Kaspersky allegations: is cyber security stronger for false positives?

Kaspersky Lab is accused of trying to undermine its competition, but increased alertness may be a good thing

"Kaspersky Lab tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees."

So runs an exclusive run by Reuters, which claimed CEO and co-founder Eugene Kaspersky himself ordered some of the attacks as a covert, and rather underhand, way of fighting back against smaller antivirus companies encroaching on his company's turf.

Advertisement - Article continues below

According to one of the two former employees who provided the information to Reuters, "it was decided to provide some problems [for rivals]", but, they argued, such actions are "not only damaging for a competing company but also damaging for users' computers".

AVG and Microsoft, among others, had previously noted a campaign of creating so-called 'false positives', but had never pointed the finger at any particular culprit. Indeed, all competitors are being either circumspect in their response to the allegations, or are not commenting at all.

As for Kaspersky Lab, its CEO has hit out in a blog post, claiming the Reuters report is a complete fallacy.

"The article, filled with sensational -- false -- allegations, claims Kaspersky Lab (KL), creates very specific, targeted malware, and distributes it anonymously to other anti-malware competitors, with the sole purpose of causing serious trouble for them and harming their market share," said Eugene Kaspersky.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous ... the reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction," he added.

It is clear that Kaspersky feels both he and his company have been victimised and are being portrayed as the evil, scheming Russian baddies of Cold War fiction.

After all, this is not the first time "anonymous sources" have claimed Kaspersky Lab has been acting maliciously; earlier this year, Bloomberg claimed the company was in cahoots with the Kremlin (which is a little ironic, given what American tech firms are now known to have handed over to the NSA).

But is it all bad? Despite potentially causing a loss of trust between antivirus firms, could the events these claims centre around ultimately make the sector stronger?

Advertisement - Article continues below

Maybe.

The allegations largely focus around a period between 2012 and 2013, when anti-virus programs, including Kaspersky Labs' own, started flagging legitimate files as malicious.

This happened because an unknown actor was slightly modifying these files and flagging them to VirusTotal - a database of malware discovered by researchers that many anti-virus companies work from when creating their own databases.

This meant that, increasingly, software created by security firms, including Microsoft, AVG and Kaspersky Lab itself, was detecting and blocking genuine programs and data that it considered malicious.

A closed-door meeting between all the major industry players ironed sought to iron this issue out, and was quite effective.

And it had another knock-on effect, too.

Companies became less trusting in databases and more likely to do additional research into programs entered as malware. A lack of trust may not seem like a good thing, but blind faith certainly isn't helpful either.

Advertisement - Article continues below

Ultimately, this saga, whoever was behind it, may have made things better for consumers, and more difficult for malware authors. 

Was Kaspersky Lab behind the false positives? Was Kaspersky himself at the helm giving orders to scupper rivals? We have no proof either way, but my gut says no.

Like many others in both journalism and cyber security, I am wary of the Reuters claims due to the underlying essence of smear that taints them. What's really going on? Who knows an effort to muddy the waters for some reason, someone with a vendetta against the company, a complete misunderstanding of the work Kaspersky Lab has done in the area, notably in 2010 these are all possibilities.

It is also possible that the firm really is the evil empire, we just don't know. But, when it comes to anonymous sources, it's always worth adding a little pinch of salt when you imbibe the story.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement
Advertisement

Recommended

Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020