Do svidaniya, Kaspersky — goodbye

Credit to Author: Steven J. Vaughan-Nichols| Date: Fri, 18 Mar 2022 03:00:00 -0700

Companies and governments have, shall we say, interesting relations. Just ask any Chinese tech company in recent days.  But, while they’re losing billions, companies in war-mongering countries like Russia have an even harder row to hoe. How can Russian companies support Russia’s unprovoked invasion of Ukraine?

You may say they can’t, but that just shows you haven’t studied history. When money and ethics are weighed against each other, money usually wins. For example, such American-as-apple-pie-and-baseball companies as General Motors, Ford, Coca-Cola, and IBM supported Nazi Germany during World War II.

Really. Look it up.

So, there’s nothing too surprising when we see Moscow-based security leader  Kaspersky founder Eugene Kaspersky trying to tiptoe his way around Russia’s invasion of Ukraine on Twitter: “We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise.”

“Current situation??” It’s an invasion. As I write this, the latest Russian atrocity is the  bombing of a Mariupol theater being used as a civilian shelter. There is no moral defense for supporting the current Russian regime. 

And, compromise? There is no compromise here. This is Russian President Vladimir Putin’s attempt to turn back the clock and recreate Ukraine as part of a Russian-dominated Soviet empire.

Of course, it takes courage to stand up to Putin. Recently, realizing that his invasion is failing, he threatened to cleanse Russia of “scum and traitors.” But, while that is certainly a reason to keep your head down and your mouth shut if you’re living inside Russia, it hasn’t stopped true patriots such as Russian journalist Marina Ovsyannikova who interrupted the Russian national Channel One news broadcast to tell the people that their government was lying to them about the war.

Still, many Russian businesses, including Kaspersky, are trying to keep running  business as usual.  Sorry, war isn’t business as usual.

The German Federal Office of Information Security (BSI) has just warned everyone that they should stop using Kaspersky virus programs and recommends users “replace them with alternative products.” Why? Because of the obvious: You can’t trust them.

I mean, seriously, they’re “security” programs from a NATO enemy.

Kaspersky himself is a graduate of a KGB elite cryptology school and was a former Soviet military intelligence software engineer.  There’s nothing secret about his past. It’s been known for years. But, until recently, we in the West could pretend that the Russian elite were just like us. That delusion went up in flames along with the suburbs of Kharkiv and Kyiv.

Even if Kaspersky, who hasn’t condemned the invasion, is just trying to make an honest ruble, the simple fact is that anti-virus software must, as the BSI points out, “maintain a permanent, encrypted and non-verifiable connection to the manufacturer’s servers” for updates. This same connection is a highway right into the heart of your PCs and servers.

Or, as the BSI put it: “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on as a victim of a cyber operation without its knowledge or as a tool for attacks against its own customers.” So, even if Kaspersky — the person and the company — are as innocent as they can be, its technology could easily be taken over and used to abuse its Western users.

Kaspersky, in the meantime, insists that all this is nonsense and that you should keep using his products. He argues there is no “objective evidence” showing Kaspersky is up to no good. Be that as it may, there’s plenty of objective evidence that the government under which Kaspersky operates is doing evil.

We also know that Kaspersky’s Internet-connected software in Berlin, London, or New York is only milliseconds away from its servers in Russia. There is simply no responsible way to keep running Kaspersky software.

It’s not just Kaspersky.  This is true of any Russian-based software or service you may be using. The bottom line is it’s time to cut ties with potentially hostile companies.

It’s not the Russian people; it’s not even the Russian companies; it’s Putin’s increasingly hostile government above them all that makes it essential to free yourself from the Russian cyber-connection.

http://www.computerworld.com/category/security/index.rss