I honestly don’t know.
But there are a couple of observations I’d like to share about the situation; perhaps they will allow you to come to a decision.
These are politically charged times, without a doubt, particularly when you mention Russia. And the “truth” you’re looking for? I’m not sure we’d recognize truth if it slapped us in the face.
Become a Patron of Ask Leo! and go ad-free!
This is nothing new
I think it’s important to realize that this is nothing new at all.
As long as Kaspersky has been around, and as long as it’s been well publicized that they have Russian ties, there have been statements ranging from mild concern to outright accusations of spying or other underhanded deals. To the best of my knowledge, not once has any of it come close to being substantiated.
Naturally, with the current political issues relating to Russian involvement in things that perhaps they ought not to, these accusations are making headlines once again. It’s not in the least bit surprising, but as I said, it’s really nothing new.
It’s not limited to Kaspersky
Any company with ties or headquarters outside of the U.S. comes under scrutiny.
Another common target is EaseUS – the makers of EaseUS Todo, backup software that I recommend, as well as other disk and system utilities I and others often recommend for a variety of reasons. EaseUS is headquartered in China, and some have expressed concern that they might be spying or hacking on behalf of the Chinese government …
… almost exactly the same claims leveled at Kaspersky, with the same results: to the best of my knowledge, nothing has ever been proven.
Kaspersky denies it all … of course
Kaspersky denies it all, but then, that’s exactly what you’d expect them to say. That they say it sways no one.
They down-play their Russian connection. The Kaspersky website, for example, says:
Founded in 2004, Kaspersky Lab North America is a Massachusetts corporation and is a wholly-owned subsidiary of its holding company, Kaspersky Labs Limited, based in the United Kingdom.
Searching the Kaspersky website from within the United States, it’s nearly impossible to locate or view pages containing any reference to Russia. Only via Google’s cache of the primary contact page1 can we see that Kaspersky is headquartered in Moscow.
Are they hiding something? Or are they simply reacting in a reasonable way by focusing on their international and UK connections? Both approaches seem at least plausible.
If it ain’t broke?
Kaspersky has a good reputation as an anti-malware tool. In fact, their labs are frequently on the forefront of malware discovery.
The software generally gets good reviews, and they have many, many happy customers around the globe.
There’s a very strong argument that says if it’s working and working well, leaving things be is a pragmatic approach.
If you remain concerned
But …. Russia! (Or China! Or whatever country isn’t your country.)
If you remain concerned about the possibilities, there are many alternatives. I generally recommend Windows Defender, already included in Windows 10, as being quite sufficient, and of low impact for the majority of users.
But there are many, many valid and respectable alternatives. If it helps you sleep at night, switch to something else.
What I would do
If I were in your shoes, here’s what I would do:
- I would continue using Kaspersky. It sounds like it’s done well for you, and that track record counts for a lot.
- I would not pay much attention to alarmist press. They’re all about getting headlines and clicks, and particularly in today’s politically charged environment, nothing gets more attention than the potential for Russian spying. It’s impossible to know The Truth these days, but making things up, or sensationalizing even the most trivial rumors, is one way news and not-quite-news sites get attention to try to make money.
- I would keep paying attention to sources I already trust. If that’s Ask Leo!, great. If it’s some other site or source, fantastic. If something actually happens — if there’s ever truly proof, if suspicions are confirmed, or if there’s anything at all to worry about — you can be assured that legitimate sites2 will cover it in detail, without over-sensationalizing it.
Podcast audio
Download (right-click, Save-As) (Duration: 6:05 — 5.6MB)
Subscribe: Apple Podcasts | Android | RSS
Every thing said here makes good points but when it comes to security, my experience shows that staying close to the original source is often the most secure. That’s why I believe that using the pre-packaged windows defender will provide the easiest and possibly the most secure alternative. I would also say that the very most secure method is to keep secrets totally off of the web. You might also consider using an external source for your storage, not the cloud but a thumb drive or external disc. I know its not practical to have multiple computers but in this day when we buy new every few years why not retain the old but keep it off of the web. You can always transfer files to your web computer if needed. Yes this is cumbersome but if security is your concern then I’m pretty sure the only true way is to be isolated from the web. At least this would make restoring a contaminated computer much easier. Just a thought and I’m sure not very well put.
That’s a good point. Windows Defender is what Leo recommends and he and I use. I’ve resuscitated several impossibly slow computers by uninstalling the AV program they were using and replacing it with Defender. And if you trust Microsoft Windows, you automatically have to trust Defender, because with Windows running on your machine, they can compromise your data in so many ways (I’m saying this theoretically to demonstrate my point), they don’t need Defender to do it.
And if you don’t trust Microsoft, there’s always Linux.
As far as I am aware the only way of knowing if any software is secure is to use free open source software that has been created by free open source software (languages compilers etc), as it can be scrutinised.
The inverse of this, Proprietary software, cannot be scrutinised, as it’s program code is re-coded (Linked and Compiled, so usually only readable by a computer) and is protected by laws, so you have no idea what that software could be capable of doing.
Unfortunately I’m not aware of a free and open-source security package. I know ClamAV (https://www.clamav.net) is out there, but my understanding is that it doesn’t measure up to the commercial packages. 🙁
Re: “Proprietary software, cannot be scrutinised”
For general interest — and *not* to nit-pick — there *are ways* to scrutinize software without having access to source code: decompilation and other reverse engineering techniques, sandboxing and observation… maybe others, not my area. It’s the same techniques used when investigators study malware.
The question is whether these techniques have been turned on “normal” programs, even AV SW, like Kaspersky. I’m going to hazard a “yes” and postulate that that’s how malware *developers* find their exploits. So maybe the real question is *who* is doing such investigation, and whether they’re likely to release their results to the public.
“To the best of my knowledge, not once has any of it come close to being substantiated.” playing Devil’s advocate here, I’ll say, “Of course not, they’re FSB spies and are professional at not getting caught.”
Bottom line, fake news is everywhere, and it’s getting harder and harder to sort the truth from the BS. We just gotta be as careful as we can. I’ll stick with Defender. I trust Microsoft, but they literally can get access to anything on our computer, so Defender is the last thing they’d use.
Just another twist on this argument, but some of us live outside the USA and might regard any American-owned security offering with some suspicion as well 🙂
As I mentioned in other comments, if you use Windows, Defender is your safest option. Microsoft already has the capability of getting all your data, and Defender wouldn’t increase that capability. I’m not saying they do. In fact I don’t believe they do, but they can. 🙂
Indeed, I chose at least some of my language (“Or whatever country isn’t your country.”) with that in mind.
Hahahaha!!!
Hi Leo – Just an FYI. When I clicked your Brian Krebs link in footnote 2, above, I got this message: “The owner of krebsonsecurity.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.” It seems unlikely that it would matter, but I backed out, “better safe than sorry.”
I just clicked on that – in Firefox no less – and it worked fine. Goes to https://krebsonsecurity.com/
It might be a problem with your browser’s cache.
I’ll suggest you start with this article that has steps to troubleshoot common browser-related issues.
https://askleo.com/dealing-with-browser-problems/
Clearing the browser cache would be the first thing to try as a corrupt cache is the cause of most browser problems.
Sadly these days they don’t have a lot of credibility in my eyes. Especially when it comes to matters of technology.
“Any company with ties or headquarters outside of the U.S. comes under scrutiny.” Actually any company regardless of where their headquarters are located can be suspect. As Leo often says, if malware is installed on your computer, it can do anything. Theoretically, any program can be a Trojan horse. So, if we want to be paranoid, any program installed on your computer can be malware and do just about anything. We just have to determine who we trust with access to our computer. That’s why, at the moment, I’ll stick with Windows Defender. MS already has all the access the could possible get and they don’t need Defender to get that access. And yes, I tend to trust Microsoft, at least now.
I’ve used Kaspersky as part of my security suite for many years with a great deal of success.
I have less fear about them than I do GCHQ and the NSA, Google, Miscrosoft and others snooping into my day-to-day online activities. I know I categorically cannot trust my own government to have my best interest at heart so a corporation that is actually known to be pretty good to keep me safe seems to be a good thing, regardless of where it originates.
Absolutely. Nowadays. most if not all governments snoop on their own citizens. so what the heck. Anyways an average individual has nothing to fear.
As Leo has often said, ENCRYPT if you are afraid someone might snoop or hack. Eventually, anything can be hacked, but is it worth it to the hacker?
Encryption wouldn’t help if a program is inside your system sending all of your keystrokes, screen shots and pretty much anything you do on your computer to them.
Everyone is focusing on a single path solution. Who do you trust more, Americans or Russians? Probably best not safe to trust either completely.
But for passwords we have two factor authentication. Belt and braces. What is the parallel in computer protection software?
It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time. So can I apply a ‘belt and braces’ strategy to protection? Can I securely run two different protection software programs at the same time, each checking the other?
What would you suggest to give my system ‘belt and braces’ protection against a single rogue protection software program?
“It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time.” As a statistics teacher, I can give you the probability. For example, if the probability of being attacked by the Russians is 30% and the probability of being attacked by the Americans is 25%, then the probability of being hacked by both are P(A and B) = P(A) x P(B) = .25 x .30 or 7.5%. The probability of being attacked by at least one are P(A or B) = P(A) + P(B) – P(A and B) or .30 + .25 – .075 = .55 – .075 = 47.5%
As I’ve been saying in other comments the safest antivirus is Windows Defender (MSSE in older Windows versions) because the probability of MS using Defender to hack your data is likely 0, because they already have access to everything on a Windows computer, and Windows Defender wouldn’t add to that. I’m not saying that to be alarmist, it’s just that the probability of malware increases with each program you install. So the belt and braces solution I’d recommend is stick with Defender, stay away from questionable websites, and only install software you know and trust. And don’t worry about 3 letter agencies. If they want your information, they already have it 🙂 .
Mark,
Thanks, that’s a great and entertaining reply. I can see the sense in the Defender Argument. But the flaw in your approach might be that the threat from Agency A will likely be different to Agency B at any one time. For example, CIA might want to see if I have Item 1 (say links to person X) during say one week, whilst KGB might be doing Item 2 (say want to install spyware in Product ZZZ) during another week. I.e. two independent phenomena. I assume its unlikely that both agencies will do the exact same probe at the same time. So isn’t my solution of two protection agents, each testing each other continuously, a better solution than suggested by your probability calculation?
I do actually trust US much more than most other governments, but I guess I have to assume the worst for all in this debate. I think however that all the anti-virus companies need to address the issue of trust better, at least until we find an Alice and Bob solution to all this.
Anyway, is there a way to do this in practice. Do I achieve something similar with for example running Kaspersky with Malwarebytes Premium side by side; do they watch each other?
Thanks for your kind reply again.
The problem with having more than one AV program running in real time is that they can conflict with each other. Additionally, 3 letter agencies would very likely be able to create undetectable key loggers. This would especially be the case with AV programs as they have to be constantly accessing the internet to be able to get the latest updates.
Anyone depending on Microsoft Defender as their only protection is a naive fool. Period.
Actually, anyone depending on any antivirus as their only protection is a naive fool. There’s a lot more to internet safety than just your AV.
https://askleo.com/internet_safety_7_steps_to_keeping_your_computer_safe_on_the_internet/
Well, that’s insulting.
To be clear, you also need to rely on yourself to not do things that bypass your security solutions, or do things that put you at risk. Defender is my only security software and I consider myself neither naive or a fool. But it’s part of a large strategy that keeps me quite safe: https://askleo.com/internet_safety_7_steps_to_keeping_your_computer_safe_on_the_internet/
Yes, that was insulting, and a poor reflection on Dave G who didn’t have any alternatives to suggest. But back to Windows Defender. It’s a fact that Defender (and the associated Microsoft Malicious Software Removal Tool – MSRT) don’t catch as many malware items as other malware tools, at least not during a scan. Microsoft explains this by saying that it only goes after the big fish and doesn’t report on minor malware or PUP and looks for malware it considers to be currently prevalent. This admission is disconcerting. Also, recently a bug seems to have crept into the MS malware tools during scan: if you watch the status during a scan, it will tell you that it has detected something, but when the scan ends, it says “nothing found”. This problem has also been reported about Defender. If Defender and MSRT find and immediately remove malware without reporting the details, then that’s a problem too. It’s good to have Defender as a real time, background malware tool, but use other tools to scan every so often. The advantage of Defender as a real time tool is that it has a small footprint (in terms of memory and CPU usage) and not too many confusing and esoteric setting options.
“Microsoft explains this by saying that it only goes after the big fish and doesn’t report on minor malware or PUP and looks for malware it considers to be currently prevalent.” – WD is indeed less effective than other tools, especially when it comes to detecting complex/advanced threats. It’s a trade-off: on the one hand, WD is free, easy to use, light on resources and non-intrusive; on the other hand, its detection capabilities are below par.
If you’re a competent user and unlikely to expose yourself to risk, WD may be the best option (it’s unlikely to ever need to spring into action); if you’re not a competent user or share your computer with people who are not, then WD may not be the best option.
I have read recommendations that it is best to stick with 1 (one) active AV/Malware/etc solution that you are comfortable with for your daily security. I have also read that adding more that one active AV/Malware/etc running simultaneously can end in very bad results with 2 (or more?) programs fighting with and detecting each other into a potential death spiral. Too many times Bob Rankin has mentioned this situation as people ask computer related questions. I have not personally experienced this, but have avoided the situation to begin with… (KISS) I have used upon occasion ‘Stinger” or “MBAM” as a run once solution to detect potential threats that I think maybe my regular choice might have missed. So far I have not had too much in the way of headaches, just the occasional pups that seem benign in nature (adverts).
I wanted to add that I kind of liked the idea of using an older computer for a back up machine that is not internet connected… Is there a yah or nay on this idea? A pro verses con discussion?
Very interesting Russ on running duplicate AV type scanners. I have a cyber business and have also installed about 900 copies and installed them with Kaspersky. However, you are correct in that there is mostly a conflict with both Virus programs attempting to scan the same i.e. file where very strange outcomes can emerge. One big issue is speed of your computer will be reduced. If you run an SSD and have fast HW you may not notice the impact. For most AV programs they highly recommend not running two at the same time. As for Kaspersky, many times it won’t even install until you remove the other AV program. However, with Defender, ESSET disables defender from even running. However not to confuse things, I have been able to run the defender scan with Kaspersky but I don’t let it execute after I let it scan with the latest DAT files and updates. Basically I stop Kaspersky, then I execute Defender but to date it has never found anything at all. But Kaspersky has saved my systems dozens of times!!! Plus I like the multiple updates per day with Kaspersky as they work their butts off there. And yes, clone your main drive and back up your data!! Drives are cheap and worth the effort.
In your latest book, The Ask Leo! Guide to Online Privacy, you say:
“The most important take-away, however, is not that Microsoft may or may not be trustworthy; it’s that every operating-system vendor has the power do any or all of this, with or without letting us know. The amount of trust we place in any OS vendor to properly manage our privacy and security is enormous.”
This may sound alarmist, but isn’t that true, to a lesser degree, with any program you install? Once you click yes to the UAC, you’ve given that installation program administrative rights on your machine and at that point, it is capably of doing anything on your machine.
Still using Kaspersky and have NO plans to stop. These spying allegations are unfounded and without evidence.
I agree that the allegations have no evidence to back them up but just to be on the safe side, I stay away from Russian software.
Kaspersky disable when using bank account never relay on Kaspersky