Whistleblowers Accuse Leading Anti-Virus Company Of Infecting Competitors


Advertisement


Whistleblowers Accuse Leading Anti-Virus Company Of Infecting Competitors


Advertisement


Two former employees of Kaspersky Lab, one of the largest online security companies in the world, have come forward with claims that the Moscow-based company used to mess with its competitors by purposely deceiving their antivirus software programs. The former employees claim that Eugene Kaspersky himself (the company’s cofounder) ordered these attacks to retaliate against companies he believed were stealing his software rather than developing their own.

The alleged deception occurred when the trickster, whoever it was, took an important piece of software commonly found in computers and “injected” it with a piece of bad code so that the harmless file looked like it was infected. Then, when security companies ran the doctored file through their virus detection programs, the file would be flagged as a potential virus. For example, Microsoft’s antimalware research director Dennis Batchelder reported to Reuters in April that he could remember a time in the spring of 2013 when several customers contacted Microsoft complaining that a simple printer code was flagged as dangerous and put into quarantine. Batchelder said it took him several hours to realize that the printer code looked very similar to a piece of code already ruled malicious by Microsoft. Because the doctored code and the normal printer code looked so similar, both were quarantined by the antivirus software.

Batchelder stated that he never sought to find the culprit. Because antivirus software manufacturers share so much information (in order to effectively combat security threats), it was always a risk. “It doesn’t really matter who it was. All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed.”

Because Kaspersky is so respected in his field and because his company is one of the most popular antivirus software makers in the world, competitors often flag as dangerous any file that Kaspersky flags as dangerous - without conducting their own research. In 2010, Kaspersky Lab complained openly and often about copycats, requesting greater respect for intellectual property as the process of data sharing became more prevalent in the industry. The complaints did not lead to major changes.

Even though Kaspersky made no secret that he believed competitors were benefitting from his hard work, he vehemently denies that he ever sent doctored files to competitors in order to trick their systems. “Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and their legality is at least questionable.” He stated that Kaspersky Lab too had been a victim of such a trickster attack in the fall of 2012 when an unknown party tricked Kaspersky into misclassifying normal, safe files as malicious.

As a result of the deceptive practices, securities companies are now less likely to accept a competitor’s classification of a file as malicious as the absolute truth. Companies are now spending more time and money in developing programs that weed out false positives. Security analysts claim that false positives are much less of a problem today than they were a few years ago.

In further defending his company, Kaspersky stated that, “Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted.”

An official release went on to say “Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.”

In the official denial the company said they did similar activities on a limited scale in 2010 to test competitors but did not directly refute the claims of later suspicious activities.

Read this next:

Must Read