Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Safe is Kaspersky Internet Security?

Old allegations get renewed focus.

Any software company with ties outside the U.S. comes under scrutiny. Should you be worried?
Question: Hello Leo, I’ve been using Kaspersky Internet Security for many years now without problems or viruses. What I’m concerned about is all the negative news I’ve been reading and hearing about Kaspersky! I’ve read that he is a spy for the Russian government, that he’s been hacking our systems at the request of the Russian government. What do I do? Should I uninstall Kaspersky that has been protecting my computers for years now, or just ignore the negative news? Can you give me the truth of what’s going on with Kaspersky?

I honestly don’t know.

Updated March 2022. I still don’t know.

But there are a couple of observations I’d like to share about the situation; perhaps they will help you come to a decision. I’ll also share what I would do in your situation, which has changed as of this update.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Kaspersky, yes or no?

Ultimately, the risk is not whether Kaspersky is or has been spying on us. The real risk is that being headquartered in Russia, if it might be forced to do so in the future. With so many alternatives available, there’s little reason to take the risk.

This is nothing new

As long as Kaspersky has been around and as long as it’s been publicized that they have Russian ties, there have been statements ranging from mild concern to outright accusations of spying or other underhanded deals. To the best of my knowledge as of this update, not once has any of it been substantiated.

Naturally, with the current political issues relating to Russia, these accusations are making headlines once again.

Even to the point that the U.S. government has warned against Kaspersky.

It’s not limited to Kaspersky

Any company with ties or headquarters outside of the U.S. comes under scrutiny.

Another common target is EaseUS the makers of EaseUS Todo (one of the backup software packages I recommend) as well as other disk and system utilities I and others often recommend. EaseUS is headquartered in China, and some have expressed concern they might be spying or hacking on behalf of the Chinese government.

The same claims leveled at Kaspersky, with the same results: to the best of my knowledge, as of this update, nothing has ever been proven.

Kaspersky denies it all … of course

Kaspersky denies it all; but then, they would hardly come out and admit it if it were true.

They downplay their Russian connection. The Kaspersky website, for example, says:

Founded in 2004, Kaspersky Lab North America is a Massachusetts corporation and is a wholly-owned subsidiary of its holding company, Kaspersky Labs Limited, based in the United Kingdom.

Searching the Kaspersky website from within the United States, it’s nearly impossible to locate or view pages containing any reference to Russia. Only via the Internet Archive snapshots of the primary contact page can we see that Kaspersky is headquartered in Moscow.

Are they hiding something? Or are they simply reacting in a reasonable way by focusing on their international and UK connections? Both approaches seem plausible.

2022: Russia and Ukraine

Even though Kaspersky has a good reputation as an anti-malware tool, the risk may have become too great.

With the current political turmoil in eastern Europe and Ukraine, the concern grows that the Russian government could force Kaspersky to do exactly the kinds of things we’ve been worrying about.

As I said, there’s no proof that they have, but the possibility remains: they could.

What I would do

If I were in your shoes, here’s what I would do:

  • I would now uninstall Kaspersky, just to be safe.
  • I would allow Microsoft Security, aka Windows Defender, to become my primary security suite. In Windows 10 and 11, that should happen simply by uninstalling Kaspersky.
  • If Microsoft Security isn’t something you want, I mention several additional alternatives in What Security Software Do You Recommend?

It feels a tad alarmist and might be an overreaction, but all things considered, there is a possibility of malfeasance. There’s simply no reason to take the risk.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

44 comments on “How Safe is Kaspersky Internet Security?”

  1. Every thing said here makes good points but when it comes to security, my experience shows that staying close to the original source is often the most secure. That’s why I believe that using the pre-packaged windows defender will provide the easiest and possibly the most secure alternative. I would also say that the very most secure method is to keep secrets totally off of the web. You might also consider using an external source for your storage, not the cloud but a thumb drive or external disc. I know its not practical to have multiple computers but in this day when we buy new every few years why not retain the old but keep it off of the web. You can always transfer files to your web computer if needed. Yes this is cumbersome but if security is your concern then I’m pretty sure the only true way is to be isolated from the web. At least this would make restoring a contaminated computer much easier. Just a thought and I’m sure not very well put.

    Reply
    • That’s a good point. Windows Defender is what Leo recommends and he and I use. I’ve resuscitated several impossibly slow computers by uninstalling the AV program they were using and replacing it with Defender. And if you trust Microsoft Windows, you automatically have to trust Defender, because with Windows running on your machine, they can compromise your data in so many ways (I’m saying this theoretically to demonstrate my point), they don’t need Defender to do it.

      And if you don’t trust Microsoft, there’s always Linux.

      Reply
  2. As far as I am aware the only way of knowing if any software is secure is to use free open source software that has been created by free open source software (languages compilers etc), as it can be scrutinised.

    The inverse of this, Proprietary software, cannot be scrutinised, as it’s program code is re-coded (Linked and Compiled, so usually only readable by a computer) and is protected by laws, so you have no idea what that software could be capable of doing.

    Reply
    • Re: “Proprietary software, cannot be scrutinised”

      For general interest — and *not* to nit-pick — there *are ways* to scrutinize software without having access to source code: decompilation and other reverse engineering techniques, sandboxing and observation… maybe others, not my area. It’s the same techniques used when investigators study malware.

      The question is whether these techniques have been turned on “normal” programs, even AV SW, like Kaspersky. I’m going to hazard a “yes” and postulate that that’s how malware *developers* find their exploits. So maybe the real question is *who* is doing such investigation, and whether they’re likely to release their results to the public.

      Reply
  3. “To the best of my knowledge, not once has any of it come close to being substantiated.” I’ll say, “Of course not, they’re FSB spies and are professional at not getting caught.” According to Russian law, companies are obligated to assist the FSB when asked.

    Bottom line, fake news is everywhere, and it’s getting harder and harder to sort the truth from the BS. We just gotta be as careful as we can. I’ll stick with Defender. I trust Microsoft, but they literally can get access to anything on our computer, so Defender is the last thing they’d need.

    Reply
  4. Just another twist on this argument, but some of us live outside the USA and might regard any American-owned security offering with some suspicion as well :-)

    Reply
  5. Hi Leo – Just an FYI. When I clicked your Brian Krebs link in footnote 2, above, I got this message: “The owner of krebsonsecurity.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.” It seems unlikely that it would matter, but I backed out, “better safe than sorry.”

    Reply
  6. “Any company with ties or headquarters outside of the U.S. comes under scrutiny.” Actually any company regardless of where their headquarters are located can be suspect. As Leo often says, if malware is installed on your computer, it can do anything. Theoretically, any program can be a Trojan horse. So, if we want to be paranoid, any program installed on your computer can be malware and do just about anything. We just have to determine who we trust with access to our computer. That’s why, at the moment, I’ll stick with Windows Defender. MS already has all the access the could possible get and they don’t need Defender to get that access. And yes, I tend to trust Microsoft, at least now.

    Reply
    • “Theoretically, any program can be a Trojan horse.”

      Hey, at that rate, and for all we kbow, Windows itself might be a Trojan or some other type of malware!

      (And I’m quite certain that there will be people who have always thought this.)

      Reply
  7. I’ve used Kaspersky as part of my security suite for many years with a great deal of success.

    I have less fear about them than I do GCHQ and the NSA, Google, Miscrosoft and others snooping into my day-to-day online activities. I know I categorically cannot trust my own government to have my best interest at heart so a corporation that is actually known to be pretty good to keep me safe seems to be a good thing, regardless of where it originates.

    Reply
  8. As Leo has often said, ENCRYPT if you are afraid someone might snoop or hack. Eventually, anything can be hacked, but is it worth it to the hacker?

    Reply
  9. Everyone is focusing on a single path solution. Who do you trust more, Americans or Russians? Probably best not safe to trust either completely.

    But for passwords we have two factor authentication. Belt and braces. What is the parallel in computer protection software?

    It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time. So can I apply a ‘belt and braces’ strategy to protection? Can I securely run two different protection software programs at the same time, each checking the other?

    What would you suggest to give my system ‘belt and braces’ protection against a single rogue protection software program?

    Reply
    • “It is very unlikely that two independent programs from suppliers in different countries would be both be attacking my system or stealing my data at the same time.” As a statistics teacher, I can give you the probability. For example, if the probability of being attacked by the Russians is 30% and the probability of being attacked by the Americans is 25%, then the probability of being hacked by both are P(A and B) = P(A) x P(B) = .25 x .30 or 7.5%. The probability of being attacked by at least one are P(A or B) = P(A) + P(B) – P(A and B) or .30 + .25 – .075 = .55 – .075 = 47.5%

      As I’ve been saying in other comments the safest antivirus is Windows Defender (MSSE in older Windows versions) because the probability of MS using Defender to hack your data is likely 0, because they already have access to everything on a Windows computer, and Windows Defender wouldn’t add to that. I’m not saying that to be alarmist, it’s just that the probability of malware increases with each program you install. So the belt and braces solution I’d recommend is stick with Defender, stay away from questionable websites, and only install software you know and trust. And don’t worry about 3 letter agencies. If they want your information, they already have it :-) .

      Reply
      • Mark,

        Thanks, that’s a great and entertaining reply. I can see the sense in the Defender Argument. But the flaw in your approach might be that the threat from Agency A will likely be different to Agency B at any one time. For example, CIA might want to see if I have Item 1 (say links to person X) during say one week, whilst KGB might be doing Item 2 (say want to install spyware in Product ZZZ) during another week. I.e. two independent phenomena. I assume its unlikely that both agencies will do the exact same probe at the same time. So isn’t my solution of two protection agents, each testing each other continuously, a better solution than suggested by your probability calculation?

        I do actually trust US much more than most other governments, but I guess I have to assume the worst for all in this debate. I think however that all the anti-virus companies need to address the issue of trust better, at least until we find an Alice and Bob solution to all this.

        Anyway, is there a way to do this in practice. Do I achieve something similar with for example running Kaspersky with Malwarebytes Premium side by side; do they watch each other?

        Thanks for your kind reply again.

        Reply
        • The problem with having more than one AV program running in real time is that they can conflict with each other. You can run scans from other antimalware programs periodically, though.

          Additionally, 3 letter agencies would very likely be able to create undetectable key loggers. This would especially be the case with AV programs as they have low level access to your computer and are constantly accessing the internet to be able to get the latest updates. That low level access is one of the reasons two AV programs shouldn’t run together in real time. The low level access can cause one antimalware program to think the other is malware.

          Reply
    • Yes, that was insulting, and a poor reflection on Dave G who didn’t have any alternatives to suggest. But back to Windows Defender. It’s a fact that Defender (and the associated Microsoft Malicious Software Removal Tool – MSRT) don’t catch as many malware items as other malware tools, at least not during a scan. Microsoft explains this by saying that it only goes after the big fish and doesn’t report on minor malware or PUP and looks for malware it considers to be currently prevalent. This admission is disconcerting. Also, recently a bug seems to have crept into the MS malware tools during scan: if you watch the status during a scan, it will tell you that it has detected something, but when the scan ends, it says “nothing found”. This problem has also been reported about Defender. If Defender and MSRT find and immediately remove malware without reporting the details, then that’s a problem too. It’s good to have Defender as a real time, background malware tool, but use other tools to scan every so often. The advantage of Defender as a real time tool is that it has a small footprint (in terms of memory and CPU usage) and not too many confusing and esoteric setting options.

      Reply
  10. I have read recommendations that it is best to stick with 1 (one) active AV/Malware/etc solution that you are comfortable with for your daily security. I have also read that adding more that one active AV/Malware/etc running simultaneously can end in very bad results with 2 (or more?) programs fighting with and detecting each other into a potential death spiral. Too many times Bob Rankin has mentioned this situation as people ask computer related questions. I have not personally experienced this, but have avoided the situation to begin with… (KISS) I have used upon occasion ‘Stinger” or “MBAM” as a run once solution to detect potential threats that I think maybe my regular choice might have missed. So far I have not had too much in the way of headaches, just the occasional pups that seem benign in nature (adverts).

    I wanted to add that I kind of liked the idea of using an older computer for a back up machine that is not internet connected… Is there a yah or nay on this idea? A pro verses con discussion?

    Reply
    • Very interesting Russ on running duplicate AV type scanners. I have a cyber business and have also installed about 900 copies and installed them with Kaspersky. However, you are correct in that there is mostly a conflict with both Virus programs attempting to scan the same i.e. file where very strange outcomes can emerge. One big issue is speed of your computer will be reduced. If you run an SSD and have fast HW you may not notice the impact. For most AV programs they highly recommend not running two at the same time. As for Kaspersky, many times it won’t even install until you remove the other AV program. However, with Defender, ESSET disables defender from even running. However not to confuse things, I have been able to run the defender scan with Kaspersky but I don’t let it execute after I let it scan with the latest DAT files and updates. Basically I stop Kaspersky, then I execute Defender but to date it has never found anything at all. But Kaspersky has saved my systems dozens of times!!! Plus I like the multiple updates per day with Kaspersky as they work their butts off there. And yes, clone your main drive and back up your data!! Drives are cheap and worth the effort.

      Reply
  11. In your latest book, The Ask Leo! Guide to Online Privacy, you say:
    “The most important take-away, however, is not that Microsoft may or may not be trustworthy; it’s that every operating-system vendor has the power do any or all of this, with or without letting us know. The amount of trust we place in any OS vendor to properly manage our privacy and security is enormous.”

    This may sound alarmist, but isn’t that true, to a lesser degree, with any program you install? Once you click yes to the UAC, you’ve given that installation program administrative rights on your machine and at that point, it is capably of doing anything on your machine.

    Reply
  12. Stay away from Kaspersky. After Putain’s attack on Ukraine, the Russian government has proven it can’t be trusted.

    The U.S. Federal Communications Commission has deemed all products and services from the Russia-based cybersecurity firm Kaspersky an “unacceptable risk to national security.”

    The U.S. Federal Communications Commission has deemed all products and services from the Russia-based cybersecurity firm Kaspersky an “unacceptable risk to national security.”

    and

    Using Russian tech? It’s time to look at the risks again, says cybersecurity chief

    The NCSC said that Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. And while it said there was no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests, the absence of evidence is not evidence of absence.

    Reply
  13. Leo-
    Would you be willing to recommend some other protection for my HP Pavilion dv7 Windows 7 Home Premium (x64) Service Pack 1 (build 7601) laptop?
    Kaspersky came with my HP Pavilion when I bought it from Costco in 2013.
    And I’ve been running Kaspersky on it ever since.
    After I read your advice, I entered “Windows Defender” in the “Start->Search” box.
    A new “Windows Defender” window opened.
    Near the top there was a link “Check for updates now”.
    I clicked on the update link.
    After about 12 seconds the window changed.
    The update Status read that definition updates can’t be installed.
    So I clicked on the link “Go online to view troubleshooting tips”.
    A Microsoft web page “https://support.microsoft.com/en-US/help/918355” opened.
    It read “Sorry, page not found”.
    Again, can you recommend something to replace Kaspersky for my Windows 7 Home Edition 64-bit HP Pavilion laptop?
    Thanks for your help…

    Reply
      • Leo, I do use (limited) Windows Defender, but my main program is a US only based called White List software called PC Matic. I have used it for 5 years now and have had 0 problems with it. I have to admit, that $50 bucks per year and 5 machines is pretty darn cheap considering some of the alternatives.

        Reply
        • I’ve been using PC Matic ever since day one, and I thought enough of it that I bought a forever license. What I don’t understand is why so many other security programs don’t like PC Matic and suggest that it be deleted. And I don’t run multiple anti-virus programs simultaneously, either.

          Reply
  14. I use Windows Defender (now Microsoft Defender) in Windows 11, and I used it in Windows 10 ever since I tested it (the OS) as a member of the Windows Insiders Program (beginning January 2015). Over that time, I have never contracted any malware on any of my computers (all of which are protected by Devender). Microsoft releases definition updates regularly, often more than one a day. Defender provides real time protection, email protection, Smart Screen protection (guards against installing suspicious apps from known-to-be unscrupulous sources) and other more advanced features (Controlled Folder Access – aka Ransomware protection for one) that may be more bother for non-technical users than the added protection they may provide is worth.

    My logic for using Microsoft Defender is that if I trust Microsoft enough to use their OS, it’s reasonable to use their antimalware suite too, keeping my usage information under one ‘roof’. I understand that others may disagree.

    My2Cents,

    Ernie

    Reply
  15. As far as I know Kaspersky moved to Switzerland some time ago. I still trust the program, it works very well in combination with Malwarebytes. Windows Defender is a good alternative although I would not use it to do bank payments. I tested Bit Defender a while ago with a free license for 6 months, trusthworthy even for bank stuff. All the other free versions are (in my opinion) worthless.

    Reply
    • Kaspersky has offices in many countries. It’s still a Russian company and I wouldn’t trust them wherever they move. The US and German governments, and Dozens of computer help sites warn against using it. Yevgeny Kaspersky was educated in a KGB university. “The Technical Faculty of the KGB Higher School”. So why take chances?

      And boycotting Russian companies shows support against Putain.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.