Security software of any kind resides in the deepest recesses of your computer, beneath the operating system. Can you trust it? Even if you trust the developer, the software itself could be vulnerable to malicious third parties. The New York Times reports that with Kaspersky, this has been observed in real time.
The problem is not that the code itself is malicious. Protests by CEO Eugene Kaspersky to this effect are no doubt true – they aren’t stealing your data. But a former NSA hacker has discovered that the software can be subverted by rogue actors who can use the software for their own purposes, which the good-guy hacker, Patrick Wardle, has seen with his own eyes, and demonstrated for others.
Security software such as Kaspersky, Malwarebytes, and others have long been the central keep in your software castle, the reinforced defense against viruses, trojan horses, and other intruders who get past the outer defenses. A New York Times article by Nicole Perlroth clearly lays out the issues.
Security software runs closest to the bare metal of a computer, with privileged access to nearly every program, application, web browser, email and file.
In the now-famous case of an NSA contractor, whose excuse is resumé-building stupidity, classified files were taken from the premises and mounted on a home laptop, from where they were stolen via Kaspersky software. Stupidity, as Nghia Pho will assert, is not a crime. But taking classified materials home is, and he will find few sympathizers. The files were taken off his computer via Kaspersky software.
The problem for Kaspersky is that they initially denied they knew of the stolen files yet “the company has since acknowledged finding N.S.A. hacking software on Mr. Pho’s computer and removing it, though the company said it had immediately destroyed the documents once it realized they were classified.”
One response is to roll your eyeballs and think, “Yeah. Right.” That’s what the US Government did – then banned Kaspersky software from the premises.
Again, it’s not that the Kaspersky software is malicious. It is that it has been proven vulnerable.
How, then, did an intruder even get in so they could commandeer this once-trusted software? Who knows, but clicking on a link in an email would be our prime suspect.
Read the whole article on the New York Times website (paywall, ten items free).
