The antivirus giant Kaspersky made big news recently because they were accused of having the Russian government in the hen house, using their software to scan across different systems, including an NSA laptop containing government secrets which was running Kaspersky and picking up files of interest to them.
The problem
AV runs on systems looking at each and every file and process to see if anything is malicious and bad, matching against signatures and sometimes behavior. Functioning as a bouncer, letting only those things in that it deems appropriate. This bouncer has the ultimate access to near everything though. If turned, it can rifle through and look for any particular file it wants, sending that content back to home base.
This caused mass panic on the US side of government, and it quickly issued a response that all US government computers will not run Kaspersky. Meanwhile the AV company has said it has nothing to do with Russia’s government getting into their system and has said it will allow source code access to prove it. This is likely a good move because not much else would earn the trust of companies and governments running their code.
Other AV systems are not immune to this sort of take over. Some security experts go as far as saying don’t run AV, and keep your systems patched. I’m not sure this is the answer either, but there is a reality to accept that running AV could open a back door into your systems.
Eventuality
McAfee is taking a different stance and not offering its source code up for review. I tend to wonder if opening up source code is the inevitable for AV providers. It has such power over the OS and unfettered access. Other systems that depend greatly on security are open today. Think about encryption. All the largely used systems, such as RSA and AES, are open. Anyone can go take apart the math and see how it works. In fact we go so far as saying that secret, unknown encryption systems are not recommended. They don’t get peer review, and tend to be broken by cryptanalysis. Kaspersky isn’t opening up their code to the world. It is planning to work with an independent review group for verification. This keeps their trade secrets safe, the ‘how-it-works’ from being replicated by another competitor. Others may be forced, through market pressure and buyer pressure, to do the same. With the NSA hitting systems like router and firewall manufacturers from the US in the past, getting back doors installed so they can get into other foreign governments, you can’t avoid the elephant in the room for long.
www.infosecurity-magazine.com/news/mcafee-says-no-to-foreign-govt
www.cisomag.com/nsa-hacking-code-lifted-personal-computer-u-s-kaspersky