Kaspersky: “We detect and remediate any malware attack,” even by NSA

[user37 28]

The statement comes two weeks after the Electronic Frontier Foundation and two-dozen other individuals or groups sent AV companies an open letter urging them to protect their users against malware spawned by groups that carry out government surveillance. The letter came amid recent revelations that the NSA has a wide-ranging menu of software exploits at its disposal that has been used to identify users of the Tor anonymity service, track iPhone users, and monitor the communications of surveillance targets. The senders' concern is that AV companies may voluntarily cooperate with these programs by engineering their programs not to detect state-sponsored malware.

http://arstechnica.com/tech-policy/2013/11/kaspersky-we-detect-and-remediate-any-malware-attack-even-by-nsa/

 

My Norton 360 is up in a few days so I am doing a 30 day trial of Kaspersky pure 3.0 for now. 

 

Which invites the question, what is your most trusted AV software, if any?

 

 

[amnesty 18]

Used to use Symantec but it slows machines down more than Kaspersky, Sophos or Avira. Not sure if thats good or bad really.

The best thing for me is to protect myself from myself. I do not login with administrative privileges. I've been doing that since NT 3.5 so I'm used to it. I used to login as a Power User but I'm just a User now. If I need to I "Run As'. Security over convenience is a hard sell, especially to people from the 9x world or those with limited patience/tolerance.

I also Whitelist so applications can only execute from certain areas. I.E.nothing executes from %temp%, %downloads%, documents, %appdata%, etc. Sometimes that creates issues with clients who run LogMeIn, WebEx, Chrome or things that want to run from somewhere in AppData. If that occurs I create a rule to allow that particular app. Firefox updates fail because it wants to unzip and run out of %temp% and that's not gonna happen. I have to download the updates and 'Run As' to update Firefox. I rarely get calls for malware with clients using that approach. Some clients are cool with using Opera browser so Flash and Java won't run unless the end-user selects it to run. I also ask them to be careful when they are dealing with their clients if they use OS X. They might not be infected but could transmit malware that doesn't affect them. I disable Autorun, wipe out any Autorun cache (if any) and unhide extensions from Windows Explorer. I don't run P2P stuff like torrents or Skype unless it's in my DMZ.

[OpenSourcerer 1359]

I've been using Kaspersky for almost 7 years and I NEVER HAD ANY MALWARE ISSUES SINCE THEN (I checked that with Malwarebytes, GMER, Sysinternals Suite,...)
 

​Regarding surveillance: Russia and USA aren't friends, they never were. Why should Russia implement backdoors for america's surveillance programs into software made in Russia? I can't imagine this to happen.

[user37 28]

So far I like Kaspersky better, my machine is faster and so is my browsing speed. Firefox seems to work more smoothly as well. My computer starts up a little slower though, about an extra minute or so to get everything running. I also like the little container encryption tool.

[Indigo35 4]

Kaspersky is kicking the competition's butt when it comes to detection and cloud heuristics. 

[24FWgGC 6]

Kaspersky is my favorite. I was able to get quite a good deal on this last renewal by purchasing the "ONE" product which allows you to use your licences for either KIS or the Mobile products, or any combo.

I found a coupon code on RetailMeNot for 40% off, combined with a 10 user 3 year license for only $113. This allows me to install it for all of my family and friends and only charge them $10.

[lsat 23]

Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates

and comment here

 

About infected  corporate network of antivirus provider Kaspersky Lab

 

Are you still using KIS?? Wow

[OpenSourcerer 1359]

Remarkable attack. "Clearly, fame isn't everything." ~ Severus Snape

But:

 

Are you still using KIS?? Wow

 

I will always do and recommend it. Antivirus software is not there to protect one from 100% of attacks. It's still a bunch of algorithms. I see it as a shield against being infected with the, let's assume, 98% of things these algorithms can detect and block. Kaspersky proofed itself to be one of the top "algorithm providers".

There will always be things belonging to the 2% these algorithms can't catch, that doesn't mean we have to discontinue usage of the software. If you think "yes, it is" - why are you still using TOR? Or OpenVPN? Several errors has been revealed in the past, yet people use it. In 98% of all cases - it's helpful. In 2% it leads to even greater impacts on security than if you'd never used it. [btw, is this sentence right? ]

[Just a Fred 7]

I switched from Norton to Kaspersky as the details of the NSA and 5 Eyes emerged.

I have not had any problems.

 

It was part of the longer term strategy to isolate from:

- Google (done)

- Microsoft (in process of moving to Linux)

- US based suppliers of:

  - hosting (done)

  - domain registrars (coming)

 

My logic for Kaspersky was:

- they rank highly in virus / malware protection.

  a 98% solution is a good result.

  "The idea of the perfect plan is the enemy of the great plan"]

- as they are not American, they are immune from secret US mandated backdoors

- Russian backdoors do not represent a realistic threat to me

- Eugene Kaspersky has a lot to lose personally if their products are compromised

 

@Isat: your comment is not helpful - it does not propose any alternatives

 

[amnesty 18]

In 2% it leads to even greater impacts on security than if you'd never used it. [btw, is this sentence right? ]

 

For someone whose first language is not English, that's pretty good. Since you were humble enough to ask, I would have written it in one of two ways:

 

'you never used it' or 'you'd never have used it' but I sucked in English class so what do I know.

 

+1 on alternatives.

[jacklance 0]

What have other AV providers said? Avast, AVG, etc?

And how can we trust them when they all exist in countries with overbearing police presence?

[bigbrosbitch 65]

 

What have other AV providers said? Avast, AVG, etc?

And how can we trust them when they all exist in countries with overbearing police presence?

 

The Kaspersky claim is laughable re: keeping the NSA out (they can try). Further, none of the providers can really be trusted as there are cases where they sat on known viruses/malware for their government buddies. e.g. FSecure sitting on Regin (espionage toolkit) for their pals....

 

Also, the NSA et al. LOVE hacking anti-virus companies to see what they are up and to reverse-enginner the software to thwart the protection of 100s of millions of users. It makes sense if you are a spook to make sure your malware can avoid all known algorithms and/or to put legal pressure on corporate buddies to let them in through a backdoor.

 

Logically, anti-virus/anti-malware programs are a perfect attack vector for the spooks, because you give it the authority to scan the entirety of your attached devices and it has ultimate trust in your O/S.

 

This is just the thing I'd piggyback on if I wanted to pwn the majority of Windows and Mac desktop users that are running a handful of major products when considering market share %.

 

The Intercept and Wired have covered this:

 

On Monday, the Intercept published a new story from the Snowden documents:

 

The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.

 

British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab's software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

 

Wired has a good article on the documents:

 

>>

The documents...don't describe actual computer breaches against the security firms, but instead depict a systematic campaign to reverse-engineer their software in order to uncover vulnerabilities that could help the spy agencies subvert it.

 

[...]

 

An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights. They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos.

 

But antivirus wasn't the only target of the two spy agencies. They also targeted their reverse-engineering skills against CheckPoint, an Israeli maker of firewall software, as well as commercial encryption programs and software underpinning the online bulletin boards of numerous companies. GCHQ, for example, reverse-engineered both the CrypticDisk program made by Exlade and the eDataSecurity system from Acer. The spy agency also targeted web forum systems like vBulletin and Invision Power Board­used by Sony Pictures, Electronic Arts, NBC Universal and others­as well as CPanel, a software used by GoDaddy for configuring its servers, and PostfixAdmin, for managing the Postfix email server software But that's not all. GCHQ reverse-engineered Cisco routers, too, which allowed the agency's spies to access "almost any user of the internet" inside Pakistan and "to re-route selective traffic" straight into the mouth of GCHQ's collection systems.