If a Reuters report to be believed, this reminds of an old adage: the case of the ‘Fence Eating the Crops.’ The recent explosive confession made by two ex-employees of the world’s biggest Anti Virus company- Kaspersky Lab that the company’s co-founder Eugene Kaspersky indulged in unethical business practices such as “tricking competing anti virus software programs to classify benign files as malicious" has opened up a can of worms.
The report said that “ Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.”
The two un-named former employees of the company further told Reuters that these attacks were ordered by Eugene Kaspersky himself to stem down the escalation of rivals such as Microsoft, AVG, Avast and other smaller companies. The ex-employees also told Reuters that Eugene felt that the competitors copied Kaspersky’s software rather than investing in their own development.
Kaspersky has vehemently denied the accusations and rubbished the Reuters report . In a Tweet Eugene Kaspersky said:
If the allegations are true, then it can lead to numerous ramifications for the overall anti virus market and will put them under the scanner of regulatory authorities on the kind of business and trade practices they follow.
In an emailed statement Kaspersky Lab counter claimed the Reuters report:
“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted."
Innovative Experiment
In 2010, the company said that it conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless.
It is interesting to note that after the experiment, the company made it public and provided all the samples used to the media so they could test it for themselves. "We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behaviour)".
More on this experiment at: https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/
The company says: "After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points. Read more here:https://securelist.com/blog/incidents/30613/cascading-false-positives/
The company further stated that: “In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.”
Did Kaspersky Lab indulged in creating ‘false positives’- the company clearly says no, but the jury is out there on who is right and who is wrong.
Do you think AV vendors indulge in unfair business practices? Lets hear your comments.