Kaspersky: What's your experience based opinion say?

[HutchinsonJC]

Kaspersky has been in the news a lot of late. From earlier in the year with one of its employees looking at treason charges from his employment prior to working for Kaspersky... to Marco Rubio questioning a panel of folks like the director of the CIA, NSA, and the acting director of the FBI to name a few, whether they would use Kaspersky security products on their personal computers. The whole panel answered with a "no".

So what does the tech-inclined world think? Should schools (lower, or higher education varieties), retail, banks, government (fed or state) seek an alternative? Should folks running Kaspersky at home seek an alternative?

What is the likeliness that Kaspersky could leech off various forms of information from schools, retail, banks, or gvt without anyone knowing or realizing? And for how long could they before it became apparent?

Is the panel (heads of various intelligence agencies) well versed in how data traverses a network? The tech side of it all? Are they fear mongering?

For anyone working close with regulatory bodies, or auditing services, do you see rules, or regulations for what anti-virus products will be authorized going into the future? For schools, government, banks or otherwise?

 

[Elixer]

Well, I wouldn't use them.
Here is the AMA thread they did today.
https://www.reddit.com/r/IAmA/comments/6ajstf/im_eugene_kaspersky_cybersecurity_guy_and_ceo_of/

 

[Elixer]

Here is some more stuff that some might find interesting.

https://twitter.com/taviso/status/816373947109228546

Kaspersky identified SSL certificates by a 32bit fingerprint (!!!), making it trivial for MITM to create collisions.

http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html

Disable Your Antivirus Software (Except Microsoft's

https://twitter.com/justinschuh/status/802491391121260544

You misunderstand your own ignorance. AV is my single biggest impediment to shipping a secure browser.

https://twitter.com/JohnLaTwC/status/701530986564046848

https://blogs.technet.microsoft.com...fosec-security-controls-create-vulnerability/

How do Successful Defenders Cope?
Despite these obstacles, I find defenders at many organizations able to cope with these challenges. Here are the practices I see in them:

1. They manage from the terrain, not the map. They seek to know what’s truly running in their network, not just the services that IT officially manages.
   
   
2. They better manage isolation and compartmentalization leading to fewer spaghetti dependencies to manage. They reduce the number of ingress and egress paths to remove duplication.
   
   
3. They have a bench of subject matter experts to do the required threat modeling. They know they can’t secure things they don’t understand. Any technology indistinguishable from magic has no place on their network.
   
   
4. They have a keen appreciation of the difference between the risks of Murphy and Satan. “Murphy risks” cause problems but ones that are not intentional in nature—for example an outage or commodity malware landing opportunistically on a host in the network. “Satan risks” are risks with intent. There is an active adversary. InfoSec security control selection does well against Murphy, but requires different thinking for Satan.
   
   
5. They have a heavy emphasis on detective controls that look for abuse of legitimate access. They “Assume Breach” and work from the assumption that their controls will be compromised and are prepared to work the kill chain starting at the end first.
   
   
6. They have management support for the whitespace required to analyze and defend a complex system. Compliance requirements, while mandatory, are seen as necessary but not sufficient.
   
   
7. They embrace the matrix and coordinate well across their peer IT teams and users of the network.
   
   
8. They employ penetration testing but instead of treating it as a report card, an output, they treat it as an input. They use pentesting in a diagnostic way informing a comprehensive security program.
   
   
9. They do attack research. They know that knowledge on how to find vulnerabilities and assess their exploitability is just as valuable for defenders as it is for attackers. Their blue teams bleed red and their red teams bleed blue.
   
   
10. They actively manage their graph. They reduce the number of standing administrators. They consider the attack surface of their defense.
    

 

[Nashemon]

Disregarding recent reports (that I haven't read, but speculate that it's something to do with the fact that they are a Russian company and can't be trusted ), Kaspersky is a fine antivirus. I recommended it for years when I worked as a tech support agent. We had lots of repeat customers and rarely ever saw someone come in with a virus who was running Kaspersky. Maybe three out of several thousand over the years.

Marco Rubio questioning a panel of folks like the director of the CIA, NSA, and the acting director of the FBI to name a few, whether they would use Kaspersky security products on their personal computers. The whole panel answered with a "no".

Unless they elaborated on this at all, nothing should be inferred by it. There are dozens of reasons why someone wouldn't want to use any particular antivirus. Brand loyalty being the no-brainer. I have nothing against Kaspersky and I can even say I would recommend it to my own family, but I would answer the same. I've chosen my antivirus. If Marco Rubio asked me whether I would use the highest ranked super antivirus on my personal computer, I would say "no".

 

[Ketchup]

There is a lot to think about with the recent reports. I simply don't use it for more personal reasons - of the various versions I have tried over the years, it either blocks too much (preventing certain necessary fuctions), blocks needed access to files it has no business blocking, or slows a computer down too much. And the recent ones are all just about impossible to configure - so that even if I could deal with simple problems like slowdowns, I can't deal with a "security" program that does not allow the user to configure it at all.

Any program taking that kind of control, yet not allowing the user to pitch in with their own rules, no, I am not ok with that.

 

[Captante]

The only "experience-based" info I can contribute is that while effective I've found Kaspersky to be a resource-hog in the past.

 

[daveybrat]

The only "experience-based" info I can contribute is that while effective I've found Kaspersky to be a resource-hog in the past.

Agreed, it's a huge resource hog and i've also cleaned dozens of computers with major malware infections running Kaspersky. It also takes forever to do definition updates. Not something i recommend to my customers.

 

[Aenra]

Used to avoid it, used to advise people to avoid it. Recently, i happened to be on a PC running the latest (at the time) version, somehow had the idea to have a look, see if it was as bad as i remembered it to be.. and i'm happy i did.
It appeared to have improved immensely, be it in resources required, speed, or ease of use. So i downloaded it on my main PC when back at home, for a proper frame of comparison; i know how it functions, i can therefore 'feel' the differences, if any. Same experience. Ended up purchasing a license, using it since (some.. four months now?) and not planning on switching again. That good

For those of you that use hacks (spare me any moral drivel, just the facts here), you will also be pleased to know that it is literally the only non "free" AntiVirus/Security Suite out there actually respecting the user's wishes. Have tried BitDefender, Norton, others, all paid, legal versions. They auto-deleted everything and never mind my having blocked, excluded or white-listed it; they all 'neglected' my wishes, went ahead anyway (and asking around, i can tell you it wasn't just me). Kaspersky is the only one, today, that actually lets me have full, total control of my PC. That alone makes it ideal.. now you add what i said above ^^

As i said in another forum, best 20 bucks i've spent in a long, long time. Wholeheartedly recommend.
(and again, once upon a time, i'd have been one of the first to tell you to avoid it)

 

[HutchinsonJC]

Whether any product of Kaspersky (past or present) is a resource hog or user friendly or whatever, isn't really what I had intended to be discussed here. I mean, I respect those opinions, but it wasn't what I was looking for in this thread.

The angle is that Kaserpsky is based in Russia, and there has been an obvious anti-Russia sentiment being pushed in the news in various ways. Those sentiments themselves, I'm sure, have various controversy and arguments for or against depending on who you ask. I don't feel I did a poor job trying to set the pace for this thread in my original post, so I'd ask that folks please respect that and stay on topic.

 

[Ketchup]

I am sure if I lived in Russia, I wouldn't find much to complain about based on what some news sources are saying. What you have to understand is that, while much of our members are in the US, there is a large group of people from all over the world here too. So trying to get people to say yay or nay to a probuct based on the country alone is not going to result in a worthwhile conversation.

 

[HutchinsonJC]

I'm not sure why someone would seemingly try to make this harder than it needs to be.

I'm not trying to get anyone to say yay or nay based on the country alone. If we based the merit of using or buying products on the country alone, it would be laughable. There would have to be more substance to it than that to change anyone's mind.

I don't really appreciate the insinuation that anything herein is based on the country alone.

If you READ the original post, the details are outlined well enough. If you looked up any articles about Marco Rubio's question I mentioned in the OP, you would see several heads of organizations answered the question about whether they'd use Kaspersky products on personal machines with a no. And the reasoning is basically the fear of being spied upon and information being stolen.

In the OP I asked about the likeliness of being able to steal info or spy without it becoming obvious. What I know about networking, tells me it can often be monitored pretty well. Well enough, that even if the contents were encrypted, you could tell stuff was leaving, where it was headed, etc.

In that same OP I asked if this was fear mongering: this openly stated stance against Kaspersky by US intelligence figures. I also asked if any regulatory bodies saw anything coming down the pipes about what products could or couldn't be used. Curiously, the DoD banned Kaspersky products, I've since learned.

As an aside, Eugene has now come out and said he's pretty much willing to do anything to clear his and his company's name. To the point that he's basically offered the source code to US gvt.

There was plenty more to discuss beyond "don't buy it or use it because it's Russian".

 

[ringtail]

Well like KIS, and REMEMBER....those are the people who detected Stuxtnet!

As for Kaspersky being Russian, their software engineers are just every bit as good as American software engineers. And another thing, I TRUST (and depend on) the Kaspersky software engineers to help improve the WORLDWIDE software environment, constantly under attack from IDIOTIC malware SHITHEADS! The WWW is so wonderfully useful and helpful to to many BILLIONS of people, WHY do a small handful of IDIOTIC SHITHEADS keep trying to ruin it? Criminals!

ALL the antivirus programmers are like warrior heroes, the brand doesn't matter but I bet they have saved the ENTIRE WORLD from endless troubles. KASPERSKYsoftware engineers seem to me to be THE BEST. THEY are the ones who detected STUXTNET!!!! Not Avast, not AVG, not Comodo, not Norton, not Symantec, not Panda, not Sophos, not MSE, not Bitdefender, not Avira, not F-Secure, not Rising, not Baidu, not ZoneAlarm, not ONE of the tons & tons of other brands. KASPERSKY RULES THEM ALL!

It was KASPERSKY that has helped this whole WORLD!!! And also KASPERSKY has caused opening of MANY discussions about ultra-high level stealth malware. Probably RIGHT NOW your computer is giving all its contents to some bad guy because YOU have some UNDETECTED malware....KASPERSKY software engineers are probably the ones who will save the day AGAIN like they did by revealing STUXTNET). Malware is evil...no joke. You have no idea. KASPERSKY has already helped you by repairing your ENVIRONMENT even when you don't understand.

I will continue to depend on Kaspersky Internet Security. This world owes them a great debt of APPRECIATION and ADMIRATION.

 

[PeterRoss]

Country based or not, from what I have heard and had experience with, Kaspersky does the job relatively well, it has a broad range of protection options, they are constantly listening to user feedback and in general trying to keep up with the times quite actively. Of course, just like with any other company, mistakes bound to be made and it happens from time to time to be so, but overall moving forward.

As for companies and schools, due to a constant clash of enterprises, providing different options, there will never be one anti-virus system that will be running, people have their preferences, business does too. In the matter of time, we will see, but I would say it depends on the people and the protection they need against the anti-virus.

When it comes to leeching information, we all know that on the basic level it is illegal to do so without permission, I have no doubt that most anti-virus companies do that on the surface level, gathering basic information most likely with permission from users as well when you download the software. Considering how many caring people out there, I am sure there is a decent chance that people will notice if Kaspersky is gathering some form of illegal information.

 

[mikeymikec]

Well like KIS, and REMEMBER....those are the people who detected Stuxtnet!

As for Kaspersky being Russian, their software engineers are just every bit as good as American software engineers. And another thing, I TRUST (and depend on) the Kaspersky software engineers to help improve the WORLDWIDE software environment, constantly under attack from IDIOTIC malware SHITHEADS! The WWW is so wonderfully useful and helpful to to many BILLIONS of people, WHY do a small handful of IDIOTIC SHITHEADS keep trying to ruin it? Criminals!

ALL the antivirus programmers are like warrior heroes, the brand doesn't matter but I bet they have saved the ENTIRE WORLD from endless troubles. KASPERSKYsoftware engineers seem to me to be THE BEST. THEY are the ones who detected STUXTNET!!!! Not Avast, not AVG, not Comodo, not Norton, not Symantec, not Panda, not Sophos, not MSE, not Bitdefender, not Avira, not F-Secure, not Rising, not Baidu, not ZoneAlarm, not ONE of the tons & tons of other brands. KASPERSKY RULES THEM ALL!

It was KASPERSKY that has helped this whole WORLD!!! And also KASPERSKY has caused opening of MANY discussions about ultra-high level stealth malware. Probably RIGHT NOW your computer is giving all its contents to some bad guy because YOU have some UNDETECTED malware....KASPERSKY software engineers are probably the ones who will save the day AGAIN like they did by revealing STUXTNET). Malware is evil...no joke. You have no idea. KASPERSKY has already helped you by repairing your ENVIRONMENT even when you don't understand.

I will continue to depend on Kaspersky Internet Security. This world owes them a great debt of APPRECIATION and ADMIRATION.

Don't forget: They detected stuxnet.

 

[bononos]

Kaspersky has been in the news a lot of late. From earlier in the year with one of its employees looking at treason charges from his employment prior to working for Kaspersky... to Marco Rubio questioning a panel of folks like the director of the CIA, NSA, and the acting director of the FBI to name a few, whether they would use Kaspersky security products on their personal computers. The whole panel answered with a "no".
.......

The panel of people you mentioned are all involved in highly sensitive jobs where they would be exposed to more than the run of the mill hacking risk so its understandable that they would not want Kaspersky on their pc's and its simply par for the course. Their Russian/Chinese/etc counterparts are moving away from Windows because of the possible backdoors in the OS and avoiding US brands for IT hardware even before revelations about special impants in routers.

Kaspersky is still good.

 

[HutchinsonJC]

So apparently a statement came out whereby
"Kaspersky Lab, one of the largest security companies in the world, would no longer be allowed to sell its products or services to the federal government"

An ExtremeTech article also goes on to say that
"Kaspersky told ABC News that any concerns about his [Eugene Kaspersky] product were based in “ungrounded speculation and all sorts of other made-up things,” before adding that he and his company “have no ties to any government, and we have never helped nor will help any government in the world with their cyberespionage efforts.”"

Then the ExtremeTech article in reference to the above quote says
"Now last claim looks particularly dubious."

Then the article goes on to say how Kaspersky does work close with Russian intel and apparently has even been known to ride out and knock on the door's of hackers with them.

Personally, I'm not impressed with the article. The writer of the article trying to say that the last claim looks dubious in reference to Kaspersky never having, nor ever will... help any government in the world with their cyber espionage efforts. And possibly they are saying it's dubious about the lack of ties, too.

An employee to an anti-virus company, helping the Russian government fight actual hackers is not the same as helping the Russian government with espionage efforts. Maybe the Russian government wanted someone to go to the site (physical location) of the hacker and look at the computer equipment/software; someone who actually had an expertise on the matter.

Espionage: the practice of spying or of using spies, typically by governments to obtain political and military information.

That's not what Kaspersky was doing in anything mentioned in the article.

As far as "ties"... you can be a retail manager who helps FBI with information about a customer who trained their kid (under the age of 12) to help steal thousands of dollars worth of stuff... whether it's video footage from CCTV or whatever, it doesn't exactly mean that you're tied with the FBI. I mean, you help law enforcement where you're able, where it'd be expected, where you can lend some expertise or know how... it doesn't mean you have any real extensive ties with the FBI or that you work with/for the FBI. Seems like blowing stuff out of proportion and/or over sensationalism.

ExtremeTech article I'm referencing.
https://www.extremetech.com/interne...-firm-kaspersky-lab-awfully-tight-russian-fsb

 

[lxskllr]

All the same concerns come with Windows. If you use proprietary software, it could be doing anything, and it's foolish for anyone, but especially governments to use it. Using proprietary software is giving up sovereignty to a private corporation.

 

[ringtail]

I like Kaspersky Internet Security, but only because I've had it rolling on for may years and so I KNOW HOW TO USE IT.

A newbie might have trouble navigating it.

IMHO it's top drawer, among the best for a PC.

However, make sure to enable Heuristics to the max. Overall, in the last 5 years malware authors have learned to evade detection by scans against a list of av signatures sent out as updates to most of the AV brands. Those brands do help catch the malware launched by hack-wannabees at your local high school, but utterly fail at detecting the good ones from China, Israel, Russia, etc. . The better malware programs can write dead code to themselves, which completely alters the signature EVERY TIME IT RUNS. THat means scanning against an UPDATED DATABASE of AV signatures is utterly useless. Only a good sandbox, or a few of the top tier AV guys, like Kaspersky and a few others, detect the heuristic behavior of more sophisticated malware.

Alas, most of the sandbox programs require you to spoon feed them manually, one entry at a time, which in real is useless. A top tier HEURISTIC detector such as is in Kaspersky kills them dead, and then they send a very ugly Russian thug to the bad guy's home to DEAL WITH him.

Thee absolute best top tier sandbox = link

ALso-rans with less goodness=fireeye, sandboxie, tons more...they DON'T GET 'ER DONE!

 

[PeterRoss]

I like Kaspersky Internet Security, but only because I've had it rolling on for may years and so I KNOW HOW TO USE IT.

A newbie might have trouble navigating it.

IMHO it's top drawer, among the best for a PC.

However, make sure to enable Heuristics to the max. Overall, in the last 5 years malware authors have learned to evade detection by scans against a list of av signatures sent out as updates to most of the AV brands. Those brands do help catch the malware launched by hack-wannabees at your local high school, but utterly fail at detecting the good ones from China, Israel, Russia, etc. . The better malware programs can write dead code to themselves, which completely alters the signature EVERY TIME IT RUNS. THat means scanning against an UPDATED DATABASE of AV signatures is utterly useless. Only a good sandbox, or a few of the top tier AV guys, like Kaspersky and a few others, detect the heuristic behavior of more sophisticated malware.

Alas, most of the sandbox programs require you to spoon feed them manually, one entry at a time, which in real is useless. A top tier HEURISTIC detector such as is in Kaspersky kills them dead, and then they send a very ugly Russian thug to the bad guy's home to DEAL WITH him.

Thee absolute best top tier sandbox = link

ALso-rans with less goodness=fireeye, sandboxie, tons more...they DON'T GET 'ER DONE!

I have to agree with you on that one, Kaspersky is top of the line when it comes to...... pretty much anything related to IT security. And sandbox part is especially relevant when you are doing research and have to constantly visit http or worse websites with tons of potential threat.