Should we delete Kaspersky antivirus?

Should we delete Kaspersky antivirus?

Beware of software from Russia. In Italy, the National Cybersecurity Agency (Acn) warns to keep the antennas erect: programs and technological products made in Russia could be used by the Kremlin as a vehicle for a cyber attack on public bodies or Western companies after the invasion of Ukraine and the wall of sanctions against Moscow. The national authority in charge of coordinating national cybersecurity has put it on paper in an internal recommendation, which has seen and which anticipates by a few hours the news - yet to be confirmed - that the government would be ready to launch an ad hoc rule to allow public administrations to uninstall the software.

The invitation of the office, led by the director Roberto Baldoni, is to analyze the evolution "of the international situation and of the geopolitical framework", which makes it “in particular, appropriate to consider the security implications deriving from the use of information technologies provided by companies linked to the Russian Federation”. "Among these, information security is of particular importance due to the high level of invasiveness with respect to the systems on which they operate - specifies the Acn -. Given the need to have such technological solutions, it is not excluded that the effects of the conflict may compromise their reliability and effectiveness, for example being able to affect the ability of supplier companies linked to the Russian Federation to ensure adequate support for their products. and services ".

Although the document does not explicitly refer to a particular technology - we speak generically of "device security, including antivirus and antimalware applications" - the public discussion that has been stirring up the scientific world for weeks concerns Kaspersky, the Moscow-based company that produces the antivirus of the same name, one of the best on the market. The software is widely used by the public administration in Italy, by ministries and central offices to small municipalities: the name occurs in the public contracts of 2,384 entities.

Contacted by, Kaspersky rejects any charge, stating that it will never allow "third parties to directly access our data or infrastructure, and any undocumented feature request will always be refused". The National Cybersecurity Agency, on the other hand, did not respond to a request for comment.

Detaching Russia from the global internet is not a good idea Ukraine asked in response to the war and it is an idea that the Kremlin has been cultivating for some time, but could lead to negative and unexpected consequences Read the article The double case Italy-Germany The reassurances publicly provided by the group and its founder, Eugene Kaspersky, that the software does not will never lend itself to conducting malicious attacks on behalf of the Kremlin. The thesis of many cyber security experts is that antivirus technology itself is too invasive to allow those installed in the vital ganglia of public administration or companies to come from a country with which there is open hostility. See Kaspersky and Russia, which entered Italy in the list of hostile countries after Rome joined international sanctions for the invasion of Ukraine.

If in Italy the phrasing is generic - in a interview with Cybersecurity360 Baldoni reiterated: “We do not mention the company [Kaspersky, ed]. It concerns Russian technologies "- in Germany, in the same hours in which the Acn issued its note, the homologous organization for German cybersecurity, Bsi, issued a much more explicit public statement, in which" it recommends replacing the applications of the Kaspersky's antivirus protection software portfolio with alternative products, ”reads the original text (translated with Google Translate). What was good until yesterday is no longer suitable due to the changed geopolitical conditions, to put it in a nutshell.

Despite the cautions of the ACN, the name of Kaspersky has already been the subject of official statements also in Italy. First in an interview with Corriere della Sera, on March 12, when the Undersecretary to the Prime Minister with responsibility for national security, Franco Gabrielli, affirmed the need to make the country less dependent on Russian technology, referring directly to " antivirus systems produced by the Russians and used by our public administrations that we are verifying and planning to dispose of, to prevent them from becoming a means of attack from being a protection tool ". A few hours later Gabrielli himself announced that the government will adopt measures "to allow public administrations not only the widely mentioned antivirus (Kaspersky in fact, ed), but also other IT platforms, to be placed outside the scope of the activities of public administrations ", as reported by the Republic.

The French precedent In similar terms, France has already expressed itself, which through the Government Center for Information Security (Anssi), in recent days has issued a statement in which it highlights how "in the current context, the use of some digital tools, in particular the tools of the Kaspersky company, can be questioned because of their link with Russia ”. In any case, Anssi specifies that, at the moment, there are no "objective elements to justify a change in the assessment of the quality level of the products and services provided".

"Russia's isolation on the scene international and the risk of attacks against industrial actors linked to Russia can affect the ability of these companies to provide updates to their products and services and therefore to keep them updated - writes the French authority - In the medium term, therefore, a strategy of diversification of cybersecurity solutions ".

Change of posture" By their nature, antivirus is software that decides what is good and what is bad, what can pass and what must be stopped, and they do so on the basis of lists of malware that are known only by software developers ", Aaron Visaggio, associate professor of the Engineering department of the University of Sannio, who has been involved for years in the analysis of computer protection software. “In addition, antivirus software acquires a complete photograph of the device on which they work: a process that was created to keep the machine safe but which can become a formidable weapon in the hands of an attacker”, adds the expert.

A common feature of antivirus, which guarantees their operation, is to have the highest level of permissions granted by the operating system. This aspect makes them able to operate in some way as if they somehow own the machine on which they are installed.

“However, we have no evidence so far that Kaspersky has been used in a malicious way - specifies Visaggio - even if we cannot ignore the fact that we are involved in a conflict in which Russia has already announced reprisals, including cybernetic ones, against the countries that support Ukraine. For those who control the software, it may be sufficient to release an update to remotely execute a command or software on all the machines on which it is installed. ”

Too much power in a few hands. Antiviruses are engineered to be protected from external attacks, so that a cybercriminal cannot exploit them to spread an attack. However, no one can guarantee - especially in exceptional periods - the protection of the antivirus from its own producers, who may be subjected to specific pressures "to persuade them to spread malware in a widespread manner", glosses Visaggio.

The war in Ukraine isolates Russia in the world of telecommunications Moscow's candidates cut off from the direction of the working groups of the International Telecommunications Union, after a vote that isolates the Kremlin but also opens up to future counts on network governance standards Read the article A cyber cold war "We reiterate that Kaspersky is not subject to the Russian system of operational investigative measures (Sorm, a system for legal interception interfaces of telecommunications in Russia, ed) or other similar legislation and is therefore not obliged to provide information ( to the Russian government, ed), ”a spokesperson for the company told The Russian giant completed the transfer of all its servers in Switzerland in November 2020 and inaugurated a Center for transparency in North America, precisely to affirm its good faith towards Western governments and users.

Added to this are numerous efforts in certifying the company's legal posture of independence vis-à-vis the Kremlin and several third-party certifications and audits that confirm the security of Kaspersky's "process for developing and releasing AV updates against the risk of unauthorized changes ”, explains the company again.

But the real issue is that of authorized or extorted changes. Thus in recent days the story of the kidnapping of Ivan, son of Eugene and Natalya Kaspersky (programmer and co-founder together with the husband of the homonymous company) re-emerges from the news, who in 2011 was saved a few days after the ransom request, thanks to a collaboration that has remained opaque over the years between the antivirus giant and the Russian secret services. The Kaspersky family still lives officially in the country and under the regime of Russian President Vladimir Putin, who over the years has shown he can deal brutally with dissidents and personalities contrary to his vision. It is worth remembering - one above all - the journalist Anna Politkovskaya, killed after her extremely critical reports on the war in Chechnya. On the invasion in Ukraine Kaspersky spoke on Twitter with words of circumstance deemed accommodating towards the Kremlin, speaking of the "situation in Ukraine", saying he was "in shock at recent events" and hoping for a "compromise".

Twitter content This content can also be viewed on the site it originates from.

Kaspersky defends its position, stating that “the company's initiative on transparency - which makes available the source code and updates available for review to anyone who wishes - would make an attempt to introduce unwanted functionality suicidal to the company's business everywhere, not just in the West. "

WiredLeaks, how to send us an anonymous report Read the article An old problem Today Europe is confronted with a problem already faced by the United States and Russia itself. In 2017, then US President Donald Trump - historically the closest to Moscow - ordered his government agencies to remove Kaspersky products, worried that the company might be vulnerable to Kremlin influence. A preventive measure aimed exactly at preventing Russia from being able to remotely read the contents of US computers or even take control of them.

However, over the years, Russia has also assumed a preventive and defensive posture towards Western technologies, deciding to invest in the implementation of software and operating systems capable of countering their dominance on the market. On this side of the Russian border the same perplexities raised by Kaspersky are directed towards Windows, the most widespread operating system in the world, which Russia fears could be used remotely to carry out spying operations.

This is the reason why, in 2019, the Russian Federal Service for the Control of Exports and Technologies (Fstec) certified the security of the Astra Linux operating system, a customized distribution of the open source operating system on which Android is also based, which then it can be used for the management of the Russian government's computer equipment. For some time now China has also gone in the same direction, which with Russia has in common the drive to assert its technological sovereignty through the development of operating and application systems born in the perimeter of the country, and therefore not subject to the control of external governments. You never know they will become hostile.

Now the European Union also intends to affirm greater autonomy in the technological field: from the cloud to the chips, with ambitions and plans launched by the European Commission, new technical standards to contain the expansionism of some suppliers, such as the Chinese ones, and stricter rules, which, in the wake of the general regulation for data protection, raise the bar for everyone at an international level.

Powered by Blogger.