Stop Using Kaspersky!

Eugene Kaspersky Receiving Runet Prize - 2010

Eugene Kaspersky Receiving Runet Prize (by the Russian government controlled media) - 2010

Technically, Kaspersky is probably the most sophisticated information security organization. They caught both Stuxnet and Flame (super-sophisticated, state-sponsored super viruses designed to avoid capture) before anyone else. They offer a great product at a great price, with half decent support. On top of that, Eugene Kaspersky is Russia’s version of Bill Gates meets Steve Jobs. In short, he’s a tech-savvy genius with a personality, and now he’s one of the richest men in Russia. So why should you avoid using Kaspersky like the plague?

In short, you should never install this program on your machine because of one simple reason: corruption. First, Eugene was a spy. He studied at the KGB backed institution, “Institute of Cryptography, Telecommunications, and Computer Science.” After this, he became an “intelligence officer” (AKA Russian Spy). He is entirely, absolutely opaque about both his time at the “educational” institution, and his military service. No transparency: the Russian way of doing things.

Had Eugene moved to Sweden to follow through with his fascination with computer viruses, and to start his company there, I would not write this article. Had he renounced government intrusion  in a company dedicated to a public interest, I would also not write this article. But in fact, Kaspersky is run from Moscow, and Eugene is not behind bars, which is all the proof that anyone needs: Kaspersky–the man and the company–works with Putin and his crime organization.

In fact, we have even more evidence than that. Kaspersky’s current connection to the Russian government is well documented. He readily responds to requests made by the police and military in catching criminals. This occurs regularly, and it’s not denied. When the unfortunate kidnapping of his son occurred, he had an entire police station under his control. Fortunately, they found the perpetrators and rescued his son. However, the Russian military and police service (which, in that country is much more tightly intertwined than in democratic ones) aren’t particularly known for supporting victims of kidnappings. How does a man–supposedly a private citizen–mobilize an entire police department and arms of the military intelligence in less than a few hours? And what does he owe them for that?

More than that, what does Eugene Kaspersky owe the military for discharging him honorably from service? Something that’s almost impossible in the Russian regime. Or is he discharged at all? There are unconfirmed rumors circulating that Eugene is still in the services as a covert agent (covert in being overt and public that is).

If all this does not sway you; if all this evidence does not impress you then just consider Russia’s laws while remembering that Kaspersky is working from there. Kaspersky, the company, is registered and run from the heart of the Russian crime-regime: Moscow. In Russia, under federal law, “the FSB can not only compel any telecommunications business to install ‘extra hardware and software’ to assist it in its operations, the agency can assign its own officers to work at a business” (Wired, 2012). Essentially the government can compel any tech company to install anything the Russian government wants onto their products\services.

And now Kaspersky wants us to open up our personal computers, our servers, our enterprise systems, and even physical infrastructure to install their security systems. Kaspersky wants us to join his network and install his product with the most trusted super-user privilege. An anti-virus program has admin rights that can do anything on the OS.

Now perhaps you don’t buy that Eugene is a spy. You may not even buy into the argument (despite insurmountable evidence that he himself does not deny) that Eugene works with the Russian government. But even if Eugene was against the Russian crime-regime, it would not stop that government from taking over the Kaspersky company to install monitoring or malware systems. With a snap of their fingers they can do it, and do it legally. And what then happens to our PCs, servers, enterprise systems, and physical infrastructure that have Kaspersky installed. Perhaps the Russian’s never had (or will have) a reason to exercise their legal right. But perhaps they will. It’s not hard to imagine what happens when there’s some conflict or disagreement that the West cannot get over with Russia. In fact, it’s not even hard to imagine that disagreement: Iran, Syria, China, Israel, NATO, the Space Missile Shield…

To summarize: a company that we rely on for security cannot be located in a quasi-totalitarian, non-democratic system. The organization cannot be located in a corrupt culture where the central government violates human rights on a regular basis. The company that we rely on for security cannot be run by a man who publicly lobbies world organizations for privacy intrusion laws, an ex spy for one of the most ruthless, deadly (and stupid) regimes in human history: the USSR. So no, don’t buy this great product at a great price.

References:

http://www.wired.com/dangerroom/2012/07/ff_kaspersky/2/

http://www.wired.com/images_blogs/dangerroom/2012/07/Russian-Laws-and-Regulations-and-Implications-for-Kaspersky-Labs.pdf