back to article Germany advises citizens to uninstall Kaspersky antivirus

Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer." Russia-based Kaspersky has long been a target of suspicious rumors in the West over its ownership and allegiance to Russia's rulers. …

  1. Anonymous Coward
    Anonymous Coward

    Just don't use ANY anti-virus

    Anti-virus products catch known malware, but the malware that will really hurt you is the new one their labs don't yet know about. Therefore, all anti-virus products give you a false sense of security.

    Real security involves using a computer system that is more secure by design, such as GNU/Linux instead of Microsoft Windows, plus being more careful about what you do with your computer.

    1. Doctor Syntax Silver badge

      Re: Just don't use ANY anti-virus

      If you use Windows and you don't use any ant-virus then it doesn't matter whether their labs know about it or not, any malware will be damaging.

      1. dafe

        Re: Just don't use ANY anti-virus

        Anti-virus is malware.

        It has root access, reads all your files, monitors your traffic, and has encrypted connections to a command-and-control server that updates it with new instructions.

        This is true of all anti-virus.

        1. Nate Amsden

          Re: Just don't use ANY anti-virus

          It's only malware if it doing things without your consent. Most people install AV with those filters and things willingly in order to give greater protection. Sort of like saying firewalls that do SSL intercept are malware too because they can see inside your encrypted connections(and I read recently that at least Palo Alto's newer versions have no issues with TLS 1.3 either). But again, that is by design, and the customers are installing it knowing that it does those things(and wanting it to do those things).

          1. PriorKnowledge
            Thumb Down

            AV does a lot without consent

            Like blocking non-malicious files just because they could be used to help with piracy (antiwpa is a good example). Some crap anti-virus programs a very long time ago used to always detect anything named crack.exe as malicious, no matter its contents. Nowadays it’s worse as they also lack transparency in what they do, presumably as a means of security through obscurity?

            Good companies used to make their full encyclopaedias available telling you what every bit of malware would do and how it worked. Nowadays all that info is hidden and a lot of detections are named deliberately vaguely to confuse people. That said, even us nerds are too jaded to care anyway.

        2. Roland6 Silver badge

          Re: Just don't use ANY anti-virus

          >It has root access, reads all your files, monitors your traffic, and has encrypted connections to a command-and-control server that updates it with new instructions.

          I see Windows 10/11, MacOS, Linux et al seem to satisfy the criteria...

          1. Anonymous Coward
            Anonymous Coward

            Re: Just don't use ANY anti-virus

            .. but only Windows adds wilful, hard to fully stop transmission of user telemetrics onn top, so God knows what else it sends off when its masters want it. After all, AFAIK it's Microsoft who was actually helping the US government getting the Cloud Act together so it had legal cover for this.

            As far as I'm concerned, the most prolific malware is called Windows as it has been implicated in an estimated 99.9% of breaches and malware attacks. Adding AV to it is just adding another layer.

            1. NeilPost Silver badge

              Re: Just don't use ANY anti-virus

              Looks like the Anti-Vax brigade are in town.

              Anti-Anti-Virusers???

              1. Anonymous Coward
                Anonymous Coward

                Re: Just don't use ANY anti-virus

                Heck no. You add AV to Windows: first injection. You remove Adobe: second one. You manage to wholesale rip out Microsoft: long term booster.

                Anything else I can help with?

                :)

                1. Roland6 Silver badge

                  Re: Just don't use ANY anti-virus

                  >Anything else I can help with?

                  Any news on what a fix for that Linux zero day root access gets fixed?

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Just don't use ANY anti-virus

                    In my experience, interim patched tend to arrive in mere hours.

              2. zuckzuckgo Silver badge

                Re: Just don't use ANY anti-virus

                > Anti-Anti-Virusers???

                You just upped the anti

            2. hoola Silver badge

              Re: Just don't use ANY anti-virus

              Perhaps that is because it is the most widely used user-facing OS?

              This constant harping on the Linux and iOS are somehow invulnerable does nothing to help the problem.

              They are not, look at the stupidity of people believing their MACs are somehow invulnerable so don't need any form of AV solution.

              We know Windows has been a target for years and yes, things could be better BUT it is also the most used OS at the client end. Just saying everyone should install Linux instead does not fix the problem, all that will happen is that it will become the new target.

              1. NightFox
                Headmaster

                Re: Just don't use ANY anti-virus

                Agree, but please: Mac, not MAC, it's not an acronym.

                1. Snapper

                  Re: Just don't use ANY anti-virus

                  Agree, it sets my teeth on edge. Bit like the old Windoze or Winblows, although they are not just laziness.

              2. Anonymous Coward
                Anonymous Coward

                Re: Just don't use ANY anti-virus

                Perhaps that is because it is the most widely used user-facing OS?

                Nope - this is measured in percentages. There is also no suggestion they are INvulnerable, they are LESS vulnerable - it requires fewer resources to keep them safe and it takes far less time. This is why manhours are carefully avoided in TCO studies offered by Microsoft..

      2. hoola Silver badge

        Re: Just don't use ANY anti-virus

        The same as iOS or Linux. The client is just the entry point.

      3. Captain Scarlet Silver badge
        Paris Hilton

        Re: Just don't use ANY anti-virus

        If you don't install your own, Defender is on by default unless this has changed?

    2. Anonymous Coward
      Anonymous Coward

      Re: Just don't use ANY anti-virus

      As someone that actually works in IT security, I will confirm that anti-virus software is for the most part useless. At my work, we only deploy it for compliance reasons.

      The AC above is correct that any of the really bad stuff will not get detected by your AV software. Only old, known malware will be detected by AV software.

      I don't run AV software on any of our personal / home PCs. As mentioned in a post below, the telemetry and exfiltrated data is more concerning than the supposed protection AV software provides.

      1. Fruit and Nutcase Silver badge

        Re: Just don't use ANY anti-virus

        the telemetry and exfiltrated data is more concerning

        Exhibit A: Microsoft Windows

        In my work laptop, when I search for something locally, sometimes it goes to search the web. That means company proprietary information is being exfiltrated

      2. Phil Koenig

        Re: Just don't use ANY anti-virus

        I work in IT security too, and if you don't understand the concept of heuristic and behavioral detection that has been in modern AV tools for decades now, maybe you shouldn't be in IT security, AC #9315347...

        1. Bitbeisser

          Re: Just don't use ANY anti-virus

          >I work in IT security too, and if you don't understand the concept of heuristic and behavioral detection

          >that has been in modern AV tools for decades now, maybe you shouldn't be in IT security, AC #9315347..

          Well, don't be to harsh to that guy, with all that tin foil obstructing his view, it is hard not to miss those things...

      3. Roland6 Silver badge

        Re: Just don't use ANY anti-virus

        >The AC above is correct that any of the really bad stuff will not get detected by your AV software. Only old, known malware will be detected by AV software.

        Obviously, not seen the event log from an AV management console, for a client the presence of the AV has meant they have avoided getting infected with 'old' malware; where 'old' means malware detected for the first time in the wild within the last week and 'malware' means anything unwanted like firmware and driver updates from outside the recognised update channels.

      4. NightFox

        Re: Just don't use ANY anti-virus

        "As someone that actually works in IT security,"

        Using that on here to give credibility to your post is like posting on PistonHeads that you're someone who actually owns a car.

      5. zuckzuckgo Silver badge

        Re: Just don't use ANY anti-virus

        > Only old, known malware will be detected by AV software.

        So are you suggesting that we shouldn't be blocking old, known malware?

        1. Charles 9

          Re: Just don't use ANY anti-virus

          Perhaps more effort should be put into trying to block unknown, novel malware that may have never been seen before, rather than have your system bogged down trying to find the same-old-same-old.

          1. Phil Koenig

            Re: Just don't use ANY anti-virus

            A modern AV engine will only do that scan ONCE - when it is first installed. (And all the OS files are already known and they have hashes for all of them, so they have no need to scan any of those either, unless their checksums don't match their database)

            Subsequently it skips all the files it inventoried on first install/scan, because it vastly speeds up subsequent scanning and lowers resource usage. AV tool makers figured out this "trick" probably 20 years ago.

    3. marcellothearcane
      Happy

      Re: Just don't use ANY anti-virus

      Granted, everyone loses from new malware.

      However, a lot of malware-slingers are script-kiddies or worse, and just spit out old stuff which antivirus programs pick up.

      Fine, nothing is really going to save you from a determined, targeted attack; but if antivirus saves my less-technical colleagues & grandparents, that's a good thing as far as I'm concerned.

      I've had Eset delete malware attachments from our company's public-facing email address, which I'm thankful for.

    4. karlkarl Silver badge

      Re: Just don't use ANY anti-virus

      Arguably if you run your user as a "user" rather than admin like it is the 90's again, you rarely need antivirus. If you can't get user rights to fsck up the system, neither can a "virus" software with the same rights.

      Even Windows XP running as a user (even without UAC) is actually pretty good. Heck, even Windows NT 4.x would be feasible if Microsoft plugged their old flaws.

      It is the culture of UNIX that stops people running as root/admin. The culture of Windows is still based on MS-DOS and Windows 9x.

      1. bombastic bob Silver badge
        Meh

        Re: Just don't use ANY anti-virus

        a lot of flaws found in windows take the form of "privilege escalation" which is where things like NOT using an admin login fall apart.

        Sure, NOT using admin is a good idea. I do this when possible. You won't be able to use anything from "The Store", but who wants those CRapps anyway. And if your user gets infected with some registry polluter, you can always just delete it and re-create it. That kind of recovery is simple. Or you can run tools from the admin user to clean it up (same idea) as the admin user is not likely to have been corrupted. UNLESS... it was a privilege escalation flaw that the malware used to screw you over.

        Still it is A level of protection, and should be made use of.

        But unless you stay off of 'teh intarwebs' with your windows machine, do NOT use a Micros~1 browser or mail reader, ONLY read mail in plain text without graphics displayed inline, and ONLY view those graphics (or e-mail attachments) with an appropriate viewer program via "file open", you'll probably need a minimal AV program (like defender *cough*) to provide yet another extra layer of defense.

    5. Dabooka

      Re: Just don't use ANY anti-virus

      Thanks for the tip!

      I'll let work IT know in the morning I want a Linux setup delivered and configured. I'm sure they'll be absolutely fine with that once I explain it is so I do not want to run AV software.

      Meanwhile in the real world...

    6. Grogan Silver badge

      Re: Just don't use ANY anti-virus

      The threats nowadays rely more on human trickery. They aren't as much "viruses" with patterns you can detect and heuristics can only be so aggressive without flagging and interrupting legitimate activity as malware activity. They can't exactly block programs that are trying to write to your documents (the results of that are things like that asshole Bitdefender preventing game data from being saved)

    7. kitekrazy

      Re: Just don't use ANY anti-virus

      This always brings the Linux crow out out of the woodwork. No one creates a virus for a platform that is barely used by the average consumer.

      1. Charles 9

        Re: Just don't use ANY anti-virus

        True. Linux miscreants tend to be savvier and lean more towards privilege escalation since then it doesn't matter what user is compromised as long as A user is compromised.

      2. julian.smith
        Linux

        No one creates a virus for a platform that is barely used by the average consumer.

        You say that like it's a bad thing

      3. Claverhouse Silver badge

        Re: Just don't use ANY anti-virus

        This always brings the Linux crow out out of the woodwork

        .

        .

        And all he says is "Nevermore".

        1. Mooseman Silver badge

          Re: Just don't use ANY anti-virus

          "And all he says is "Nevermore"."

          Is that an example of Poe's law?

          :)

      4. Phil Koenig

        The Pecking Order

        Vulture > Crow

      5. Anonymous Coward
        Anonymous Coward

        Re: Just don't use ANY anti-virus

        You're absolutely right.

        There is nothing of any value stored on a Linux server which is why they aren't targeted.

        Oh wait sorry no, that's bullshit.

    8. Potemkine! Silver badge

      Re: Just don't use ANY anti-virus

      Real security involves using a computer system that is more secure by design, such as GNU/Linux

      Yeah, because there's no malware on Linux /s

    9. DrXym

      Re: Just don't use ANY anti-virus

      What is a GNU/Linux? What does secure by design even mean in relation to a GNU/Linux?

      It's like saying a house is secure while pointing at the pile of bricks that could be used to build many potential houses.

      One could argue that a modern Linux dist strives to be secure by default, using a minimal attack surface, strong password policy, SELinux, principle of least privilege, frequent updates etc. But equally a Linux could be some firmware that some Chinese OEM shat into their wifi camera with a baked in backdoor.

    10. bombastic bob Silver badge
      Meh

      Re: Just don't use ANY anti-virus

      Real security involves using a computer system that is more secure by design, such as GNU/Linux instead of Microsoft Windows, plus being more careful about what you do with your computer.

      You are "not wrong". however, for the average user, especially those who actually SURF THE WEB with a windows computer using a login that has administrator-level access, the A/V at least provides a minimal level of defense. (I do not use it, as it mostly gets in the way of software development, but I do not use windows machines for web surfing either, and any e-mail is read by "not outlook" in PLAIN TEXT MODE ONLY and NO inline graphics)

      So yeah I call that "safe surfing" but it works best when NOT using a Windows OS.

    11. Anonymous Coward
      Anonymous Coward

      Re: Just don't use ANY anti-virus

      From the article it seems Kaspersky actually worked as intended and classified the before unknown NSA malware as such without it previously being in the database.

      1. Dog11
        Big Brother

        Re: Just don't use ANY anti-virus

        Exactly. Kaspersky worked as advertised. Is Kaspersky susceptible to direction from the Russian government? Certainly. Are other AVs susceptible to pressure from related governments? Also certainly (this applies to OS software as well). I use Kaspersky because I am confident there is nothing about my computer (or my life) that the Russians would be interested in. I am not sure I can say that about other AV producers and their respective governments.

    12. Anonymous Coward
      Anonymous Coward

      Re: Just don't use ANY anti-virus

      https://www.pcmag.com/opinions/is-windows-defender-good-enough-to-protect-your-pc-by-itself

      Even if "W Defender" isn't the best by some measure, it is probably the least likely to be serve as a Trojan horse.

  2. Anonymous Coward
    Angel

    Kaspersky [ ... ] does not have any ties to the Russian government

    Bullshit.

    https://en.wikipedia.org/wiki/Eugene_Kaspersky

    At the age of 16, Kaspersky entered a five-year program with The Technical Faculty of the KGB Higher School, which prepared intelligence officers for the Russian military and KGB. He graduated in 1987 with a degree in mathematical engineering and computer technology.

    https://en.wikipedia.org/wiki/Institute_of_Cryptography,_Telecommunications_and_Computer_Science

    The Institute of Cryptography, Telecommunications and Computer Science (Russian: Институт криптографии, связи и информатики) or IKSI (ИКСИ) is a research institute within the Academy of the Federal Security Service of Russia, which trains specialists in areas such as the transfer, protection and processing of information. [ ... ] Prior to the dissolution of the Soviet Union, the Institute was known as The Technical Faculty of the KGB Higher School.

    Totally not connected to the FSB or KGB or the Russian government.

    1. Yet Another Anonymous coward Silver badge

      Re: Kaspersky [ ... ] does not have any ties to the Russian government

      By which 'logic' Herman Hauser (founder of ARM) going to King's College Cambridge - home of all the 1960s Blunt/Philby/Maclean spies - means that ARM is a front for the USSR/KGB

      1. Anonymous Coward
        Anonymous Coward

        Re: Kaspersky [ ... ] does not have any ties to the Russian government

        > Herman Hauser (founder of ARM) going to King's College Cambridge

        Oh really. King's College, Cambridge is a special school funded and managed by the KGB/FSB, for the sole purpose of recruiting and training future KGB/FSB agents?

        Are you really this stupid?

        1. Yet Another Anonymous coward Silver badge

          Re: Kaspersky [ ... ] does not have any ties to the Russian government

          >King's College, Cambridge is a special school funded and managed by the KGB/FSB, for the sole purpose of recruiting and training future KGB/FSB agents?

          Well it was founded by a schizophrenic who claimed to be king of France, to ask God to forgive his dad for killing so many Frenchmen, but by the 60s ......

          ps Peterhouse is run by the CIA to produce perfect Republican (in the American sense) Tory MPs.

        2. NeilPost Silver badge

          Re: Kaspersky [ ... ] does not have any ties to the Russian government

          Are you American and missed the dripping irony???

    2. iron Silver badge

      Re: Kaspersky [ ... ] does not have any ties to the Russian government

      Try looking into his wife and co-founder of the business. Her ties to the Russian government are much more current and Putin shaped.

      1. A.P. Veening Silver badge

        Re: Kaspersky [ ... ] does not have any ties to the Russian government

        Try looking into his wife and co-founder of the business. Her ties to the Russian government are much more current and Putin shaped.

        She happens to be his ex-wife, but otherwise fair point.

    3. Anonymous Coward
      Anonymous Coward

      Re: Kaspersky [ ... ] does not have any ties to the Russian government

      Let's be accurate here. From history we know that Kaspersky has always refused to whitelist government spyware, which is good.

      However, as (a) their HQ is in Russia, (b) have remained there for decades without apparently annoying Putin (which is a red flag) and (c) their entire senior management team is ex Russian Universities, the high probability exists that they either have been co-opted or will be, so from a simple risk management perspective you then opt for something else. That is at least something you can switch as there's plenty competition.

      Avoiding the primary malware vectors known as Microsoft and Adobe is a lot harder.

    4. Potemkine! Silver badge

      Re: Kaspersky [ ... ] does not have any ties to the Russian government

      Nice demonstration. Let's try to extend.

      Von Braun was a SS officer, therefore NASA is Nazi.

    5. Anonymous Coward
      Anonymous Coward

      Re: Kaspersky [ ... ] does not have any ties to the Russian government

      I uninstalled Kaspersky from mine all my famliy member's machines last Monday, I can't complain about Russia and then buy direct from a Russian company. Product was good but I uninstalled, bought Bitdefender instead and made a big donation to the Red Cross.

      Tip, buy the paper license from Amazon, half the price to have a key posted to you than buying online!

  3. VoiceOfTruth Silver badge

    both Britain and the US did likewise

    -> both Britain and the US did likewise

    Britain take orders from the USA.

    1. theOtherJT Silver badge

      Re: both Britain and the US did likewise

      Hey now, there's no need for that. Here in Britain we don't discriminate. We'll take orders from anyone who's prepared to bribe us contribute to our economy!

  4. elDog

    There are lots of Russian companies that moved their head offices to supposedly safe countries.

    I can think of one of the most trusted backup companies that was out of St. Petersburg and is now in Switzerland, Singapore.

    https://www.theregister.com/2018/02/22/acronis_enters_hyperconverged_security_business/

    https://www.intellinews.com/cybersecurity-firm-acronis-becomes-russia-s-second-unicorn-this-year-168182/

    There's a lot of trying to get ahead of the news curve on their site. Still trusting anyone to both supply anti-malware and backup at the same time seems risky.

    1. cnsnnts
      Facepalm

      Re: There are lots of Russian companies that moved their head offices to supposedly safe countries.

      ... and there is me thinking I shouldn't be panicked into uninstalling Kaspersky because I have my Acronis backups to fall back on.

  5. Anonymous Coward
    Anonymous Coward

    The timing is better now - I'm moving SO to new Win10 machine. Win7 just had to have something, and all the AV I've tried has betrayed me (destructive testing it was!) except for Kaspersky. I'll not say anything against them. But Win10 seems to have just enough protection for me, and perhaps for the SO.

    But the users populations do differ. I'm a nerd, run NoScript, and don't shop on the web. SO does shop on the web. Lots! How to protect for the common users?

    1. Yet Another Anonymous coward Silver badge

      In order of ease/effectiveness

      Have your machine behind a router, after the crappy one your ISP supplies.

      Get SO a chromebook

      Don't install random windows software

      Don't add toolbars / plugins etc (except from chrome store that have 1M+ downloads)

      Use Brave browser

      Install piHole

      1. jockmcthingiemibobb

        Decent ISPs are supplying Mikrotiks or Fritzboxes these days.

        1. iron Silver badge

          Decent ISPs don't charge you for a garbage router and let you supply your own equipment.

          I hear in the USA you rent your router from many ISPs. Crazy shit I would never accept.

      2. Anonymous Coward
        Anonymous Coward

        Get SO a chromebook

        From a security perspective, if you can afford it get her a Mac*. Also frees you from having explain a million things to her as usability is better.

        * And still install AV on it - two layers is better than fitting a condom over a colander.

        1. Anonymous Coward
          Anonymous Coward

          Macs get infected too

          Problem is Mac Users think they are safe. So click on any old scam they see in just the same way. I have removed more viruses from Apple computers in the past two years than Windows ones.

          Actually it is starting to get annoying. Used to make lots of cash out of fixing infected XP boxes, now Win10 is annoyingly safer and you just don't get the problems like the old days.

          Instead it is the much more efficient scammer sending emails and plain asking for user credentials. "Please go to this website to download your OneDrive\iCloud\GDrive file and type in your password for us. Thanks". Chromebook don't protect against that.

          I train my clients to be paranoid now. Don't trust anyone.

        2. Dog11
          Windows

          Mac usability is only better if you already are part of Mac culture and, I think, use only officially approved software that was originally written for Macs. As a Win (and some Linux) guy, I always had immense difficulty getting Macs to do what I wanted (where are those network parameter settings again?). And then, there's that "if you can afford it".

    2. usbac Silver badge

      "How to protect for the common users?" - Get them the hell off of F'ing Windows!

      I just purchased my wife a new laptop. I didn't even boot into Windows. I popped in a thumb drive with Mint on it. She couldn't be happier. After using it for about a week, she asked "why do people put up with Windows when they could just use this?"

      Coming from Windows 7, she found Mint (mate) more familiar than Windows 11.

      We sent her 83 year old father a new laptop with Mint installed. He is very happy to not have to deal with ads, constant forced re-boots, etc. His response was very similar (why do people still use Windows).

      1. Charles 9

        Then you run into one who happens to be a gamer, or has to use custom proprietary software or hardware. Then you run into issues. And no, Proton is still not the be-all end-all for gaming compatibility just yet.

        1. John Brown (no body) Silver badge

          Yep, switching a Windows user to Linux is easy if all they do is "consume" and/or there are direct Linux equivalents of any software they may use. But to be fair, that is a significant number of home users. I just got my wife to install Gramps on her laptop to see if I can wean her off Family Tree Maker. I showed her how to export her data from FTM and import it into Gramps and so far, she seem to like it. If that goes well, I'll set her up with dual boot and try her with Linux, probably Mint and see how often she switches back to Windows, and if so why. With a bit of luck, I might get her Windows-free in time. Of course, there may be some withdrawal symptoms to deal with too, but slowly, slowly catchee monkey :-)

        2. Updraft102

          I find gaming on Linux using Wine and Proton to be just fine. I just deleted Windows 10 from my gaming laptop a few months ago, after never having used it in the two years I had the thing. I kept Windows around just in case I needed it, but I never did, and I eventually decided the 45 GB I had not already reclaimed for Linux (I'd shrunk the Windows volume a few times) was more important than the possibility of running Windows. It's just not necessary.

          It's not at all true that no people who run Linux exclusively "happen to be a gamer."

        3. cyberdemon Silver badge
          Devil

          Then you run into one who happens to be a gamer,

          Actually I think one of the safest things to do right now is to uninstall Steam and other games distribution software from any non-disposable Windows box. It's a massive attack vector, any russian games developer could be coerced into pushing a poisoned update, and there is a handy API for the game developer to say "please run this update as admin" (which is not available under Linux afaik)

          And proton is great, actually. Even does VR games well.

          It really is not worth getting a ransomware or outright disk-wiper worm just because you or your kid wants to play some game and it won't work in a VM. Kids are playing CoD for real right now and it's not very fun because it hurts and you only get one life. :(

  6. CommanderGalaxian
    Unhappy

    Sad.

    Kinda sad that we now have to consider Kaspersky (and even Acronis (RTFM where it came from)) as fatally compromised. They are both great products, but the scenario though that a gun isn't now being put to the head of Eugene Kaspersky is no longer something that can be ignored as a possibility.

    Kinda makes the case (if it wasn't made already) for doing your day-to-day surfing and web shopping, only ever in a virtual machine.

    1. NeilPost Silver badge

      Re: Sad.

      https://www.theregister.com/AMP/2020/11/12/crypto_ag_swiss_parliament_report/

      In perspective as the NSA is little better.

  7. martinusher Silver badge

    Kaspersky has been in the crosshairs for years

    Kaspersky has been a thorn in the NSA's side for decades since they have a nasty habit of exposing their exploits. That's why I trust them -- the argument that "the Russian government can force them to do 'X' " makes little sense because their product is too valuable to compromise. They need their net as widely distributed as possible which is why governments are aching to find excuses to ban it.

    1. iron Silver badge

      Re: Kaspersky has been in the crosshairs for years

      Previously I would have agreed with you but all is fair in love and war. And, mad dictators don't give a shit about something being "too valuable to compromise" - NOTHING is more valuable than them and their ego.

    2. Anonymous Coward
      Anonymous Coward

      Re: Kaspersky has been in the crosshairs for years

      I would have agreed with you earlier, but what Putin is doing now is unprecedented and especially now it's not quite panning out as he was expectig I expect him to start doing weird sh*t just to save his face.

      This doesn't mean that Kaspersky will be forced to cooperate, but the probability exists and as there are plenty alternatives it's worth making the switch.

    3. NeilPost Silver badge

      Re: Kaspersky has been in the crosshairs for years

      https://www.theregister.com/AMP/2020/11/12/crypto_ag_swiss_parliament_report/

      The wholesome NSA??

    4. DCdave

      Re: Kaspersky has been in the crosshairs for years

      Going by the same logic, what we really need is an AV vendor who exposes Russian government exploits, or indeed one that exposes all governments' exploits...

  8. Marty McFly Silver badge
    Pirate

    Kaspersky may not know it...

    Think SolarWinds. Threat actors were manipulating their source code for a year. I imagine it is orders of magnitude easier to get inside a Russian software company from within Russia. Potential ticking bomb with Putin's finger on the button.

  9. ITMA Silver badge

    What's new...

    I uninstalled Kaspersky and kicked it out of my estate some years ago, after it morphed into unreliable, bug ridden bloatware.

    Which was a shame as its facility to schedule WOL so that I could automatically wake up PCs in the middle of the night to do (time consuming) full scans was really useful. But then they broke it and never fixed it.

    Not the only reason it was given the boot (more than one update that utterly crippled PCs) but certainly why it was handed its hat and coat.

  10. Anonymous Coward
    Big Brother

    Who do I trust?

    NSA's comments on Kapersky? No.

    Israel's comments on Kapersky? No.

    Russia's comments on Kapersky? No.

    Kapersky's comments on Kapersky? No.

    Firefox and uOrigin (with a personal filter blocking Russia)? Yes

    1. Phil Koenig

      Re: Who do I trust?

      This reminds me of SMTP admins that used to geoblock entire continents as their method of "anti-spam".

      If the bad Russians really want to get you, your uBlock filter is not going to help you..

      1. Roland6 Silver badge

        Re: Who do I trust?

        >If the bad Russians really want to get you, your uBlock filter is not going to help you..

        Yes, that is one of the problems with botnets, once your system has been fingered and thus become known to the botnet. In a round of whack-a-mole as I've blocked Russian etc. systems so other parts of the world light up as the blocked servers pass the lead on to other botnet members, which wasn't problem until the botnet members included UK and US resident servers...

        Also on many systems, there are more things than a browser talking to and listening to the network...

      2. Yet Another Anonymous coward Silver badge

        Re: Who do I trust?

        >This reminds me of SMTP admins that used to geoblock entire continents

        You say that, but I get very little spam from Antarctica

        1. Lockwood

          Re: Who do I trust?

          Meet hot single penguins in your area!

      3. Anonymous Coward
        Anonymous Coward

        Re: Who do I trust? Let me explain.

        You are absolutely right that if I could harden my PC and phone beyond my browser (and I do).

        But the article and comments were about Kaspersky antivirus and antivirus software in general.

        In the context of Kaspersky, I don't trust any of the comments cited in the article. All were made by groups with their own agendas.

        In the context of antivirus in general, as others have pointed out, they are reactive against known threats and not proactive against unknown threats.

        While I use them, I don't rely on them to keep me safe and no one should. They may stop some malware but they basically serve to warn me after something has gotten through. In this they are like identity theft websites which don't stop my identity from leaking but tell me when it has.

        As far as domain blocking, ElReg's article today on the Ukraine CERT lists the advisories on particular domains (and I sincerely wish someone with more knowledge than me would create a Ukraine Invasion filter for uBlock)

        https://www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/

        Everyone's personal kit should have defense in depth, company kit even more so.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who do I trust?

      Here are some really high tech ideas to look into: proxy and bridgehead.

      Have a nice day.

    3. Bonzo_red

      Re: Who do I trust?

      Can I trust that an unistall has removed all the software without leaving a nasty package or two?

      1. Yet Another Anonymous coward Silver badge

        Re: Who do I trust?

        Waiting for Kapersky to do a John McAfee video explaining how to uninstall ?

        1. Phil Koenig

          Re: Who do I trust?

          Mister McAfee has been permanently uninstalled.

  11. Charles Smith
    Mushroom

    Ivan walks in the same tracks as his Grandfather

    I used to use Kaspersky on my PCs at home and in my small business. I liked the software and its performance, though at times it was a resource hog. At one point I worked in Moscow in a building across the street from the Kaspersky offices. However when Putin invaded the Crimea and also visited Salisbury I decided that Russia was still the USSR but in fashionable clothing. Despite the protestations of the executives at Kaspersky I was always reminded that an assault rifle loaded with 7.62 rounds can be decisive in formulating company policy.

    I de-installed the Kaspersky anti-virus from all machines and replaced it with Sophos. Interestingly when I scanned the file archives with the new AV I found some old virus programs that KAV had missed on my son's gaming PC

  12. lvm

    I wouldn't recommend it to anyone regardless

    It is a well-known fact that Kaspersky defeats virii (yes, I am from *that* time :) by sheer slowing the machine down to the point when they give up and die. I will never forget Eclipse starting in a couple of seconds without Kaspersky and over 3 minutes - yes MINUTES, with.

    1. Glenturret Single Malt

      Re: I wouldn't recommend it to anyone regardless

      "virii" - the plural of the (unknown) word "virius"?

      When I see that, I think of campii, abacii, omnibii, hippopotamii, rhombii etc.

  13. Potemkine! Silver badge

    So for now it's all hearsay, no factual argument, no proof, no smoking gun. I'm not yet convinced Kaspersky is a rogue agent working for Putin.

    Antivirus software, including the associated real-time capable cloud services, has extensive system authorizations and, due to the system (at least for updates), must maintain a permanent, encrypted and non-verifiable connection to the manufacturer's servers.

    For western countries, Kaspersky's servers are in Switzerland. Kaspersky should move its HQ there and severe all the links with Russia, it would make them less prone to that kind of rumours.

    Many AV software are from US origin, with servers in the US. We know what the NSA does. Should we trust them more?

    1. hoola Silver badge

      An awful lot are also from Israel, not exactly a model of openness and freedom as well. It just happens to be the Israel is considered a friend of the US so all is well with the world.

      The current trend for "Modern AV" products such as Carbon Black and Crowd Strike with the hard sell that everything else is rubbish does not help. It is next to impossible to understand what they do and what is detected.

      Heck, when something will not even detect eicar or an aspx shell exploit to verify exclusions are/are not working how do you know it is doing anything?

  14. eamonn_gaffey

    Economic Argument

    I got rid of Kaspersky years ago because it crippled my machine......but for me the argument is not whether Kaspersky is trustworthy, but whether I should be supporting a Russian company with the history that the founders (Mr and ex Mrs Kaspersky) have with the Kremlin. No chance, I will spend my cash elsewhere.

  15. TeeCee Gold badge
    Meh

    I am afraid...

    ...that if the Kremlin says "jump" the answer from Kaspersky will be "Yessir. How high?".

    Of course, it may take a bit of "political re-education" of the senior management to get 'em to respond quickly enough, but it will happen if the fascists want it to.

  16. Anonymous Coward
    Anonymous Coward

    Dumped Kaspersky last week

    I can't very well complain about Russia and that psychotic bawbag running it and then buy Russia products. Bought BitDefender to cover the family estate, I can't see any difference other than my conscience is a little clearer.

    I liked Kaspersky, used it for 3 years on 6 machines, not a blip. I gave it up and let a polite message with the Kaspersky team, "Good product but with the current situation in Europe I'm afraid I cannot support a Russian company in clear conscience. Sorry.", probably most polite they've got recently!

  17. DrXym

    The right time to do this was weeks ago

    As soon as Russia was mobilizing on the border was the time to get rid of Kaspersky. Because although the company might have a reputation to uphold, that counts for little if Russia decides to use it as an attack vector into a bunch of European and US computers. And if the war escalates, you can be damned sure they would even if they have specific targets in their sights.

    The same goes for any other software coming from Russia or Belarus. Even something as innocuous as a game might become an attack vector so why take the risk? If its on the computer, and capable of updating itself, just uninstall or disable that shit and wait for things to calm down.

  18. Mr Larrington
    Windows

    Good luck with that, lads!

    IME removing the unwanted antivirus package you just installed by not paying attention during the install of something you actually did want is only marginally easier than removing actual malware.

  19. ITMA Silver badge
    Devil

    Could be worse...

    One could have installed Norton.... That IS a virus the amount of stuff it breaks and f*cks up....

  20. ProfessorLarry

    Reluctant but Right

    I've known Kaspersky since the days when he was still Yevgeny. I'm inclined to trust him and his software but that putz Putin not at all. My SO has been urging me to ditch KTS for years, but I have never had any problems with it and it always behaved itself. To me it was always a technical decision. Not any more. Today I uninstalled it on all my machines and replaced it with Bitdefender. We'll see how that story goes. I've worked in Russia both before and after the fall of the Soviet Union, and I still have friends there. I feel badly that so many innocent, good Russians will pay for the actions of a maniac.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like