Slashdot Mirror
Former Employees Accuse Kaspersky Lab of Faking Malware
An anonymous reader writes: Reuters reports that two former employees of Moscow-based Kaspersky Lab faked malware to damage the reputations of their rivals. The alleged campaign targeted Microsoft, AVG, Avast, and others, tricking them into classifying harmless files as viruses. The ex-employees said co-founder Eugene Kaspersky ordered some of the attacks as retaliation for emulating his software. The company denied the allegations, and Kaspersky himself reiterated them, adding, "Such actions are unethical, dishonest and their legality is at least questionable." The targeted companies had previously said somebody tried to induce false positives in their software, but they declined to comment on the new allegations. "In one technique, Kaspersky's engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal." The alleged attacks went on for more than 10 years, peaking between 2009 and 2013.
http://tot-ltd.org/techinf.htm...
Project I've been working on for the past 15 years. Take it or leave it.
It would not surprise me if *ALL* so-called antivirus software companies did this, with very few exceptions.
If you want news from today, you have to come back tomorrow.
There don't seem to be very many good free alternatives other than microsoft's default package.
Signature-based anit-malware solutions require an industrial-scale operation to identify new threats and add them to the signatures. That's very costly: Those workers have to eat, so they have to be paid somehow.
Since Microsoft is pretty much the only company with a revenue stream that is substantially improved by protecting Microsoft systems generally, it is similarly pretty much the only operation that can profit by spending such industrial-scale money deploying new defences "for free".
But there are still a few who find ways to make it possible. One of the best after-infection malware-removal tools out there is Malwarebytes. They distribute a stripped-down, manually-operated, nagware version of their product for free, in the hopes that you'll subscribe to the full-function version (to get additional functionality, including automated scheduled execution, and/or spare your attention from constantly closing their popups that covered your working window. B-) )
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
A hacker can really screw with someone without elevating to admin. All the juicy stuff is in the user accounts anyway. In a few seconds they can get your financial information, passwords, email contacts, the screenplay you're working on, any photos of an adult nature that happen to be there...
In contrast, the admin account is quite dull. You already know what's on that. I get the point that once you get admin you can install your badware and stick around for a while, but once you've got all the really good stuff is in the user accounts why bother.
... where you analyze the executable and then based off that determine if it's malicious or not.
That's provably impossible. It's trivial to convert it to the halting problem.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Because it's not a little AV-on-AV competition. Competition is when companies push each other to try to improve their product over the others, not purposefully throwing more hurdles in the way of the competitor.
If they did what was accused, they maliciously submitted false information that would be shared around the industry because they knew the competition would detect it as an infected file. It didn't improve Kaspersky's accuracy, nor did it help the accuracy of anyone else's scanner detecting real threats. It only resulted in competitors looking bad for false positives, and having to spend additional efforts filtering samples.