157

Kaspersky removes itself and installs UltraAV without permission (www.techzine.eu)

submitted 2 days ago by Tezka_Abhyayarshini@lemmy.today to c/technology@lemmy.world

28 comments fedilink hide all child comments

top 28 comments

sorted by: hot top controversial new old

[-] BombOmOm@lemmy.world 76 points 2 days ago* (last edited 2 days ago)

I'm surprised at how many companies still use a Russian AV. You are relying on this singular piece of software to keep your computer safe, and you pick the Russian one? Particularly when Windows Defender is right there. All you have to do is....not install the Russian AV.

[-] jubilationtcornpone@sh.itjust.works 59 points 2 days ago

Probably because old habits die hard. Kaspersky used to have a pretty good reputation as far as AV software. In the past, I used TDSSKiller to resurrect many PC's where other antivirus software failed.

Unfortunately, the whole Russia being a malicious actor negates any reasons to continue using Kaspersky.

[+] originalucifer@moist.catsweat.com -35 points 2 days ago

dude at no time did they ever have clout with corps. kasp has always been a retail POS. garbage for the front counter at BestBuy.

no business or govt agency ive ever worked with considered kasperksy. it was never even an option on the table.

[-] pandapoo@sh.itjust.works 31 points 2 days ago* (last edited 2 days ago)

That is so wrong that it's actually impressive.

Either you've never worked in this space, or because it wasn't present in the few IT departments you've worked in, you extrapolated that to mean it wasn't present in any large organization.

By all means, I don't disagree that American firms should not be using Kaspersky, just as Russian firms should not be using Sophos (UK based), but to pretend that they aren't one of the oldest and most well-established brands in the space is misinformed at best.

I think you confused the fact they have a retail product presence, to mean that they don't have serious enterprise solutions, but they do: NDR, XDR, agentless for hypervisors, etc.

[-] systemglitch@lemmy.world 22 points 2 days ago

Ummm, lol. You are so very wrong, but whatever internet person.

[-] Duamerthrax@lemmy.world 13 points 2 days ago

I used Kaspersky for a short while before dropping it. Honestly, it seems like anti virus software goes into enshitification faster than any other thing I can think of. One year, a specific brand is recommended by everyone, then the next, the ceo is fucking dolphins or something.

[-] acosmichippo@lemmy.world 10 points 2 days ago

on the other hand i’ve seen lots of businesses use mcaffee.

[-] didnt1able@sh.itjust.works 4 points 1 day ago

LMAO, not quite there

[-] skooma_king@lemm.ee 10 points 1 day ago

I used to work for a major research university and they switched to Kaspersky. It baffled me that any foreign AV was permitted, let alone one made in a hostile country.

[-] Dark_Arc@social.packetloss.gg 8 points 2 days ago

What companies use Kaspersky?

Isn't this mostly a consumer level issue?

[-] pandapoo@sh.itjust.works 4 points 1 day ago* (last edited 1 day ago)

Retail generates the most margin, while enterprise generally the most revenue.

At least, that's how it works at most vendors that operate both B2C and B2B sales and product channels.

But no, Kaspersky is a major legacy player in the B2B security market with both mature and cutting edge products/solutions.

A better question might be, which companies in America were still using Kaspersky up until this month, and why.

My guess that is a mix between budgetary constraints, incompetence, and weighted risk analysis.

Imagine you're a Midwestern ice cream wholesaler, it's been a bad few years, and your 200 Kaspersky licenses were renewed with deep discounts.

You're not likely to lose any contracts for using Kaspersky, nor be a target of state sanctioned espionage, but spending $10,000 between new licensing and man hours, to rip, replace, and configure a new solution, now that could cause real issues for you.

So, between a rock and a hard place, you just wait it out as long as possible and hope that when the other shoe drops, it doesn't wreck your budget.

[-] MeekerThanBeaker@lemmy.world 3 points 2 days ago

There are businesses that use it. I work at a small company, under 100 people and we used to use it for about six years... then we switched to Crowdstrike a few years back. And look how that ended up.

[-] 30p87@feddit.org 6 points 2 days ago

No one that knows what an AV is even uses an AV.

[-] SpaceMan9000@lemmy.world 2 points 1 day ago

Hot take, genuinely hoping that you're not one of those "common sense" people.

[-] Damage@feddit.it 0 points 2 days ago* (last edited 2 days ago)

I mean, we still use American ones...

[-] sunzu2@thebrainbin.org 5 points 2 days ago

Pretty sure if the app can do that, you gave it permission

[-] linearchaos@lemmy.world 20 points 2 days ago

It's antivirus software It already has the maximum level of permissions possible.

[-] sunzu2@thebrainbin.org -3 points 2 days ago

And that's the true crime here haha

[-] BassTurd@lemmy.world 9 points 2 days ago

Not really. It's the nature of how software like AV has to work. In order to protect against the baddies, it has to run at the kernel level, which is unfettered access to the system. If it didn't run there, it would be borderline useless for security. Bad practices like poor code review like Crowdstrike is the real crime.

[+] sunzu2@thebrainbin.org -7 points 2 days ago

Kinda like the government... They say there are here for YOUR security but are they really?

I haven't used AV beyond windows spyware most of my life and mint Linux doesn't even have it. I don't think. I guess enteprise might different situation... Not sure if there is real benefit to them.

I see no benefit for normal use case but I am open to hearing if I am wrong.

[-] BassTurd@lemmy.world 6 points 2 days ago

Every business that has connected devices should be running an AV solution, at least for Windows, which is the vast majority of users. In many sectors, it is a requirement to do business. I've never worked in a Linux based business environment, so I'm not sure what the AV solutions are. Many reputable businesses will have network wide monitoring via SIEM tools and other agents.

AV does exist for the end user's security, generally even the likes of Kaspersky. The inherent nature of running at the kernel level means that if something malfunctions, malicious or not, the effects can be significant. Generally speaking, these products aren't malicious because that's bad for business. The problem with companies like Kaspersky is that they have to comply with government requests which could mean access to private information.

The most important part of IT security is the human element. Don't click bad links, don't give out secret information, etc. AV products help when people mess up but also help protect against drive-by threats that don't require human interaction.

I don't run anything in my person Linux machines and used free Windows Defender on Windows for years. For anything not needing corporate level security, the free Defender is going to be more than enough and in most cases the best option for performance, not just cost.

[-] sunzu2@thebrainbin.org 0 points 2 days ago

Thank you for providing additional context..

Seems reasonable so have to point this out tho

The problem with companies like Kaspersky is that they have to comply with government requests which could mean access to private information.

How is this different from any US based company or EU based company for that matter?

[-] BombOmOm@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

If you are a US based company, you already have to comply with US government legal requests. However, if you are a US company and using a Russian AV, now your AV will have to comply with Russian government requests. Russia is well known for asymmetric attacks, and giving that geopolitical adversary kernel level access to your entire corporate network is .... unwise.

[-] sunzu2@thebrainbin.org -1 points 2 days ago

I get that corpos are US whores and that's all good but from individual perspective your own feds are more dangerous then any Russian fed...

So people love saying this shot about Russian companies while skipping the part that this risk is even greater for the person with windows installed on their personal computer.

Indeed "unwise"

[-] BombOmOm@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

This isn't about saving oneself from US access in exchange for Russian access. It is about already permitting US access, then ADDING Russian access on top. It doesn't matter if the US feds are worse than Russian feds or vise versa, the worst possible choice is giving both entities access. Which is exactly what a US company does when they install a Russian AV across their network.

this risk is even greater for the person with windows installed on their personal computer

I'm fully onboard with Linux. And we can see from the usage charts others are taking notice of the benefits.

[-] sunzu2@thebrainbin.org -1 points 2 days ago

My point being pointing out risk of Russia without point out risk from US can be misleading to a regular reader.

But yes Linux baby, let's go...

Custom Android ROMs,

Openwrt

Make ur fed work for that money you paying him!

this post was submitted on 25 Sep 2024

157 points (98.2% liked)

Technology

58269 readers

5442 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS