Slashdot Mirror
Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org)
First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports):
"It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."
And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."
Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."
And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."
Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
Uninstall any such snakeoil crap.
This is all just propaganda.
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
Of course Kaspersky should be removed from your system.
Or if you want to keep it, then don't complain when your files get reviewed by an invasive dictatorship. Of course, in 90% of cases they might not give a two shits about you, but if they do, then Kaspersky is one of their possible tools.
Also, there is absolutely no doubt that Kaspersky and similar Russian-made products should be removed from government networks or any computers handling sensitive information.
Your bullshit denial of reality in the face of mounting evidence only convinces fools and traitors.
Of course russian intelligence services are using Kaspersky for their own purpose.
Are antivirus programs really worth the impact on your machine? They use a surprising amount of resources and many experts have voiced opinions that the threats are outrunning their capabilities.
If you want to visit a site that might contain malware, just start a VM or boot a CD-based OS that doesn't use your drives.
When was the last time your antivirus actually prevented an infection? If it did, it definitely told you because they do everything possible to keep your fear level up.
Of course if I were in Russia I would have my doubts about running US software for the same reason. As a rule of thumb, don't trust code produced by your main adversary.
Nyet.
Obligatory russian hackers joke.
All AV software should be treated as if compromised by it's country of origin. So, whether or not you should uninstall Kaspersky is who you are worried about.
If the biggest threat to you is ordinary criminal malware? No.
If the biggest threat to you is Russian intelligence? Yes.
If the biggest threat to you is US intelligence? No.
This is my signature. There are many like it, but this one is mine.
Israelis caught them being used to spy upon it's users which is why it is banned by the US government. In addition it replaces SSL certificates with their own doing MITM attacks and sniffing de-encrpyting your data.
I noticed Google Chrome even hides certificates now in the address bar after AV software was caught doing this! Coincidence?
Not only would I uninstall it. I would re-image too if you have to use Windows. You can't trust whatever backdoors or spyware Kaspersky could have changed in the Windows Registry or done to your system.
http://saveie6.com/
... you shouldn't use any operating system or computer work environment that needs to rely on anti-virus software to relyably function.
Glad I could help.
We suffer more in our imagination than in reality. - Seneca
Think about it for a minute.
Would truly malicious software actually allow itself to be uninstalled? If the Kaspersky people are competent at what they do, and if they are doing it for Putin, then you are in a world of hurt. The question of "Should you uninstall?" is relatively trivial compared to the big questions of "Are you able to uninstall the software?" and "How can you be sure you really got rid of it?"
The makers of the best anti-virus software (which might be Kaspersky for all I know) would know about every backdoor into your system and every way to hide bad code. If that company was evil or suborned for evil purposes, that same knowledge would make it impossible to remove their software unless they REALLY wanted to let you remove it.
All things considered, especially things like how good Putin is at manipulating people, at this point I'd have very little trust in any computer that ever ran any software that originated in Russia. Or even software that was exposed to Russians who have family members still living in Russia.
Technology remains morally neutral. Putin and his kleptocrats? Not so much.
Before commenting, I searched this discussion for prior statements of this obvious reality. Didn't find any, but maybe I just hadn't thought of the right keywords yet. So I'll try another search now...
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
It's simple, Russia has gone out of its way to make itself an adversarial state to the US (of which I am a member). The Russian government has also been very heavy handed in dealing with its own private sector often dictating how they conduct business and very much muddling the lines between free enterprise and government controlled. This all equals, don't trust "security" provided by the Russians.
Now one can go on with "Americans spy on everything" and yeah, I don't like that. But as a US citizen I like Russians spying on me even less that Americans.
I ignore Anonymous Coward posts. If you want to discuss something, that's awesome. Log in.
Do you want the Kremlin to have your data or just the NSA? The idea that the NSA regularly collects data from US citizens is well documented. The idea is tenuous that Kaspersky is colluding with the Russian government to export data from USA targets to Russian intelligence. Endpoint security relies on central services understanding what is going on in the world. This can be referred to as operation intelligence. Kaspersky sense data back into "unsecured channels" and may include data that DHS considers sensitive. I would personally want the best antivirus or malware software that identifies the most vulnerabilities and I don't give a damn which nation illegally collects my data. If they want to exert power over who collects it then they should be open about how they collect it.
I'm not sure dumping a particular vendor because of their country they operate out of is all that useful when there's already been at least one major breach trough the antivirus software by tricking it into downloading malicious updates from the attacker's own servers. The perpetrator of this particular hack was North Korea, but we know that there's at least half a dozen other countries, on both sides of the old iron curtain (which seems to be going up again), so you're never going to be fully safe from breaches using your choice of antivirus software.
Sure, you can use a vendor like F-Secure that operates from a country where the laws don't even allow for this kind of thing, either by request by the government of the country or by the request of a foreign government, but all that really does is increase the skill and effort barrier to pull off a breach using anti-virus software.
"Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
The thing we know is that the NSA and Israel do not have access to the code. We know that Russia tried to get into Kasperski and that means they do not work with them.
We know that the NSA warns against them.
To me all this tells me they are the safest bet for security of any of the anti-virus companies.
My guess is that the NSA has back doors in the rest and if they have them, the rest has as well. So even IF the Russians have hacked them, they are still more secure than any other AV program who must be assumed to have been hacked by everybody;
Don't fight for your country, if your country does not fight for you.
Russia has been found to be using Kaspersky to spy on Americans, as part of their ongoing cyberwarfare campaign against the United States.
Really? Could you link the article?
Damn, be out of town a few days and all hell breaks loose!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If some reputable source would say it, I would certainly start rethinking my privacy strategy. But considering who's "recommending" this, I have to second guess whether the reason is that it keeps them from spying on me...
If I had told you 40 years ago that you can't trust one of your TLAs when they warn about Russians...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How about buying Bitdefender instead? Was just about to decide on Kaspersky but...
Anybody like it?
This is the question that needs to be asked.
Here's a list of the features that every AV has:
Either your OS has means of protecting your data from apps, or apps from each other, or you cannot use this OS to run any new/unknown software.
Windows can be made more or less 100% secure if you use SandBoxie.
Research your options and choose what you feel is best for what you personally need. I would not consult Slashdot for advice.
We'll make great pets
Krapersky shovels tons of data from your system to servers in Canada and Russia without any explanation as to why this is necessary. That traffic is easy to spot and can be blocked, but it is a clear signal that you are better off with no AV than with Krapersky. And without Krapersky system no longer need half an hour to boot up and your browsers start working right again.
remove MS_Windows & install Debian GNU/Linux https://www.debian.org/
Politics is Treachery, Religion is Brainwashing
Should just be careful what they download and what links they click on.
I tend to rant.
I've had Kaspersky Internet Security for a couple of years now. It's my understanding that Russian law is similar to Chinese law about software--to sell in those countries, you must provide the government with your source code. I have no doubt the Russian spy agencies found an exploitable vulnerability in that source code and have been using it. I'm no more worried about that than the NSA's covert knowledge of vulnerabilities in Windows. And I place little credence in anything that Israeli intelligence says. KIS works very well on my system and doesn't slow it down. I accept the privacy risk, because information privacy is pretty much non-existent in these times, except perhaps for Tor. I don't keep work materials on my home system for exactly that reason. I'm going to support Kaspersky by keeping it on my system at least until my license expires. I'd hate to see a quality company have to shut down for lack of sales from an incident that wasn't their fault.
Help find the next
Stuxnet
Flame
Equation Group
Duqu
https://en.wikipedia.org/wiki/...
A more secure and safe internet is great news for all users.
Domestic spying is now "Benign Information Gathering"
Equation Group would have worked if not for?
https://en.wikipedia.org/wiki/...
Domestic spying is now "Benign Information Gathering"
... and don't use an antivirus software?
Since the OS it's running on top of is already deeply rooted by the NSA, what difference does it make if another spy agency has a zero day for one particular program I'm running on there? Hell, I'm sure both the KGB and NSA have zero-days for half the software I run on my PC. It takes a good half-hour of regedits, scripts and service disabling just to turn off telemetry in Windows 10, and that's just the stuff you're meant to know about.
If I was working on documents that I really needed to keep secret from a state-sponsored attacker, I'd need to air-gap that shit. Whether I was running Windows, Linux, or XBMC.
As it is, while Kaspersky won't keep state-sponsored attackers out (and neither will any other AV, or Windows Defender), it does a darn good job of keeping non-state-sponsored attackers out. And if a malicious attacker gets access to the same kind of tools a state-sponsored attacker does, it makes no difference whether I'm using Kaspersky or something else.
Unless someone can show me that Kaspersky puts me MORE at risk from non-state-sponsored attackers than a competing AV (or no AV at all), then swapping one out for another makes no difference. And no, "a hacker could get a-hold of KGB's zero days" is not an argument against Kaspersky, since a hacker could also get a-hold of NSAs zero days which don't target Kaspersky.. you know, like the whole dump of NSA zero-days that was dumped.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
In the last 10 years or so I have used a Windows PC with anti-virus software to visit an incredible number of web sites of extremely shoddy origin and appearance and I used various p2p software to download all sorts of content on almost weekly basis. As a result, the AV software caught positives may be two or three times in that whole time, and every time this was "there is a dangerous ClickMe.EXE in your torrent folder! do not touch!" (well, what sort of idiot would click that anyways?). Why haven't I run into more alleged viruses? I guess it's because most of the time I used Firefox with NoScript extension. NoScript is sort of a pain to use, because you first need to teach it to allow scripts from all web sites that legitimately need to run scripts, like a forum, eCommerce, or say your bank.
Uninstall Windows.
If Kaspersky wants to continue selling its software in the west, I think the only way they can convince everyone that they're NOT providing a backdoor in their software to FSB is by going open source. That is, they should make their AV engine open source, and but the virus definition data could be provided as a paid subscription.
Antivirus programs cause all kinds of trouble. I suggest, for people who are able and willing to stay alert and investigate warning signs, not using any antivirus program at all. Use a tripwire system instead.
If, however, you're the sort who ignores warnings and red flags, then use an antivirus program. Should you use a different one over Kaspersky? I don't think it matters that much.
and never been seriously infected. I also run as administrator, I maybe in it, but I'm calling user issue
Kaspersky isn't the problem here. Israel hacked Kaspersky.
"Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded. Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet."
How can you trust Israel's assessment of Kaspersky when Israel is doing the shady shit. The particular Kaspersky anti-virus installed on that government contractor's home computer was hacked by the russian government and used to scan for documents. There's no evidence Kaspersky helped and there's zero need for their help. The russian hackers would lose kaspersky's market penetration if it came out that they helped. Any anti virus could have been hacked and used. The government contractor used kaspersky because it's the best and he knows it. That's the only story here.
https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html?_r=0
DUH! What do YOU think?!
After all, microsoft already has full control of the OS layer, no intermediaries required.
If Microsoft wants to spy on you, they will spy on you, no matter what antivirus you use. So, if you stick to Windows defender, there is one less vector for others to spy on you (because, once you start using windows as your OS, you cede control to Microsoft to potentialy spy on you).
Windows Defender (or Microsoft security essentials, if that's how you roll) are free (as in beer), have decent detection capabilities, does not suck resources like crazy, is updated by the same means of your OS, and is acepted by certifiying agencies in regulated industries (like PCI for credit cards).
Of course, in an ideal world we would all use linux and ClamAV, but this is not an ideal world, some people like their linux, I use a mac, some people like linux but are forced, for one reason or another, to use windows...
So, if you want or need windows, stick with Windows Defender...
*** Suerte a todos y Feliz dia!
The threat I have rational reasons to worry about is domestic and foreign cybercrime. I don't know why NSA would want my data either, but they probably don't need a very strong reason. Kaspersky would be same for defense from the crooks and a little better for defense from NSA, so it's a keeper. Also it would be naive to expect to be able to defend oneself from a major spy agency without training that can probably only be given by another spy agency.
.... are claiming is evidence to substantiate the notion that it the software is dangerous.
File under 'M' for 'Manic ranting'
Microsoft failing to secure its operating systems is a painful story that has taken over 25 years to unwind, exacerbated by that internet thing.
Your biggest threat is a social attack on your credentials, which your AV does nothing for. Your next biggest threat is a zero day, which is not something your AV will stop. The next threat on the list is user error, mostly running things you shouldn't on your computer. The purpose of AV is orthogonal to this problem, and the signature-based stuff mostly won't help.
Since AV doesn't stop the most significant threats, it hardly has a purpose. Back in the DOS days, I could make a good argument for it, but today? Nah. You might as well assume compromise, use a password manager and change them frequently.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
What is this American bias against believing that our own government is in the propaganda business the same way every other country is engaged in the propaganda business? Our government lies freely to serve its own aims and always has - and believe me on this, I work for it!
Probably the same way nearly all Americans think the US is based on classically liberal principles like those old Saturday morning civics cartoons rather than being a corporatist fascist state, as it has been at least since the 1930s. Cognitive dissonance is a powerful thing.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
About a year ago I bought a new laptop from BestBuy which included a 'Free' Antivirus Software CD which of course I ignored. Was contacted for the next several months asking why "I had not yet installed the free license of xxx antivirus software."
The Real Story: Kapersky antivirus is able to flag NSA spyware/malware and does not forcibly contain the whitelist of NSA software like American antivirus software.
Kaspersky is still an excellent anti-virus software, and since I am nobody in the eyes of the nation-states, I will continue to use it. If it goes away, I will not switch to another anti-virus software: I will switch to DeepFreeze and revert to an original state of my computer whenever it is infected.
--- Andy West http://andywest.org
China and Russia are running interpol now thanks to Trump's incompetence/treason. Shocker that Interpol now thinks using compromised AV is cool.
No pun intended.
ClamAV is wonderful, but won't be able to keep up with everything you need. For free. It's worth it for everyone who isn't a security ninja themselves to find a reasonable middleground between OCD paranoia on their own, and taking prudent measures to protect themselves. That means commercial security software from a reputable company.
I can't speak for what Russian end-users should use, because I don't know whether *FOR THEM* the greater threat is internal or external to their country. In the days of the USSR, it would be obvious -- the Party is more of a threat to you than external actors. Now? Not for me to say.
For an American citizen, and as a sysadmin, I'm far more worried about economic espionage and data lifting from untargeting third parties (bitcoin extortion that happens to hit me) and spear phishing attacks against companies I work for, potentially from foreign intrigue, than I am about the domestic NSA spying on me via Symantec or another domestic product.
Americans have options, and for someone in a similar position I'd encourage them to weigh the positives and negatives similarly.
Hire a Linux system administrator, systems engineer,
I'm posting this late and no one will probably see it, but I'm wondering how many of you are doing egress filtering on your networks?
I have noticed that a lot of places use a default policy of passing all traffic out, but that's not very wise. I assume it's done for the sake of convenience to avoid support calls from people who can't write firewall rules. I would highly recommend not allowing any traffic out unless it's absolutely necessary and has been filtered. A lot of places pass HTTP/HTTPS traffic directly to the Internet so you can get software updates, but you should probably be using proxies that only allow whitelisted sites to be contacted. Better yet is to deploy new servers instead of patching live ones and give them no outside access.
If someone does manage to get shell access on your host, then your egress filtering should prevent them from opening a remote shell using something like nc. Yeah, they can still trash the internal network, but it's going to be a major PITA without an interactive shell.
The only sources we have so far about Kaspersky spying are US government officials. Even the Israeli part of the story is reported by them.
An interesting point is that other countries did not rush to ban Kaspersky. It is difficult to believe Kaspersky turned its antivirus into a spyware that only the US government is able to spot.
If people were actually serious about their privacy, along with uninstalling Kaspersky they'd also stop using anything made/run by Google and Microsoft, stop using all social networks, and would have the most basic of flip phones you could find.
I disagree.
People who are actually serious about privacy understand the exposure involved with every interaction with other humans and systems and make an informed choice about when, where, and how much data about themselves they are willing to reveal in exchange for services they want or need.
Locking yourself in a cave somewhere for fear of losing your privacy isn't taking the issue seriously. At best, it's attempting to avoid the issue. At worst, it's straight-up paranoia.