[lizardactivist]

Don't know about Avast, Norton, McAfee etc. but it's clear from Kaspersky's capabilities and the shear amount of research their developers publish that both the team and their products are among the best in the world.

What about the U.S. accusations? Well, as always they produce a lot of accusations but never provide any proof. Make of that what you will.

So what's left to use if corporate environments shouldn't use Kaspersky? And if corporations shouldn't use Kaspersky because of "security concerns", why should they use any of the other AV suites, or Windows, or macOS?

[T3OU-736]

> What about the U.S. accusations? Well, as always they produce a lot of accusations but never provide any proof. Make of that what you will.

This is a fair point. I don't have any insight as to the truth (and, myself, would very much like to know thr details), but one of the factors for this sort of inscrutability is that revealing the information would also reveal how it was collected.

As an hypoyhetical: if YeOldeSecurityService has p0wn3d Kaspersky and are watching what is going on inside, and are seeing the Kaspersky endpoint agent software feeding not just hashes of what they scan (which itself is damned valuable), but that the endpoint agents have a full command & control type of "execute this command" capability, and that this capability has been used (*this* is the specific detail that we'd want), then Kaspersky can narrow down how this was found out, eject the persistent presence which allowed this to be gathered, and the effort spent getting into Kaspersky's infra, as well as the juicy juicy data to which this persistence has given access are traded away for the satisfaction of curiosity.

There really isn't a need for that. FCC makes the administrative ruling. Enterprises switch AV vendors because from a risk/compliance perspective, this is a sane thing to do, and the only people left dissatisfied are those of us with a curiosity itch.

[halJordan]

Kaspersky quite conveniently scanned and uploaded NSA classified material. Then a few months later ShadowBrokers happened. No one is saying anything about malfeasance or complicity. But somehow the materials got out. To say the accusations are unfounded is untrue, especially when the accusations are just “we don’t trust them.”

[GauntletWizard]

I think that Kapersky employs some of the best security researchers in the world, and I think they're fundamentally under the thumb of the untrustworthy Russian government. You can claim the same about the US, you can believe the same about the US, but for most US persons and large corporations the threat of the US government is substantially smaller than the Russian.

Russia is right now a rogue state. Rogue in the definition of "cut off from the rest of the world", whatever else you think of them. The repercussions of hostile actions towards their customers were tempered by their effects on global geopolitics, but that's no longer a threat now that everyone is hating on Russia already.

Whataboutism has it's place, but practically the threat model has to be evaluated with perspective. US corporations see Russia as a threat. They do not see the government as the same form of threat.

I'm personally of the opinion that the best antivirus is no antivirus, for certain.

[throwmeariver1]

I would have called Russia and China rogue states before at least in the online space. There are just to many state sponsored hacking activities that you have to paint them as bad actors.

[hamstergene]

Security is not just about not getting hurt, it's also about probability of being hurt, and leverage to bring the bad guys to justice. Theoretically, anyone can get shot at a grocery store, but that doesn't mean we're all living in dangerous places, does it? Other anti-viruses operate from cooperative countries, that don't have a reason to attack, and are reachable in case they do.

Everybody understands that if tomorrow Putin walks into Kaspersky's office, hands a thumb drive and says "make your antivirus run this", Kaspersky won't be able to say no. There were talks internally (I worked there) about open-sourcing but they quickly concluded it will change nothing trust-wise. Kaspersky is not being pushed around because of proof they did something, but from the fear of what they may do.