Until now, Russian hacking attempts have been aimed at the finances of ordinary users. But with the worsening political relations between our countries, that has changed. As a result of the latest disturbing revelations, perhaps it’s time to stop using Kaspersky Labs antivirus software.
With 400 million users and embedded in other security products, the antivirus program is not only popular but highly-regarded. As we reported earlier this spring, the US government banned the use of the Kaspersky anti-virus products on its computers. This came after the FBI held interviews with Kaspersky employees around the country. Then the heads of the FBI, NSA, CIA, DIA, and the Director of National Intelligence were all asked in a Congressional hearing whether they would ever install Kaspersky anitvirus on their own machines. One and all firmly replied “No”.
The Kaspersky antivirus program is a software service provided by a Russian company founded by Eugene Kaspersky, who was trained by the Soviet KGB. But the more substantial reasons were not given: The intelligence chiefs did not offer any explanation at all. Things mentioned publicly, however, were not reassuring, including his ongoing social contacts with former KGB officials, and the discovery that his company had been assigned a code-number by the Russian government which indicated it was a military intelligence unit.
Despite Kaspersky’s repeated denials that his company was not working for the Russians, but with all governments to make the web safe, close examination proved otherwise. US authorities went ahead with the ban of his software not only from all of their own PCs, but from any company doing business with the government.
Finally, however, some details have emerged, and they are indeed bothersome. An NSA contractor, working at home against the rules on a Kaspersky-protected computer, had files he had brought home filched two years ago. Then it was revealed that at some point, the Israelis had penetrated the Kaspersky network, and were able to watch while Russian hackers effortlessly bypassed those protections. And found NSA stolen hacking tools on the server.
Eugene Kaspersky now claims that his company must have gotten hacked by his own government, but experts say that to alter the program to scan files for keywords like “Top Secret”, the company must have known at the top levels. In any case, if the software has been compromised, it should not be used.
It gets worse. Recently, North Korea stole South Korean and American war plans for the peninsula. Apparently it was done via malware that got slipped into the antivirus programs used by the South Korean military. Both these things illustrate the obvious: for an antivirus program to work, it must be able to scan all files on a computer and compare them with a distant database.
This gives antivirus programs an incredible built-in potential for covert surveillance and theft. Ironically, the growing fears of being hacked may have let the prowling bear in the door.
Most ordinary users probably have nothing to worry about from the Kremlin poking around in their files. But if Russian government hackers can easily bypass the antivirus’ defenses, what about Russian criminal hackers? Not only that, but any data Kaspersky uploads from users must get to their servers across the Russian internet – which Moscow closely monitors. And in any case, Russia routinely demands access in advance to the source code of all software products to be sold there. They know all their weaknesses to begin with. So there are many ways your data could be taken and misused.
And finally, on the net, everything is connected. A vulnerability in one spot makes everything else connected nearby more vulnerable also.
What to rely upon for protection instead? First of all, keep your system, be it Windows or Mac or Linux, constantly updated and use whatever tools, such as Windows Defender, that the companies provide. And back up your files regularly with SWCP BUS or some other way.
For free antivirus programs, SWCP techs have lately been recommending and installing Avast. The free version has very good reviews, but during installation be careful to read all the options carefully if you don’t want to pay for the premium version and remember to turn off the tracking and data-sharing options after installation.
As for other antivirus programs, Symantec recently made headlines by saying it would not reveal its software code to foreign governments. This American firm has been around for a long time, but last year its own software was shown to have dangerous vulnerablities. Unfortunately, there is no product that we can point to with absolute confidence.
The original seamless unity of the net is fracturing badly, which seems as inevitable as it is deplorable. Walls are being erected everywhere as keeping safe online gets harder and attacks become more serious. Users must constantly practice vigilance. Note any strange behaviors of your computer, any slow downs or odd pop-ups. Feel free to forward suspicious messages to help@swcp.com, and take advantage of our yearly free computer cleanups for members. As we’ve said many times before, we’re all in this together.