Old allegations get renewed focus.
I honestly don’t know.
Updated March 2022. I still don’t know.
But there are a couple of observations I’d like to share about the situation; perhaps they will help you come to a decision. I’ll also share what I would do in your situation, which has changed as of this update.
Become a Patron of Ask Leo! and go ad-free!
Kaspersky, yes or no?
Ultimately, the risk is not whether Kaspersky is or has been spying on us. The real risk is that being headquartered in Russia, if it might be forced to do so in the future. With so many alternatives available, there’s little reason to take the risk.
This is nothing new
As long as Kaspersky has been around and as long as it’s been publicized that they have Russian ties, there have been statements ranging from mild concern to outright accusations of spying or other underhanded deals. To the best of my knowledge as of this update, not once has any of it been substantiated.
Naturally, with the current political issues relating to Russia, these accusations are making headlines once again.
Even to the point that the U.S. government has warned against Kaspersky.
It’s not limited to Kaspersky
Any company with ties or headquarters outside of the U.S. comes under scrutiny.
Another common target is EaseUS the makers of EaseUS Todo (one of the backup software packages I recommend) as well as other disk and system utilities I and others often recommend. EaseUS is headquartered in China, and some have expressed concern they might be spying or hacking on behalf of the Chinese government.
The same claims leveled at Kaspersky, with the same results: to the best of my knowledge, as of this update, nothing has ever been proven.
Kaspersky denies it all … of course
Kaspersky denies it all; but then, they would hardly come out and admit it if it were true.
They downplay their Russian connection. The Kaspersky website, for example, says:
Founded in 2004, Kaspersky Lab North America is a Massachusetts corporation and is a wholly-owned subsidiary of its holding company, Kaspersky Labs Limited, based in the United Kingdom.
Searching the Kaspersky website from within the United States, it’s nearly impossible to locate or view pages containing any reference to Russia. Only via the Internet Archive snapshots of the primary contact page can we see that Kaspersky is headquartered in Moscow.
Are they hiding something? Or are they simply reacting in a reasonable way by focusing on their international and UK connections? Both approaches seem plausible.
2022: Russia and Ukraine
Even though Kaspersky has a good reputation as an anti-malware tool, the risk may have become too great.
With the current political turmoil in eastern Europe and Ukraine, the concern grows that the Russian government could force Kaspersky to do exactly the kinds of things we’ve been worrying about.
As I said, there’s no proof that they have, but the possibility remains: they could.
What I would do
If I were in your shoes, here’s what I would do:
- I would now uninstall Kaspersky, just to be safe.
- I would allow Microsoft Security, aka Windows Defender, to become my primary security suite. In Windows 10 and 11, that should happen simply by uninstalling Kaspersky.
- If Microsoft Security isn’t something you want, I mention several additional alternatives in What Security Software Do You Recommend?
It feels a tad alarmist and might be an overreaction, but all things considered, there is a possibility of malfeasance. There’s simply no reason to take the risk.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Every thing said here makes good points but when it comes to security, my experience shows that staying close to the original source is often the most secure. That’s why I believe that using the pre-packaged windows defender will provide the easiest and possibly the most secure alternative. I would also say that the very most secure method is to keep secrets totally off of the web. You might also consider using an external source for your storage, not the cloud but a thumb drive or external disc. I know its not practical to have multiple computers but in this day when we buy new every few years why not retain the old but keep it off of the web. You can always transfer files to your web computer if needed. Yes this is cumbersome but if security is your concern then I’m pretty sure the only true way is to be isolated from the web. At least this would make restoring a contaminated computer much easier. Just a thought and I’m sure not very well put.
That’s a good point. Windows Defender is what Leo recommends and he and I use. I’ve resuscitated several impossibly slow computers by uninstalling the AV program they were using and replacing it with Defender. And if you trust Microsoft Windows, you automatically have to trust Defender, because with Windows running on your machine, they can compromise your data in so many ways (I’m saying this theoretically to demonstrate my point), they don’t need Defender to do it.
And if you don’t trust Microsoft, there’s always Linux.
As far as I am aware the only way of knowing if any software is secure is to use free open source software that has been created by free open source software (languages compilers etc), as it can be scrutinised.
The inverse of this, Proprietary software, cannot be scrutinised, as it’s program code is re-coded (Linked and Compiled, so usually only readable by a computer) and is protected by laws, so you have no idea what that software could be capable of doing.
Unfortunately I’m not aware of a free and open-source security package. I know ClamAV (https://www.clamav.net) is out there, but my understanding is that it doesn’t measure up to the commercial packages. :-(
Re: “Proprietary software, cannot be scrutinised”
For general interest — and *not* to nit-pick — there *are ways* to scrutinize software without having access to source code: decompilation and other reverse engineering techniques, sandboxing and observation… maybe others, not my area. It’s the same techniques used when investigators study malware.
The question is whether these techniques have been turned on “normal” programs, even AV SW, like Kaspersky. I’m going to hazard a “yes” and postulate that that’s how malware *developers* find their exploits. So maybe the real question is *who* is doing such investigation, and whether they’re likely to release their results to the public.
“To the best of my knowledge, not once has any of it come close to being substantiated.” I’ll say, “Of course not, they’re FSB spies and are professional at not getting caught.” According to Russian law, companies are obligated to assist the FSB when asked.
Bottom line, fake news is everywhere, and it’s getting harder and harder to sort the truth from the BS. We just gotta be as careful as we can. I’ll stick with Defender. I trust Microsoft, but they literally can get access to anything on our computer, so Defender is the last thing they’d need.
Just another twist on this argument, but some of us live outside the USA and might regard any American-owned security offering with some suspicion as well :-)
As I mentioned in other comments, if you use Windows, Defender is your safest option. Microsoft already has the capability of getting all your data, and Defender wouldn’t increase that capability. I’m not saying they do. In fact I don’t believe they do, but they can. :-)
Indeed, I chose at least some of my language (“Or whatever country isn’t your country.”) with that in mind.
As a non American how can I trust any software from the US? CIA/NSA/Homeland Security can be using any of the US based companies as a spy tool. And what about the likes of CISCO? This companies products are used around the world so what stops these having software that is used to spy on the rest of the world?
In some ways, the average American has more to worry about with US software. Russia isn’t interested in the average American’s information. ;-) But seriously, it’s almost a certainty Kaspersky is spying on Ukrainian people, and I hesitate to use the word almost. When I was in Ukraine, everybody I knew used Kaspersky. Yevgeny Kaspersky was trained by the KGB.
“The company’s relationship with the Kremlin has never been clear, though Western experts on Russia think there’s no way Eugene Kaspersky could have become a billionaire without having reached an understanding with the government. Under Russian law, any company must open its communications lines to the authorities upon request.”
Hi Leo – Just an FYI. When I clicked your Brian Krebs link in footnote 2, above, I got this message: “The owner of krebsonsecurity.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.” It seems unlikely that it would matter, but I backed out, “better safe than sorry.”
I just clicked on that – in Firefox no less – and it worked fine. Goes to https://krebsonsecurity.com/
It might be a problem with your browser’s cache.
I’ll suggest you start with this article that has steps to troubleshoot common browser-related issues.
https://askleo.com/dealing-with-browser-problems/
Clearing the browser cache would be the first thing to try as a corrupt cache is the cause of most browser problems.
Sadly these days they don’t have a lot of credibility in my eyes. Especially when it comes to matters of technology.
“Any company with ties or headquarters outside of the U.S. comes under scrutiny.” Actually any company regardless of where their headquarters are located can be suspect. As Leo often says, if malware is installed on your computer, it can do anything. Theoretically, any program can be a Trojan horse. So, if we want to be paranoid, any program installed on your computer can be malware and do just about anything. We just have to determine who we trust with access to our computer. That’s why, at the moment, I’ll stick with Windows Defender. MS already has all the access the could possible get and they don’t need Defender to get that access. And yes, I tend to trust Microsoft, at least now.
“Theoretically, any program can be a Trojan horse.”
Hey, at that rate, and for all we kbow, Windows itself might be a Trojan or some other type of malware!
(And I’m quite certain that there will be people who have always thought this.)
I’ve used Kaspersky as part of my security suite for many years with a great deal of success.
I have less fear about them than I do GCHQ and the NSA, Google, Miscrosoft and others snooping into my day-to-day online activities. I know I categorically cannot trust my own government to have my best interest at heart so a corporation that is actually known to be pretty good to keep me safe seems to be a good thing, regardless of where it originates.
Absolutely. Nowadays. most if not all governments snoop on their own citizens. so what the heck. Anyways an average individual has nothing to fear.
Perhaps not yet!
It depends where you are. I’m sure Ukrainians using Kaspersky would be a target. When I lived in Ukraine 22 hears ago, everybody I knew was using Kaspersky. I wouldn’t be surprised if it’s been weaponized for this war. In fact, I’d be surprised if it weren’t.
As Leo has often said, ENCRYPT if you are afraid someone might snoop or hack. Eventually, anything can be hacked, but is it worth it to the hacker?
Encryption wouldn’t help if a program is inside your system sending all of your keystrokes, screen shots and pretty much anything you do on your computer to them.
Everyone is focusing on a single path solution. Who do you trust more, Americans or Russians? Probably best not safe to trust either completely.
But for passwords we have two factor authentication. Belt and braces. What is the parallel in computer protection software?
It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time. So can I apply a ‘belt and braces’ strategy to protection? Can I securely run two different protection software programs at the same time, each checking the other?
What would you suggest to give my system ‘belt and braces’ protection against a single rogue protection software program?
“It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time.” As a statistics teacher, I can give you the probability. For example, if the probability of being attacked by the Russians is 30% and the probability of being attacked by the Americans is 25%, then the probability of being hacked by both are P(A and B) = P(A) x P(B) = .25 x .30 or 7.5%. The probability of being attacked by at least one are P(A or B) = P(A) + P(B) – P(A and B) or .30 + .25 – .075 = .55 – .075 = 47.5%
As I’ve been saying in other comments the safest antivirus is Windows Defender (MSSE in older Windows versions) because the probability of MS using Defender to hack your data is likely 0, because they already have access to everything on a Windows computer, and Windows Defender wouldn’t add to that. I’m not saying that to be alarmist, it’s just that the probability of malware increases with each program you install. So the belt and braces solution I’d recommend is stick with Defender, stay away from questionable websites, and only install software you know and trust. And don’t worry about 3 letter agencies. If they want your information, they already have it :-) .
Mark,
Thanks, that’s a great and entertaining reply. I can see the sense in the Defender Argument. But the flaw in your approach might be that the threat from Agency A will likely be different to Agency B at any one time. For example, CIA might want to see if I have Item 1 (say links to person X) during say one week, whilst KGB might be doing Item 2 (say want to install spyware in Product ZZZ) during another week. I.e. two independent phenomena. I assume its unlikely that both agencies will do the exact same probe at the same time. So isn’t my solution of two protection agents, each testing each other continuously, a better solution than suggested by your probability calculation?
I do actually trust US much more than most other governments, but I guess I have to assume the worst for all in this debate. I think however that all the anti-virus companies need to address the issue of trust better, at least until we find an Alice and Bob solution to all this.
Anyway, is there a way to do this in practice. Do I achieve something similar with for example running Kaspersky with Malwarebytes Premium side by side; do they watch each other?
Thanks for your kind reply again.
The problem with having more than one AV program running in real time is that they can conflict with each other. You can run scans from other antimalware programs periodically, though.
Additionally, 3 letter agencies would very likely be able to create undetectable key loggers. This would especially be the case with AV programs as they have low level access to your computer and are constantly accessing the internet to be able to get the latest updates. That low level access is one of the reasons two AV programs shouldn’t run together in real time. The low level access can cause one antimalware program to think the other is malware.
Anyone depending on Microsoft Defender as their only protection is a naive fool. Period.
Actually, anyone depending on any antivirus as their only protection is a naive fool. There’s a lot more to internet safety than just your AV.
https://askleo.com/internet_safety_7_steps_to_keeping_your_computer_safe_on_the_internet/
Well, that’s insulting.
To be clear, you also need to rely on yourself to not do things that bypass your security solutions, or do things that put you at risk. Defender is my only security software and I consider myself neither naive or a fool. But it’s part of a large strategy that keeps me quite safe: https://askleo.com/internet_safety_7_steps_to_keeping_your_computer_safe_on_the_internet/
Yes, that was insulting, and a poor reflection on Dave G who didn’t have any alternatives to suggest. But back to Windows Defender. It’s a fact that Defender (and the associated Microsoft Malicious Software Removal Tool – MSRT) don’t catch as many malware items as other malware tools, at least not during a scan. Microsoft explains this by saying that it only goes after the big fish and doesn’t report on minor malware or PUP and looks for malware it considers to be currently prevalent. This admission is disconcerting. Also, recently a bug seems to have crept into the MS malware tools during scan: if you watch the status during a scan, it will tell you that it has detected something, but when the scan ends, it says “nothing found”. This problem has also been reported about Defender. If Defender and MSRT find and immediately remove malware without reporting the details, then that’s a problem too. It’s good to have Defender as a real time, background malware tool, but use other tools to scan every so often. The advantage of Defender as a real time tool is that it has a small footprint (in terms of memory and CPU usage) and not too many confusing and esoteric setting options.
I have read recommendations that it is best to stick with 1 (one) active AV/Malware/etc solution that you are comfortable with for your daily security. I have also read that adding more that one active AV/Malware/etc running simultaneously can end in very bad results with 2 (or more?) programs fighting with and detecting each other into a potential death spiral. Too many times Bob Rankin has mentioned this situation as people ask computer related questions. I have not personally experienced this, but have avoided the situation to begin with… (KISS) I have used upon occasion ‘Stinger” or “MBAM” as a run once solution to detect potential threats that I think maybe my regular choice might have missed. So far I have not had too much in the way of headaches, just the occasional pups that seem benign in nature (adverts).
I wanted to add that I kind of liked the idea of using an older computer for a back up machine that is not internet connected… Is there a yah or nay on this idea? A pro verses con discussion?
Very interesting Russ on running duplicate AV type scanners. I have a cyber business and have also installed about 900 copies and installed them with Kaspersky. However, you are correct in that there is mostly a conflict with both Virus programs attempting to scan the same i.e. file where very strange outcomes can emerge. One big issue is speed of your computer will be reduced. If you run an SSD and have fast HW you may not notice the impact. For most AV programs they highly recommend not running two at the same time. As for Kaspersky, many times it won’t even install until you remove the other AV program. However, with Defender, ESSET disables defender from even running. However not to confuse things, I have been able to run the defender scan with Kaspersky but I don’t let it execute after I let it scan with the latest DAT files and updates. Basically I stop Kaspersky, then I execute Defender but to date it has never found anything at all. But Kaspersky has saved my systems dozens of times!!! Plus I like the multiple updates per day with Kaspersky as they work their butts off there. And yes, clone your main drive and back up your data!! Drives are cheap and worth the effort.
In your latest book, The Ask Leo! Guide to Online Privacy, you say:
“The most important take-away, however, is not that Microsoft may or may not be trustworthy; it’s that every operating-system vendor has the power do any or all of this, with or without letting us know. The amount of trust we place in any OS vendor to properly manage our privacy and security is enormous.”
This may sound alarmist, but isn’t that true, to a lesser degree, with any program you install? Once you click yes to the UAC, you’ve given that installation program administrative rights on your machine and at that point, it is capably of doing anything on your machine.
Stay away from Kaspersky. After Putain’s attack on Ukraine, the Russian government has proven it can’t be trusted.
The U.S. Federal Communications Commission has deemed all products and services from the Russia-based cybersecurity firm Kaspersky an “unacceptable risk to national security.”
and
Using Russian tech? It’s time to look at the risks again, says cybersecurity chief
>>In Windows 10 and 11, that should happen simply by installing Kaspersky.
I think you mean UNinstalling.
Whoops. Fixed. Thanks!
Leo-
Would you be willing to recommend some other protection for my HP Pavilion dv7 Windows 7 Home Premium (x64) Service Pack 1 (build 7601) laptop?
Kaspersky came with my HP Pavilion when I bought it from Costco in 2013.
And I’ve been running Kaspersky on it ever since.
After I read your advice, I entered “Windows Defender” in the “Start->Search” box.
A new “Windows Defender” window opened.
Near the top there was a link “Check for updates now”.
I clicked on the update link.
After about 12 seconds the window changed.
The update Status read that definition updates can’t be installed.
So I clicked on the link “Go online to view troubleshooting tips”.
A Microsoft web page “https://support.microsoft.com/en-US/help/918355” opened.
It read “Sorry, page not found”.
Again, can you recommend something to replace Kaspersky for my Windows 7 Home Edition 64-bit HP Pavilion laptop?
Thanks for your help…
Per the article: “I mention several additional alternatives in What Security Software Do You Recommend?“
Leo, I do use (limited) Windows Defender, but my main program is a US only based called White List software called PC Matic. I have used it for 5 years now and have had 0 problems with it. I have to admit, that $50 bucks per year and 5 machines is pretty darn cheap considering some of the alternatives.
I’ve been using PC Matic ever since day one, and I thought enough of it that I bought a forever license. What I don’t understand is why so many other security programs don’t like PC Matic and suggest that it be deleted. And I don’t run multiple anti-virus programs simultaneously, either.
I use Windows Defender (now Microsoft Defender) in Windows 11, and I used it in Windows 10 ever since I tested it (the OS) as a member of the Windows Insiders Program (beginning January 2015). Over that time, I have never contracted any malware on any of my computers (all of which are protected by Devender). Microsoft releases definition updates regularly, often more than one a day. Defender provides real time protection, email protection, Smart Screen protection (guards against installing suspicious apps from known-to-be unscrupulous sources) and other more advanced features (Controlled Folder Access – aka Ransomware protection for one) that may be more bother for non-technical users than the added protection they may provide is worth.
My logic for using Microsoft Defender is that if I trust Microsoft enough to use their OS, it’s reasonable to use their antimalware suite too, keeping my usage information under one ‘roof’. I understand that others may disagree.
My2Cents,
Ernie
As far as I know Kaspersky moved to Switzerland some time ago. I still trust the program, it works very well in combination with Malwarebytes. Windows Defender is a good alternative although I would not use it to do bank payments. I tested Bit Defender a while ago with a free license for 6 months, trusthworthy even for bank stuff. All the other free versions are (in my opinion) worthless.
Kaspersky has offices in many countries. It’s still a Russian company and I wouldn’t trust them wherever they move. The US and German governments, and Dozens of computer help sites warn against using it. Yevgeny Kaspersky was educated in a KGB university. “The Technical Faculty of the KGB Higher School”. So why take chances?
And boycotting Russian companies shows support against Putain.