What the Kaspersky antivirus hack really means

Should you delete Kaspersky products from your machine? The answer's not so simple.

Credit: David Orban via Flickr

Kaspersky Lab’s 400 million users worldwide can’t be happy about recent news linking the company’s antivirus products to spying. The Russian government reportedly used the Moscow-based company’s software to steal sensitive information from American intelligence agents.

The incidents remind us that the security products we trust to protect our PCs have more or less full access. “Every cloud-based anti-virus has the potential and the ability to delete files, to modify files,” said Jake Williams, Founder and President of Rendition Infosec. “They have the ability to launch new processes as well as terminate existing processes.”

It’s bad if someone hacks your computer. If someone hacks your computer and uses your own antivirus software to take over, that’s a disaster. “Looking at all of this together,” Williams concluded, “It becomes clear that if whoever’s running your anti-virus doesn’t have your best interests at heart they can definitely do some damage.”

Now that we know Kaspersky antivirus software can turn against you, the next question is whether we can do anything about it. We talked to security experts to find out more.

Kaspersky’s purported data exfiltration: A timeline

The Kaspersky story heated up earlier this fall. On October 5, The Wall Street Journal reported that hackers working for the Russian government in 2015 stole documents deetailing how the U.S. attacks foreign computer networks and defends domestic ones. The Russian hackers used Kaspersky Anti-Virus to identify the data and target it on the home computer of a National Security Agency contractor, the Journal said.

A few days later The New York Times reported that the Americans only found out about the purported Kaspersky data leak from Israeli spies. The Israelis, the Times said, hacked into Kaspersky themselves, where they watched Russian hackers use Kaspersky software in real time as a “sort of Google search for sensitive information.”

The Journal followed up a day later with another report. This one said Russian agents used Kaspersky to search for terms like “top secret” across computers where Kaspersky software was installed. 

Kaspersky Lab has denied allegations that it’s in cahoots with Russian intelligence. Nevertheless, retailers including Best Buy, Office Depot, and Staples have pulled Kaspersky software from store shelves during, and leading up to, the controversy.

Company co-founder and CEO Eugene Kaspersky announced he would open up the company’s code to third-party review to quell concerns about Russian interference.

Soon after, Kaspersky Lab also announced the preliminary results of an internal investigation into the purported spying on the U.S. The company said its antivirus software simply did its job. A contractor put covert malware onto his home machine with Kaspersky installed. After a scan, the antivirus detected the new malware, uploaded it to Kaspersky’s cloud servers for analysis, and at that point the covert data was exposed. Kaspersky said once it discovered the government-developed malware the code was deleted from company servers and never delivered to any government agencies.

The Russians are coming. The Russians are coming?

For most North Americans, the default is to assume the worst about Kaspersky Lab, especially because Eugene Kaspersky himself was trained at a KGB-run school.

Security experts see some room for explanation. It’s not unusual, for one thing, for information security (infosec) professionals to start in the military or government intelligence before entering the private sector.

Kaspersky Lab is actually an important player in the infosec community for the useful threat information it makes freely available. “I think they have probably some of the best researchers and talents in the world,” said Amit Serper principal security researcher for Boston-based infosec company Cybereason. 

Good works aren’t enough to absolve Kaspersky, however. That’s why the company wants third parties to audit its code. But even that won’t satisfy most critics. “I think it’s entirely for show, and I think they know that,” Williams said. “It’s not a question of ‘is the code itself secure?’ I would argue that Kaspersky is probably some of the most secure A/V code out there right now. It’s a matter of how they use the code that’s going to be controlled by the Kaspersky command center.”

Serper offered similar sentiments, but added that the data is what most concerns him. “What data is collected [from user PCs]? How is it collected? How is it saved? How is it catalogued? I think it’s a data science question, and not a software engineering question.”

What home users can do

We may never know whether Kaspersky Lab is a willing accomplice for Russian intelligence. What you can do, however, is stick to the basics of PC security and understand your “threat model”—the realistic threats that you confront as an everyday computer user. If you’re an engineer working on infrastructure projects, a research scientist, or even a journalist, then Russian spying on your machine might be part of your threat model, says Williams. Those people may want to avoid Kaspersky products.

The reality, however, is that Russian intelligence is not interested in the average American’s family photos or personal diaries. As Williams pointed out on Twitter, technicians working on your PC at a local computer shop pose a higher risk of data theft than Russian intelligence via Kaspersky or other software.

“Personally, I don’t think that Kaspersky is a threat to the home user,” Serper said.

Williams also wouldn’t advise that most home users to dump Kaspersky—he hasn’t even advised any of his family and friends to delete the software. “But if I have a brand-new machine,” Williams added. “And I’m trying to decide should I install Kaspersky or not? I’m not sure that I would.”

That’s not only because of the worries about espionage, Williams says, but the question of Kaspersky’s long-term fate in the U.S. market given current tensions.

Whatever your decision, the worst option would be to give up on antivirus altogether. “Are you worried about the .01 percent of the Advanced Persistent Threat groups [elite and state-level hackers] that are probably not interested in you,” Williams said. “or are you worried about the 99.9 percent of stuff that’s going to hurt you? The reality is A/V keeps most of that stuff away.”

Besides, this problem is not likely to disappear—if anything, more consumer-grade software may soon end up in the cross-fire. Before reports off Kaspersky surfaced, hackers linked to China infiltrated and delivered malware via the popular PC utility CCleaner. Williams believes we’ll see more state-level hackers accelerate their computer hacking programs thanks to recent high-level leaks of infiltration methods such as Vault 7 and the Shadow Brokers hack.

Staying safe with antivirus software

To counter these potential problems, Williams advises home users to stick to big-name products as a way to benefit from a digital version of herd immunity. “For a product that’s widely used,” he said. “A back door in that product will be caught much more quickly than a product that is sparsely used.”

Serper reminds us to keep our machines and software up to date. Vulnerabilities and hacking methods that get leaked are much easier to pull off because many people don’t patch their machines to fix critical vulnerabilities.

As usual, basic common sense and security practices are your best defense. Rely on good, popular software, pick an antivirus that you trust, regularly patch your operating system and software, and don’t forget to use a reliable ad blocker in your browser to guard against some common web-based attacks. That may not defend you against all possible intrusions, but it’s the most reasonable approach short of wearing a tinfoil hat and running Linux.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ian Paul

PC World (US online)
Show Comments

Brand Post

Shining a light on creativity

MSI has long pushed the boundaries of invention with its ever-evolving range of laptops but it has now pulled off a world first with the new MSI Creative 17.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?