ADVERTISEMENT

VideoProc Converter AI Anniversary Offer – Save 66% and Win Gifts Enhance your video/image quality faster with VideoProc Converter AI. It uses four AI models to upscale old photos, low-resolution footage, DVDs, anime, AIGC, and more, intelligently de-noising, fixing blurriness, and enhancing details like skin, hair, fur, and textures. Choose between two upscaling modes: “Fast” and “High Quality.” Plus, it’s a versatile solution for converting, compressing, downloading, editing, and recording videos. Take advantage of the 66% anniversary discount and exciting gifts!! The best budget-friendly AI video and image enhancer is now at its lowest price!

PUBLIC DEFENDER

By Brian Livingston • Comment about this article

The popular Kaspersky antivirus program quietly disabled itself on computers in the US last month, making millions of users fear malware had struck them.

The switcheroo was prompted by the US government banning Kaspersky Lab, a Russia-based company, from sending updates to American devices after September 29, 2024. Kaspersky had sent out an email — which many users didn’t read or felt was unclear — before its app shut down on September 19. Kaspersky then remotely installed on US computers a little-known antivirus alternative called UltraAV.

The US ban on security updates came after years of deeply embarrassing leaks of top-secret documents from the National Security Agency (NSA) and other intelligence services:

Figure 1. In this promotional image, Kaspersky states that it delivers 60,000 antivirus-signature updates per month to 400 million individual users in some 200 countries. Source: Kaspersky Lab

Troubles began for Kaspersky after NSA researchers concluded that a vulnerability in the AV app had allowed Russian government coders to access the files of the unnamed contractor in 2015.

“The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab,” WSJ wrote in its 2017 article.

I asked Kaspersky Lab for an official response to these allegations. A spokesperson in the company’s London office, where the corporation is domiciled, replied to my questions as follows:

Has anyone shown any “back door” in Kaspersky software that could have allowed hackers to access a US defense contractor’s home computer?

No. Kaspersky does not include any undeclared capabilities in its products, because such activity would be illegal. We have never received any such requests and will not address them, should they emerge in the future. Where applicable, Kaspersky is ready to present the source code of its products for review. In addition, Kaspersky has been running a Bug Bounty Program, offering security researchers an opportunity to search for security bugs in our products in exchange for a bounty. Alongside everything mentioned above, the process of obtaining licenses for the development of software for information security involves our products being examined by regulators for undeclared features (backdoors).

Does Kaspersky Lab deny that there was such a vulnerability — one that would have allowed a hacker to remotely access a user’s home computer?

As mentioned above, Kaspersky does not include any undeclared capabilities in its products. We regularly receive the ISO/IEC 27001:2013 certification, showing our commitment to strong data security, and that Kaspersky’s Data Service is in full compliance with industry leading practices. We regularly pass the SOC 2 audit to confirm that Kaspersky’s AV bases are protected from unauthorized changes by strong security controls.

The absence of known Kaspersky vulnerabilities may be true today. But a Russian exploitation of the company’s network servers was confirmed a few years ago by independent sources:

Kaspersky Lab didn’t detect Israel’s eavesdropping on its server until mid-2015. Far from denying the Russian intrusion, Kaspersky issued a seven-page public report (PDF) acknowledging it. The company attributed the exploitation of its systems to a variation of the so-called Duqu virus. “We believe this is a nation-state sponsored campaign,” Kaspersky Lab’s report said.

Bad actors’ malicious use of an AV program’s update mechanism to remotely execute hacker code is a potential danger for every security company.

“Antivirus is the ultimate back door,” the Times quoted Blake Darché of Area 1 Security as saying. “It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”

In the US, restrictions on Kaspersky apps began with baby steps, rising gradually to a total ban:

The Commerce Department justified its complete ban on Kaspersky updates by stating, in part: “Kaspersky is subject to the jurisdiction, control, or direction of the Russian government, a foreign adversary.”

Whether the Kremlin would ever order Kaspersky executives in Moscow to insert remote-execution code into its AV updates — or has already done so — is a subject of hot debate within security circles.

What we know for sure is that numerous Western countries, in addition to the US, have restricted the Russian company’s software in the past few years. The European Union issued a report in 2018 that said Kaspersky Lab was “confirmed as malicious.” For details, see a Wikipedia article: Kaspersky and the Russian government.

An antivirus program without daily updates of new malware signatures would be worse than useless. Instead of simply halting the company’s updates, therefore, Kaspersky chose to disable its AV software and install an alternative app that wasn’t being banned.

Unfortunately, the company put out the most conflicting and confusing notifications to users that you can imagine.

In early September 2024, Kaspersky Lab sent to US users an email similar to the message shown at left. (Larger image at Reddit user Chrisboy265’s post.)

Although many Kaspersky users have commented that they never saw such an email, it would certainly have clouded the waters for them if they had.

The email reads, in part: “In the coming days, you will be receiving communications from UltraAV with instructions on how to activate your new account. We’re confident that you’ll enjoy the enhanced protection and features UltraAV offers.”

The message was wrong. Users received no instructions from UltraAV about activation. Instead, as numerous former Kaspersky customers have reported, their installed antivirus program simply stopped working one night and UltraAV was running in its place. No activation was required. (Also, if Kaspersky’s own VPN had previously been installed, UltraVPN was now operating in its place.)

Some Kaspersky subscribers saw an in-app notification like the one at lower left. “In order to deliver continued protection, your Kaspersky service will soon be moving to UltraAV,” it said. “Upon transition, UltraAV protection will be automatically activated on your device. No action is required.”

The “no action” part, at least, turned out to be correct. But, for heaven’s sake, neither the email nor the in-app notice said anything about the date and time when the transition would take place! That’s why even people who had paid attention to the messages were shocked — and suspected that their computer had been infected by a virus — when the Kaspersky antivirus program suddenly no longer worked and an obscure, practically unknown app was taking its place.

To add insult to injury, there was also no information in these notifications about possible alternatives to UltraAV. What if a subscriber wanted to switch to a completely different antivirus program — perhaps one that had been extensively tested by independent third parties and was highly rated by respected reviewers?

Kaspersky Lab seemed to be saying to its millions of users in the US, “You’re on your own.”

The complaints flowing from angry customers are perhaps best read, ironically, at Kaspersky’s own support forum. Start with the comments on Page 2 of the forum’s UltraAV topic. You can easily navigate to earlier and later posts, if that page isn’t enough to give you the general idea.

By all accounts, UltraAV is a legitimate antivirus program and not a hack attack. But it’s easy to understand why many users immediately came to the conclusion that UltraAV was some kind of malware:

With all the suspicion around Kaspersky Lab’s Kremlin connections, its precarious business model will only get worse over time, not better. If you formerly used Kaspersky AV, my recommendation is that you choose a different, highly rated antivirus program. But before installing a new AV, you must uninstall Kaspersky’s software — its files are still on your machine, even if they’re currently dormant — and uninstall UltraAV.

The following reviews rate the best antivirus programs, including both paid and free offerings:

Once you’ve selected a new security program, take the following steps to switch to it:

Whew! Something so basic as protecting your computer from viruses can get so complicated.

Stay safe out there! And watch for my October 21, 2024, column on using Microsoft Defender as your primary antivirus app.

		Contribute your thoughts in this article’s forum!
		Do you know something we all should know? Send your story to Brian in confidence!

The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the fintech book Muscular Portfolios.

ADVERTISEMENT
	Tech Brew Join the over 400K people reading Tech Brew – the free 3x/week email delivering the latest updates on the technology changing the business world. Check it and start getting smarter today! Try it!

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox Four bonus issues per year, with original content MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Special Plus Alerts, delivered to your inbox Access to the complete archive of nearly two decades of newsletters Identification as a Plus member in our popular forums No ads We’re supported by donations — choose any amount of $6 or more for a one-year membership.