The White House is reportedly preparing to impose a complete ban on software made by Russia’s Kaspersky Lab
We'll see if this holds up in court but I have a feeling the walls are closing in, the boot is falling, the illusion of freedom Americans have been granted will be stripped away soon.
This is not an isolated thing, it happens in the context of things like pushes to force logging on VPN providers, to crack down on piracy, to further control the internet and technology space.
How soon before we can talk of a US great firewall against foreign software of Chinese or Russian origin?
And unlike Chinese and Russian bans which have no reach, no long-arm of the law approach that can force the rest of the world to comply via financial sanctions, the US has the ability to actually impose these bans successfully not only on its own population but on the world if it so wishes.
The use of Kaspersky Lab’s products is seen as a threat to national security, officials in Washington reportedly say
Washington is planning to bar US businesses and individuals from using software created by the Russian cybersecurity company Kaspersky Lab, CNN reported on Tuesday, citing unnamed government officials familiar with the matter. The move is seen as “unprecedented,” as measures of the kind have never targeted private companies and citizens.
The comprehensive ban is currently being finalized and could be imposed as soon as this month, the sources told the news network. The new regulation would use “relatively new Commerce Department authorities built on executive orders” by Presidents Joe Biden and Donald Trump to prohibit Kaspersky Lab from providing certain products and services in the country, they added.
According to the sources, the order is aimed at mitigating risks allegedly posed by Kaspersky’s software to critical US infrastructure.
The same old story in other words, vague, unspecific, without any proof allegations of possible harm to national security without an explained mechanism or proof the threat exists.
As part of preparatory works for the move, the US Department of Commerce has made an “initial determination” to ban certain transactions between the Russian cybersecurity company and US citizens, the sources added.
They haven’t, however, provided any details regarding the full scope of a final order against Kaspersky products, but said that it would focus on the firm’s anti-virus software.
In 2022, the Federal Communications Commission placed the internet-security provider on a list of companies deemed a threat to US national security. Following the move, Kaspersky said in a statement that the decision had been made on “political grounds” rather than on the basis of “a comprehensive evaluation of the integrity of Kaspersky’s products and services.”
In 2017, US regulators banned federal government use of Kaspersky software. Back then, the Department of Homeland Security (DHS) cited increased fears that the firm had ties to state-sponsored spying programs as a key reason for the move.
Later, the company filed two lawsuits against the decision taken by the Trump administration, saying the bans were unconstitutional and that they caused Kaspersky Lab undue harm. In 2018, the District of Columbia court dismissed both cases, having upheld the ban imposed by Washington.
I will note all US connected cyber-security companies from anti-viruses like Norton and Trend Micro to the British (Five Eyes) Sophos to various bespoke companies that provide investigative services and more specialized software are FULL to the brim with "former" NSA, FBI, CIA agents. And are in fact (not accusation) all little more than cut-outs for the US/Five-Eyes intelligence alliance and subject to their full use for data collection, not adding their own government malware even when discovered organically to signatures until a foreign company does, and knowing of course the software's internal weaknesses and bug that such government malware may exploit to evade.
The US has long had anger towards Kaspersky because one of their foolish contractors who was writing malware for them used it on his computer, it's job includes finding and sending samples of new novel malware back and it found some he was writing and sent it. Kaspersky claims they deleted the information but the US government has been on a crusade against it earlier than that to be honest because it has helped states like Iran against things like Stuxnet and other US government malware campaigns.
But it's more than that, it's part of a wider campaign to push Russian and Chinese companies out of high technology, to hurt them, to weaken them, to injure and maim them. And it's part of the same sphere of things as pushing Dutch company ASML to shoot itself in the foot by not selling to the Chinese which weakens both the Chinese and a European company so is a good thing.
Kaspersky has long been ahead of the pack among traditional AV's, not because of its signatures which are no longer an advantage for any company but because of its other modules such as Host Intrusion Prevention/Behavioral Analysis and Control.
What's unclear to me is whether they will simply stop sales and prevent them from collecting money or if the ban is intended to prevent their distribution of updates, to do DNS stuff to attempt to break the functionality of the application and criminalize Americans using it.
What's interesting is Kaspersky has also long been a favorite of pirates as it famously played well with cracked software, was less prone to false-flagging and more accurate in its assessment of what was a real threat and what was just cracked suspicious software.
I didn't know about the link between alphabet agencies and US antivirus companies. I've been using Malwarebytes; do you thinkKaspersky would be better?
What is your threat model? Do you do things like pirate games or other executable software or other high risk activities like visiting suspicious sites, running strange code?
My answer depends on your answer. If you are taking risks like running lots of cracked games or software or engaging in other high risk behavior OR if you have had recurring problems (more than once in the past 3 years) with encountering malware on your computer (executed or not) I think it helps to have additional measures beyond Windows Defender and I can offer some.
If on the other hand you don't use cracked software, don't engage in risky activity with running strange code, visiting high risk websites, etc. I would say honestly Windows Defender properly configured and basic education and precautions not to run untrusted code or open untrusted files or click strange links and keeping software up to date (applying patches, running software that is still maintained) is probably enough. If this is the case I'd also take money you'd normally pay for AV (assuming you're not using the free version and paying) and buy an external hard drive, back up all your important stuff against crypto-lockers and refresh it every 2-3 months (do not under any circumstances leave the drive constantly connected as most modern crypto-lockers will of course encrypt connected external drives so only plug in such a back-up plan when transferring files and immediately unplug).
I use cracked software and I am interested in using more, tbh. The only "suspicious sites" I visit are torrenting sites, with adblocking. I do keep manual backups of important files but I have never gotten malware to my knowledge.
Then having a second opinion scanner is a good idea and using it to scan all such files before running (as is uploading the files that are small enough to virustotal).
If you're not paying for AV software and have back-ups then I wouldn't start to pay for the sake of moving away from Malwarebytes to Kaspersky (Kaspersky does have a free version though if you want to try it).
One (optional) recommendation I might add is running some sort of interactive firewall software, for Windows Simplewall is free and works well enough. Though you do have to go through and allowlist things the first time it sees a connection attempt after you install it as well as each time an executable is changed (updated for example) though it's just a simple allow/deny prompt. It uses Windows' own firewall and is basically just a front-end. I tend to suggest blocking cracked software from accessing the internet unless it's unavoidable (multiplayer games).
Do make sure to keep running a good adblocker like ublock origin and of course keep up to date.
With regards to cracked software I'd say stick to the safe sites list in the dbzero megathread and similar sources. It really is an incredibly dangerous thing but I get it, software is expensive, awful companies make everything a subscription (or charge $1000 to unlock everything).