What the Kaspersky antivirus hack really means

Should you delete Kaspersky products from your machine? The answer's not so simple.

Credit: David Orban via Flickr

Kaspersky Lab’s 400 million users worldwide can’t be happy about recent news linking the company’s antivirus products to spying. The Russian government reportedly used the Moscow-based company’s software to steal sensitive information from American intelligence agents.

The incidents remind us that the security products we trust to protect our PCs have more or less full access. “Every cloud-based anti-virus has the potential and the ability to delete files, to modify files,” said Jake Williams, Founder and President of Rendition Infosec. “They have the ability to launch new processes as well as terminate existing processes.”

It’s bad if someone hacks your computer. If someone hacks your computer and uses your own antivirus software to take over, that’s a disaster. “Looking at all of this together,” Williams concluded, “It becomes clear that if whoever’s running your anti-virus doesn’t have your best interests at heart they can definitely do some damage.”

Now that we know Kaspersky antivirus software can turn against you, the next question is whether we can do anything about it. We talked to security experts to find out more.

Kaspersky’s purported data exfiltration: A timeline

The Kaspersky story heated up earlier this fall. On October 5, The Wall Street Journal reported that hackers working for the Russian government in 2015 stole documents deetailing how the U.S. attacks foreign computer networks and defends domestic ones. The Russian hackers used Kaspersky Anti-Virus to identify the data and target it on the home computer of a National Security Agency contractor, the Journal said.

A few days later The New York Times reported that the Americans only found out about the purported Kaspersky data leak from Israeli spies. The Israelis, the Times said, hacked into Kaspersky themselves, where they watched Russian hackers use Kaspersky software in real time as a “sort of Google search for sensitive information.”

The Journal followed up a day later with another report. This one said Russian agents used Kaspersky to search for terms like “top secret” across computers where Kaspersky software was installed. 

Kaspersky Lab has denied allegations that it’s in cahoots with Russian intelligence. Nevertheless, retailers including Best Buy, Office Depot, and Staples have pulled Kaspersky software from store shelves during, and leading up to, the controversy.

Company co-founder and CEO Eugene Kaspersky announced he would open up the company’s code to third-party review to quell concerns about Russian interference.

Soon after, Kaspersky Lab also announced the preliminary results of an internal investigation into the purported spying on the U.S. The company said its antivirus software simply did its job. A contractor put covert malware onto his home machine with Kaspersky installed. After a scan, the antivirus detected the new malware, uploaded it to Kaspersky’s cloud servers for analysis, and at that point the covert data was exposed. Kaspersky said once it discovered the government-developed malware the code was deleted from company servers and never delivered to any government agencies.

The Russians are coming. The Russians are coming?

For most North Americans, the default is to assume the worst about Kaspersky Lab, especially because Eugene Kaspersky himself was trained at a KGB-run school.

Security experts see some room for explanation. It’s not unusual, for one thing, for information security (infosec) professionals to start in the military or government intelligence before entering the private sector.

Kaspersky Lab is actually an important player in the infosec community for the useful threat information it makes freely available. “I think they have probably some of the best researchers and talents in the world,” said Amit Serper principal security researcher for Boston-based infosec company Cybereason. 

Good works aren’t enough to absolve Kaspersky, however. That’s why the company wants third parties to audit its code. But even that won’t satisfy most critics. “I think it’s entirely for show, and I think they know that,” Williams said. “It’s not a question of ‘is the code itself secure?’ I would argue that Kaspersky is probably some of the most secure A/V code out there right now. It’s a matter of how they use the code that’s going to be controlled by the Kaspersky command center.”

Serper offered similar sentiments, but added that the data is what most concerns him. “What data is collected [from user PCs]? How is it collected? How is it saved? How is it catalogued? I think it’s a data science question, and not a software engineering question.”

What home users can do

We may never know whether Kaspersky Lab is a willing accomplice for Russian intelligence. What you can do, however, is stick to the basics of PC security and understand your “threat model”—the realistic threats that you confront as an everyday computer user. If you’re an engineer working on infrastructure projects, a research scientist, or even a journalist, then Russian spying on your machine might be part of your threat model, says Williams. Those people may want to avoid Kaspersky products.

The reality, however, is that Russian intelligence is not interested in the average American’s family photos or personal diaries. As Williams pointed out on Twitter, technicians working on your PC at a local computer shop pose a higher risk of data theft than Russian intelligence via Kaspersky or other software.

“Personally, I don’t think that Kaspersky is a threat to the home user,” Serper said.

Williams also wouldn’t advise that most home users to dump Kaspersky—he hasn’t even advised any of his family and friends to delete the software. “But if I have a brand-new machine,” Williams added. “And I’m trying to decide should I install Kaspersky or not? I’m not sure that I would.”

That’s not only because of the worries about espionage, Williams says, but the question of Kaspersky’s long-term fate in the U.S. market given current tensions.

Whatever your decision, the worst option would be to give up on antivirus altogether. “Are you worried about the .01 percent of the Advanced Persistent Threat groups [elite and state-level hackers] that are probably not interested in you,” Williams said. “or are you worried about the 99.9 percent of stuff that’s going to hurt you? The reality is A/V keeps most of that stuff away.”

Besides, this problem is not likely to disappear—if anything, more consumer-grade software may soon end up in the cross-fire. Before reports off Kaspersky surfaced, hackers linked to China infiltrated and delivered malware via the popular PC utility CCleaner. Williams believes we’ll see more state-level hackers accelerate their computer hacking programs thanks to recent high-level leaks of infiltration methods such as Vault 7 and the Shadow Brokers hack.

Staying safe with antivirus software

To counter these potential problems, Williams advises home users to stick to big-name products as a way to benefit from a digital version of herd immunity. “For a product that’s widely used,” he said. “A back door in that product will be caught much more quickly than a product that is sparsely used.”

Serper reminds us to keep our machines and software up to date. Vulnerabilities and hacking methods that get leaked are much easier to pull off because many people don’t patch their machines to fix critical vulnerabilities.

As usual, basic common sense and security practices are your best defense. Rely on good, popular software, pick an antivirus that you trust, regularly patch your operating system and software, and don’t forget to use a reliable ad blocker in your browser to guard against some common web-based attacks. That may not defend you against all possible intrusions, but it’s the most reasonable approach short of wearing a tinfoil hat and running Linux.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ian Paul

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?