Security firm Kaspersky Lab denies allegations of thwarting rivals by planting false information in the virus reports it publicly shares.
In a digital era heavily relying on computers, security is of utmost importance. Security breaches can compromise vital and sensitive data, affect the performance of a machine and cause lots of headaches, but various security software aim to protect users from such threats.
Kaspersky Lab is one of the most powerful security companies of its kind, leveraging extensive expertise and employing some of the world's best security researchers.
The latest report from Reuters, however, raises some serious concerns regarding the company's practices. More specifically, a couple of former Kaspersky employees apparently told Reuters that the security company is planting fake information in its public reports, aiming to thwart competitors. The sources spoke under condition of anonymity.
According to these sources, Kaspersky has intentionally classified routine system files as malware to harm rivals. In this case, competing software would see the files classified as malware (even if they were not actually malware) and flag or delete them on user machines, which in turn could cause various software to stop working properly.
The two former Kaspersky employees even claimed that Kaspersky Lab founder Eugene Kaspersky himself personally directed this practice of dropping file names in virus reports.
It remains to be seen whether such allegations turn out to be accurate or not, but Kaspersky does have the power to trick rivals through such practices. Back in 2010, for instance, Kaspersky complained that many other security firms were simply copying its work without adding their own contributions, and set up an experiment to prove it.
As part of the experiment, Kaspersky submitted the names of 20 benign files to VirusTotal, marking them as malware. Little over a week later, at least 14 other security firms marked the files in question as malicious as well, proving Kaspersky's point that they were copying its work. That information was conducted openly and everything was public knowledge, but the two ex-Kaspersky employees now tell Reuters that the company has in fact planted such false positives for more than 10 years, especially between 2009 and 2013.
Kaspersky, for its part, strongly denies any such practices, arguing that it never planted any misleading virus information.
The Reuters report stirred great uproar due to the severity of the issue, but Kaspersky denies all allegations. The security firm issued an official statement on the matter:
"Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," argues Kaspersky. "Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false."
Eugene Kaspersky has even taken to his personal Twitter account to slam the Reuters report as "complete BS."
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
Kaspersky continues to bash Reuters' article on his personal blog, pointing out that the whole story makes waves without offering a single shred of evidence, making sensational claims based on a couple of anonymous sources.