Using Antivirus Software And The Risk Of Abuse By Nation States

Malware Download

Over the last few months there has been an ongoing “dispute” between the US Government & Russian based Antivirus company Kaspersky Labs. This is based on the belief that Kaspersky is capable of spying on Government computers running their software on behalf of the Russian Government.

Now This week the UK Government have jumped on the bandwagon and issued warnings [1] [2] [3] that Government Departments should not use Kaspersky Software or any other Antivirus based in Russia.

Lets take a look at why there is a concern:

For it to work, anti-virus software like that sold by Kaspersky Labs and every other Antivirus requires extensive access to files on computers and networks to scan for malicious code.

It also requires the ability to communicate back to the company in order to receive updates and share data on what it finds.

However, the concern is that this could be used by the Russian (https://www.ncsc.gov.uk/information/letter-permanent-secretaries-regarding-issue-supply-chain-risk-cloud-based-products) state for espionage.
Lets take this to a logical conclusion.

If you read Ian Levy’s blog (https://www.ncsc.gov.uk/blog-post/managing-supply-chain-risk-cloud-enabled-products) post ( Technical Director, National Cyber Security Centre), this quote jumps out at me instantly
Lots has been said about antivirus (AV) products of late. To be able to do its job, any AV product needs lots of access to your machine, and you have to trust the AV developers to:

Lots has been said about antivirus (AV) products of late. To be able to do its job, any AV product needs lots of access to your machine, and you have to trust the AV developers to:

  • write secure code that can’t be compromised
  • protect their development network from attack
  • ensure that virus signatures don’t break your system

An AV product also has to be in almost constant communication with the vendor’s systems, and this access could (in theory) be abused by someone in the company that supplied it, regardless of where they’re headquartered.

OK lets follow this through with current real world situations.

Yes, there is absolutely no doubt that Russia is spying on UK and also no doubt that UK will be spying on Russia. All Governments always spy on each other and always will do.

However Russia at this time is not ( in my opinion) a major threat to UK National Security, Trade and is unlikely to be a major military threat. The much higher risks are currently coming from our friends and allies in EU and USA.
The UK is currently involved in very difficult negotiations about Brexit, with complete intransigence on both sides. We also are having several trade & political disputes with the current US administration.

My view is that there is a much higher risk of spying and information leakage from UK based computers to Antivirus companies based in USA or Europe than from Russia. And that hasn’t even taken into account Microsoft Windows where there are always allegations( and always denied) that the US NSA and other bodies have persistent backdoors into Microsoft and use that information to the advantage of USA in trade & political matters.

If Kaspersky can “theoretically” exfiltrate confidential information and make it available to the Russian Government, so can every US or EU based Antivirus ( or computer Operating System, like Windows, Android, Linux or Apple) do exactly the same and deliver the “stolen or leaked” information to a Government that we ( the UK) are currently in dispute/discussion with to their advantage.

Looking at it logically, you have to decide if you trust your Antivirus or other Security Software to protect you against the major threats we all come up against everyday. That is Viruses, Trojans, Worms, Phishing, Ransomware where all your files are locked and encrypted to prevent access, etc.

While Government computers and information systems in UK need a high level of protection, they need protection against the real threats not a theoretical risk that has never been proved or even seen by the majority of people as a risk.

To take it to its logical conclusion, the only way to prevent spying via an Antivirus product sending information back to its home base is not to use an Antivirus at all. That is obviously totally impractical and extremely dangerous in the real world.

In the real world, there is more of risk to EVERYBODY, including UK Government departments from compromised hardware coming from factories in China, where we have no way of knowing if a permanent backdoor has been built into the computer, mobile phone, tablet, TV or other device.

The days of physical borders, fences and barriers have long gone. We are in connected world and barriers don’t exist. Something typed on a computer or mobile phone in UK is delivered to USA, Europe, Russia, China or any other country in the world in less than 1 second.

I continue to consider Kaspersky (https://amzn.to/2trMMSN) as one of the best Antiviruses to protect a computer, along with Eset Antivirus, Emsisoft (and the inbuilt default Windows Defender when used on Windows 10 )

Total
1
Shares
Leave a Reply

Your email address will not be published.

Related Posts