Kaspersky is now banned for government use in multiple nations. Whilst there is some good work happening there, as above, for the most part, they should be considered a state actor for Russia.
That usually means that they're a threat, and these small good tokens are nothing more than PR efforts.
You can't avoid politics, when considering this company.
All cyber security companies should be considered state actors. Even if they currently aren't it's too easy for a state to coopt them.
If you build an antivirus software today, and tomorrow you get a secret court order to ignore certain malware for "national security" what are you going to do? What if it's a request to include a small binary payload in return for a lucrative government contract, with implied threats of what happens if you leak the request? You can decide not to do it and just shut down, but then the only ones left on the market are the ones that complied.
If you do cyber security for more than just compliance, evaluating the software providers against your threat model was always an important step. Whether that means avoiding American, Chinese or Russian software. In the threat model of a Western government agency, Russian software should have have been off limits since the 50s (even if Kaspersky tries to tell you they are not Russian at all).
That still doesn't mean their work is any less interesting or praiseworthy. Just like how you know NASA landed on the moon because Roscomos didn't dispute it, Kaspersky can do work and offer perspectives that might be more difficult for similarly sized western cyber security companies.
Australia's Assistance and Access Orders (TAN, TCN, etc.) [0] basically allow the government to order mandatory backdoors into various software. They do have some oversight, but it isn't significant. They can order any employee, not just the company.
The wording is also... Squirelly. You can't introduce a weakness, but the definition of weakness excludes the entire concept of backdoors.
However, Technical Capability Notices can be ordered where:
> reasonable, proportionate, practicable and technically feasible
The employee/company can push back and argue one of those isn't met, but ultimately it is the office of the Governor General that decides.
So far, it has basically only be used against journalists [1], as far as we know, which is nice and horrific.
Maybe don't put too much into the word "court order", but instead interpret it as an order from the government to force the company to use the tool for the governments/country's benefit.
One could also assume that the owners and/or management of the company are in the same boat as the government/country so they do not mind using the tool for the country's benefit when needed.
It is not very fair singling out Kaspersky and assuming that other AV companies are not a threat to foreign countries. Foreign software and hardware is always a threat. And US was caught spying even on their allies.
> The US, while hardly benign, have not orchestrated multiples of "largest attack in history"
You must be using a very personal interpretation of what "largest attack in history" is.
The US is literally the owner and operator of the largest surveillance and intelligence collecting apparatus in the history of mankind. I bundle in here all kinds of legal and illegal surveillance, interceptions, hacking, etc. directly state run, or leveraging other intelligence agencies, or leveraging the largest private data collectors in the world which are mostly US companies. It was already proven by the Snowden leaks, it's absolutely reasonable to assume this apparatus only grew stronger.
If that's not a never ending "largest attack" on everyone in the world I don't know what is.
You can't ignore this fact: The US and Australia partner on Pine Gap, which violates the human rights of literally billions of human beings every single second of the day.
Russia and China have a long way to go to catch up.
Sorry, but that's crazy exaggeration. Calling snooping "violation of human rights of literally billions of human beings" just because "privacy" gets a mention in the UNDHR doesn't make it as bad as anything Russia and China have done lately. And that's not even touching upon what "privacy" would mean that that declaration.
Privacy is a key human right that should not be abrogated by the state, ever.
Fundamentalist-authoritarian chauvinism for your own state is no justification for these human rights violations - assuming of course you are a citizen subject of the criminal 5-eyes alliance ... If you cannot imagine it being okay for other states to harvest your data, you should not be okay with your state doing it, either.
You know why? Because violating your privacy without recourse is how states ramp up to commit genocide and other atrocious crimes against human beings, whether their citizens or otherwise, by a process through which the states ruling classes deem their victims inferior and thus subject to attention by further repressive state apparatus.
Mass harvesting billions of human beings data every single second of the day, without their permission, is therefore a heinous crime against humanity and a massive violation of human rights at scale - especially when its being done by a violent, belligerent state with the blood of literally millions of human beings lives on its hands. Or do you really think that China and Russia have murdered as many civilians as the USA and its minion states have done, this century, in one illegal war after another?
With the Pine Gap apparatus, the USA is primed with information about who to target in its victim states. It is a key method by which effective mass murder can be manifested in illegal wars - of which, the USA is the undisputed leader, this century.
Just by way of a single example - the Holocaust was made feasible by the mass harvesting of private citizens' data by IBM. Is this not well understood, today?
Would you be 'okay' with Russia and China operating their own Pine Gap, since "its no big deal to 'just be snooping a little (a lot of) data'"? Would you be 'okay' with your own state knowing absolutely everything about you without your knowledge or control, now .. or in the future, when perhaps your political attitude changes as you grow older?
You most likely wouldn't be happy with China and Russia doing this, even though they have not murdered as many innocent human beings on the basis of lies in one illegal war, after the other, as the USA and its war-crime committing cohorts have.
> Privacy is a key human right that should not be abrogated by the state, ever.
Nonsense. The state definitely has the right to seek out criminal and undermining elements. Better, a democratic state has the obligation to do so.
> Would you be 'okay' with Russia and China operating their own Pine Gap
They do. And there's nothing I can do against it.
> even though they have not murdered as many innocent human beings on the basis of lies in one illegal war, after the other, as the USA and its war-crime committing cohorts have.
Oh dear, aren't we rabidly anti-West today? I wonder how you square that with your "Privacy is a key human right that should not be abrogated by the state, ever." stance.
> Or do you really think that China and Russia have murdered as many civilians as the USA and its minion states have done, this century, in one illegal war after another?
Why the sudden switch to "this century"? Your argumentation is switch-and-bait throughout. But China probably has perhaps already murdered more Uygurs, and if we add its "minion" Myanmar, they'll top it.
>The state definitely has the right to seek out criminal and undermining elements.
It has the responsibility to do so without violating its citizens human rights.
What you are describing is fascism - the totalitarian-authoritarian elevation of the state over the individual.
>I wonder how you square that with your "Privacy is a key human right that should not be abrogated by the state, ever." stance.
What needs to be squared? This is non-sequitur.
>Why the sudden switch to "this century"?
There was no 'sudden switch' - its a fact that in the past 25 years, Western forces have murdered at massive scales more innocent human beings than any other state or entity.
Why do you defend criminal acts (violating human rights) and minimize mass murder? Are you in the 'might makes right' misanthrope camp?
Or it means that the original bans were primarily instituted because of myopic geopolitics and not because of any meaningful threats. In particular US ire towards Kaspersky grew rapidly after it was the only antivirus that picked up on NSA/'equation group' malware.
It's similar how the US banned all cooperation with China in space [1] because of some tropes about them being unable to do anything except steal American tech. That's why, to this day, there are no Chinese on the ISS. After that law China proceeded to develop, launch, and man their own space station, put a rover on Mars, and even carry out an unprecedented sample return mission from the dark side of the Moon, and just generally run circles around the US (except perhaps SpaceX) in space. Interestingly US researchers may not be able to access those Moon samples (which China shared with scientists worldwide) due to this stupid law.
Regardless what the original story behind the Kaspersky ban was, if you genuinely don't think that a Russian antivirus company represents a state-controlled threat to US organisations, public and private, in 2025 then I don't know what to say to you.
I think the more prudent approach in the modern age is to simply assume that all states control organizations within their midst with the intention of posing a threat to citizens - foreign and domestic - and a misplaced trust in ones own state above all others is not only naive, but super dangerous.
If you're not holding your own government to the standards you apply to other states, you're putting yourself in danger.
Especially given the fact that the USA and its partners operates the largest, by far, information gathering/human rights abusing apparatus with well-known subversive purposes, by a long margin..
I agree with this, but would extend the distrust to all concentrations of power. Supremely wealthy corporations and individuals, although on their own lacking the state’s monopoly on violence, eventually co-opt the state through regulatory capture or other means (although they can ruin lives even without the state’s power). See Elon Musk for a particularly vivid contemporary example.
This is clear, long before Elon Musk came along - although previously, these corporate-capture individuals have worked to hide their malign influence, and in Musks' case, he seems more inclined to make it obvious and open.
Although it has to be stated, I don't think Elon has been calling for the bombing of innocent human beings at the same rate as his predecessors.
After the initial US allegations they moved their infrastructure and customer data over to Switzerland intentionally leaving them subject to both EU and Swiss customer data protection laws, and also opened up various hubs to enable interested parties to review their source code on demand, if desired.
I don't think every Russian company is conspiring against the US anymore than I think every US company is conspiring against Russia. In this case there's a clear and malicious motive for the US to want to block them that has nothing to do with threats, and they've gone way beyond any sort of reasonable standard to make it clear they have no ill intentions whatsoever.
Of course the problem is that proving you're not a witch is basically impossible, which is why innocent until proven guilty is a standard across the world, except when it comes into geopolitics when allegations are proof, leaving the accused parties to prove a negative.
Not if US and Russia become “allies”. Then UK/EU companies will become a bigger “threat”.
It should go even further e.g. you don’t want ARM installing backdoors on their chips and giving hostile foreign organizations like the MI6 access to vital American infrastructure, intelligence data etc. do you?
It might be the time to consider switching to Elbrus or at least mandating that all devices used by US government agencies have to use Intel’s chips.
Increased collaboration between the Russian state and the American state is bad for the ordinary citizens of both — and for freedom-loving people in Ukraine, Europe, and everywhere else.
The US and Russia are the biggest nuclear powers in the world. Positive relations here are good for absolutely everybody. Positive relations do not mean one has to approve of the political system, ideology, or whatever else of the other side. See: Saudi Arabia which remained a key ally for many decades in spite of being wayyyyyy further off the spectrum (relative to the US) than Russia could ever be.
Overtly adversarial relationships trend towards violence, sooner or later, and that's not a path we ever want to go down.
The US has turned towards enabling Russia’s imperialist war, and the Pentagon article explains how it will unilaterally disarm in the face of Russian cyberwarfare, leaving Russian criminal groups to run rampant in Europe and even the US. Abetting conquest and criminality is not the sort of collaboration we should cheer.
Wars are largely started because of poor relations. The US overtly supported and encouraged an effort within Ukraine to overthrow a democratically elected president because he moving more towards Russia than the West. Russia then ended up invading Ukraine for fears of having NATO not only right on their doorstep, but right in their geographic Achille's Heel.
If the US and Russia were on good relations none of this would have happened, Germany's economy would still be booming, and just about everybody would be so much better off today. And no, the article does not say the Pentagon will "unilaterally disarm." It ordered a halt to offensive operations against Russia - e.g. the Russian government which is certainly going to be reciprocated. Criminal elements are a different topic, but I do expect as relations between US and Russia warm, they will no longer be looking the other way when these groups target the West.
The US overtly supported and encouraged an effort within Ukraine to overthrow a democratically elected president because he moving more towards Russia than the West. Russia then ended up invading Ukraine for fears of having NATO not only right on their doorstep, but right in their geographic Achille's Heel.
This war started when Ukraine's president Yanukovych, at the last minute and under Russian extortion, abandoned the EU-Ukraine trade agreement that would have opened up the EU for trade and other opportunities. This meant that Ukrainians could've easily seen their incomes grow by 3-4x in a short span of time, like other countries that entered deeper relations with the EU and eventually joined it saw.
Naturally, Ukrainians responded with massive protests, to which Yanukovych replied with increasing violence, culminating in 100 protesters being killed by police snipers. At that moment, Yanukovych lost the support of even his own party, fled to Russia out of fear of imminent imprisonment, and the Ukrainian parliament announced snap elections to replace him. The elections were held a few months later. Not many people would call general elections a "CIA coup".
NATO has nothing to do with it either, that's pure gaslighting. In the first few years after the initial invasion in 2014, Russia denied having any troops in Ukraine. According to Russia, the thousands of people equipped with Russian tanks, artillery, and air defense systems were merely local self-defense forces who had bought their equipment from military surplus stores. Russia claimed that Ukraine was in a civil war.
The narrative started shifting to blaming NATO only in the run-up to the full-scale invasion in 2022, when Russia abandoned the story that Ukrainians were fighting each other and needed a new justification for its massive surprise attack on all of Ukraine.
Bullshit, after Ruzzia invaded Ukraine in 2014 you still have the ability to pretend Ukrainians did not really want to join EU and NATO and USA, Israel and Illuminaty caused the Ukrainians to protest their president that promised the West and then betrayed the people by going East.
Typical Zed propaganda where Eastern Europeans are all brainwashed to hate the good, kind Ruzzian empire. if you are USaians then go and fix your history and stop consuming MAGA and Zed propaganda.
You're having an anachronism. The events in Crimea only came after 'their president' was overthrown, and were directly and indisputably caused by it. The reason I say 'their president' is because Crimea is majority ethnic Russian and before them it was Tatars. It's never been Ukrainian in ethnicity or even close to such. And the event that was exploited into a crisis point was Yanukovych signing an economic agreement with Russia instead of the EU.
The US wasn't just doings things behind the scenes. This [1] is John McCain at a rally in Kyiv. Imagine if during the BLM (or January 6th or whatever) protests/riots if China/Russia/etc had sent high level officials to overtly rally people to try to overthrow the government. It's a completely surreal sight if you really think about what you're seeing. The US is right there saying 'Yeah, we're gonna overthrow you in plain sight - try to do anything about it and you'll be wishing that's all that happened.' And if you think there was nothing going on behind the scenes on top of that stuff that overt in front of the cameras, then I'd say you're not arguing in good faith!
In any case, none of this happens with good relations. A simple agreement to economically save Ukraine shouldn't have been an adversarial East vs West thing, but just another agreement to the benefit of Ukrainians. But that poor country's strategic positioning, and easily exploitable nationalist minority, means it was doomed to inevitably just end up as little more than a rope being tugged on by two giants. The giants will be fine regardless of what happens - it's just the rope that ends up in tatters.
Fck what about
Ukraine borders are recognized by Ruzzia but they invaded Ukraine
then they signed peace and invaded again
I don't give a shit what USA idiots said, if the people of Ukraine want in EU and NATO like their neighbors Poland, Romania, Hungary then why should a failed empire object.
You imply that USA brainwashed the Ukrainians, they instigated this.
Can't you use your brains? Can you see Ruzzians killing, raping, torturing their "brothers" ? It is obvious that for an ethnic Ruzzian genociding Polish, Romanians or Ukrainians is the same , they have no value for what we actually want.
We all want EU and NATO to be free of USSR/Ruzzian empire
the Ruzzians want their empire back,
Ruzzia has nukes so the bullshit that NATO extens because they want to invade Ruzzia and steal their shit is stupid , use your brain
EU bought shit from Ruzzia, EU tried to get peace with the empire by making bussiness relations, EU had not plants to invade and steal Ruzzian lands .
There was ZERO risk for Ruzzia to get invaded, it is the same with the other wars Putin started, it is all geopolitics and many Zeds agree with it and make fun of us smaller country by claiming that this is how the world works, big empires screw the small countries.
>There is a lot to criticize the US for, but it is nowhere close to being a failed empire yet.
At least we can agree Ruzzia is failed empire, no words on that part from KGB
I am happy I found an agent that is not flagging or reporting me then goes to tell his mom how big of a hero he is.
I am not implying in any way that Ukrainians are brainwashed. The main weapon that the US uses against geopolitical adversaries is to take some organic issue, the sort which exist in every single country (including the US), and exploit it as much as possible to try to turn a small spark into a blazing inferno. If we didn't need to have McCain go speak in Ukraine to keep that fire burning - we wouldn't have. The optics are bad, it makes a mockery of any notion of not meddling in other democracies, and you can no longer dismiss direct involvement as just some conspiracy, as you initially tried to.
The reasons countries don't want geopolitical adversaries on their doorstep is because superpowers have an unspoken (well.. sometimes spoken [1]) 'sphere of influence' that is not to be touched. If Mexico signed a military agreement with Russia that involved them establishing forces there - we would be invading imminently. In fact this is exactly what the Cuban Missile Crisis [2] was about. Ukraine (and Taiwan) are not even just proxy wars between the US and Russia/China, but rather they're a proxy war against hegemony. Does the US have the right to setup right on Russia's front door? How about China's?
So the one thing I would agree with you is that indeed - the world remains one of the strong picking on the weak. And the last place you ever want to be is caught in the middle of a turf war between two giants. The world would be vastly better for everybody if those giants instead existed in collaboration, or at least healthy competition. One trying to dominate the other is only likely to hurt those caught in the middle. Because if the two giants ever came to unrestrained blows, the entire world would burn.
This is still bullshit
if some EU official comes and speaks in Romania then all the Zeds and MAGAs will claim that all Romanians votes are now invalid and we are actually brainwashed.
You guys need to accept the real reality, none of Ruzzian neighbors want to be part of Ruzzia, NONE . Everyone inteligent person is leaving Ruzzia, people in neighboring countries go in EU or West and not Ruzzia.
We know better what Ruzzians are capable of, and we know better what we want, no visit from an USaian or Soros can overnight change our minds.
I see this with Ruzzians that are USSR nostalgic, they actually think that Moscowites sacrificed their wealth to help everyone else and we just got brainwashed to hate them, the genocides did not happened anfd if they would have happened the victims deserved it.
The EU or Soros would never have the audacity, or power, to do what the US did. McCain was openly acting as an enemy of the state, as a high profile guest of the state, in plain sight, directly adjacent to the center of the state! That was a massive power play you can only do in a country you have under the heel of your boot.
True, they cease being “meaningful” the moment you surrender and stop viewing them as threats.
OFC it’s all relative, Russia and similar actors having more political/economic influence in the US (and by extension globally) might not be viewed as a negative by some people.
Please feel free to point out where the CIA successfully issued directives to those companies to target foreign nationals.
Baring in mind, that Snowden's revelations did in fact cause outcry, and national responses to US companies. And helped push through various data protections in Europe, including stipulating non-sharing of data with the US.
Why not judge on the merit. Unlike PRC's deepseek or tiktok which were shown and admitted to collect all sorts of data and specifically influence public opinion to favor a foreign interest this is literally just information, white hat infosec research
You cannot divorce the company from their other actions. They are engaged in cyber warfare with various nations. That means that all of their actions need to be weighed and judged.
They put it on their website, which makes it company PR, regardless of how it might be seen. Good things have been done by terrible actors, since the dawn of time. It is not information alone.
In that vein Europe should have 0% trust in any US software or hardware. We are not that much friends anymore, in fact US is currently actively helping our existential enemy and subverting us.
Remember of scandal with US spying directly all European top politicians? This was in quiet times compared to now.
To paraphrase you, terrible things have been done by good actors. You cannot divorce state from its other actions in same area neither. I don't think I need to bring up numerous fuckups of US 'defense' and secret services that literally killed tens of millions civilians in past 100 years across whole globe, with very little to show for and claim 'it was worth it because we achieved XYZ'.
As of now? I am making noise with my government on the US. The nation has dismantled their protections, they have an unhinged preacher of hatred in the White House, and he has a proven record of breaking international agreements.
Starlink and Tesla are security concerns.
The US' current attitudes suggest that they would very much like to see world war three. And would like to ally with Russia to make it happen.
Recklessly endangering international agreements will not be without consequences.
I don't believe Google has directly caused the leaking of classified information, or attacking vital infrastructure, as of yet. Kaspersky, yes [0]. TikTok, yes [1]. Google do, however, publish information on commercial spy networks [2].
However, it is likely that I would do so if they show themselves to be an enemy of my nation. If you've found Google attacking a government, I'm sure plenty of people would love to see the evidence.
Your first link doesn't show any evidence of, or even suggest that, Kaspersky has attacked Australia.
It shows only that the Australian government expresses concern over the capability, which doesn't seem entirely unreasonable and also politically motivated.
Oceania has always been at war Eastasia, and all that.
> Entities must manage the risks arising from Kaspersky Lab, Inc.’s extensive collection of user data and exposure of that data to extrajudicial directions from a foreign government that conflict with Australian law.
That's not concern of possibility. That's acknowledgement of exfiltration of data, back to Russia. Past tense.
This is political, yes. But only insofar as all actions of one nation against another is political. Australia go to some lengths not to piss Russia off. If things were not so political, then the response would likely be much greater, not less.
Uhm if you read the kind of thing Aussie government hackers were doing lately... They are perfectly fine pissing off Russia:) (There are plenty of actual threats from there, just kaspersky doesn't seem one)
Are you weighing and judging thAt USA has killed millions of innocent people because of American Military Industrial complex before buying American products? You can’t divorce a company from it’s countries politics as you say.
If you are not judging the USA at the same standards as you do other countries then that would be very hypocritical.
The first few years of my life were in Bolivia. Where our prime minister, for the sin of being elected by the people, was shot dead on the streets of the capital, a street I lived on, by the CIA. I still have friends, who serve Morales today. I am well aware of the sins of the US.
Until Trump, the USA was not a direct threat to the nation I now live in. However, nuance is lacking in your response.
You cannot divorce a company serving its government, from the politics it lives in. There's little evidence of Y-Combinator, for example, of endeavouring to upend their entire business to serve as spies for the USA. If Kaspersky was divorced from the KGB, politics would not be as considerable a context for understanding their actions.
> You cannot divorce a company serving its government
I would extend that to "a company bound by law", since governments can change. [0]
Most people here argue that google, etc. have not been caught stealing/leaking data yet, as if Snowden didnt happen. And as if any foreign citizen data isnt fair game to US juristiction. [1]
The whole point to reading an article like this is to get the considered opinions of an expert, though, not to "judge it on the merit". Only an elite handful of security folks here on HN (and this is one of the few forums where you can find them!) are capable of doing that.
So sure, when another security wonk comes along and says "Kaspersky is right about this", I think it's worth discussing. Until then, we need to assume that any communication from the company is compromised by unstated interests. Not all of it is, surely, but some probably is, and "judge it on the merit" isn't a good standard to detect the bullshit.
It's not about "mysitification", it's about laziness. I read security reviews and blog posts because it's easier than trying to follow CVEs and the like myself. And the way that works is that I trust the source to give me a reasonably unadulterated good faith summary of the facts on the ground.
We can't trust Kaspersky. They're compromised by a government that's known to lie and manipulate. Again, they may be telling the truth here (certainly doesn't seem controversial), but I'm going to wait for someone I trust to tell me that.
Has this been proven? Or is this another 'they are in a foreign country so they could be compelled to spy on us?' - not that I have a particular desire to defend Russia at this moment in time.
Ironically, we are having similar discussions regarding US companies if the trend with the current administration is to continue.
The big difference is that as of today, we are currently stuck with available alternatives, but it won't surprise me if many goverments start looking back into the computing diversity infrastructure that we had during cold war days.
That usually means that they're a threat, and these small good tokens are nothing more than PR efforts.
You can't avoid politics, when considering this company.