Kaspersky Lab denies tricking AV rivals into nuking harmless files

Friday 14th August 2015 19:34 GMT Anonymous Coward

Kaspersky? Reputation?

An industry rife with evil scum.

McAfee, Symantec, Kaspersky.

Yuck, yuck, yuck.

4 6 Reply
1. Friday 14th August 2015 22:48 GMT Planty
  
  Re: Kaspersky? Reputation?
  
  Not sure I trust any of those snakeoil vendors, every week they spew FUD to try and sell their product.
  
  They mix real secuity threats with BS ones, pretending they are equal, and always gloss over major mitigating points.
  
  2 5 Reply
Friday 14th August 2015 19:49 GMT Anonymous Coward

Y'heart sinks to y'boots when you read stuff like this

But keep it up Mr Register.

2 0 Reply
Friday 14th August 2015 20:04 GMT Anonymous Coward

I'm not buying this..

.. mainly because Kaspersky has been the most straight player of them all with its steadfast refusal to whitelist government spyware (over the last 2 decades or so).

If it is true at all it would be a local effort - Eugene Kaspersky himself would not stand for these tactics. There is, however, another explanation: this could also be a tactic of the less straight players to get their own warez back in play, with whitelisting and all.

The problem is, of course, that we don't know either way, but the story doesn't fit the way Kaspersky is directed. It's too out of character, and it's not like Kaspersky needs to resort to these tactics to turn a profit.

7 0 Reply
1. Friday 14th August 2015 21:07 GMT Mark 85
  
  Re: I'm not buying this..
  
  Go back to the early days of Kaspersky. There was a virus that no one else had caught and suddenly this "unknown" company in Russia hit the mainstream media headlines about detecting it. There was a lot of suspicion in the IT world that Kaspersky created it, launched it on the world, then announced that they "spotted it" and were able to "protect" you from it. A rather nasty critter that virus as I recall.
  
  But then, the whole industry has had rumors of similar shenanigans...
  
  3 2 Reply
  1. Friday 14th August 2015 21:14 GMT Anonymous Coward
    
    Re: I'm not buying this..
    
    This whole thing whiffs a bit. Unknown original player? There's lots of reasons to get people to turn their antivirus off. Ex-employees with presumably some disgruntlement. Kasperski certainly would benefit by doing this, but so would lots of other people...even an own-goal against your own company if you could point the finger afterwards.
    
    I'm just not going to believe a syllable anyone says, I think.
    
    4 0 Reply
2. Friday 14th August 2015 21:25 GMT streaky
  
  Re: I'm not buying this..
  
  It doesn't *sound* right at all from a technical perspective. If it was happening people using alternative products would be making noise about it that's for sure. The core malware samples that engines use to classify code will be guaranteed to be actual malware or the system fails; I can't see this working any other way - why would any vendor trust crapware just because it's uploaded to VT anyway? They wouldn't that's why.
  
  It might well be true Kaspersky tried it; what is highly suspicious are any potential claims it actually worked.
  
  4 0 Reply
3. Saturday 15th August 2015 12:10 GMT Anonymous Coward
  
  Re: I'm not buying this..
  
  "Kaspersky... ...steadfast refusal to whitelist [Western] government spyware..."
  
  What about Putin's spyware?
  
  1 1 Reply
Friday 14th August 2015 21:31 GMT x 7

I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.

1 4 Reply
1. Friday 14th August 2015 21:35 GMT streaky
  
  Kaspersky trained at the KGB's hacking school thing, so you know, yes, I guess?
  
  That said it's not exactly an unusual story in the industry.
  
  1 0 Reply
2. Saturday 15th August 2015 09:09 GMT Anonymous Coward
  
  I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.
  
  The guy is a mathematician by training, got into computers at a time where the Russians were barred from having anything powerful and thus learned to be really efficient, and he refused to play ball with other regimes that would like to have their spyware whitelisted. This also happened at a time when Windows was a leaky bucket of crud, so it needed all the help it could get and Internet hacking started to emerge. Two decades later, Windows is still a leaky bucket of crud, by the way.
  
  Even a nut like McAfee could make money that way, and Kaspersky (and then wife) were reasonable business people to start with. No special treatment needed.
  
  5 0 Reply
Friday 14th August 2015 22:08 GMT Sanctimonious Prick

Ex-Employee?

Sounds like a three (or four, depending on your region) letter agency to me.

Remember, Kaspersky pissed off the five eyes by not complying with their requests.

5 0 Reply
Friday 14th August 2015 22:34 GMT Destroy All Monsters

Somebody is talking fast here.

It is claimed Kaspersky engineers took harmless Windows operating system files, manipulated them to appear as though they contained malware, and uploaded them to VirusTotal. The aim was to deceive non-Kaspersky antivirus engines into treating those system files as dangerous

I fail to see how this is possible. If you "manipulate Windows operating system files", they no longer ARE Windows operating files. And how does this deceive other antivirus engines? Does one mark certain strings in those files and tell the other engines "if you see those strings, quarantine the file"? And they do it? In the age of polymorphic virus, no less?

If you start getting false positives on OS files, then you have a big problem, and it has nothing to do with someone poisoning your well. It's more along the lines of being lazy or not having the right conduit to Microsoft.

8 0 Reply
Sunday 16th August 2015 08:07 GMT Ken Moorhouse

"manipulated them to appear as though they contained malware"

Genuine question: no axe to grind either way:-

How would you manipulate a file to make it appear as though it contained malware?

I can think of three ways:-

(1) Give it a different name.

(2) Alter its content.

(3) Copying it to a different location

If this were done then it would certainly be a candidate for suspicion, and if such a file were to be quarantined there can be no criticism whatsoever of the vendor that did the impounding: it IS a suspicious file. Ok, impounding a file that had been altered (see (2) above) could brick the host pc, but surely the AV community should be sensible enough not to impound essential files without pointing out the implications first? Ah, maybe THIS is the problem. Well, if it is, maybe Kaspersky should be congratulated for bringing this kind of problem into the open(?)

So the revised question to be asked is: Who manipulated the file in the ways mentioned above, on the target pc, and how: that is the source of the presumed malware. If the Kaspersky engine were found on all machines that had the suspicious file on them, surely a test can easily be setup to prove that the Kaspersky engine made the change.

0 0 Reply
Tuesday 18th August 2015 18:01 GMT Gis Bun

You know something is wrong when they "attacked" two crappy anti-virus/malware developers [Microsoft and Avast] as well as a semi-crappy one [AVG].

0 0 Reply
1. Tuesday 18th August 2015 20:45 GMT x 7
  
  why do you call Avast crappy?
  
  Despite its free offerings, it actually has AV definitions which actually work in real-life, unlike much of the crap on offer elsewhere
  
  0 0 Reply