Evening Reading: Kaspersky Lab, Spying, & the Risks of Telemetry
In a little bit of cross-site synergy for the evening, Paul Wagenseil from our sister site Tom’s Guide has put together an interesting report discussing the recent developments surrounding Kaspersky Lab and the company’s antivirus software, which in recent days has been accused of spying on behalf of Russia’s intelligence services. Software & services is not really in AnandTech’s editorial purview, but I thought this was an interesting article that was worth sharing.
As a bit of background, Kaspersky Lab has been under the proverbial microscope off and on over the past half-decade or so due to concerns about close ties to the Russian government amidst ongoing geopolitical issues. More recently, on October 5th, the Wall Street Journal published an article claiming that Russian identified files from the United States National Security Agency (NSA) using Kaspersky Lab’s antivirus software, then using that information to steal said files. This has in turn called into question just how complicit Kaspersky Lab may have been in the endeavor, and whether their antivirus software is safe to use on consumer systems.
Writing for Tom’s Guide, Wagenseil reached out to a number of experts in the security field, ranging from the Electronic Frontier Foundation to former NSA staffers in order to get a broad look at the issue. Due to a lack of direct evidence in the matter – all of the major stories written so far have been based off of anonymous sources in the US government – there’s little in the way of hard facts to deal with. However across all of Wagenseil’s respondents, both named and unnamed, most agreed that people and businesses working in sensitive matters should not use Kaspersky Lab’s software, essentially taking a “why risk it?” stance on the matter. Things are a little less obvious for consumers however; some respondents recommended against the software entirely, while others noted that consumers probably aren’t the target of Russian signals intelligence efforts.
One notable and broad point that was made, however, is that regardless of Kasperksy Lab’s involvement, similar risks exist with all antivirus software. All modern AV software includes telemetry for reporting on new software as a means to more rapidly detect new forms of malware, and due to the deep reach of AV scanners, those telemetry processes can access virtually any piece of software or documents. So for the paranoid – or even just the privacy minded – disabling telemetry can help to reduce the risk at least somewhat by terminating regular reporting to AV software vendors, which in the case of Kasperksy Lab, is how the attack was believed to be carried out.
In any case, you can find more on this interesting matter and on the security experts’ responses over at Tom’s Guide.