Saturday, August 15, 2015

Code Red Moscow

On Monday in the car on the way home, I heard an NPR story on Kaspersky Labs, the Russian anti-malware firm (which, as NPR host Melissa Block pointed out, is a sponsor of NPR).  The story was a piece about how Kaspersky's ties to Moscow and Vladimir Putin made it something of a boogeyman in the anti-virus world, but that the firm was dedicated to beating viruses.

MELISSA BLOCK, HOST: So the U.S. government doesn't buy from Kaspersky, or other foreign companies, but American consumers can buy whichever anti-virus software they'd like. Joining me to talk about how these computer security companies do their work is NPR tech reporter Aarti Shahani. And, Aarti, let's start with Kaspersky, which, as we mentioned earlier, is a corporate sponsor of NPR News. We heard Corey say that people have raised concerns about the work that this company has done for the Russian security services. Does that mean American consumers should be wary of Russian spying? 
AARTI SHAHANI, BYLINE: (Laughter) No. That's really not what it means at all. Kaspersky has millions of users, and their software is a published product, which means that outsiders can reverse engineer it. Plenty of people are pouring over Kaspersky and all the other major anti-virus software trying to find weaknesses so they can be fixed. It's not in the business interest of the company to leave in some obvious backdoors as a favor to hackers, you know, Russian intelligence or otherwise. Researchers in the community would find it and fry them for it. That's pretty much the consensus among the experts I've interviewed.

I thought the timing was rather odd for NPR to go out of its way to say that Kapersky was one of the good guys.  Aarti Shahani's explanation made sense: if nobody trusted Kapsersky, nobody would use the product.


Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees
They said the secret campaign targeted Microsoft Corp, AVG Technologies NV , Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers' PCs. 
Some of the attacks were ordered by Kaspersky Lab's co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said. 
"Eugene considered this stealing," said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation. 
Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives. 
"Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," Kaspersky said in a statement to Reuters. "Such actions are unethical, dishonest and their legality is at least questionable." 
Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

 If this is true, Kaspersky may not be spying on you for Putin, but he's just a colossal asshole instead.  Either way, I'm still not using his products.

No comments:

Post a Comment