Tech

If Kaspersky Bothers You, So Must Its Rivals

Anti-virus software is an obvious target for intelligence services; but most consumers have different concerns.

No longer looking so secure.

Photographer: Ian Gavan

In all the recent bombshell reports about the Kaspersky anti-virus software, it's easy to focus on the Russian threat and miss the general context: Every government that employs hackers tries to weaponize anti-virus software. Government departments certainly need to consider that in choosing their own software; whether that's something the average computer user should worry about is a different matter.

In The Washington Post's report that confirms Kaspersky Lab's carefully worded suspicion, made public in 2015, that it had been hacked by Israeli intelligence, there is this casual passage:

The NSA bans its analysts from using Kaspersky anti-virus at the agency, in large part because the agency has exploited anti-virus software for its own foreign hacking operations and knows the same technique is used by its adversaries. 

The Israeli hack itself would be reason enough for the NSA or any other intelligence agency to ban Kaspersky products. It happens to other anti-virus packages, too. Recently, the South Korean military discovered it had been hacked, presumably by North Korean intelligence, using Hauri anti-virus software. 

Anti-malware packages are desirable targets for spy services because they have legitimate access to all the files on a computer's hard drive. They're also the last defense: Users as a rule don't run any other program to detect malware inside the anti-virus software itself. So it's likely that, whatever brand of anti-virus you use and whichever country it's based in, spies from one country or another have attempted to hack it -- and perhaps succeeded.

Once that's been established, the next question for a user to ask is what you fear more: that kind of foreign or domestic government attention or the more mundane kind of criminal threat. Are you more worried that Russia, Israel, the U.S., North Korea will scan your personal files or that the contents of your hard drive will be rendered unusable by ransomware? Is your concern that the Russians might read your kids' school essays and find out your movie preferences or that your computer might be mobilized as part of a botnet, with its performance suffering accordingly?

For most ordinary users, the answer is obvious: The non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services. The companies that develop the anti-virus products are undeniably effective in working against the "low" kind of crime.

If you're not an interesting target to governments, it makes no sense to react to store chains' and other anti-virus producer offers to replace Kaspersky products on your computer. For one thing, the replacement too could be compromised, perhaps also by Russian intelligence. For another, it doesn't really matter unless you're an NSA analyst or the keeper of important trade or military secrets.

In that case, of course, your employer is likely already taking special care of your security, establishing strict rules about copying certain kinds of information to computers outside its network as well as working with multiple security providers and in-house developers to secure sensitive data. If for some reason that's not the case and there's sensitive stuff on your home machines, there's a relatively easy solution: Move it to the cloud. Cloud computing leaders -- Amazon, Microsoft and Google -- are trying to outdo each other in the security field. Security is a key selling point for corporate customers and breaches are costly in reputational terms, so individual users can trust these companies to keep their data as safe as they do their own.

That, of course, is no ironclad guarantee. But, unless you're a cybersecurity expert, it makes more sense to put trust in Google or Microsoft than in your own skill at protecting your home network -- as long as you don't fall victim to phishing and give up your access data.

Going a step further, users of Google's cloud-based Chrome OS system don't need an anti-virus product because it minimizes the possibility of running malicious outside applications. In general, this year more than three-quarters of malware programs were distributed for the Windows operating system, some 6 percent for Android and the rest for other platforms. For the users of those other platforms -- strains of Linux, ChromeOS, even Apple's MacOS and iOS -- installing an anti-virus isn't an essential precaution. Adrian Ludwig, responsible for Android security at Google, earlier this year advised users against doing it, saying it was pointless for 99 percent of them.

The campaign against Kaspersky in the U.S. is fraught with unfortunate consequences for the cybersecurity industry, as it begins to drop all pretense of being an international community. Cybersecurity firms will now inevitably be seen -- not just by intelligence services, but also by the general public -- as potential tools in the hands of the nation states in which they are based. Perhaps the only silver lining is that the campaign may make consumers give a thought to their private security priorities and the tools needed to meet them.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

    To contact the author of this story:
    Leonid Bershidsky at lbershidsky@bloomberg.net

    To contact the editor responsible for this story:
    Therese Raphael at traphael4@bloomberg.net

    Before it's here, it's on the Bloomberg Terminal.
    LEARN MORE
    Comments