Kaspersky or no?


Those lifetime licenses are gold. Next time someone offers something like that, take it.


So Malwarebytes license is only 1 PC per subscription?


Looks like.

I got lucky. I used to subscribe to Malwarebytes’ Anti-Exploit when it was a separate product. It was $24 for a 3-machine license per year. Anti-Exploit got folded into MBAM 3.0; when it came out, they turned it into a $24 for a 3-machine MBAM 3.0 license per year. Price got grandfathered.




It is, and unfortunately they won’t even do a deal on 2-3 licenses. Since the Mac version is no longer free I contacted them to see if there was any kind of discounts for someone who already had a PC license. Nope.


Federal Government orders all agencies to drop Kaspersky within 90 days.


The reason why…

US says it was stolen after the file was identified by Kaespersky antivirus.


There is no reason why someone would have classified information on their home computer. That dude fucked up.


Huh. I figured it was all bullshit, but I guess they do use Kaspersky to spearfish.


So, the reason the US knows about Kaespersky is because the Israelis had already hacked the Russians and discovered it.

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets


Do we have any reason to believe that uninstalling the anti-virus program will actually keep a computer from sending data back home to Mother Russia?


It sounds like it works by doing what it’s theoretically supposed to do-- scan all the files on your system for specific signatures, then send those signatures back to the mothership for disposal. They just added signatures that were of interest to the GRU. If they added a rootkit as well, that would be unusual behavior for a legitimate antivirus program, and would invite suspicion, which is the last thing they want.

So yeah, uninstalling oughta do it.

I hope to see more info on the technical underpinnings of this trojan horse. How did they scan for sensitive information only? Was it spearphishing? How did they exfiltrate the data? Etc. Fascinating stuff.

Also, did Kaspersky know about it? I can’t imagine they didn’t, and even though this will absolutely destroy their business, put their company and (excellent) products deep in the ground, I imagine the Kremlin didn’t give them much of a choice.


Based on my, uh, unusual knowledge of this, that is not a safe bet. If you are legit concerned, you should consider the hardware compromised and destroy it.


The hardware? You’re saying they flashed the BIOS or got into the intel IME somehow?

And it wasn’t a spearfish, so every random schmuck that installed the software had their hardware compromised?


I’ve seen and interacted with stranger and more insidious tools, and that was close to a decade ago now. I can only imagine it’s significantly more sophisticated now. I wouldn’t recommend an average person concern themselves with that, but if you have good reason to have heightened security concerns, replace your hardware.

The first mistake you are making is assuming the chip manufacturers wouldn’t be complicit, and that includes the manufacturer of every tiny little chip on every board in the machine and the entire supply chain of manufacturers involved.


Even the feds aren’t trashing their hardware. While a persistent hardware compromise sourced from a software program is possible, doing it widespread without getting caught would be a very impressive hack.

For regular users without particularly sensitive information, uninstalling is fine. And even if I did have access to secret or compromising data, I wouldn’t trash my hardware unless the NSA does it. They’re more paranoid than I am.


They’re so paranoid that one of the very first things I learned when I went into gov service was not to ever use a computer with Kaspersky software on it. That was 2007. They absolutely would destroy hardware that was found with it - or try to set up a honeypot.




Also related:


This part of the NY Times article was interesting. And by interesting, I mean horrible.

So Kaspersky isn’t the only AV software being exploited by national intelligence agencies. It’s just the one that was publicly exposed. Can we really trust any of them?