You Don't Still Have Kaspersky Software On Your Computer, Do You?

I'm an Apple guy. But, I swear, every time I get an automatic update notice I think about 1984 and Ed Snowden and wonder how easy it is for Big Brother to read everything on my computers. That said, you'd have to be out of your mind to have any Kaspersky software on your computer. Right? Staples seems to think so. This week they decided to pull Kaspersky software off their shelves. You can still buy their stuff on Amazon but Best Buy, Office Max and Office Depot also stopped selling it. The U.S. government has instructed all government agencies to find alternatives to Kaspersky software, something they probably should have done many years ago.

Israeli intelligence caught Moscow using Kaspersky software to spy worldwide. Whowould have imagined anything else from them? (And yes, I assume the U.S. does the same thing with American software companies.)

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

...The Wall Street Journal reported last week that Russian hackers had stolen classified N.S.A. materials from a contractor using the Kaspersky software on his home computer. But the role of Israeli intelligence in uncovering that breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed.

Consumer Reports decided to look at what all this means to consumers. "Kaspersky security software affects millions of computer users around the world," they reported, "according to the company’s marketing materials. Even though consumers apparently weren’t the main targets, it seems that many home computers may have been searched for information of potential interest to Russian spy agencies."

It’s not clear whether Kaspersky software poses a threat to consumers’ computers, but security experts, including those who used to work for the U.S. government, say there is reason for concern.

“It’s a big deal,” says Blake Darché, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. “For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn’t recommend running Kaspersky.”

By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server.

“One of the things people don’t realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting,” says Chris O’Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria. “As a consumer you have to think ‘What am I giving away when I sign up and use this software?’”

Consumer Reports included Kaspersky Internet Security 2017 in its testing of antimalware packages, and the product did well in such tasks as blocking access to phishing sites and protecting PCs from malware loaded on devices plugged into USB ports. We have not independently tested the software for its vulnerability to this kind of attack. Consequently, we have not changed its recommended status in our ratings. However, we will continue to monitor this developing story.

Consumer Reports is currently devoting more resources to security testing and is working with outside partners to develop better standards for digital products.

Consumers who use Kaspersky products now but would like to make a change have a number of options. Consumer Reports recommends security packages from several companies, including AVG, Avira, G Data, and Symantec.

In the past, it could be difficult to uninstall antimalware software, but that’s no longer true, according to Consumer Reports tester Rich Fisco. “You run the uninstaller, wait for it to say that it’s done, and then reboot your computer.” Fisco notes that Windows Defender Antivirus, which is built into Windows 10, is a different story: “You can disable it, but you can’t uninstall it.”

Some laptops come preloaded with Kaspersky antivirus software. With these machines you uninstall the software the same way. However, O'Rourke says, if you ever reinstall the operating system from a disk or USB recovery drive, it’s likely that the Kaspersky software would be reinstalled along with the rest of the operating system.

...Office Max and Office Depot... offered to uninstall Kaspersky software free of charge, regardless of where it was purchased, run a virus scan on the computer, and replace the software with McAfee LiveSafe antivirus software with a year’s license free.

Congress wants answers. Unfortunately, the committee with jurisdiction is the House Science and Technology Committee, headed by anti-science, pro-Putin crackpot Lamar Smith (R-TX) and he will hold Kaspersky hearings starting October 25. He's already blaming Obama. Smith: "The Committee’s future hearings will determine what led the previous administration to include Kaspersky products on the government-approved purchasing schedule, how much risk Kaspersky’s compromised products exposed the federal government to, and how the cybersecurity framework should be adjusted to prevent future intrusions."