features.
Closed-source software does not allow anyone to inspect it to see what it is doing behind the scenes. Is it calling home? Is it collecting data? Is it sharing whith who knows what third-parties?
I do understand that companies need to protect their intellectual property, but a simple terms of use or vague privacy policy does not explain hidden functions within the software (calling home, data collecting, types of data collected, retention of data, etc) that the user cannot see.
I think it is time for a trusted organisation that companies can send their propriety software to for source-code scrutiny. While no source code would be released or shared, basic data on what the software accesses and takes could be published in a table form, similar to AVTest's anti-virus test results.
The results of the inspection would identify the parts of a system the software accesses, whether or not it collects and sends data, including the types of data, how often it calls home and for what purpose, whether it serves ads or attempts to up-sell after purchase, and give the software an overall privacy rating.
I have recently ended my operating system relationship with Microsoft and moved to another system, not an Apple system, which is completely open-source, meaning that software experts/developers can see what the software does, and if there's something dodgy going on, the community can advise users. I heard about a case regarding a change in code to Chromium (open-source version of Chrome), that caused the browser to contact Google's servers for some reason. The community flagged it and the offending privacy concern was removed.
In summary, there are concerns about what software does, especially that which is designed to protect systems and deeply analyses files. But those concerns could be addressed by having an independent agency assessing software and informing users about exactly what it does in terms of data collection, retention and sharing.
Hey Swen, excellent article. I have used Kaspersky for many years and it is excellent software. Matter of fact, PC World ranks them tied for #1 software.
Honestly, not at all.
I think the US Government response is "political", not rational. If suspicion of being foreign rules out selling services in the USA, then that's a pretty large non-tariff barrier. If suspicion, when investigation finds no evidence, is grounds for exclusion, then that attacks a pretty fundamental rule of law. The USA has further degraded the distinction between a free democracy, and a totalitarian regime. Such a step might be essential in wartime; but it bodes ill for the world's self proclaimed leading democracy in peacetime. Personally, as a NZ citizen, I think its more likely the USA's NSA is reading my emails than that the Russians are.
I think Ashampoo's attitude is admirable.
Right now my country is suffering from Russia hysteria, helped by our last election; who knows how much of it warranted and how much is "fake news" (I've learned to hate that phrase). Eugene Kaspersky's ties to the Russian military and his education at the KGB Higher School only adds fuel to the hysteria. But Kaspersky Labs aside, the question of "who can you trust" is a good one. Considering what just happened with Piriform's (now Avast's) CCleaner, how likely is it that someday millions of Windows PC will become bricked because hackers broke into Microsoft's servers and pushed a fatal Windows Update? Thanks to Equifax's incompetence, the Dark Web is now a supermarket to 143 million new credentials. It's enough to make you want to unplug your Ethernet cable.
The shame of it is Kaspersky Labs has great software.
Robert Gordon
United States
Well done!
Nice to see someone is resistant to russiaphobia!
US has set a dangerous precedent as they get info from microsoft & google.
Russia, China, India and others will develop their own software, reducing microsoft and google's customer base by more than half.
Great article Sven.
I was using Kaspersky for many years without a problem until I won a three year subscription for another highly rated Anti-Virus-Malware-Ransomware programme.
There was a time when a deal of trust was spread among 'people of the world', which appeared to be the case when honesy abounded when I was at school in the UK.
At present it seems that the comic series from the MAD magazine,SPY vs SPY is based on the truth.
Here is a sample :
https://www.youtube.com/watch?v=8dNxK_wslqo
Well considered and well presented.
I'm sure the US government agencies will be watching everything any Russia affiliated business does and will alert everyone if and when it's time to do something. When Chicken Little starts sounding the alarm, I want to see a real reason to join the panic. Now, go back to your internet and play nice.
The cry is "make America great again" Why on earth is the USA Government using foreign software? In fact any government should only be using local products. After all it is the taxpayers that live and work in the country are paying the bill.
I basically do not trust any security software, especially if they ask for samples to upload. How do you know what they grab? Microsoft does this and some other companies as well. Somehow they find it easier to scan files in the cloud after uploading them from your computer to theirs. Off course you have to enable this feature yourself and some legal stuff has to be confirmed first. I am particularly worried about this.
Has anyone got that feeling that the whole world has developed a severe case of paranoia ? We are back to the 1950's 'Russians under the bed' syndrome.
Now it is Kaspersky, what tomorrow ?
Jo, New Zealand
Hi Sven,
I've wondered since IBM sold their computer business to the Chinese about the likelihood of something nefarious embedded in Chinese made hardware. We've read where our own spy agencies have planted things on hardware leaving the US. Why wouldn't another country, whether it be the Russians or Chinese do the same thing?
Very good to see that some one is taking the side of common sense, I feel the USA Government has lost the plot and looking for the Russian under the bed. Would not stop me from using a virus programme because of what they are doing but it may put off some people. Tops marks Ashampoo
Let's please keep in mind that this is the same American government whose elected representatives in Washington renamed the french fries available in their cafeteria to "Freedom Fries" when the French refused to back the stupid and unjustifiable invasion of Iraq in 2003.
And of course, this is the same government currently vehemently denying ANY Russian hacking of the 2016 elections, or any involvement with Russian agents in any way at all, but banning Kaspersky anyway through "an abundance of caution".
This will have zero influence on future buying decisions for me. I don't allow stupid and easily swayed politicians and bureaucrats to influence my decisions, except to mostly do the opposite of what they recommend.
I've used Kaspersky Internet Security for years and feel safe using their product. Fear is a funny thing as we all know it.
Are we to assume that other Internationally created software and electronics are safe for use in North America? :)
Like Sven has stated, please use your own comfort level.
Yes, I utilize many Ashampoo products.
Sven, thanks for remaining neutral in your commentary.
You might get some answers if you read this article:
http://www.whatdoesitmean.com/index2382.htm
It says that, "its experts discovered a “backdoor” (that bypasses a computers customary security mechanisms) embedded by the Central Intelligence Agency (CIA) into all Microsoft software products—and who after doing so, these same Kaspersky Lab experts then issued a “protective patch” (that fixes computer security vulnerabilities) to “close” this CIA “backdoor” from ever being opened again."
That explains the irrational action taken by the U.S. government.
Good evening Sven,
Perfectly written. Who else could win the US election , influenced Russian hackers than the agent of Russia. :-) Political stupidity is today a privilege and a daily order.
He continues to work well.
Regards
Lubos
Being a Kaspersky user since the start o the year this something that had crossed my on a few occasions. However as your Blog suggests you have to rely on someone. Ill stick with them
This seems to cover the why Homeland Security said in a statement Wednesday that it's "concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies."
It also cited "requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."
Money.cnn.com has excellent suggestions (Norton is one).
I access emails through my provider's website and also through Microsoft Outlook. Mails can take up to 24 hours to arrive in Outlook and I've always believed that this is because US government agencies want to read them first
Hello Sven
I admire your integrity, a sound, honest article.
Good man...keep up the good work.
I always like your comments.
Robert. UK.