This past week I’ve had more requests than ever to remove Kaspersky antivirus and cyber security from customer’s desktop and laptop computers and replace it with another security suite. According to the Wall Street Journal, NBC, NY Times and many other major news outlets, Russia has been accused of using Moscow-based antivirus giant Kaspersky to spy on and acquire data from computers where the antivirus program is installed.
How did all this get discovered? This is where it gets really complicated: Basically, hackers were hacking into other hacker’s computers while they were in the middle of hacking. Supposedly, Israeli intelligence personnel hacked into Kaspersky’s own network and discovered Russian government hackers had used the software to remote into American computers. One of those computers happened to be owned by an NSA employee who had improperly stored classified documents on his home computer, on which Kaspersky was installed.
Last month, the Department of Homeland Security ordered all employees and federal agencies who had Kaspersky installed to remove it immediately. Hence, the droves of people coming into the shop to have it removed and replaced lately. I’m not complaining at all about the business it’s brought in, however this prompted me to research the rumors I had been hearing and find out how this could have happened.
You see, every antivirus program has to have complete and total access to your entire computer and all the data stored in it, in order to protect you from malicious activity. There’s no way around that, additionally most antivirus programs have a setting that also sends back a report to the antivirus company of everything malicious it’s found. Many security suites also transmit a list of visited URLs (web addresses) both non-malicious and malicious ones. They may also transmit your name, your local IP address, any running processes, and even your Windows user name. Who’s to say what else they could access or transmit without your knowledge.
The fact that the Russian government may have used a world renowned piece of security software like Kaspersky to backdoor into computers means nothing is a safe bet. It may be a good idea in the future to disable these reports from being sent whether you’re using Kaspersky or any other antivirus suite, and it’s not just limited to antivirus programs. The Windows operating system itself also has similar reports that get automatically transmitted back to Microsoft. These can also be disabled if you’re uncomfortable with this information being sent out.
Kaspersky, of course, has denied these recent allegations. However, this should be an eye opener to all my fellow computer users out there to safeguard your data as best as possible. If you have Kaspersky installed, it may be a good idea to remove it for the time being and use a different antivirus until all the facts have come out. Our opinion changes from time to time based on our experience and reports we subscribe to, but currently we recommend ESET’s Nod 32 antivirus program, which you can find here. Also, if you’re not comfortable changing computer settings, uninstalling or installing software, that’s what Restore Computer Repair is for! Please come see us any time and we can help you with any computer needs or concerns you may have. We will also keep you updated as we hear more about this scandal in the coming weeks.