Kaspersky? Reputation?
An industry rife with evil scum.
McAfee, Symantec, Kaspersky.
Yuck, yuck, yuck.
Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
.. mainly because Kaspersky has been the most straight player of them all with its steadfast refusal to whitelist government spyware (over the last 2 decades or so).
If it is true at all it would be a local effort - Eugene Kaspersky himself would not stand for these tactics. There is, however, another explanation: this could also be a tactic of the less straight players to get their own warez back in play, with whitelisting and all.
The problem is, of course, that we don't know either way, but the story doesn't fit the way Kaspersky is directed. It's too out of character, and it's not like Kaspersky needs to resort to these tactics to turn a profit.
Go back to the early days of Kaspersky. There was a virus that no one else had caught and suddenly this "unknown" company in Russia hit the mainstream media headlines about detecting it. There was a lot of suspicion in the IT world that Kaspersky created it, launched it on the world, then announced that they "spotted it" and were able to "protect" you from it. A rather nasty critter that virus as I recall.
But then, the whole industry has had rumors of similar shenanigans...
This whole thing whiffs a bit. Unknown original player? There's lots of reasons to get people to turn their antivirus off. Ex-employees with presumably some disgruntlement. Kasperski certainly would benefit by doing this, but so would lots of other people...even an own-goal against your own company if you could point the finger afterwards.
I'm just not going to believe a syllable anyone says, I think.
It doesn't *sound* right at all from a technical perspective. If it was happening people using alternative products would be making noise about it that's for sure. The core malware samples that engines use to classify code will be guaranteed to be actual malware or the system fails; I can't see this working any other way - why would any vendor trust crapware just because it's uploaded to VT anyway? They wouldn't that's why.
It might well be true Kaspersky tried it; what is highly suspicious are any potential claims it actually worked.
I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.
I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.
The guy is a mathematician by training, got into computers at a time where the Russians were barred from having anything powerful and thus learned to be really efficient, and he refused to play ball with other regimes that would like to have their spyware whitelisted. This also happened at a time when Windows was a leaky bucket of crud, so it needed all the help it could get and Internet hacking started to emerge. Two decades later, Windows is still a leaky bucket of crud, by the way.
Even a nut like McAfee could make money that way, and Kaspersky (and then wife) were reasonable business people to start with. No special treatment needed.
Sounds like a three (or four, depending on your region) letter agency to me.
Remember, Kaspersky pissed off the five eyes by not complying with their requests.
It is claimed Kaspersky engineers took harmless Windows operating system files, manipulated them to appear as though they contained malware, and uploaded them to VirusTotal. The aim was to deceive non-Kaspersky antivirus engines into treating those system files as dangerous
I fail to see how this is possible. If you "manipulate Windows operating system files", they no longer ARE Windows operating files. And how does this deceive other antivirus engines? Does one mark certain strings in those files and tell the other engines "if you see those strings, quarantine the file"? And they do it? In the age of polymorphic virus, no less?
If you start getting false positives on OS files, then you have a big problem, and it has nothing to do with someone poisoning your well. It's more along the lines of being lazy or not having the right conduit to Microsoft.
Genuine question: no axe to grind either way:-
How would you manipulate a file to make it appear as though it contained malware?
I can think of three ways:-
(1) Give it a different name.
(2) Alter its content.
(3) Copying it to a different location
If this were done then it would certainly be a candidate for suspicion, and if such a file were to be quarantined there can be no criticism whatsoever of the vendor that did the impounding: it IS a suspicious file. Ok, impounding a file that had been altered (see (2) above) could brick the host pc, but surely the AV community should be sensible enough not to impound essential files without pointing out the implications first? Ah, maybe THIS is the problem. Well, if it is, maybe Kaspersky should be congratulated for bringing this kind of problem into the open(?)
So the revised question to be asked is: Who manipulated the file in the ways mentioned above, on the target pc, and how: that is the source of the presumed malware. If the Kaspersky engine were found on all machines that had the suspicious file on them, surely a test can easily be setup to prove that the Kaspersky engine made the change.