Kaspersky, Russian Agent or just Russian?
With all the mess that seems to be raging about the validity of Kaspersky AV products, I thought I would pen (yet) another opinion piece.
Latest news around the tube is that Israel hackers had broken into Kaspersky's infrastructure and found evidence of Russian government actors inside looking for information that could be used for geopolitical interests.
First, a couple of things... AV software, being generally seen as a necessary evil, is installed on practically ALL system (well if not, it probably should). Why is this? Simple, due to the ubiquity of malware with all sorts of purposes, it is a significant threat. Most (if not all) cyber attacks either start with, end with, or are comprised entirely of malware. AV is so universal due to that threat.
If you are a home user, that is pretty much where the threat model ends. So what do you do? You go and install the best protections you can afford and effectively work with. Kaspersky has show in many tests to be highly capable in this regards. It has been shown to have very high coverage, extremely low false positives, low system impact, and fast new signature releases (http://chart.av-comparatives.org/chart1.php)
I personally suggest Kaspersky for this standard use-case. Why? Simple, it works. Is it for everyone? Of course not. Why? Well just read on! :)
Now how about for other use cases? If you are a business? Well again, depends on the threat model you are protecting against. Standard business with a very small amount of intellectual property? Probably similar to a home user. If you have LOTS of very sensitive intellectual property, then different decisions may need to be made. Does this mean no Kaspersky? Well if you are a Russian company, I would hazard a guess you are probably not as worried. If you are a US company, maybe.
This brings us to another point... Russian government actors inside of Kaspersky. Does any one else remember when the US government was intercepting Cisco shipments to other countries to install backdoors? (https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/) If anyone tries to make believe that other countries do not do similar things given the opportunity, there are lots more examples to be shown. AV companies are all of high interest to hackers. AV is everywhere, and has access to everything. As an occasional pentester, AV is my FAVORITE target. Nothing like turning a protection around on itself.
So this brings us back to, "what do I do?" Well my main suggestion is to consider what you have of value that would be enticing to steal? If you have lots, then perhaps using a reputable AV company with offices and infrastructure belonging to our own country. US? Try using a US company. Russia? Try using a Russian company.
Lastly, the whole point of this is simple. AV software is a required protection mechanism. However it is also a threat vector. Always consider everything when looking at your risks.
Don't give into FUD, for FUD is a path to the dark side!
D
