Stop Using Kaspersky!

In - Eagles eye, Computers by Dominik39 Comments

Eugene Kaspersky Receiving Runet Prize - 2010

Eugene Kaspersky Receiving Runet Prize (by the Russian government controlled media) - 2010

Technically, Kaspersky is probably the most sophisticated information security organization. They caught both Stuxnet and Flame (super-sophisticated, state-sponsored super viruses designed to avoid capture) before anyone else. They offer a great product at a great price, with half decent support. On top of that, Eugene Kaspersky is Russia’s version of Bill Gates meets Steve Jobs. In short, he’s a tech-savvy genius with a personality, and now he’s one of the richest men in Russia. So why should you avoid using Kaspersky like the plague?

In short, you should never install this program on your machine because of one simple reason: corruption. First, Eugene was a spy. He studied at the KGB backed institution, “Institute of Cryptography, Telecommunications, and Computer Science.” After this, he became an “intelligence officer” (AKA Russian Spy). He is entirely, absolutely opaque about both his time at the “educational” institution, and his military service. No transparency: the Russian way of doing things.

Had Eugene moved to Sweden to follow through with his fascination with computer viruses, and to start his company there, I would not write this article. Had he renounced government intrusion  in a company dedicated to a public interest, I would also not write this article. But in fact, Kaspersky is run from Moscow, and Eugene is not behind bars, which is all the proof that anyone needs: Kaspersky–the man and the company–works with Putin and his crime organization.

In fact, we have even more evidence than that. Kaspersky’s current connection to the Russian government is well documented. He readily responds to requests made by the police and military in catching criminals. This occurs regularly, and it’s not denied. When the unfortunate kidnapping of his son occurred, he had an entire police station under his control. Fortunately, they found the perpetrators and rescued his son. However, the Russian military and police service (which, in that country is much more tightly intertwined than in democratic ones) aren’t particularly known for supporting victims of kidnappings. How does a man–supposedly a private citizen–mobilize an entire police department and arms of the military intelligence in less than a few hours? And what does he owe them for that?

More than that, what does Eugene Kaspersky owe the military for discharging him honorably from service? Something that’s almost impossible in the Russian regime. Or is he discharged at all? There are unconfirmed rumors circulating that Eugene is still in the services as a covert agent (covert in being overt and public that is).

If all this does not sway you; if all this evidence does not impress you then just consider Russia’s laws while remembering that Kaspersky is working from there. Kaspersky, the company, is registered and run from the heart of the Russian crime-regime: Moscow. In Russia, under federal law, “the FSB can not only compel any telecommunications business to install ‘extra hardware and software’ to assist it in its operations, the agency can assign its own officers to work at a business” (Wired, 2012). Essentially the government can compel any tech company to install anything the Russian government wants onto their products\services.

And now Kaspersky wants us to open up our personal computers, our servers, our enterprise systems, and even physical infrastructure to install their security systems. Kaspersky wants us to join his network and install his product with the most trusted super-user privilege. An anti-virus program has admin rights that can do anything on the OS.

Now perhaps you don’t buy that Eugene is a spy. You may not even buy into the argument (despite insurmountable evidence that he himself does not deny) that Eugene works with the Russian government. But even if Eugene was against the Russian crime-regime, it would not stop that government from taking over the Kaspersky company to install monitoring or malware systems. With a snap of their fingers they can do it, and do it legally. And what then happens to our PCs, servers, enterprise systems, and physical infrastructure that have Kaspersky installed. Perhaps the Russian’s never had (or will have) a reason to exercise their legal right. But perhaps they will. It’s not hard to imagine what happens when there’s some conflict or disagreement that the West cannot get over with Russia. In fact, it’s not even hard to imagine that disagreement: Iran, Syria, China, Israel, NATO, the Space Missile Shield…

To summarize: a company that we rely on for security cannot be located in a quasi-totalitarian, non-democratic system. The organization cannot be located in a corrupt culture where the central government violates human rights on a regular basis. The company that we rely on for security cannot be run by a man who publicly lobbies world organizations for privacy intrusion laws, an ex spy for one of the most ruthless, deadly (and stupid) regimes in human history: the USSR. So no, don’t buy this great product at a great price.

References:

http://www.wired.com/dangerroom/2012/07/ff_kaspersky/2/

http://www.wired.com/images_blogs/dangerroom/2012/07/Russian-Laws-and-Regulations-and-Implications-for-Kaspersky-Labs.pdf

Comments

  1. Author

    Thanks for that comment Lode. Very interesting. How did you catch that? I recommend sending your findings to the EFF (https://www.eff.org/). I would also love it if you published your findings on this blog.

    I can see that your laptop is still connecting to this IP: 103.5.149.14, but you might be able to run some sort of tool to read what information is being sent.

    Cheers,
    D.

  2. Hi Dominik,
    thanks for your response.

    I have been hesitant to give the following info, as I don’t want to “wake up sleeping dogs” as they say in my country… ; )

    But speaking of Hong Kong and the recent disclosure made from a hotel room there, this is peanuts compared to Prism and the Utah Data Center.

    I saw the Hong Kong address on my Online Armor Firewall Status monitor. I check it now and then, just out of curiosity, as it also shows the flags of the countries contacted. When you click on an address on this monitor a popup appears with the option “Copy remote address.” Then you can paste it on a Whois IP site.

    Having seen the little red China flag there before when I scanned with the free Kasperski Safety Scanner -or even when not scanning, I don’t remember- I knew Kasperski was using an address there. I understand that other AV companies also have services set up all over the place, including cloud services, so I didn’t find this suspicious as it is a common practice.

    But after I had uninstalled the Kasperski scanner I did not expect to see Hong Kong anymore.
    I have to say that I used Revo Uninstaller, but in the product default uninstall mode, not in its thorough after scan for leftovers mode. So maybe there was still something lingering there… ; )

    As an experiment I installed the same Kasperski scanner again right after posting the finding above and on the Kasperski forum, used it one more time -no malware found- and this time unistalled it utilizing Revo Uninstaller’s full scan removal mode. It found a lot of left-overs, and I had them all removed. I have not seen that little red flag since then, already 2 weeks now.

    To tell you the truth, if I had a choice, I’d rather be spied a bit on via my laptop by Russia via an AV program than how it already is happening on a grand scale for everyone by the US government. And I’m not sure at all that Kasperski was really spying on me. In anycase I’ll re-install that free scanner of theirs now and then for a good second opinion. Then I’ll uninstall it again using Revo Uninstaller in full left-overs scan and removal mode. No problem.

    For the very concerned, I just found this in the Gardian:

    “NSAfiles Q&A: Metadata and how to protect yourself online”
    http://q-and-a.guardian.co.uk/qanda/859036

    As for denouncing Kasperski on the site you suggested, I don’t know. I have no hard evidence that they were really spying on me. I’ll think about it…

    Cheers,
    Lode

    1. Lode – in light of what’s happened over the past year, are you still more concerned about being spied on by the US instead of Russia? At least the US doesn’t use it’s spy data to silence opposition, annex foreign countries or violate human rights.

  3. Author

    Hi Lode,

    Yeah I agree completely with you. Have you read my article on PRISM? (http://www.dominikgorecki.com/2013/06/in-response-to-the-supporters-of-prism/) I basically say that I called out Kaspersky on the one hand (in this article) but the U.S. was doing something far, far worse. PRISM is much worse and greater cause for concern; this is especially true if you consider how much of the worlds traffic goes through the US. When I wrote the Kaspersky article, I didn’t think something like PRISM existed and I wrote off most of the rumors as conspiracy theories.

    1. Hello Dominik,
      I read your interesting article.

      You might have read already that today new batch of info was published by the Guardian: that the UK secret service spied on the participants of the G20 summit in 2009.

      So now it’s the politicians who are beginning to realize they are under Big Brother’s watch too, and that their comunications are used against their interest in the interest of the “elite.”

      In the end it’s the small NWO “elite” families who are in control of the NSA programs, and they consider everyone not part of them fair game. Ultimately it’s all about world affairs manipulation and weeding out the “dissidents.”

      But with the politicians and leaders of nations now becoming aware of this -and getting pissed off- it’s getting increasingly more interesting, and I would -cautiously- say, more fun to watch what develops.

      For starters Russia en Turkey are furious:
      “G20 summits: Russia and Turkey react with fury to spying revelations”
      http://www.guardian.co.uk/world/2013/jun/17/turkey-russia-g20-spying-gchq

      And this is only a tiny beginning… : D

  4. So what antivirus should I get? What about a good maleware or anti spyware?

    Please advise

        1. A good representation of typical Mac user.
          A lot of ignorant Mac users still think Mac is immune to viruses and malwares.

  5. Hi!

    For a while now I’ve had the free Kasperky security scanner on my notebook again for a second opinion.
    I noticed no connecting to Hong Kong anymore. It’s to Germany once every minute. It did not download anything for the 10 minutes I watched, but it uploaded 16 bytes every time. Nothing really. Maybe it is just for statistics.

    The IP is 195.122.169.18 and Whois says that it is located in Germany as KASPERSKY-LAB.

    Once in that time period I saw it connect to the Russian Federation, but I didn’t catch the IP in time to copy it. When scanning with it it connects to 62.128.100.43 in Russia and another one in Spain which I didn’t copy.

    I’m not worried about it. My Emsisoft Anti-Malware and Online Armor firewall also connect to the Internet now and then.

    As for other good AV I recommend Malwarebytes, Hitman Pro, and Panda Cloud Cleaner for a second opinion. They can all be used for free if so desired.

    One of the best protections is to always surf sandboxed. For that I use Sandboxie. The free version of it is as good as the paid one, but the latter lets to set it so it does a few things automatically, so you don’t have to click for it.

    Check out their animated illustration scrolling down a bit: http://www.sandboxie.com/

    And making backups is a must if you want to have your machine back in shape fast when a something goes wrong and you can’t fix it using System Restore. Windows 7 has it build in, but you need an external drive to save the backups on.
    I’m using Windows 8.1 on which Microsoft had removed that integrated backup program, but utilize the free AOMEI Backupper on it.

    Backing up stuff has save me days of work over the years. Never reformatting anymore since I used backups.

    1. quote from above: “I basically say that I called out Kaspersky on the one hand (in this article) but the U.S. was doing something far, far worse. PRISM is much worse and greater cause for concern; this is especially true if you consider how much of the worlds traffic goes through the US. When I wrote the Kaspersky article, I didn’t think something like PRISM existed and I wrote off most of the rumors as conspiracy theories.”

      Greetings from Toronto Dominik

      Regarding your comment above after the article– what do you recommend people use to protect against keylogging currently as it stands?

      I’m worried about my online banking mostly. I’m always paranoid even if I am at the bank’s https address that my passwords would fall in the wrong hands.

      I liked the idea of Kaspersky encrypting my keystrokes but after reading your original article and your later comment I don’t know what is the best thing to do in orer to protect against keylogging now. I have been using Kaspersky for a couple of years. Now I’m thinking that I should scrap the program, change my passwords again and start over.
      I also have Commodo AV/firewall and set it to prevent Keaspersky from connecting to the net.

      Im not computer savvy beyond the basics as I work in the Arts industry. Any advice?

      thank you!

      1. Author

        Hi George,

        Thanks for your comment. I love Toronto. I’m just 200KM away in London.

        You say Kaspersky encrypts your keystrokes. I’m not sure how that would work on the web. When you are typing something out on a web-form, it couldn’t be encrypted. Maybe it’s something I’m not thinking of. Also if you prevent Kaspersky from contacting the internet, it’s most likely you’re not getting the latest virus definitions. It needs access to download the latest virus definitions in order to be effective.

        First, let me say that it’s very unlikely that you would be a target for the Russians so you’re probably OK. However, I still encourage everyone to stop using it just because of the power it gives them in general.

        As for keeping your information safe on the internet, there are some great articles online. However, here’s what I do:
        – Use dual-authentication whenever possible. Websites like gmail have a dual-authentication system where you either install an app on your phone or they text you a token to type in if you’re logging into that website for the first time from that computer. These can be a bit annoying, but it’s pretty much the only way to keep 100% secure.
        – Use a password manager. This one is a little more controversial from the point before. However, to be secure (esp on websites that don’t have dual authentication) you should have a tough, random password that’s DIFFERENT for each website. This is impossible for any regular human to remember (I think). For 99% of the websites I have a log-in, I don’t know the password to. I use LastPass (website has dual authentication) that stores all my passwords and syncs them with my phone browsers. The reason why this might be controversial is because if someone can hack your LasPass account, they have access to EVERYTHING. However, if you turn on dual-authentication on LastPass and have a strong password there, this is very unlikely to happen. LastPass has a good reputation, and some corporate clients. Your other option is to have a desktop password manager, but if you use a different computer or your phone, you will not be able to access your websites.
        – Change passwords frequently. This is easy if you have a pw manager. It will even generate random (strong) passwords for you.
        – Use a trusted Virus scanner. There are some really good free ones and there is no excuse not to use one.

        I think these tips are good enough to keep yourself safe for a low-risk person like you. If you work in\with the press, in\with the government, or with high-risk information (corp\gov trade secrets or proprietary information) there might be other steps to follow. You probably wouldn’t use LastPass in that case.

        Anyway, if you take away anything from this–use dual authentication where possible. Scotiabank (who I am with) has a shitty version of this where they ask you 5 questsions that you need to remember the answer to. Anytime you log into a new computer, it asks one of those questions. There’s also a pin thing. This is turned on by default. However, that’s a really shity version of a good system. I wished they used Google Authenticator or a simple text message.

  6. Taking all the very serious aside [valuable as they are !] the simple fact remains – INPUT is an anagram of PUTIN !!!!!!

  7. Why does Best Buy give away Kaspersky anti-virus with PC purchases

      1. I have Emsisoft Internet Security because they have just about as good a detection rate as Kasperski does. But at a fraction of the price, especially because I got a 3 year license. If Kasperski had been the same price I might have had that protecting my notebook.

        On occasion I install Kasperski’s free scanner and let it run. More out of curiosity, and because you never know, maybe it detects something. But it always turns out that because I already am using the mentioned EIS, nothing suspicious is ever detected by that free Kasperski scanner. So then I uninstall it again. But they are usually doing well on the prestigious AV-Comparatives tests:
        http://chart.av-comparatives.org/chart1.php

        1. PS:
          On that latest test they did a bit less good, but still not bad. The one I’m using is doing better if you have scanning in Custom mode enabled. Ir takes a few minutes longer to scan, but in my case it found some malware only in that mode. They were in email attachments, which I knew were fishy -one asking to go to PayPal to fill in my data again, by just clicking on the link in the attachment, which of course I didn’t do. Instead I forwarded it to [email protected].

          That email was already in my waste basked, yet still EIS detected and removed it.

          Another good one is Malwarebytes.

  8. Greetings from London, ON from another software developer. Hope things are going well at Dippy.

    It’s a good point you bring up here. For businesses and individuals it’s important to be aware of the security of information, but also the potential for espionage and access to networks.

    I don’t consider Kaspersky to be considerably different from any other Windows anti-virus software. Nowadays they all seem to have a cloud component which shares personally revealing telemetry (which is also present in the Windows OS and MSE) and provide an opt-out for sharing of local file hashes and binaries.

    The primary point of concern here is Kaspersky’s country of origin. Unfortunately we are as much a target to hackers from any continent, including North America. Any attack connected to a sophisticated state actor would not be overt or easily traceable.

    Geopolitics have certainly been interesting the last few years and there are a lot of flash points. The atmosphere of distrust, finger pointing and taking advantage of each other is an unsolvable problem for politicians, but rest assured if there is an issue “the West cannot get over with Russia”, information security will be the last of our concerns in Ontario.

    I think it is naive and dangerous to believe the same legal double standard, secret agreements and connection to power taken advantage of by Eugene is not also present in North America.

    Between social engineering, insecure hardware and insecure software network security is an intractable problem. Realize what is and what isn’t under your control and plan accordingly.

    Hope you have a great Thanksgiving weekend!

  9. Users of this crap program dont give a shit.

    Hope they fuck their Computer !!!!!!!!!!!

  10. I don’t believe anymore Kaspersky is spying. On the contrary; they are making great efforts to protect its users from spyware

  11. PS:
    I have Skype on, and on my GlassWire Firewall monitor I saw it make a connection to Hong Kong. Even though I was not making a call.

    I guess Microsoft has its servers all over the world. And not only Microsoft… so I don’t find it suspicious anymore that I saw Kaspersky make a connection to China years ago. (Not that I’ve worried about it. I’ve used the free scan version many times since then.)

    1. Author

      Crazy. I have little snitch installed on a mac and it’s insane some of the legitimate calls that some apps make. I can imagine it’s very easy to push through non-legitimate ones, or even if the hack happens on the recipient end of some of those calls.

      1. I later realized Kaspersky was using a server in Hong Kong among many others, so my paranoia went out the window.

        I found Kaspersky a bit too complicated to have as a licensed full version. Too many whistles and bells for my simple taste. So I’m utilizing Malwarebytes and Emsisoft instead. As well as HitmanPro and herdProtect, which uses 68 scan engines, and it’s free.

        But also by default surfing in Sandboxie, slim change I get malware on my little machine… : D

  12. This senate intelligence hearing and the whole Russian cyber intrusion business has us immediately switching from KAV to something Western based and not Symantec or McAfee the worst bloatwares in the history of AV

    What a difference 4-5 years of time can make in how one trusts a company and a country and reports about them or not.

      1. If you haven’t already checked it out, a US based company, webroot, is ranked equal with Bitdefender (Romania, also full of hackers) and Kaspersky (Russia). It’s worth noting that all of the top brands offer up their source code for perusal and verification, including Kaspersky, but it’s equally possible for them to slip something into an update unnoticed. We use Kaspersky at my company currently, but will probably switch to webroot because it’s very different, loads in seconds, always up to date, not a big download… and it’s based on “big data” being collected constantly and put to use to protect against everything going on. If being in the US is a must for you, they are your answer.

    1. Avast – Czech Republic
      Malwarebytes – U.S. w/offices in Ireland and Estonia
      Panda – Spain
      Comodo – U.S. (global offices)
      McAfee (who cares)

  13. Kaspersky works, not only on the FSB, but also on the Chinese special services.
    In 2006, I caught a new Chinese virus and sent a report with infected files. In Simantec, the patch was done in three days and characterized the threat – a high, critical vulnerability. In Kaspersky, it was “not noticed” for half a year.
    Then, with the help of networks infected with this virus, a number of cyber attacks were made, which the NSA revealed as Chinese attacks. Including the compromise of the Mastercard system in the United States. (lose more personal data and lacked payment sys)
    Also later in the network, a list of employees of government departments in Britain. Then they said that this is a list of from lost CD. But is that the British thus simply retained their face. They did not lose the disk. Simply, their networks were infected with this Chinese virus. And although Kaspersky in that case was with nothing. But he covered the epidemic of that virus.
    The real enemy is not the NSA or the government. A real enemy in China and the Kremlin – they work for one thing.
    You never lived for 100-200 dollars a month. You do not know what it means to work as a sysadmin for $ 150-300. You live in your rich paradise and look for enemies where they do not exist.
    All your problems are nothing compared to the nightmare and tyranny in which we live – the Russians have been 100 years since 1917. And we can not change anything here, because of the punitive system. You just do not know what a totalitarian state really is.
    You do not know what it is when your friend betrays you to get a salary of $ 1500.
    You Americans are stupid rams once you buy software from someone who is against you leads a cyberwar.

  14. I have been using Kaspersky for some time, I signed up for 3 years recently. My worry is that when I signed up an other company took my order. I think it was Digital River Inc. in Minnentonka Mn. Some one from there helped me with a problem I had by taking over my laptop since I have idea how to do anything . I am having the same problem now and who is helping me sent an email with instructions which I can’ t handle. The Email fallowing my call came from the Philippine. Any thoughts? Is it safe yto keep the service?

    1. “But two months after the DNC disclosed that its servers had been hacked – in an apparent attempt to help prevent further intrusions – the party purchased Kaspersky software on Aug. 25, 2016, for $137.46, according to Federal Election Commission records. It was the only federal political committee that reported buying Kaspersky software in the 2016 cycle, according to FEC records.”

      What a bunch of idiots at the DNC.

  15. I have been using Kaspersky for a few years, after all the rebates at Fry’s I would get it for free or $10. After seeing this I am concerned. I am not a computer Geek, I have no idea what to get now. Do you have any suggestions? I have AOL and I can get MacAfee through them, but I heard that is not as good as others… also when I get something new do I just uninstall Kaspersky?
    Other then that I did like it, it blocked bad sites and it kept my passwords for different sites.
    Are you really sure that its bad for our computers? I just saw this on the news last night that’s how I knew about this. If you can reply I would really appreciate it.
    Thank you

  16. There was news recently regarding NSA information stolen by Russian spies using Kaspersky. How true and likely is this? Are we still safe using Kaspersky?

    1. Author

      Very likely that it’s true, and I personally would never use Kaspersky. As discussed in the article, which I wrote a while back, that even IF Kaspersky wasn’t spying now, it still gives the Russian government a backdoor to any computer using it (because of their laws).

  17. HitmanPro utilizes the Kaspersky and Bitdefender engines, which gives very high detection rate. And I would guess that way no data from your pc is send to Kasperski.

    Besides that I don’t trust what the Main Stream Media is saying about Russia, including about Kaspersky.

    I like the free herdProtect scanner which utilizes 68 scan engines, among them the ones mentioned and many more of the well known brands.
    http://www.herdprotect.com/index.aspx

    I recommend Emsisoft Anti-Malware. And making system backups now and then, saving them on an external harddrive, to have access to it even if some issue prevents access to the Internet.

Leave a Comment