Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The moment some backdoor is discovered in Kaspersky

What do you mean as "backdoor"? Any anti-virus software is a backdoor.

Anti-virus software is rootkit on your system.

It can literally upload any file on your disk to the cloud.

This is by design and this is why you dont want to run Russian state-controlled company software on your system.



Does it that also apply to Windows Defender and ClamAV as well?


Obviously ClamAV only does what's in it code, but pretty much all proprietary AV software collect samples by default based on rules deployed by developer.

Windows Defender do have automatic sample submission, but according to documentation only automatically submit files that are "safe" to not no contain PII:

https://learn.microsoft.com/en-us/defender-endpoint/specify-...

It might request user approval to submit non-executables, but again we can't know when and why Microsoft might decide to override defaults. Technically data collection pipeline is here.


I mean the AV software being used as a malicious agent.

> We fully believe that … the Russian government is either now using Kaspersky or certainly would be willing to use Kaspersky.

“Highly likely” is a shit of an argument that is exercised quite often lately.


> I mean the AV software being used as a malicious agent.

See the problem: there is absolutely no way to tell whatever AV software uploading your sensetive documents to it's servers for legit reasons or because it's spying on you.


What stops you from disabling cloud protection / some firewall rules, if you are worried about the leaking documents?


My antivirus is kvrt, I run it on-demand when I want to check, and it is blocked by my firewall.

I suppose in theory it could contain something that exploits an ability to sidestep the firewall, but then you're in to conspiracy theory land.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: