Kaspersky's KGB links make it a bad choice for U.S. consumers

Kaspersky Software-Consumers
An employee of Kaspersky Lab works on computers at the company's headquarters in Moscow.

People used to laugh at my suggestion that computer viruses were being planted and user info was being purloined by the same companies who sell us security software. These products are intended to safeguard our computers, our identity and online activities, by remotely snooping over our cyber-shoulders (with permission).

But of late the “fox-in-the-henhouse” mentality has been gaining credibility in our politically disturbed world. As when we hear about distant hackers in Russia and China faking Facebook identities (she seemed like such a nice girl, and weren’t those puppies cute!) to plant viruses and disrupt elections.

Consider the growing fears and revelations surrounding Kaspersky Lab, a leading seller of antivirus software, spawned in Moscow by a KGB-trained operative, Eugene Kaspersky.

Revelations have come out about Russian cyber-espionage hacks conducted through the Kaspersky platform on a global scale, extracting secrets and tools from our National Security Council (and maybe the CIA, too?).

On Oct. 5, the Wall Street Journal disclosed that the personal computer of a National Security Agency contractor (stupidly loaded up with classified documents) had been hacked by Russian agents using backdoor access through Kaspersky security software. The breaches, which occurred back in 2015, were first discovered  (and shared way back then with the NSA) by computer spies in Israel who had wormed into the networks of Kaspersky Lab, the New York Times reported.

And this is rich: The bad guys narrowed their search and discovery of useful dirt by looking for such key phrases as “Top Secret” and “Very Important.” We’ll never use those terms again! (Wait, too late!)

While Moscow-based Kaspersky Lab has called these allegations “unfounded,” the U.S. government on Sept. 13 banned its software from any U.S. government or military computer.

On the home front, Best Buy, Office Max, and Office Depot have all stopped selling Kaspersky products. And they are offering customers a free swap-out and installation of other security software. Act fast, as some deals with one-year’s free replacement service may run out at month’s end!

“For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn’t recommend running Kaspersky,” counseled Blake Darché, a former NSA cybersecurity analyst who now steers the cybersecurity firm Area 1.

Until last week, Kaspersky Lab was still basking in the “halo glow” of trust by association with National Public Radio. A leading underwriter of Morning Edition and All Things Considered,  Kaspersky was celebrated with the on-air salute: “Giving 400 million users the power to protect their money, privacy, computers and mobile devices from cyber theft viruses and other online threats. Learn more at Kaspersky.com.”

But then, on Oct. 12, the morning after new revelations about Kaspersky’s dark web connections, the NPR spots abruptly ceased. Kaspersky would no longer frolic in underwriter land with Subaru, Novo Nordisk and the Robert Wood Johnson Foundation. NPR spokeswoman Isabel Lara soft-pedaled that the end had been long in coming: “The prior funding ended earlier this month and the credit schedule ran its course.” But come on!

A leading proponent of ban-Kaspersky legislation, U.S. Sen. Jeanne Shaheen (D., N.H.), has argued that “because Kaspersky’s servers are in Russia, sensitive United States data is constantly cycled through a hostile country. Russian law requires telecommunications service providers such as Kaspersky to install communications interception equipment that allows the FSB [Federal Security Service] to monitor all of a company’s data transmissions.”

In truth, government snooping authorizations also apply to U.S. software companies thanks to the Patriot Act. Also questionable, reported British website theregister.co/uk, are the CIA’s investments (through In-Q-Tel) in security start-ups FireEye, Interset, ArcSight, and Silver Tail Systems.

So what are other acceptable security software options? Some endorsers, such as PC Magazine, are sticking by this 20-year operation, arguing that Kaspersky makes great products and is innocent until proven guilty. And in truth, a slew of testing labs here and abroad have top-rated Kaspersky security programs for their skills at scanning computer traffic, ratting out malware, and ransomware.

But even PC Mag grants that there’s “room at the top” for Bitdefender Antivirus Plus, Symantec Norton AntiVirus Basic, the light but tough Webroot Secure Anywhere AntiVirus, and the multi-device-protecting McAfee AntiVirus Plus.

Consumer Reports tester Rich Fisco said it’s no longer difficult to make a switch. “You run the uninstaller, wait for it to say that it’s done and then reboot your computer.”

However, he warns that Windows Defender Antivirus built into Windows 10 is a different story: “You can disable it but you can’t uninstall it.” And if you ever reinstall” (from a disk or USB recovery drive) “the operating system for a laptop that had been preloaded with Kaspersky antivirus software, the Kaspersky software will be reinstalled along with the rest of the operating system.”