- Antivirus software from adversary nation-states could create a vulnerability for them to employ espionage, argues Michael Sulmeyer, the Director of the Belfer Center’s Cyber Security Project at Harvard University.
- Sulmeyer was referring the recent Kaspersky antivirus hack, in which Russian state-sponsored attackers stole National Security Agency methods of U.S. cyber defense. The multinational cybersecurity firm has denied involvement.
In his recent interview with The Cipher Brief, he highlights how and why geopolitics should guide the private sector to follow the U.S. government’s action in removing Kaspersky’s software from their networks. When selecting anti-virus software, Sulmeyer advises businesses to understand:
- Where the software comes from and how governments would abuse the data the companies may collect;
- Disclosure policies both and informal, which designers are subject to.
“When we pay for and install anti-virus software, we grant it extraordinary access to our computers and networks. While we expect anti-virus to do what its name implies (protect us), to do so requires us to trust the software and its designers – what they do with the scans of our data can be for good, and sometimes for not-so-good. The concern about Kaspersky specifically is that with this extraordinary access to so many millions of computers around the world, the Russian security services can see what Kaspersky sees. The result is that customers pay Kaspersky to facilitate the security services eavesdropping on their information,” Sulmeyer explained.