Though it doesn’t come as a surprise to most of the IT community, the Federal Communications Commission (FCC) recently added Russian software developer Kaspersky to its list of companies that should not be used by any entity that receives funding through the FCC. Given the current geopolitical climate, this move probably shouldn’t surprise most everyone else at this point as well. The Moscow-based security and antimalware company has been under significant scrutiny since 2017 after an explosive report from Bloomberg Businessweek exposed the company’s close ties to Russia’s intelligence agencies, leading to the software being banned on all U.S. civilian government networks shortly after its publication.
What this means for you
Depending on who you talk to (including C2), Kaspersky has been on the “no-fly” list for most (non-Russian) security advisors since at least 2017, and for many of my clients who grew up during the Cold War, the software has never been a consideration because of its Russian roots, even though it was considered highly competent in the early 20-teens. It was well regarded enough that it had enough American market penetration to the point that it had to be listed and banned to force its removal from the various U.S. government agencies that had based their choices on more technical versus patriotic considerations.
If you are using it, should you remove it? The answer is obvious if you are an entity that is covered by either the US government ban or the FCC’s prohibitions, but what about your family PC? Politics aside, there are enough solid replacements out there that sticking with Kaspersky isn’t worth potential risk or bad optics it presents to U.S. companies. As for your personal computer? It’s a personal choice, of course, but Kaspersky’s technology no longer stands out from the crowd so don’t give it an edge there. Go with an option that maybe has less baggage at the moment. For personal computers we like Webroot, Malwarebytes or Bitdefender, and if you don’t the extra cash for a paid antimalware platform, the built-in options on both Windows and Mac OS X are decent enough if you are vigilant and stay away from those questionable links in strange emails.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
A recently published whitepaper from Redwood, CA security firm Imperva reports a disturbing trend that many technology professionals already suspected: current anti-malware manufacturers can’t keep up with the pace of virus development now that malware has moved from the realm of mischief to big-time criminal enterprise. Researchers from Imperva and students from Technion-Israel Institute of Technology put together a study that pitted 80 new viruses against over 40 of the top commercial antivirus products on the market, including Symantec, McAfee and Kaspersky and found that they were only able to detect 5% of the new malware infections.
It’s important to note that the sponsor of this study, Imperva, has a material stake in future anti-malware development, as their focus has been on developing a method of protection that differs from the traditional signature detection approach used by the mainstream antivirus developers. Signature detection relies on antivirus manufacturers being able to “capture” and reverse-engineer a computer virus strain to develop ways to combat infection, a process that is entirely reactive and time-consuming. As you might have guessed, new viruses can do their damage in minutes on a vast scale thanks to the internet, so relying on protection developed after the virus has been in the wild is of no help to those already infected. Cybercriminals realize they have the advantage of surprise on their side, and are investing heavily in staying ahead of signature detection algorithms.
What this means for you:
Future security is going to rely heavily on a combination of methods: signature detection, heuristic analysis (watching for anomalous behavior), virtualization/compartmentalization and good old fashioned paranoia/preparedness. The public at large has been lulled into a false sense of security in thinking that purchasing a product off the shelf will absolve them of the need to remain vigilant. As some of my clients can personally attest, you can have the best antimalware products on the market and still get infected. Technology security is more than purchasing software and hardware – it’s a process and state of mind that must constantly be maintained. If you are uncertain how to evolve your business practices to step up your state of readiness, give C2 Technology a call – we can help!
Image courtesy of graur razvan ionut / FreeDigitalPhotos.net