Kaspersky allegations: is cyber security stronger for false positives?

Kaspersky Lab is accused of trying to undermine its competition, but increased alertness may be a good thing

"Kaspersky Lab tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees."

So runs an exclusive run by Reuters, which claimed CEO and co-founder Eugene Kaspersky himself ordered some of the attacks as a covert, and rather underhand, way of fighting back against smaller antivirus companies encroaching on his company's turf.

According to one of the two former employees who provided the information to Reuters, "it was decided to provide some problems [for rivals]", but, they argued, such actions are "not only damaging for a competing company but also damaging for users' computers".

AVG and Microsoft, among others, had previously noted a campaign of creating so-called 'false positives', but had never pointed the finger at any particular culprit. Indeed, all competitors are being either circumspect in their response to the allegations, or are not commenting at all.

As for Kaspersky Lab, its CEO has hit out in a blog post, claiming the Reuters report is a complete fallacy.

"The article, filled with sensational -- false -- allegations, claims Kaspersky Lab (KL), creates very specific, targeted malware, and distributes it anonymously to other anti-malware competitors, with the sole purpose of causing serious trouble for them and harming their market share," said Eugene Kaspersky.

"Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous ... the reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction," he added.

It is clear that Kaspersky feels both he and his company have been victimised and are being portrayed as the evil, scheming Russian baddies of Cold War fiction.

After all, this is not the first time "anonymous sources" have claimed Kaspersky Lab has been acting maliciously; earlier this year, Bloomberg claimed the company was in cahoots with the Kremlin (which is a little ironic, given what American tech firms are now known to have handed over to the NSA).

But is it all bad? Despite potentially causing a loss of trust between antivirus firms, could the events these claims centre around ultimately make the sector stronger?

Maybe.

The allegations largely focus around a period between 2012 and 2013, when anti-virus programs, including Kaspersky Labs' own, started flagging legitimate files as malicious.

This happened because an unknown actor was slightly modifying these files and flagging them to VirusTotal - a database of malware discovered by researchers that many anti-virus companies work from when creating their own databases.

This meant that, increasingly, software created by security firms, including Microsoft, AVG and Kaspersky Lab itself, was detecting and blocking genuine programs and data that it considered malicious.

A closed-door meeting between all the major industry players ironed sought to iron this issue out, and was quite effective.

And it had another knock-on effect, too.

Companies became less trusting in databases and more likely to do additional research into programs entered as malware. A lack of trust may not seem like a good thing, but blind faith certainly isn't helpful either.

Ultimately, this saga, whoever was behind it, may have made things better for consumers, and more difficult for malware authors. 

Was Kaspersky Lab behind the false positives? Was Kaspersky himself at the helm giving orders to scupper rivals? We have no proof either way, but my gut says no.

Like many others in both journalism and cyber security, I am wary of the Reuters claims due to the underlying essence of smear that taints them. What's really going on? Who knows an effort to muddy the waters for some reason, someone with a vendetta against the company, a complete misunderstanding of the work Kaspersky Lab has done in the area, notably in 2010 these are all possibilities.

It is also possible that the firm really is the evil empire, we just don't know. But, when it comes to anonymous sources, it's always worth adding a little pinch of salt when you imbibe the story.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021