Stop Using Kaspersky!

Eugene Kaspersky Receiving Runet Prize - 2010

Eugene Kaspersky Receiving Runet Prize (by the Russian government controlled media) - 2010

Technically, Kaspersky is probably the most sophisticated information security organization. They caught both Stuxnet and Flame (super-sophisticated, state-sponsored super viruses designed to avoid capture) before anyone else. They offer a great product at a great price, with half decent support. On top of that, Eugene Kaspersky is Russia’s version of Bill Gates meets Steve Jobs. In short, he’s a tech-savvy genius with a personality, and now he’s one of the richest men in Russia. So why should you avoid using Kaspersky like the plague?

In short, you should never install this program on your machine because of one simple reason: corruption. First, Eugene was a spy. He studied at the KGB backed institution, “Institute of Cryptography, Telecommunications, and Computer Science.” After this, he became an “intelligence officer” (AKA Russian Spy). He is entirely, absolutely opaque about both his time at the “educational” institution, and his military service. No transparency: the Russian way of doing things.

Had Eugene moved to Sweden to follow through with his fascination with computer viruses, and to start his company there, I would not write this article. Had he renounced government intrusion  in a company dedicated to a public interest, I would also not write this article. But in fact, Kaspersky is run from Moscow, and Eugene is not behind bars, which is all the proof that anyone needs: Kaspersky–the man and the company–works with Putin and his crime organization.

In fact, we have even more evidence than that. Kaspersky’s current connection to the Russian government is well documented. He readily responds to requests made by the police and military in catching criminals. This occurs regularly, and it’s not denied. When the unfortunate kidnapping of his son occurred, he had an entire police station under his control. Fortunately, they found the perpetrators and rescued his son. However, the Russian military and police service (which, in that country is much more tightly intertwined than in democratic ones) aren’t particularly known for supporting victims of kidnappings. How does a man–supposedly a private citizen–mobilize an entire police department and arms of the military intelligence in less than a few hours? And what does he owe them for that?

More than that, what does Eugene Kaspersky owe the military for discharging him honorably from service? Something that’s almost impossible in the Russian regime. Or is he discharged at all? There are unconfirmed rumors circulating that Eugene is still in the services as a covert agent (covert in being overt and public that is).

If all this does not sway you; if all this evidence does not impress you then just consider Russia’s laws while remembering that Kaspersky is working from there. Kaspersky, the company, is registered and run from the heart of the Russian crime-regime: Moscow. In Russia, under federal law, “the FSB can not only compel any telecommunications business to install ‘extra hardware and software’ to assist it in its operations, the agency can assign its own officers to work at a business” (Wired, 2012). Essentially the government can compel any tech company to install anything the Russian government wants onto their products\services.

And now Kaspersky wants us to open up our personal computers, our servers, our enterprise systems, and even physical infrastructure to install their security systems. Kaspersky wants us to join his network and install his product with the most trusted super-user privilege. An anti-virus program has admin rights that can do anything on the OS.

Now perhaps you don’t buy that Eugene is a spy. You may not even buy into the argument (despite insurmountable evidence that he himself does not deny) that Eugene works with the Russian government. But even if Eugene was against the Russian crime-regime, it would not stop that government from taking over the Kaspersky company to install monitoring or malware systems. With a snap of their fingers they can do it, and do it legally. And what then happens to our PCs, servers, enterprise systems, and physical infrastructure that have Kaspersky installed. Perhaps the Russian’s never had (or will have) a reason to exercise their legal right. But perhaps they will. It’s not hard to imagine what happens when there’s some conflict or disagreement that the West cannot get over with Russia. In fact, it’s not even hard to imagine that disagreement: Iran, Syria, China, Israel, NATO, the Space Missile Shield…

To summarize: a company that we rely on for security cannot be located in a quasi-totalitarian, non-democratic system. The organization cannot be located in a corrupt culture where the central government violates human rights on a regular basis. The company that we rely on for security cannot be run by a man who publicly lobbies world organizations for privacy intrusion laws, an ex spy for one of the most ruthless, deadly (and stupid) regimes in human history: the USSR. So no, don’t buy this great product at a great price.


Comments 27

  1. Post

    Thanks for that comment Lode. Very interesting. How did you catch that? I recommend sending your findings to the EFF ( I would also love it if you published your findings on this blog.

    I can see that your laptop is still connecting to this IP:, but you might be able to run some sort of tool to read what information is being sent.


  2. Hi Dominik,
    thanks for your response.

    I have been hesitant to give the following info, as I don’t want to “wake up sleeping dogs” as they say in my country… ; )

    But speaking of Hong Kong and the recent disclosure made from a hotel room there, this is peanuts compared to Prism and the Utah Data Center.

    I saw the Hong Kong address on my Online Armor Firewall Status monitor. I check it now and then, just out of curiosity, as it also shows the flags of the countries contacted. When you click on an address on this monitor a popup appears with the option “Copy remote address.” Then you can paste it on a Whois IP site.

    Having seen the little red China flag there before when I scanned with the free Kasperski Safety Scanner -or even when not scanning, I don’t remember- I knew Kasperski was using an address there. I understand that other AV companies also have services set up all over the place, including cloud services, so I didn’t find this suspicious as it is a common practice.

    But after I had uninstalled the Kasperski scanner I did not expect to see Hong Kong anymore.
    I have to say that I used Revo Uninstaller, but in the product default uninstall mode, not in its thorough after scan for leftovers mode. So maybe there was still something lingering there… ; )

    As an experiment I installed the same Kasperski scanner again right after posting the finding above and on the Kasperski forum, used it one more time -no malware found- and this time unistalled it utilizing Revo Uninstaller’s full scan removal mode. It found a lot of left-overs, and I had them all removed. I have not seen that little red flag since then, already 2 weeks now.

    To tell you the truth, if I had a choice, I’d rather be spied a bit on via my laptop by Russia via an AV program than how it already is happening on a grand scale for everyone by the US government. And I’m not sure at all that Kasperski was really spying on me. In anycase I’ll re-install that free scanner of theirs now and then for a good second opinion. Then I’ll uninstall it again using Revo Uninstaller in full left-overs scan and removal mode. No problem.

    For the very concerned, I just found this in the Gardian:

    “NSAfiles Q&A: Metadata and how to protect yourself online”

    As for denouncing Kasperski on the site you suggested, I don’t know. I have no hard evidence that they were really spying on me. I’ll think about it…


    1. Lode – in light of what’s happened over the past year, are you still more concerned about being spied on by the US instead of Russia? At least the US doesn’t use it’s spy data to silence opposition, annex foreign countries or violate human rights.

  3. Post

    Hi Lode,

    Yeah I agree completely with you. Have you read my article on PRISM? ( I basically say that I called out Kaspersky on the one hand (in this article) but the U.S. was doing something far, far worse. PRISM is much worse and greater cause for concern; this is especially true if you consider how much of the worlds traffic goes through the US. When I wrote the Kaspersky article, I didn’t think something like PRISM existed and I wrote off most of the rumors as conspiracy theories.

    1. Hello Dominik,
      I read your interesting article.

      You might have read already that today new batch of info was published by the Guardian: that the UK secret service spied on the participants of the G20 summit in 2009.

      So now it’s the politicians who are beginning to realize they are under Big Brother’s watch too, and that their comunications are used against their interest in the interest of the “elite.”

      In the end it’s the small NWO “elite” families who are in control of the NSA programs, and they consider everyone not part of them fair game. Ultimately it’s all about world affairs manipulation and weeding out the “dissidents.”

      But with the politicians and leaders of nations now becoming aware of this -and getting pissed off- it’s getting increasingly more interesting, and I would -cautiously- say, more fun to watch what develops.

      For starters Russia en Turkey are furious:
      “G20 summits: Russia and Turkey react with fury to spying revelations”

      And this is only a tiny beginning… : D

  4. Hi!

    For a while now I’ve had the free Kasperky security scanner on my notebook again for a second opinion.
    I noticed no connecting to Hong Kong anymore. It’s to Germany once every minute. It did not download anything for the 10 minutes I watched, but it uploaded 16 bytes every time. Nothing really. Maybe it is just for statistics.

    The IP is and Whois says that it is located in Germany as KASPERSKY-LAB.

    Once in that time period I saw it connect to the Russian Federation, but I didn’t catch the IP in time to copy it. When scanning with it it connects to in Russia and another one in Spain which I didn’t copy.

    I’m not worried about it. My Emsisoft Anti-Malware and Online Armor firewall also connect to the Internet now and then.

    As for other good AV I recommend Malwarebytes, Hitman Pro, and Panda Cloud Cleaner for a second opinion. They can all be used for free if so desired.

    One of the best protections is to always surf sandboxed. For that I use Sandboxie. The free version of it is as good as the paid one, but the latter lets to set it so it does a few things automatically, so you don’t have to click for it.

    Check out their animated illustration scrolling down a bit:

    And making backups is a must if you want to have your machine back in shape fast when a something goes wrong and you can’t fix it using System Restore. Windows 7 has it build in, but you need an external drive to save the backups on.
    I’m using Windows 8.1 on which Microsoft had removed that integrated backup program, but utilize the free AOMEI Backupper on it.

    Backing up stuff has save me days of work over the years. Never reformatting anymore since I used backups.

    1. quote from above: “I basically say that I called out Kaspersky on the one hand (in this article) but the U.S. was doing something far, far worse. PRISM is much worse and greater cause for concern; this is especially true if you consider how much of the worlds traffic goes through the US. When I wrote the Kaspersky article, I didn’t think something like PRISM existed and I wrote off most of the rumors as conspiracy theories.”

      Greetings from Toronto Dominik

      Regarding your comment above after the article– what do you recommend people use to protect against keylogging currently as it stands?

      I’m worried about my online banking mostly. I’m always paranoid even if I am at the bank’s https address that my passwords would fall in the wrong hands.

      I liked the idea of Kaspersky encrypting my keystrokes but after reading your original article and your later comment I don’t know what is the best thing to do in orer to protect against keylogging now. I have been using Kaspersky for a couple of years. Now I’m thinking that I should scrap the program, change my passwords again and start over.
      I also have Commodo AV/firewall and set it to prevent Keaspersky from connecting to the net.

      Im not computer savvy beyond the basics as I work in the Arts industry. Any advice?

      thank you!

      1. Post

        Hi George,

        Thanks for your comment. I love Toronto. I’m just 200KM away in London.

        You say Kaspersky encrypts your keystrokes. I’m not sure how that would work on the web. When you are typing something out on a web-form, it couldn’t be encrypted. Maybe it’s something I’m not thinking of. Also if you prevent Kaspersky from contacting the internet, it’s most likely you’re not getting the latest virus definitions. It needs access to download the latest virus definitions in order to be effective.

        First, let me say that it’s very unlikely that you would be a target for the Russians so you’re probably OK. However, I still encourage everyone to stop using it just because of the power it gives them in general.

        As for keeping your information safe on the internet, there are some great articles online. However, here’s what I do:
        – Use dual-authentication whenever possible. Websites like gmail have a dual-authentication system where you either install an app on your phone or they text you a token to type in if you’re logging into that website for the first time from that computer. These can be a bit annoying, but it’s pretty much the only way to keep 100% secure.
        – Use a password manager. This one is a little more controversial from the point before. However, to be secure (esp on websites that don’t have dual authentication) you should have a tough, random password that’s DIFFERENT for each website. This is impossible for any regular human to remember (I think). For 99% of the websites I have a log-in, I don’t know the password to. I use LastPass (website has dual authentication) that stores all my passwords and syncs them with my phone browsers. The reason why this might be controversial is because if someone can hack your LasPass account, they have access to EVERYTHING. However, if you turn on dual-authentication on LastPass and have a strong password there, this is very unlikely to happen. LastPass has a good reputation, and some corporate clients. Your other option is to have a desktop password manager, but if you use a different computer or your phone, you will not be able to access your websites.
        – Change passwords frequently. This is easy if you have a pw manager. It will even generate random (strong) passwords for you.
        – Use a trusted Virus scanner. There are some really good free ones and there is no excuse not to use one.

        I think these tips are good enough to keep yourself safe for a low-risk person like you. If you work in\with the press, in\with the government, or with high-risk information (corp\gov trade secrets or proprietary information) there might be other steps to follow. You probably wouldn’t use LastPass in that case.

        Anyway, if you take away anything from this–use dual authentication where possible. Scotiabank (who I am with) has a shitty version of this where they ask you 5 questsions that you need to remember the answer to. Anytime you log into a new computer, it asks one of those questions. There’s also a pin thing. This is turned on by default. However, that’s a really shity version of a good system. I wished they used Google Authenticator or a simple text message.

  5. Taking all the very serious aside [valuable as they are !] the simple fact remains – INPUT is an anagram of PUTIN !!!!!!

    1. Post
      1. I have Emsisoft Internet Security because they have just about as good a detection rate as Kasperski does. But at a fraction of the price, especially because I got a 3 year license. If Kasperski had been the same price I might have had that protecting my notebook.

        On occasion I install Kasperski’s free scanner and let it run. More out of curiosity, and because you never know, maybe it detects something. But it always turns out that because I already am using the mentioned EIS, nothing suspicious is ever detected by that free Kasperski scanner. So then I uninstall it again. But they are usually doing well on the prestigious AV-Comparatives tests:

        1. PS:
          On that latest test they did a bit less good, but still not bad. The one I’m using is doing better if you have scanning in Custom mode enabled. Ir takes a few minutes longer to scan, but in my case it found some malware only in that mode. They were in email attachments, which I knew were fishy -one asking to go to PayPal to fill in my data again, by just clicking on the link in the attachment, which of course I didn’t do. Instead I forwarded it to [email protected].

          That email was already in my waste basked, yet still EIS detected and removed it.

          Another good one is Malwarebytes.

  6. Greetings from London, ON from another software developer. Hope things are going well at Dippy.

    It’s a good point you bring up here. For businesses and individuals it’s important to be aware of the security of information, but also the potential for espionage and access to networks.

    I don’t consider Kaspersky to be considerably different from any other Windows anti-virus software. Nowadays they all seem to have a cloud component which shares personally revealing telemetry (which is also present in the Windows OS and MSE) and provide an opt-out for sharing of local file hashes and binaries.

    The primary point of concern here is Kaspersky’s country of origin. Unfortunately we are as much a target to hackers from any continent, including North America. Any attack connected to a sophisticated state actor would not be overt or easily traceable.

    Geopolitics have certainly been interesting the last few years and there are a lot of flash points. The atmosphere of distrust, finger pointing and taking advantage of each other is an unsolvable problem for politicians, but rest assured if there is an issue “the West cannot get over with Russia”, information security will be the last of our concerns in Ontario.

    I think it is naive and dangerous to believe the same legal double standard, secret agreements and connection to power taken advantage of by Eugene is not also present in North America.

    Between social engineering, insecure hardware and insecure software network security is an intractable problem. Realize what is and what isn’t under your control and plan accordingly.

    Hope you have a great Thanksgiving weekend!

  7. PS:
    I have Skype on, and on my GlassWire Firewall monitor I saw it make a connection to Hong Kong. Even though I was not making a call.

    I guess Microsoft has its servers all over the world. And not only Microsoft… so I don’t find it suspicious anymore that I saw Kaspersky make a connection to China years ago. (Not that I’ve worried about it. I’ve used the free scan version many times since then.)

    1. Post

      Crazy. I have little snitch installed on a mac and it’s insane some of the legitimate calls that some apps make. I can imagine it’s very easy to push through non-legitimate ones, or even if the hack happens on the recipient end of some of those calls.

      1. I later realized Kaspersky was using a server in Hong Kong among many others, so my paranoia went out the window.

        I found Kaspersky a bit too complicated to have as a licensed full version. Too many whistles and bells for my simple taste. So I’m utilizing Malwarebytes and Emsisoft instead. As well as HitmanPro and herdProtect, which uses 68 scan engines, and it’s free.

        But also by default surfing in Sandboxie, slim change I get malware on my little machine… : D

  8. This senate intelligence hearing and the whole Russian cyber intrusion business has us immediately switching from KAV to something Western based and not Symantec or McAfee the worst bloatwares in the history of AV

    What a difference 4-5 years of time can make in how one trusts a company and a country and reports about them or not.

    1. Post

Leave a Reply

Your email address will not be published. Required fields are marked *