Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software?

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?

No, your denial of reality is propaganda.

Your bullshit denial of reality in the face of mounting evidence only convinces fools and traitors.

Re:No, your denial of reality is propaganda.

[gweihir]

What evidence? I have yet to see any. At this time, this are all unproven accusations, with zero actual evidence and some really hard-to-believe claims. For example, that an NSA member would take NSA attack software and put it on his private computer that is connected to the Internet and runs AV is not credible at all. Seriously, doing so is a federal crime and the people with access to this stuff _now_ that. They also know how AV works and that their private computers may be compromised if connected to the Internet.

Don't get me wrong, if there were solid evidence, then that would be pretty interesting, but there is not. All there is is propaganda claims that turn out to be based on hot air once you dig a little deeper and some of them do not even make sense at all.

Yes

[DrXym]

And any other AV software. While it's doubtful Kaspersky or any other firm would bother spying on "low value" targets and the software behaves as intended it's still intrusive, destabilizing and slows down the system. And if Russia wanted to be malicious, e.g. shutdown computers in the runup to something, I'm sure the software's AV update mechanism would give them the means to do so.

Of course if I were in Russia I would have my doubts about running US software for the same reason. As a rule of thumb, don't trust code produced by your main adversary.

Re:No

[sittingnut]

this is indeed pure propaganda by nsa.

kaspersky software detected(as it should) nsa's new malware in a negligent incompetent private contractor's private computer, alerted hq, russian gov may have heard about it, kaspersky is punished for doing its job. btw american made software did not detect such malware.

if, after knowing the facts(as opposed to nsa propaganda), you find kaspersky is a threat, uninstall it.

Re:Of course it should be removed

[helga+the+viking]

Absolute FUD.

Kaspersky BENCHMARKS the shit out of Norton, McCrapee and most others reliably over longer periods of time.

Show us the code, the detail and the proof it has a backdoor or exploit. An open availability of technical explanations proving there is an exploit makes it credible. We've got them for just about everything else so this one stands at odds as an outlier which should ring alarm bells that its political and not founded.

There are two layers of logic to this:

• You take the risk Kaspersky installs malware via some backdoor because Kremlin (no proof yet still waiting). Considers your desktop machine a valid target. Under this situation assuming everyone has a ticking time bomb installed on their computer for the Kremin to manipulate is not unprecedented. Welcome to the last 20+ years of insecure by design Adobe flash products.
• You ARE ACTUALLY running something that is of state,corporate 'secret' level, controls a national grid, controls some real world system that could kill people, controls governmental sensitive emails. Then why is it running anything other than a hardened lunix BSD OS anyway?!?

Re:Of course it should be removed

[butzwonker]

People forget that Kaspersky's engine is used by many other security products, too.

The reasonable stance is that if you have important trade secrets on your machines, you should choose your antivirus carefully - it's best to use one from your own country, including the engine. The same for journalists, dissidents, etc. Don't security products from the country you're criticizing.

Any other people aka "ordinary citizens" should just choose the antivirus that performs best and suits them best. Kaspersky is top notch. If you're worried about viruses and maybe a bit about NSA mass surveillance, Kaspersky is one of the best choices. If you're primarily worried about Romanian mass surveillance, on the other hand, then you should avoid Bitdefender. And so on.

It's kind of a no-brainer. On a side note, any machine, no matter how well-patched and which operating system it is running, will be broken and accessed in a targeted attack by any state actor. There are no secure PCs.

Yes. And ...

[Qbertino]

... you shouldn't use any operating system or computer work environment that needs to rely on anti-virus software to relyably function.

Glad I could help.

If you can, then you don't need to, but...

[shanen]

Think about it for a minute.

Would truly malicious software actually allow itself to be uninstalled? If the Kaspersky people are competent at what they do, and if they are doing it for Putin, then you are in a world of hurt. The question of "Should you uninstall?" is relatively trivial compared to the big questions of "Are you able to uninstall the software?" and "How can you be sure you really got rid of it?"

The makers of the best anti-virus software (which might be Kaspersky for all I know) would know about every backdoor into your system and every way to hide bad code. If that company was evil or suborned for evil purposes, that same knowledge would make it impossible to remove their software unless they REALLY wanted to let you remove it.

All things considered, especially things like how good Putin is at manipulating people, at this point I'd have very little trust in any computer that ever ran any software that originated in Russia. Or even software that was exposed to Russians who have family members still living in Russia.

Technology remains morally neutral. Putin and his kleptocrats? Not so much.

Before commenting, I searched this discussion for prior statements of this obvious reality. Didn't find any, but maybe I just hadn't thought of the right keywords yet. So I'll try another search now...

Re:ANY antivirus

[plopez]

That assumes you can. If your apps are hosted remotely (aka "The Cloud") do YOU know what they are using? What about their subcontractors and sub-subcontractors? What about your bank? Let's keep going and ask about your health care provider. And so on. Do you know?

Re:No

[EvilSS]

This is all just propaganda.

Thank you for your insightful response and continued support comrade.

Re:ANY antivirus

[Flytrap]

From what I understand ANY anti-virus or anti-malware tool is susceptible to being targeted by powerful nation-state actors for use is accessing user's computers... not just those from the US or Russia. That means that F-Secure, or any other such tool from any other country could still be hacked by the China, Iran, North Korea, Russia, the US or any other nation-state with an active cyber intelligence programme and used to violate the user's privacy and confidentiality.

I do not know what the real answer is... but I believe that the recent cyber intrusions are going to strengthen the advocacy for sandboxed application models and strict or explicit permissioned based access to computer hardware, software, network and data resources that have become prevalent on modern mobile platforms. Powerful nation-state actors will still try to hack and find vulnerabilities in the underlying operating system host or hypervisor layer, but at least it would give security practitioners a single concerted layer to focus their intrusion detection efforts on.

Protecting the cloud and the various systems, protocols, etc that make up the disparate components of cloud based systems is a whole other kettle of fish, which i think is beyond the scope of the question posed by the original poster.

Re:ANY antivirus

[DarkOx]

The only real answer is fully MAC (Mandatory Access Control) model that is very fined grained. The result of that unfortunately is a computer system nobody really wants to use.

The more immediate reality with A/V software is that its probably something that requires the highest level of trust. This is software that literally hooks into the I/O layers on your system and is allowed to bypass essentially every other kind of access control check. At the same time its hard to put a lot of instrumentation around it because so much of what it does isn't thru the usual OS channels. So you can't know if its misbehaving or doing things it ought not to easily. External network hardware should be able to tell you if its phoning home but that might even be complicated. We are talking about software that after all could stash whatever it wants to send some unused place on the disk and wait three weeks until your not at home but connected to the wifi in some airport and phone home at that time.

Frankly after this and a few past issues, I am not sure any third party A/V solution is advisable. In the Windows world Microsoft should probably just stop even allowing third party kernel modules they have not fully audited. Which would basically kill the A/V industry.

Re:ANY antivirus

[jellomizer]

For the most part today we don't really deal with individual software but for good or bad we deal with mostly a service Infrastructure.
So if you have an Apple Infrastructure, you may have an iPhone, a Mac and use airdrop to share files and use the iCloud.
If you use the Google Infrastructure, you will have an Android Phone, a PC, using Google Drive
If you are using a Microsoft infrastructure, You are more or less out of the phone, but you have Windows 10, Office 365 and OneDrive

While you can mix these services around, but you are normally better off sticking to the brand you like as it offers better support and extra cool features.

3rd party tools on your infrastructure in general will detract from your experience and your ability to get things, done... (You may not be able to get away from this, due to cost concerns, or just needing a tool that isn't available) However these tools installed are nearly always at risk of being not supported, or breaking something else.

I am not saying this is good thing, being locked to a vendor for bulk of your use cases is overall bad, however this is the world that we currently live in. And you are better off using the Windows AV for windows because in general it is better built and it isn't trying to hack the system to do what it needs to do.

Re:Of course it should be removed

[gweihir]

Here is the citation of proof of Kremlin involvement

Your "proof" says "reportedly" right there in the headline. This is called "hearsay", not "proof". Or in other words, the proof value of that statement is zero.