
Kasper-Spy: Kaspersky Anti-Virus Puts Users at Risk - ericdanielski
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
======
alexeiz
Most anti-virus software is unnecessary, almost useless and can significantly
decrease the performance of your machine. I worked at one company that
provided its employees with really powerful desktop machines (Xeon CPU with 24
cores, 64GB of RAM, two SSDs in hardware RAID). Per my estimate the cost of
such desktops had to be around $6K-$8K. But they installed a CA anti-virus
software on them. And just like that the desktop turned from a performance
beast to a snail. On most operations it was even slower than my middle of the
road personal laptop. The anti-virus interfered with everything: disk,
network, processes. The machine can be loaded at most at 3-4%, because the
anti-virus service was consuming a single core up to 100% and didn't let
anything else to run. Needless to say, it never found any viruses on my
machine.

~~~
teilo
And nevertheless we are forced to put an endpoint on all machines for
compliancy reasons. The security/privacy beancounters at our larger customers
demand it.

~~~
lonelappde
Why hasn't some startup offered a low-resource AV? Call it "Anti-Tiger Rock
AV"

Why isn't Windows Defender good enough?

~~~
teilo
Well, for one, we are 80% Mac here.

------
jve
> The following weeks and months seemed to offer little excitement – the
> Kaspersky software worked essentially as well or as badly as Windows
> Defender.

Well, since Microsoft offered free AV and then bundled with Windows, I'v never
looked back and felt kind of relieved I don't have to install 3rd party AV.
Defender just doesn't get in the way.

I trust Microsoft to do the right thing more than other AV vendors that put
Value substracted features: ads, disturbing, user-hostile notifications,
performance degrading bling-bling (toolbars...) etc.

If I really want to check some file, i'll let VirusTotal.com scan it via every
AV product they are aware of.

~~~
miahi
The problem I have with the Microsoft bundled AV is that it's really slow and
seems single threaded. I had to add most of my project directories as
exceptions because building projects took 4-5 times longer when the AV was
enabled for those files.

~~~
big_chungus
My biggest gripe is how hard they deliberately make it to disable. Amd even
when I finally can, whatever settings I used may well have changed when MS
updates. And when they do update, it gets re-enabled.

One of many instances where MS takes the "I know best" approach. You want to
write a good anti-malware program, try not behaving like malware.

~~~
panpanna
It disables itself when you install another AV.

The reason they make it hard to remove is (1) otherwise malware could easily
disable it and (2) must people should not be trusted with such decision
anyway.

Also, have you ever tried to remove Norton AV??

~~~
delfinom
Joke is, Symantec Endpoint Protection is actually incredibly easy to deal
with.

The consumer AV (Norton)? Hah, the thing is meant to trick/convince/harass you
to keep paying up and make it difficult.

------
woliveirajr
> To be on the safe side, you can disable the relevant function in Kaspersky's
> software: Click the cogwheel icon in the bottom left corner of the main
> window, then click Additional/Network. Finally, uncheck the "Inject script
> into web traffic to interact with web pages" option under "Traffic
> processing".

So it wasn't exactly hidden, it was just a bad solution that could be disable
deep-down some menu (but not hidden, as it was in the apropiate options).

~~~
admf22
"Hidden" might refer to the fact that people won't know that the setting
creates a (now) version-specific, persistent UUID that potentially compromises
web safety.

~~~
woliveirajr
Yes, and even the article doesn't say it was hidden. It has been just a
feature that wasn't thoroughly thought when created, had a very bad side-
effect, but it wasn't hidden.

~~~
Buge
The fact that it injected something wasn't hidden. The fact that it injected a
unique ID wasn't documented, thus could be considered hidden.

------
big_chungus
PSA reminder they got caught scanning computers for specific documents at the
behest of the Russians. [https://www.wsj.com/articles/russian-hackers-scanned-
network...](https://www.wsj.com/articles/russian-hackers-scanned-networks-
world-wide-for-secret-u-s-data-1507743874)

They've still got some brilliant malware re & analysis guys and their lab is
an excellent one, but I wouldn't use them.

~~~
Hawxy
> PSA reminder they got caught scanning computers for specific documents at
> the behest of the Russians

No, not exactly. In reality the software worked as intended and sampled an
unidentified program that it considered malicious. It just so happened to be a
piece of NSA malware contained on a NSA employee's computer (who re-enabled
KAV on his machine after infecting it with a fake Office activator). The US
government needed a quick scapegoat and thus they picked the spooky russian
company instead of their own employee.

After the allegations were made, Kaspersky opened itself up for third-party
auditing of its internal processes, relationship with the government and the
events surrounding the above, of which it provides regular updates of:
[https://www.kaspersky.com/blog/internal-investigation-
prelim...](https://www.kaspersky.com/blog/internal-investigation-preliminary-
results/19894/) [https://www.kaspersky.com/blog/transparency-status-
updates/2...](https://www.kaspersky.com/blog/transparency-status-
updates/23637/)

They're also moving all data processing to Switzerland, way outside of the
reach of the Russian government.

~~~
elliekelly
Do you have any sources for this version of events aside from Kaspersky blogs?

~~~
hutzlibu
[https://www.google.com/amp/s/www.theregister.co.uk/AMP/2018/...](https://www.google.com/amp/s/www.theregister.co.uk/AMP/2018/09/26/nsa_worker_jailed/)

~~~
rjsw
Non AMP link here [1].

[1]
[https://www.theregister.co.uk/2018/09/26/nsa_worker_jailed/](https://www.theregister.co.uk/2018/09/26/nsa_worker_jailed/)

~~~
Valmar
Thanks. AMP is stupid bullshit that needs to die, or at least be entirely
restricted to mobile users only.

------
nathanaldensr
Security experts, ladies and gentlemen...

~~~
Valmar
Every third-part antivirus company is just as incompetent.

I dare suggest that even Microsoft isn't that much better.

------
eternalny1
I have been using Windows Defender along with Malwarebytes free Windows
Firewall Control and have never looked back.

------
dbcooper
Is there any point in using antivirus software now?

~~~
manjana
I don't know if there ever was.. The old advice of _' Be sensible and don't
open stupid files or visit stupid websites or follow phishing links'_ should
solve most potential problems.

~~~
JohnJamesRambo
I lived through the virus era and that most certainly wouldn’t solve most
problems back then.

