[T3OU-736]

> What about the U.S. accusations? Well, as always they produce a lot of accusations but never provide any proof. Make of that what you will.

This is a fair point. I don't have any insight as to the truth (and, myself, would very much like to know thr details), but one of the factors for this sort of inscrutability is that revealing the information would also reveal how it was collected.

As an hypoyhetical: if YeOldeSecurityService has p0wn3d Kaspersky and are watching what is going on inside, and are seeing the Kaspersky endpoint agent software feeding not just hashes of what they scan (which itself is damned valuable), but that the endpoint agents have a full command & control type of "execute this command" capability, and that this capability has been used (*this* is the specific detail that we'd want), then Kaspersky can narrow down how this was found out, eject the persistent presence which allowed this to be gathered, and the effort spent getting into Kaspersky's infra, as well as the juicy juicy data to which this persistence has given access are traded away for the satisfaction of curiosity.

There really isn't a need for that. FCC makes the administrative ruling. Enterprises switch AV vendors because from a risk/compliance perspective, this is a sane thing to do, and the only people left dissatisfied are those of us with a curiosity itch.