In a little bit of cross-site synergy for the evening, Paul Wagenseil from our sister site Tom’s Guide has put together an interesting report discussing the recent developments surrounding Kaspersky Lab and the company’s antivirus software, which in recent days has been accused of spying on behalf of Russia’s intelligence services. Software & services is not really in AnandTech’s editorial purview, but I thought this was an interesting article that was worth sharing.

As a bit of background, Kaspersky Lab has been under the proverbial microscope off and on over the past half-decade or so due to concerns about close ties to the Russian government amidst ongoing geopolitical issues. More recently, on October 5th, the Wall Street Journal published an article claiming that Russian identified files from the United States National Security Agency (NSA) using Kaspersky Lab’s antivirus software, then using that information to steal said files. This has in turn called into question just how complicit Kaspersky Lab may have been in the endeavor, and whether their antivirus software is safe to use on consumer systems.

Writing for Tom’s Guide, Wagenseil reached out to a number of experts in the security field, ranging from the Electronic Frontier Foundation to former NSA staffers in order to get a broad look at the issue. Due to a lack of direct evidence in the matter – all of the major stories written so far have been based off of anonymous sources in the US government – there’s little in the way of hard facts to deal with. However across all of Wagenseil’s respondents, both named and unnamed, most agreed that people and businesses working in sensitive matters should not use Kaspersky Lab’s software, essentially taking a “why risk it?” stance on the matter. Things are a little less obvious for consumers however; some respondents recommended against the software entirely, while others noted that consumers probably aren’t the target of Russian signals intelligence efforts.

One notable and broad point that was made, however, is that regardless of Kasperksy Lab’s involvement, similar risks exist with all antivirus software. All modern AV software includes telemetry for reporting on new software as a means to more rapidly detect new forms of malware, and due to the deep reach of AV scanners, those telemetry processes can access virtually any piece of software or documents. So for the paranoid – or even just the privacy minded – disabling telemetry can help to reduce the risk at least somewhat by terminating regular reporting to AV software vendors, which in the case of Kasperksy Lab, is how the attack was believed to be carried out.

In any case, you can find more on this interesting matter and on the security experts’ responses over at Tom’s Guide.

Source: Tom's Guide

Comments Locked

61 Comments

View All Comments

  • shabby - Friday, October 13, 2017 - link

    So an nsa contractor took some classified files home... who cares about this tidbit right?

    Anyway i'm pretty sure the russian's also aren't using any software made in america because the nsa probably knows the ins and outs of it too, so if some kgb schmuck put some classified files on his win 10 machine with full telemetry enabled and intel management engine enabled i'm sure the nsa would have some insight on it too. Nothing new here, both sides do it, move along.
  • Zok - Friday, October 13, 2017 - link

    Da. Problem no here. Move along, comrade.
  • Notmyusualid - Saturday, October 14, 2017 - link

    @ Zok

    Was thinking something similar.
  • edzieba - Saturday, October 14, 2017 - link

    NSA malware is still malware after all. If your AV software flags up a machine with a pile of malware incorporating several unknown 0-days and a bunch of documentation for the frameworks that malware uses, then that is something that SHOULD be investigated, regardless of whether that malware may originate.
  • BedfordTim - Saturday, October 14, 2017 - link

    If some idiot contractor develops malware on a machine with Kaspersky installed, it would be disturbing if they didn't report it to the authorities. The reassuring thing is that the AV spotted his work.
  • edw - Sunday, October 15, 2017 - link

    The takeaway here is that Kaspersky correctly identified a formerly unknown (NSA-) Maleware as dangerous software. The heuristik worked.
    So if you're looking for a good AV software that also can deal with unknown Maleware - get Kaspersky. Especially if you might be a target of NSA - i.e. the whole rest of the world.

    PS: Thanks NSA for publically confessing that you 1) still produce Maleware and 2) still have serious security problems with contractors taking home very sensitive work to unsecure computers.
  • usernametaken76 - Thursday, October 19, 2017 - link

    No thanks, I prefer my spying done by the government through which I pay taxes.
  • mikato - Friday, October 20, 2017 - link

    "So an nsa contractor took some classified files home... who cares about this tidbit right?"
    I don't think nobody cares about that. The article just isn't about that. You are changing the subject.
  • RaichuPls - Friday, October 13, 2017 - link

    Just asking, but are we going to see any reviews this side of 2017/2018? A10 Deep dive, iPhone 8, U11, S8, Note 8, GTX 1050/Ti, Macbook Pros, iPad Pro etc...
  • Ryan Smith - Friday, October 13, 2017 - link

    iPhone 8: Yes
    U11: No
    S8: Yes (already did it)
    Note 8: Later this year
    GTX 1050/Ti: We'll do something once we add the low-end cards to GPU Bench 2017, but not a full review
    Macbook Pros: Later this year
    iPad Pro: Likely not

Log in

Don't have an account? Sign up now