Kaspersky Leaves U.S., Deletes Itself, Swaps Everybody’s Antivirus For Software Nobody Asked For
from the didn't-ask-for-this dept
Back in 2017, the Trump administration signed new rules banning Russian-based Kaspersky software on all government computers. Last June, the Biden administration took things further and banned distribution and sale of the software, stating that the company’s ties to the Russian government made its intimacy with U.S. consumer devices and data a national security threat.
While there are justifiable security concerns here, much like the ban of TikTok, the decision wasn’t absent of lobbying influence of domestic companies looking to dismantle a competitor. It’s relatively easy to get Congress heated up about national security concerns, because it tends to mask anti-competitive lobbying in a way you can brush aside non transparently for the greater good of the world [echoes].
Nor is a ban entirely consistently with broader U.S. policy, since U.S. government corruption prevents it from passing a meaningful privacy law, or regulating dodgy international data brokers that traffic in no limit of sensitive U.S. location and behavior data.
China and Russia don’t really need TikTok or AV software, they can simply buy access to your daily movement and browsing data from data brokers. Or, thanks to our lack of privacy laws or real accountability for lazy and bad actors, they can hack into any number of dodgy apps, software, or hardware with substandard security.
Regardless, this week Kaspersky Labs effectively left the U.S., but not before engaging in a practice that doesn’t exactly scream “high security standards.” The company effectively deleted its products from U.S. user computers without anybody’s consent, then replaced it with UltraAV’s antivirus solution — also without informing users.
Many users understandably saw this nonconsensual transaction take place and assumed they’d been hacked or infected with a virus:
“I woke up and saw this new antivirus system on my desktop and I tried opening kaspersky but it was gone. So I had to look up what happened because I was literally having a mini heart attack that my desktop somehow had a virus which uninstalled kaspersky somehow,” one user said.”
One problem is that Kaspersky had emailed customers just a few weeks ago, assuring them they would continue receiving “reliable cybersecurity protection.” They didn’t make any mention of the fact that this would involve deleting software and making installation choices consumers hadn’t approved of, suggesting that their exit from the security software industry won’t be all that big of a loss.
That said, it would be nice if U.S. consternation about consumer privacy were somewhat more… consistent.
The U.S. isn’t actually serious about U.S. consumer privacy because we make too much money off of the reckless collection and sale of said data to even pass baseline privacy laws. And the U.S. government has grown too comfortable being able to buy consumer data instead of getting a warrant. But we do like to put on a show that protecting consumer data is a top priority all the same.
Filed Under: antivirus, ban, consumers, national security, privacy, security, software
Companies: kaspersky
Comments on “Kaspersky Leaves U.S., Deletes Itself, Swaps Everybody’s Antivirus For Software Nobody Asked For”
After the supply chain attack involving pagers a few days ago I totally agree with these national security claims. Except that it was also the only large scale event so far. Carried by an ally of the US. With no repudiation by the US. I say hypocrisy.
There are no good choices.
Windows. Updates automatically. It is difficult to impossible to stop it without disconnecting your computer from the internet.
Applications. The vast majority have auto-update abilities, because people have clamored for them.
This. This Kaspersky update, where they jack your computer up and shove an entirely different AV package into it. That could have been ANY software, with only a very few limits. It could have been ANY of your auto-updating applications that did it.
Your desk top. Your phone. You are one supply chain hack, one application buy-out-and-subversion away from disaster.
Your alternatives are,
1) Allow this vulnerability trusting “they would never hurt me”. Proven dangerous by any number of malevolent Apple Store/Google Play Store applications.
2) Disallow all auto-updating. Used to at least some extent by corporations to limit this very risk. (They have their own auto-updating mechanism, usually.)
3) Perform your own verification. Good luck with this! The whole point of “let someone else handle updating your software” is you trusting them to do a job you don’t have time or resources to do yourself.
Best of luck out there!
Re:
Or learn how to use Linux, get involved in FOSS communities that are trying to build free, open alternatives to consumer software, and start refusing to use software that pulls what Kaspersky pulls.
You know, productive courses of action that actively fight for the change in the world you want to see, instead of doomposting.
Re: Re:
This is a problem that FOSS unfortunately doesn’t solve; app and source repositories get supply chain attacks all the time. NPM and Pypi are especially prone; GitHub repos are also intentionally abused in this manner.
Things like Debian Stable protect against it somewhat, but people generally want to run stuff that’s not in the Stable repo, at which point they’ve opened themselves up to the same issues (as we saw earlier this year when stuff snuck into Debian Testing, and was blocked from going to Stable mostly by accident).
Re: Re:
Because we all know that free software made by random strangers over the internet is never dangerous too. Nope, never. Trusting them is absolutely the magic end-all solution to this.
Re:
On a related note, regarding point 2, considering how Microsoft is discontinuing WSUS I wonder how (attempting) to self-manage Windows updates is going to (not) work in the future.
Re: Re:
The trajectory MS is following indicates that Windows will become a SaaS with hard ties to their cloud-services and mandatory accounts. We are already almost there by this point, what’s left is for them to remove the possibility of creating local accounts on Windows 11 and I’d expect the mandatory cloud-service tie-in to happen shortly after that. It’s max 2-3 years away for it to become reality, they are just waiting for enough users to upgrade to Win11 from Win10.
And that means MS will be able to milk every user with a yearly license-fee, just like they did with Office 365. Ie. you won’t have any control over your OS except for some superficial stuff, forget about self managing your updates, and you’ll have to pay for that “privilege”.
Re: Re: Re:
MS will always have an on-prem solution for Windows. It’ll be the Enterprise Managed solution though, not the Consumer release. Expect to pay a premium for it.
Re:
It’d be interesting if someone created a new service that monitored the registration details of the companies distributing all the software you installed on your computer, and any time those details changed, the service would disable auto-update and notify you.
Wouldn’t stop supply chain attacks, long-game malicious updating, or parent company buyouts, but, for example I kept VMWare in auto-update mode, and since they got bought by Broadcom I’ve kept it in manual update mode. I’ve also kept Chrome in manual update mode since they introduced V2.
Could be an interesting extra service by one of those companies that already lists alternative software packages and does update tracking. The service itself of course would be a risk point for supply chain poisoning, but at least you’d just have to monitor the one app and not everything on your system.
Re: Completion
After which your computer will brick itself because it can no longer ‘phone home’ so Microsoft can check that the OEM installed a legit copy of the OS. Winblows used to be the most usable OS, and now it’s the least usable.
Well, replacing a Russian based AV software with a US-based company product, like UltraAV, was much of the point of banning Kaspersky.
Or maybe Kaspersky should have removed itself then let the Windows computer defenseless (because defaulting to Windows Defender would be an antitrust case)?
Or ask people to download some random AV by themselves and get a buch of spywares installed?
Re: Kaspersky motives
One can analyse this move in different ways:
1) Kaspersky sees it as its duty of care to keep the US computers of their customers protected.
2) By moving the contracts over to UltraAV, it’s not Kaspersky’s problem anymore to handle refund requests.
3) This deal is financially interesting for Kaspersky.
4) UltraAV thinks this deal is financially interesting for them.
5) Kaspersky shows a loophole in this protectionist ruling.
It is possible that all are correct.
Re: Re: You too, Kaspersky?
Remember the outrage when Apple pushed a new U2 album to everyone’s accounts? That was simply music.
Pushing a whole other piece of software should be a reason for the ban, not performative politics that doesn’t actually do anything to make people safer.
Re:
If you uninstall AV software from Windows, Defender automatically kicks in. So Kaspersky could have done this.
However, uninstalling their VPN would have left the computer without a VPN, so that theoretically has some merit — except that I’m very picky about who I use as a VPN provider, and Pango Group is definitely NOT on my list of providers I’d feel comfortable using. I’d be happier with Russia knowing my surfing habits than them.
giggles
You know if we had stronger privacy laws it wouldn’t have been legal to do this.
But our courts have already ruled that a company can make changes to software in devices you “own” if they want to.
The ban of Tik-Tok was because the US wants all social media under US ownership so that the government can create a hostile business environment if the social media platform doesn’t ban content that contradicts government narrative, such as pro-Palestinian content.
Fuck Russia.
Re:
No thanks.
how is this legal?
US bans distribution and sale so Kaspersky goes ahead and deletes product the customer already paid for? Yea that may be what the US gov wants, but it doesnt seem legal to me and it wasnt what the US gov ordered. Same thing with installing another AV. Not legal, and arguably the customers would be better served by just using Windows Defender.
Correct, but not the entire picture
China and Russia don’t really need TikTok or AV software, they can simply buy access to your daily movement and browsing data from data brokers.
This is correct – unfortunately. But it’s not the biggest concern with Kaspersky.
The biggest concern is that Kaspersky is effectively an espionage agency of the Russian government and is backdooring systems at their behest. And given this stunt of theirs, that doesn’t seem at all to be excessive paranoia.
There’s been a lot of smoke around Kaspersky and Russian intel, e.g. this from six years ago: Court document points to Kaspersky Lab’s cooperation with Russian security service – The Washington Post and I presume that there really is a fire, and the US knows about it, hence this move. And then there’s this: AP Exclusive: Private spy targeted critics of Kaspersky Lab which is not how honest, reputable, etc. companies behave.
I don’t much like the push from US-based firms to evict Kaspersky, because of course it’s self-serving. But I do agree that Kaspersky must be banned and its personnel removed.
Correct, but not the entire picture
That’s a pretty major charge. Do you have evidence to support this? Because nobody else does.
As with Chinese cars, Kaspersky’s true sin is a lot less criminal: It outperforms its US competitors, therefore needs political support to tilt the playing field back the way it should be tilted.
Re:
Good lord, Russia is up to its eyeballs in every kind of infosec op known to science, and every IT company in the country is helping — unless their CEO wants to end up falling out a fourth story window or having a nice cup of polonium tea. How could you possibly not know this?
Re: Re:
So you should have no problem producing the intercepts of the product snooping and sending unauthorized data back to the mother ship. Show me where it stole your emails.
Re: Re: Re:
Yes, of course, (a) I’m going to have smoking-gun-grade evidence that a national intelligence agency is doing what national intelligence agencies do and (b) I’m going to share it with a random ignorant newbie who doesn’t have the slightest clue how any of this works.
But because I’m in a giving mood — even to worthless morons like you — I’ll share this: these people are NOT stupid or incompetent. Quite the opposite. Which is why your idiotic demand is even more stupid than it appears at first glance, and it’s pretty stupid at first glance.
Everyone keeps trying to claim Kaspersky has ties to the Russian government and that the company has to do whatever the government tells them to do. This is absolutely false.
Kaspersky is NOT located in Russia. It has one brick office building in Russia, that is all. Mr. Kaspersky moved the entire company to Switzerland years and years ago because customers were concerned about this. He wanted to prove that they were in safe hands and could trust his company.
Additionally, he denied ever having any contact with Putin. “Yes, I did work for the KGB at the same time as Mr. Putin but I never worked in the same department with him, nor had any contact with him beyond passing him in the hall a few times where we exchanged formal pleasantries, nothing more.”
The fact that Kaspersky would consider this an acceptable solution for anyone really just gives the accusers more credibility.