
Kaspersky? Reputation?
An industry rife with evil scum.
McAfee, Symantec, Kaspersky.
Yuck, yuck, yuck.
Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
.. mainly because Kaspersky has been the most straight player of them all with its steadfast refusal to whitelist government spyware (over the last 2 decades or so).
If it is true at all it would be a local effort - Eugene Kaspersky himself would not stand for these tactics. There is, however, another explanation: this could also be a tactic of the less straight players to get their own warez back in play, with whitelisting and all.
The problem is, of course, that we don't know either way, but the story doesn't fit the way Kaspersky is directed. It's too out of character, and it's not like Kaspersky needs to resort to these tactics to turn a profit.
Go back to the early days of Kaspersky. There was a virus that no one else had caught and suddenly this "unknown" company in Russia hit the mainstream media headlines about detecting it. There was a lot of suspicion in the IT world that Kaspersky created it, launched it on the world, then announced that they "spotted it" and were able to "protect" you from it. A rather nasty critter that virus as I recall.
But then, the whole industry has had rumors of similar shenanigans...
This whole thing whiffs a bit. Unknown original player? There's lots of reasons to get people to turn their antivirus off. Ex-employees with presumably some disgruntlement. Kasperski certainly would benefit by doing this, but so would lots of other people...even an own-goal against your own company if you could point the finger afterwards.
I'm just not going to believe a syllable anyone says, I think.
It doesn't *sound* right at all from a technical perspective. If it was happening people using alternative products would be making noise about it that's for sure. The core malware samples that engines use to classify code will be guaranteed to be actual malware or the system fails; I can't see this working any other way - why would any vendor trust crapware just because it's uploaded to VT anyway? They wouldn't that's why.
It might well be true Kaspersky tried it; what is highly suspicious are any potential claims it actually worked.
I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.
I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.
The guy is a mathematician by training, got into computers at a time where the Russians were barred from having anything powerful and thus learned to be really efficient, and he refused to play ball with other regimes that would like to have their spyware whitelisted. This also happened at a time when Windows was a leaky bucket of crud, so it needed all the help it could get and Internet hacking started to emerge. Two decades later, Windows is still a leaky bucket of crud, by the way.
Even a nut like McAfee could make money that way, and Kaspersky (and then wife) were reasonable business people to start with. No special treatment needed.
Sounds like a three (or four, depending on your region) letter agency to me.
Remember, Kaspersky pissed off the five eyes by not complying with their requests.
It is claimed Kaspersky engineers took harmless Windows operating system files, manipulated them to appear as though they contained malware, and uploaded them to VirusTotal. The aim was to deceive non-Kaspersky antivirus engines into treating those system files as dangerous
I fail to see how this is possible. If you "manipulate Windows operating system files", they no longer ARE Windows operating files. And how does this deceive other antivirus engines? Does one mark certain strings in those files and tell the other engines "if you see those strings, quarantine the file"? And they do it? In the age of polymorphic virus, no less?
If you start getting false positives on OS files, then you have a big problem, and it has nothing to do with someone poisoning your well. It's more along the lines of being lazy or not having the right conduit to Microsoft.
Genuine question: no axe to grind either way:-
How would you manipulate a file to make it appear as though it contained malware?
I can think of three ways:-
(1) Give it a different name.
(2) Alter its content.
(3) Copying it to a different location
If this were done then it would certainly be a candidate for suspicion, and if such a file were to be quarantined there can be no criticism whatsoever of the vendor that did the impounding: it IS a suspicious file. Ok, impounding a file that had been altered (see (2) above) could brick the host pc, but surely the AV community should be sensible enough not to impound essential files without pointing out the implications first? Ah, maybe THIS is the problem. Well, if it is, maybe Kaspersky should be congratulated for bringing this kind of problem into the open(?)
So the revised question to be asked is: Who manipulated the file in the ways mentioned above, on the target pc, and how: that is the source of the presumed malware. If the Kaspersky engine were found on all machines that had the suspicious file on them, surely a test can easily be setup to prove that the Kaspersky engine made the change.
Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.
Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions.
The product is already bundled with Microsoft 365 Business Premium (for businesses with up to 300 employees) but can now be picked up as a standalone product for $3 per user per month, as we reported from Ignite late last year.
Microsoft currently has four tiers of 365 subscriptions, starting at Business Basic (which includes the web versions of the company's productivity apps) for $6, going up to the full-fat premium version for $22 per user per month, with desktop versions of Office apps.
Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."
Russia-based Kaspersky has long been a target of suspicious rumors in the West over its ownership and allegiance to Russia's rulers.
In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products."
The UK Competition and Markets Authority (CMA) merger inquiry into NortonLifeLock's proposed $8bn acquisition of rival antivirus provider Avast has now closed, with the regulator concluding that a tie-up could indeed reduce competition in the marketplace.
"Advanced discussions" concerning a merger of the two security vendors first surfaced in July 2021, when NortonLifeLock investors were told that a combination with Avast "would bring together two companies with aligned visions, highly complementary business profiles and a joint commitment to innovation that helps protect and empower people to live their digital lives safely."
By August, a deal had been agreed where NortonLifeLock would acquire all Avast shares for $8bn followed by the combined companies listing on NASDAQ.
Germany-based security biz Avira's antivirus has enabled a new feature: "Avira Crypto". It's opt-in, but if you click "yes", the AV will use your computer to mine Ethereum.
Opinion Game knows game. Thus it came as little surprise that Norton's consumer security software not only sprouted a cryptominer that slurps your computer's life essence and skims a cut, but that it's hard to turn it off.
A marriage not made in heaven but the other place: consumer-grade antivirus software has always had an uneven reputation, much of which it richly deserves. But how did we come to carry such a high parasitical load in 2022?
Some of this is technical. Early generations of PC malware established standard techniques to propagate and protect themselves. Rootkit methods were common, monitoring and modifying operating system calls to defect target files and infect them, and to deflect scans or probes by returning false information. This means sinking hooks into the operating system at its lowest levels and taking control – which is precisely the same techniques early AV software used to detect and nullify viruses while defending itself from attacks in turn.
Updated Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.
The addition of Ncrypt.exe, Norton 360's signed cryptocurrency-mining binary, to installations of Norton antivirus isn't new – but it seems to have taken the non-techie world a few months to realise what's going on.
Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock's pitch, as we reported, was that people dabbling in cryptocurrency mining probably weren't paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?
The UK's Competition and Markets Authority has invited comments from industry and interested parties about NortonLifeLock's proposed $8bn purchase of fellow infosec outfit Avast.
The merger inquiry will run until the 16 March when the comments will be collated and assessed to determine if there is sufficient concern to warrant a deeper investigation.
"The CMA is considering whether it is or may be the case that this transaction, if carried into effect, will result in the creation of a relevant merger situation under the merger provisions of the Enterprise Act 2002," it said.
The UK's Competition and Markets Authority (CMA) has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms.
The move follows the watchdog baring its teeth at McAfee and Norton over the issue of automatically renewing contracts.
The CMA took exception to auto-renewal contracts for antivirus software that customers in the UK signed up for and found difficult to cancel. Refunds and clearer pricing information (including making sure consumers were aware that year two could well end up considerably costlier than the first) were the order of the day.
The UK's Competition and Markets Authority (CMA) has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund.
The deal follows a lengthy investigation into the antivirus sector that kicked off in 2018 amid concerns that "some firms in the industry may not be complying with consumer law."
It's quite the slap on the wrist for McAfee, whose software tends to be bundled with a large number of devices sold in the UK. Customers who signed up with the company may not have understood the ins and outs of auto-renewal, hence the CMA action.
Biting the hand that feeds IT © 1998–2022