This article is more than 3 years old

The chiefs of the United States’s intelligence agencies have publicly stated that they wouldn’t feel comfortable running Kaspersky anti-virus software on their computers.

That’s what they told a Senate intelligence committee yesterday, when specifically quizzed on the topic by Marco Rubio:

MARCO RUBIO: As has been widely reported, and people know this, Kaspersky Lab software is used by not hundreds of thousands, millions of Americans. To each of our witnesses I would just ask, would any of you be comfortable with the Kaspersky Lab software on your computers? ANDREW MCCABE (Acting FBI director): A resounding no, from me. MICHAEL POMPEO (Director of the CIA): No. DAN COATS (Director of National Intelligence): No, Senator. MICHAEL ROGERS (NSA Director): No, sir. VINCENT STEWART (Defense Intelligence Agency director): No, Senator. ROBERT CARDILLO (Director of the National Geospatial-Intelligence Agency): No, sir.

And I have to wonder – why?

Is it because – gulp – Kaspersky is Russian?

Kaspersky is a global company, with offices in over 30 countries around the world. but it was founded, 20 years ago, in Moscow by Russian anti-virus guru Eugene Kaspersky.

In the last few years there have been a stream of stories attempting to link Kaspersky to the FSB (the modern name for the KGB). Some have even tried to suggest that founder Eugene Kaspersky might be surreptitiously meeting spies in Moscow saunas.

Eugene is sometimes portrayed as suspicious because he served in the Russian military – forgetting that umm… conscription is mandatory in Russia.

It’s easy to cast aspersions, but all anyone ever seems to have come up with are furtive whispers, rather than any actual concrete facts of wrong-doing.

And it’s a story which some Western security companies are in no hurry to dispel, presumably thinking it’s Kaspersky’s image problem to resolve – not theirs.

For what it’s worth, I have no doubt that Kaspersky sometimes helps Russian law enforcement when the hunt is on to identify online criminal gangs. Similarly, Sophos works with the British police, and there must be dozens of American security firms that have assisted the authorities there over the years.

But that doesn’t mean that the different anti-virus firms are spying on any of their customers for intelligence agencies, does it?

And if Kaspersky was somehow in bed with the-powers-that-be in Moscow, then why would it have published detailed research on Russian-borne cybercrime campaigns like Epic Turla (sometimes known as Uroburos) and Red October?

A question worth asking is have all US-based security firms worked quite so hard in uncovering America’s own state-sponsored cybercrime campaigns?

And how would people feel if they knew their all-American apple-pie-loving anti-virus software is often written by people who come from Eastern Europe and Russia, and – yes! – might even include former Kaspersky employees.

After all, the anti-virus industry is a small world, and it’s not unusual for people to switch from company to company.

If Kaspersky gives you the collywobbles then maybe you should be wary of trusting any security software you install on your computer. Actually, that’s not such a bad idea. But please don’t let it stop you protecting your computer with something.

If someone genuinely believes Kaspersky’s software is somehow secretly spying on selected customers, now’s the time to put up or shut up. Show us the evidence.

While you’re working on that, read Kaspersky’s statement on the rumours.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.