[dagenleg]

How does that make them the worst?

[Const-me]

Commercial companies in free countries may be greedy or unethical, but they are generally predictable and usually follow the letter of the law.

A state controlled entity in authoritarian country is another story.

[dagenleg]

It's just about making a choice of which spy agency is going to get your data. NSA for western companies, KGB-or-whatever for Russian ones. If you live in the West, it may be worth considering both options.

[Const-me]

Do you have some facts or reasonable suspicions about western AV companies collaborating with NSA? What I’ve heard they aren’t collaborating, NSA is researching AV vulnerabilities just like bad guys do.

Besides, Russia considers themselves at the state of “hybrid war” against the whole world. It sounds insane but apparently that’s what their government believes, and that’s what their propaganda broadcasts. That’s why an AV product made by a Russian state controlled company carries some unique risks.

Since mid-December, a high-ranking Kaspersky manager, Ruslan Stoyanov, is in jail for high treason. Do you know what kind of deal KGB wants from him? I don’t.

[ivan_gammel]

There are rumors that he's in jail for association with "Shaltai Boltai" hacker group, which published emails of D.Medvedev. Same for FSB officer, who supposedly worked with Stoyanov.

[Const-me]

I’ve heard other rumors. I’ve heard he’s in jail because he failed to secure their systems from Ukrainian hackers and 1GB of confidential data was leaked: https://en.wikipedia.org/wiki/Surkov_leaks

But just hearing rumors doesn’t mean we know anything.

[emodendroket]

Besides the fact a US company probably cooperates with US intelligence, there are plenty of examples of companies outright breaking the law.

[Const-me]

> the fact a US company probably cooperates with US intelligence

“the fact” and “probably” are mutually exclusive.

> plenty of examples of companies outright breaking the law

I know and that’s why I wrote “usually follow the letter of the law”. Majority of the companies follow the law, however.

[emodendroket]

> “the fact” and “probably” are mutually exclusive.

I don't see how; statements about probability can be factual and we have plenty of evidence that Google, Microsoft, and US telcos do; why should AV vendors be different?

As far as companies usually following the letter of the law... do they? What makes you so sure?

[Const-me]

> statements about probability can be factual

Depends.

In natural science or in medicine you can estimate that probability (because control groups, multiple experiments, statistical methods, etc). In such context, a statement about probability can indeed be factual.

In general conversation or in legal context they can’t. If you have facts, there’s no “probably” because you know for sure. And if you don’t, it can be you belief, or your personal opinion, but not a fact.

> do they? What makes you so sure?

Over my career, I’ve worked in several US software companies. Lately, I’m working with various US companies as a contractor.

Multiple times a company put a lot of efforts and money to comply with the law: we redesigned our products, moved across states, trained employees to comply with various regulations, and so on. Having friends in the industry with similar observations, I conclude such things happen all the time.

[emodendroket]

Bit strange to go from a hyper-rational scientific stance on one point to using anecdotal evidence for another.