Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software?

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?

Yes

[DrXym]

And any other AV software. While it's doubtful Kaspersky or any other firm would bother spying on "low value" targets and the software behaves as intended it's still intrusive, destabilizing and slows down the system. And if Russia wanted to be malicious, e.g. shutdown computers in the runup to something, I'm sure the software's AV update mechanism would give them the means to do so.

Of course if I were in Russia I would have my doubts about running US software for the same reason. As a rule of thumb, don't trust code produced by your main adversary.

Re:Of course it should be removed

[butzwonker]

People forget that Kaspersky's engine is used by many other security products, too.

The reasonable stance is that if you have important trade secrets on your machines, you should choose your antivirus carefully - it's best to use one from your own country, including the engine. The same for journalists, dissidents, etc. Don't security products from the country you're criticizing.

Any other people aka "ordinary citizens" should just choose the antivirus that performs best and suits them best. Kaspersky is top notch. If you're worried about viruses and maybe a bit about NSA mass surveillance, Kaspersky is one of the best choices. If you're primarily worried about Romanian mass surveillance, on the other hand, then you should avoid Bitdefender. And so on.

It's kind of a no-brainer. On a side note, any machine, no matter how well-patched and which operating system it is running, will be broken and accessed in a targeted attack by any state actor. There are no secure PCs.

Re:No

[EvilSS]

This is all just propaganda.

Thank you for your insightful response and continued support comrade.

Re:ANY antivirus

[DarkOx]

The only real answer is fully MAC (Mandatory Access Control) model that is very fined grained. The result of that unfortunately is a computer system nobody really wants to use.

The more immediate reality with A/V software is that its probably something that requires the highest level of trust. This is software that literally hooks into the I/O layers on your system and is allowed to bypass essentially every other kind of access control check. At the same time its hard to put a lot of instrumentation around it because so much of what it does isn't thru the usual OS channels. So you can't know if its misbehaving or doing things it ought not to easily. External network hardware should be able to tell you if its phoning home but that might even be complicated. We are talking about software that after all could stash whatever it wants to send some unused place on the disk and wait three weeks until your not at home but connected to the wifi in some airport and phone home at that time.

Frankly after this and a few past issues, I am not sure any third party A/V solution is advisable. In the Windows world Microsoft should probably just stop even allowing third party kernel modules they have not fully audited. Which would basically kill the A/V industry.