Old allegations get renewed focus.
I honestly donât know.
Updated March 2022. I still donât know.
But there are a couple of observations Iâd like to share about the situation; perhaps they will help you come to a decision. Iâll also share what I would do in your situation, which has changed as of this update.
Become a Patron of Ask Leo! and go ad-free!
Kaspersky, yes or no?
Ultimately, the risk is not whether Kaspersky is or has been spying on us. The real risk is that being headquartered in Russia, if it might be forced to do so in the future. With so many alternatives available, thereâs little reason to take the risk.
This is nothing new
As long as Kaspersky has been around and as long as itâs been publicized that they have Russian ties, there have been statements ranging from mild concern to outright accusations of spying or other underhanded deals. To the best of my knowledge as of this update, not once has any of it been substantiated.
Naturally, with the current political issues relating to Russia, these accusations are making headlines once again.
Even to the point that the U.S. government has warned against Kaspersky.
Itâs not limited to Kaspersky
Any company with ties or headquarters outside of the U.S. comes under scrutiny.
Another common target is EaseUS the makers of EaseUS Todo (one of the backup software packages I recommend) as well as other disk and system utilities I and others often recommend. EaseUS is headquartered in China, and some have expressed concern they might be spying or hacking on behalf of the Chinese government.
The same claims leveled at Kaspersky, with the same results: to the best of my knowledge, as of this update, nothing has ever been proven.
Kaspersky denies it all ⊠of course
Kaspersky denies it all; but then, they would hardly come out and admit it if it were true.
They downplay their Russian connection. The Kaspersky website, for example, says:
Founded in 2004, Kaspersky Lab North America is a Massachusetts corporation and is a wholly-owned subsidiary of its holding company, Kaspersky Labs Limited, based in the United Kingdom.
Searching the Kaspersky website from within the United States, itâs nearly impossible to locate or view pages containing any reference to Russia. Only via the Internet Archive snapshots of the primary contact page can we see that Kaspersky is headquartered in Moscow.
Are they hiding something? Or are they simply reacting in a reasonable way by focusing on their international and UK connections? Both approaches seem plausible.
2022: Russia and Ukraine
Even though Kaspersky has a good reputation as an anti-malware tool, the risk may have become too great.
With the current political turmoil in eastern Europe and Ukraine, the concern grows that the Russian government could force Kaspersky to do exactly the kinds of things weâve been worrying about.
As I said, thereâs no proof that they have, but the possibility remains: they could.
What I would do
If I were in your shoes, hereâs what I would do:
- I would now uninstall Kaspersky, just to be safe.
- I would allow Microsoft Security, aka Windows Defender, to become my primary security suite. In Windows 10 and 11, that should happen simply by uninstalling Kaspersky.
- If Microsoft Security isnât something you want, I mention several additional alternatives in What Security Software Do You Recommend?
It feels a tad alarmist and might be an overreaction, but all things considered, there is a possibility of malfeasance. Thereâs simply no reason to take the risk.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Every thing said here makes good points but when it comes to security, my experience shows that staying close to the original source is often the most secure. Thatâs why I believe that using the pre-packaged windows defender will provide the easiest and possibly the most secure alternative. I would also say that the very most secure method is to keep secrets totally off of the web. You might also consider using an external source for your storage, not the cloud but a thumb drive or external disc. I know its not practical to have multiple computers but in this day when we buy new every few years why not retain the old but keep it off of the web. You can always transfer files to your web computer if needed. Yes this is cumbersome but if security is your concern then Iâm pretty sure the only true way is to be isolated from the web. At least this would make restoring a contaminated computer much easier. Just a thought and Iâm sure not very well put.
Thatâs a good point. Windows Defender is what Leo recommends and he and I use. Iâve resuscitated several impossibly slow computers by uninstalling the AV program they were using and replacing it with Defender. And if you trust Microsoft Windows, you automatically have to trust Defender, because with Windows running on your machine, they can compromise your data in so many ways (Iâm saying this theoretically to demonstrate my point), they donât need Defender to do it.
And if you donât trust Microsoft, thereâs always Linux.
As far as I am aware the only way of knowing if any software is secure is to use free open source software that has been created by free open source software (languages compilers etc), as it can be scrutinised.
The inverse of this, Proprietary software, cannot be scrutinised, as itâs program code is re-coded (Linked and Compiled, so usually only readable by a computer) and is protected by laws, so you have no idea what that software could be capable of doing.
Unfortunately Iâm not aware of a free and open-source security package. I know ClamAV (https://www.clamav.net) is out there, but my understanding is that it doesnât measure up to the commercial packages. :-(
Re: âProprietary software, cannot be scrutinisedâ
For general interest â and *not* to nit-pick â there *are ways* to scrutinize software without having access to source code: decompilation and other reverse engineering techniques, sandboxing and observation⊠maybe others, not my area. Itâs the same techniques used when investigators study malware.
The question is whether these techniques have been turned on ânormalâ programs, even AV SW, like Kaspersky. Iâm going to hazard a âyesâ and postulate that thatâs how malware *developers* find their exploits. So maybe the real question is *who* is doing such investigation, and whether theyâre likely to release their results to the public.
âTo the best of my knowledge, not once has any of it come close to being substantiated.â Iâll say, âOf course not, theyâre FSB spies and are professional at not getting caught.â According to Russian law, companies are obligated to assist the FSB when asked.
Bottom line, fake news is everywhere, and itâs getting harder and harder to sort the truth from the BS. We just gotta be as careful as we can. Iâll stick with Defender. I trust Microsoft, but they literally can get access to anything on our computer, so Defender is the last thing theyâd need.
Just another twist on this argument, but some of us live outside the USA and might regard any American-owned security offering with some suspicion as well :-)
As I mentioned in other comments, if you use Windows, Defender is your safest option. Microsoft already has the capability of getting all your data, and Defender wouldnât increase that capability. Iâm not saying they do. In fact I donât believe they do, but they can. :-)
Indeed, I chose at least some of my language (âOr whatever country isnât your country.â) with that in mind.
As a non American how can I trust any software from the US? CIA/NSA/Homeland Security can be using any of the US based companies as a spy tool. And what about the likes of CISCO? This companies products are used around the world so what stops these having software that is used to spy on the rest of the world?
In some ways, the average American has more to worry about with US software. Russia isnât interested in the average Americanâs information. ;-) But seriously, itâs almost a certainty Kaspersky is spying on Ukrainian people, and I hesitate to use the word almost. When I was in Ukraine, everybody I knew used Kaspersky. Yevgeny Kaspersky was trained by the KGB.
âThe companyâs relationship with the Kremlin has never been clear, though Western experts on Russia think thereâs no way Eugene Kaspersky could have become a billionaire without having reached an understanding with the government. Under Russian law, any company must open its communications lines to the authorities upon request.â
Hi Leo â Just an FYI. When I clicked your Brian Krebs link in footnote 2, above, I got this message: âThe owner of krebsonsecurity.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.â It seems unlikely that it would matter, but I backed out, âbetter safe than sorry.â
I just clicked on that â in Firefox no less â and it worked fine. Goes to https://krebsonsecurity.com/
It might be a problem with your browserâs cache.
Iâll suggest you start with this article that has steps to troubleshoot common browser-related issues.
https://askleo.com/dealing-with-browser-problems/
Clearing the browser cache would be the first thing to try as a corrupt cache is the cause of most browser problems.
Sadly these days they donât have a lot of credibility in my eyes. Especially when it comes to matters of technology.
âAny company with ties or headquarters outside of the U.S. comes under scrutiny.â Actually any company regardless of where their headquarters are located can be suspect. As Leo often says, if malware is installed on your computer, it can do anything. Theoretically, any program can be a Trojan horse. So, if we want to be paranoid, any program installed on your computer can be malware and do just about anything. We just have to determine who we trust with access to our computer. Thatâs why, at the moment, Iâll stick with Windows Defender. MS already has all the access the could possible get and they donât need Defender to get that access. And yes, I tend to trust Microsoft, at least now.
âTheoretically, any program can be a Trojan horse.â
Hey, at that rate, and for all we kbow, Windows itself might be a Trojan or some other type of malware!
(And Iâm quite certain that there will be people who have always thought this.)
Iâve used Kaspersky as part of my security suite for many years with a great deal of success.
I have less fear about them than I do GCHQ and the NSA, Google, Miscrosoft and others snooping into my day-to-day online activities. I know I categorically cannot trust my own government to have my best interest at heart so a corporation that is actually known to be pretty good to keep me safe seems to be a good thing, regardless of where it originates.
Absolutely. Nowadays. most if not all governments snoop on their own citizens. so what the heck. Anyways an average individual has nothing to fear.
Perhaps not yet!
It depends where you are. Iâm sure Ukrainians using Kaspersky would be a target. When I lived in Ukraine 22 hears ago, everybody I knew was using Kaspersky. I wouldnât be surprised if itâs been weaponized for this war. In fact, Iâd be surprised if it werenât.
As Leo has often said, ENCRYPT if you are afraid someone might snoop or hack. Eventually, anything can be hacked, but is it worth it to the hacker?
Encryption wouldnât help if a program is inside your system sending all of your keystrokes, screen shots and pretty much anything you do on your computer to them.
Everyone is focusing on a single path solution. Who do you trust more, Americans or Russians? Probably best not safe to trust either completely.
But for passwords we have two factor authentication. Belt and braces. What is the parallel in computer protection software?
It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time. So can I apply a âbelt and bracesâ strategy to protection? Can I securely run two different protection software programs at the same time, each checking the other?
What would you suggest to give my system âbelt and bracesâ protection against a single rogue protection software program?
âIt is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time.â As a statistics teacher, I can give you the probability. For example, if the probability of being attacked by the Russians is 30% and the probability of being attacked by the Americans is 25%, then the probability of being hacked by both are P(A and B) = P(A) x P(B) = .25 x .30 or 7.5%. The probability of being attacked by at least one are P(A or B) = P(A) + P(B) â P(A and B) or .30 + .25 â .075 = .55 â .075 = 47.5%
As Iâve been saying in other comments the safest antivirus is Windows Defender (MSSE in older Windows versions) because the probability of MS using Defender to hack your data is likely 0, because they already have access to everything on a Windows computer, and Windows Defender wouldnât add to that. Iâm not saying that to be alarmist, itâs just that the probability of malware increases with each program you install. So the belt and braces solution Iâd recommend is stick with Defender, stay away from questionable websites, and only install software you know and trust. And donât worry about 3 letter agencies. If they want your information, they already have it :-) .
Mark,
Thanks, thatâs a great and entertaining reply. I can see the sense in the Defender Argument. But the flaw in your approach might be that the threat from Agency A will likely be different to Agency B at any one time. For example, CIA might want to see if I have Item 1 (say links to person X) during say one week, whilst KGB might be doing Item 2 (say want to install spyware in Product ZZZ) during another week. I.e. two independent phenomena. I assume its unlikely that both agencies will do the exact same probe at the same time. So isnât my solution of two protection agents, each testing each other continuously, a better solution than suggested by your probability calculation?
I do actually trust US much more than most other governments, but I guess I have to assume the worst for all in this debate. I think however that all the anti-virus companies need to address the issue of trust better, at least until we find an Alice and Bob solution to all this.
Anyway, is there a way to do this in practice. Do I achieve something similar with for example running Kaspersky with Malwarebytes Premium side by side; do they watch each other?
Thanks for your kind reply again.
The problem with having more than one AV program running in real time is that they can conflict with each other. You can run scans from other antimalware programs periodically, though.
Additionally, 3 letter agencies would very likely be able to create undetectable key loggers. This would especially be the case with AV programs as they have low level access to your computer and are constantly accessing the internet to be able to get the latest updates. That low level access is one of the reasons two AV programs shouldnât run together in real time. The low level access can cause one antimalware program to think the other is malware.
Anyone depending on Microsoft Defender as their only protection is a naive fool. Period.
Actually, anyone depending on any antivirus as their only protection is a naive fool. Thereâs a lot more to internet safety than just your AV.
https://askleo.com/internet_safety_7_steps_to_keeping_your_computer_safe_on_the_internet/
Well, thatâs insulting.
To be clear, you also need to rely on yourself to not do things that bypass your security solutions, or do things that put you at risk. Defender is my only security software and I consider myself neither naive or a fool. But itâs part of a large strategy that keeps me quite safe: https://askleo.com/internet_safety_7_steps_to_keeping_your_computer_safe_on_the_internet/
Yes, that was insulting, and a poor reflection on Dave G who didnât have any alternatives to suggest. But back to Windows Defender. Itâs a fact that Defender (and the associated Microsoft Malicious Software Removal Tool â MSRT) donât catch as many malware items as other malware tools, at least not during a scan. Microsoft explains this by saying that it only goes after the big fish and doesnât report on minor malware or PUP and looks for malware it considers to be currently prevalent. This admission is disconcerting. Also, recently a bug seems to have crept into the MS malware tools during scan: if you watch the status during a scan, it will tell you that it has detected something, but when the scan ends, it says ânothing foundâ. This problem has also been reported about Defender. If Defender and MSRT find and immediately remove malware without reporting the details, then thatâs a problem too. Itâs good to have Defender as a real time, background malware tool, but use other tools to scan every so often. The advantage of Defender as a real time tool is that it has a small footprint (in terms of memory and CPU usage) and not too many confusing and esoteric setting options.
I have read recommendations that it is best to stick with 1 (one) active AV/Malware/etc solution that you are comfortable with for your daily security. I have also read that adding more that one active AV/Malware/etc running simultaneously can end in very bad results with 2 (or more?) programs fighting with and detecting each other into a potential death spiral. Too many times Bob Rankin has mentioned this situation as people ask computer related questions. I have not personally experienced this, but have avoided the situation to begin with⊠(KISS) I have used upon occasion âStingerâ or âMBAMâ as a run once solution to detect potential threats that I think maybe my regular choice might have missed. So far I have not had too much in the way of headaches, just the occasional pups that seem benign in nature (adverts).
I wanted to add that I kind of liked the idea of using an older computer for a back up machine that is not internet connected⊠Is there a yah or nay on this idea? A pro verses con discussion?
Very interesting Russ on running duplicate AV type scanners. I have a cyber business and have also installed about 900 copies and installed them with Kaspersky. However, you are correct in that there is mostly a conflict with both Virus programs attempting to scan the same i.e. file where very strange outcomes can emerge. One big issue is speed of your computer will be reduced. If you run an SSD and have fast HW you may not notice the impact. For most AV programs they highly recommend not running two at the same time. As for Kaspersky, many times it wonât even install until you remove the other AV program. However, with Defender, ESSET disables defender from even running. However not to confuse things, I have been able to run the defender scan with Kaspersky but I donât let it execute after I let it scan with the latest DAT files and updates. Basically I stop Kaspersky, then I execute Defender but to date it has never found anything at all. But Kaspersky has saved my systems dozens of times!!! Plus I like the multiple updates per day with Kaspersky as they work their butts off there. And yes, clone your main drive and back up your data!! Drives are cheap and worth the effort.
In your latest book, The Ask Leo! Guide to Online Privacy, you say:
âThe most important take-away, however, is not that Microsoft may or may not be trustworthy; itâs that every operating-system vendor has the power do any or all of this, with or without letting us know. The amount of trust we place in any OS vendor to properly manage our privacy and security is enormous.â
This may sound alarmist, but isnât that true, to a lesser degree, with any program you install? Once you click yes to the UAC, youâve given that installation program administrative rights on your machine and at that point, it is capably of doing anything on your machine.
Stay away from Kaspersky. After Putainâs attack on Ukraine, the Russian government has proven it canât be trusted.
The U.S. Federal Communications Commission has deemed all products and services from the Russia-based cybersecurity firm Kaspersky an âunacceptable risk to national security.â
and
Using Russian tech? Itâs time to look at the risks again, says cybersecurity chief
>>In Windows 10 and 11, that should happen simply by installing Kaspersky.
I think you mean UNinstalling.
Whoops. Fixed. Thanks!
Leo-
Would you be willing to recommend some other protection for my HP Pavilion dv7 Windows 7 Home Premium (x64) Service Pack 1 (build 7601) laptop?
Kaspersky came with my HP Pavilion when I bought it from Costco in 2013.
And Iâve been running Kaspersky on it ever since.
After I read your advice, I entered âWindows Defenderâ in the âStart->Searchâ box.
A new âWindows Defenderâ window opened.
Near the top there was a link âCheck for updates nowâ.
I clicked on the update link.
After about 12 seconds the window changed.
The update Status read that definition updates canât be installed.
So I clicked on the link âGo online to view troubleshooting tipsâ.
A Microsoft web page âhttps://support.microsoft.com/en-US/help/918355â opened.
It read âSorry, page not foundâ.
Again, can you recommend something to replace Kaspersky for my Windows 7 Home Edition 64-bit HP Pavilion laptop?
Thanks for your helpâŠ
Per the article: âI mention several additional alternatives in What Security Software Do You Recommend?â
Leo, I do use (limited) Windows Defender, but my main program is a US only based called White List software called PC Matic. I have used it for 5 years now and have had 0 problems with it. I have to admit, that $50 bucks per year and 5 machines is pretty darn cheap considering some of the alternatives.
Iâve been using PC Matic ever since day one, and I thought enough of it that I bought a forever license. What I donât understand is why so many other security programs donât like PC Matic and suggest that it be deleted. And I donât run multiple anti-virus programs simultaneously, either.
I use Windows Defender (now Microsoft Defender) in Windows 11, and I used it in Windows 10 ever since I tested it (the OS) as a member of the Windows Insiders Program (beginning January 2015). Over that time, I have never contracted any malware on any of my computers (all of which are protected by Devender). Microsoft releases definition updates regularly, often more than one a day. Defender provides real time protection, email protection, Smart Screen protection (guards against installing suspicious apps from known-to-be unscrupulous sources) and other more advanced features (Controlled Folder Access â aka Ransomware protection for one) that may be more bother for non-technical users than the added protection they may provide is worth.
My logic for using Microsoft Defender is that if I trust Microsoft enough to use their OS, itâs reasonable to use their antimalware suite too, keeping my usage information under one âroofâ. I understand that others may disagree.
My2Cents,
Ernie
As far as I know Kaspersky moved to Switzerland some time ago. I still trust the program, it works very well in combination with Malwarebytes. Windows Defender is a good alternative although I would not use it to do bank payments. I tested Bit Defender a while ago with a free license for 6 months, trusthworthy even for bank stuff. All the other free versions are (in my opinion) worthless.
Kaspersky has offices in many countries. Itâs still a Russian company and I wouldnât trust them wherever they move. The US and German governments, and Dozens of computer help sites warn against using it. Yevgeny Kaspersky was educated in a KGB university. âThe Technical Faculty of the KGB Higher Schoolâ. So why take chances?
And boycotting Russian companies shows support against Putain.