Kaspersky allegations: is cyber security stronger for false positives?

Eugene Kaspersky

"Kaspersky Lab tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees."

So runs an exclusive run by Reuters, which claimed CEO and co-founder Eugene Kaspersky himself ordered some of the attacks as a covert, and rather underhand, way of fighting back against smaller antivirus companies encroaching on his company's turf.

According to one of the two former employees who provided the information to Reuters, "it was decided to provide some problems [for rivals]", but, they argued, such actions are "not only damaging for a competing company but also damaging for users' computers".

AVG and Microsoft, among others, had previously noted a campaign of creating so-called 'false positives', but had never pointed the finger at any particular culprit. Indeed, all competitors are being either circumspect in their response to the allegations, or are not commenting at all.

As for Kaspersky Lab, its CEO has hit out in a blog post, claiming the Reuters report is a complete fallacy.

"The article, filled with sensational -- false -- allegations, claims Kaspersky Lab (KL), creates very specific, targeted malware, and distributes it anonymously to other anti-malware competitors, with the sole purpose of causing serious trouble for them and harming their market share," said Eugene Kaspersky.

"Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous ... the reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction," he added.

It is clear that Kaspersky feels both he and his company have been victimised and are being portrayed as the evil, scheming Russian baddies of Cold War fiction.

After all, this is not the first time "anonymous sources" have claimed Kaspersky Lab has been acting maliciously; earlier this year, Bloomberg claimed the company was in cahoots with the Kremlin (which is a little ironic, given what American tech firms are now known to have handed over to the NSA).

But is it all bad? Despite potentially causing a loss of trust between antivirus firms, could the events these claims centre around ultimately make the sector stronger?

Maybe.

The allegations largely focus around a period between 2012 and 2013, when anti-virus programs, including Kaspersky Labs' own, started flagging legitimate files as malicious.

This happened because an unknown actor was slightly modifying these files and flagging them to VirusTotal - a database of malware discovered by researchers that many anti-virus companies work from when creating their own databases.

This meant that, increasingly, software created by security firms, including Microsoft, AVG and Kaspersky Lab itself, was detecting and blocking genuine programs and data that it considered malicious.

A closed-door meeting between all the major industry players ironed sought to iron this issue out, and was quite effective.

And it had another knock-on effect, too.

Companies became less trusting in databases and more likely to do additional research into programs entered as malware. A lack of trust may not seem like a good thing, but blind faith certainly isn't helpful either.

Ultimately, this saga, whoever was behind it, may have made things better for consumers, and more difficult for malware authors.

Was Kaspersky Lab behind the false positives? Was Kaspersky himself at the helm giving orders to scupper rivals? We have no proof either way, but my gut says no.

Like many others in both journalism and cyber security, I am wary of the Reuters claims due to the underlying essence of smear that taints them. What's really going on? Who knows an effort to muddy the waters for some reason, someone with a vendetta against the company, a complete misunderstanding of the work Kaspersky Lab has done in the area, notably in 2010 these are all possibilities.

It is also possible that the firm really is the evil empire, we just don't know. But, when it comes to anonymous sources, it's always worth adding a little pinch of salt when you imbibe the story.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.