Kaspersky allegations: is cyber security stronger for false positives?

Kaspersky Lab is accused of trying to undermine its competition, but increased alertness may be a good thing

"Kaspersky Lab tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees."

So runs an exclusive run by Reuters, which claimed CEO and co-founder Eugene Kaspersky himself ordered some of the attacks as a covert, and rather underhand, way of fighting back against smaller antivirus companies encroaching on his company's turf.

According to one of the two former employees who provided the information to Reuters, "it was decided to provide some problems [for rivals]", but, they argued, such actions are "not only damaging for a competing company but also damaging for users' computers".

AVG and Microsoft, among others, had previously noted a campaign of creating so-called 'false positives', but had never pointed the finger at any particular culprit. Indeed, all competitors are being either circumspect in their response to the allegations, or are not commenting at all.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

As for Kaspersky Lab, its CEO has hit out in a blog post, claiming the Reuters report is a complete fallacy.

"The article, filled with sensational -- false -- allegations, claims Kaspersky Lab (KL), creates very specific, targeted malware, and distributes it anonymously to other anti-malware competitors, with the sole purpose of causing serious trouble for them and harming their market share," said Eugene Kaspersky.

"Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous ... the reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction," he added.

It is clear that Kaspersky feels both he and his company have been victimised and are being portrayed as the evil, scheming Russian baddies of Cold War fiction.

After all, this is not the first time "anonymous sources" have claimed Kaspersky Lab has been acting maliciously; earlier this year, Bloomberg claimed the company was in cahoots with the Kremlin (which is a little ironic, given what American tech firms are now known to have handed over to the NSA).

But is it all bad? Despite potentially causing a loss of trust between antivirus firms, could the events these claims centre around ultimately make the sector stronger?

Advertisement - Article continues below

Maybe.

The allegations largely focus around a period between 2012 and 2013, when anti-virus programs, including Kaspersky Labs' own, started flagging legitimate files as malicious.

This happened because an unknown actor was slightly modifying these files and flagging them to VirusTotal - a database of malware discovered by researchers that many anti-virus companies work from when creating their own databases.

This meant that, increasingly, software created by security firms, including Microsoft, AVG and Kaspersky Lab itself, was detecting and blocking genuine programs and data that it considered malicious.

Advertisement
Advertisement - Article continues below

A closed-door meeting between all the major industry players ironed sought to iron this issue out, and was quite effective.

And it had another knock-on effect, too.

Advertisement - Article continues below

Companies became less trusting in databases and more likely to do additional research into programs entered as malware. A lack of trust may not seem like a good thing, but blind faith certainly isn't helpful either.

Ultimately, this saga, whoever was behind it, may have made things better for consumers, and more difficult for malware authors. 

Was Kaspersky Lab behind the false positives? Was Kaspersky himself at the helm giving orders to scupper rivals? We have no proof either way, but my gut says no.

Like many others in both journalism and cyber security, I am wary of the Reuters claims due to the underlying essence of smear that taints them. What's really going on? Who knows an effort to muddy the waters for some reason, someone with a vendetta against the company, a complete misunderstanding of the work Kaspersky Lab has done in the area, notably in 2010 these are all possibilities.

It is also possible that the firm really is the evil empire, we just don't know. But, when it comes to anonymous sources, it's always worth adding a little pinch of salt when you imbibe the story.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020