The Company You Keep: Don’t Get Kasperskyed
Don’t get Kasperskyed.
When you were a kid, did your parents ever discourage you from hanging out with “that friend” or “that group of friends”? Almost instinctively, your parents knew which folks were up to no good and knew that continuing to associate with them wasn’t going to end up well for you. As we grow older these parental admonitions are transformed into pithy phrases such as, “You’re judged by the company you keep,” probably to help us remember them better. But the truth behind it remains as true today as when you were a kid. Well, the folks at Kaspersky are certainly being judged based on their acquaintances, and — as your mother might have predicted — things aren’t working out too well for them.
Like most of us, Kaspersky started out on the right foot. They developed a number of anti-virus and security products that led to them amassing more than 400 million users globally. Then like those kids who got tempted into smoking cigarettes behind the gym by the wrong “friends,” the folks at Kaspersky gave into temptation and soon were running with what might euphemistically be called a ‘bad crowd.’ ‘Crowd’ in this case being another name for Russian intelligence. While being acquainted with the intelligence service of any foreign nation is probably not advisable for a security software company, the prospect of palling around with the FSB (you might remember them by their former acronym — KGB) tends to make everyone a little nervous right now. Even if they weren’t doing anything, the whole “guilt by association” thing is going to discourage sales.
All of the above would probably be bad enough for Kaspersky, but a few of its larger customers have noticed that their products provide broad access to files and elevated privileges on computers where the software is installed which could enable attackers to access and compromise systems. In technical terms, this is referred to as a “back door.”
Even this might not have been so bad, since security companies can quickly declare, “Hey, we’ve got a patch for that.” The only problem was that the larger customers Kaspersky was dealing with happened to be agencies of the United States Government. Apparently, similar products without back doors were not available from any domestic vendors. Upon this discovery, things immediately took a turn for the worst for our friends from Moscow as the Department of Homeland Security sent out a notice to its fellow federal friends to stop using their software products. And, to make matters worse, Best Buy, Office Depot, and Staples also decided that their own customers might blanch at some of their more sensitive information winding up on a PC in Vladivostok, so they decided to pull all Kaspersky products from their shelves.
Since a major part of being a software security provider is being able to deliver products that actually ensure information security, it’s difficult to say what the financial impact will be on Kaspersky. Certainly, there are countries out there where security isn’t quite as big a deal as the U.S. market, but are there enough Kazakhstans, Pakistans, and Irans out there to pick up the slack? Hard to say, but it could be worse. How in the heck are you going to make your quota if you’re the company’s U.S. sales manager? Just remember that the next time you start feeling a little restless in your cubicle.
I think Kaspersky’s experience should be a lesson to all of us. Are we a reflection of our friends and neighbors? Who knows, but maybe it’s time for a little reassessment. Sure, Stan in the next cube is a fun guy to go to lunch with, but how much do you really know about him? While there’s no need for paranoia, vigilance is the best way to ensure that getting “Kasperskyed” doesn’t become a familiar verb.