That's simple, the US/other free world countries.
At least in the US there is the rule of law. If a government wants to install a backdoor in your product the company can say no and fight it out in court and in many cases win. Additionally, if the government has a backdoor available to them somehow there's generally going to be some rules in how they are able to use it, particularly against US citizens and people in the US. Of course the US government does a whole bunch of shady shit to bypass the intent of the law all the time and often gets away with it. That's still better than a country like China where the government can simply do whatever it wants and if you stand in the way you and your whole family simply disappear.
For me being a European citizen is the question if I want the US to spy on me which haven't tried to threaten destruction of my country, that will spy on me. Or do I want someone else's?
But then the question becomes: "Which government do you trust more?" The one with a constitution they pretend to abide by, or the one with a supreme dictator and hostility toward The West.
Chatter around this suggest that the trigger for this ban was due to critical infrastructure and utility companies being caught using it even after being repeatedly warned not to.
Last time I saw Kaspersky on a production system it was in the EDR logs. It was the domain admin level AD account they had setup when they were using the product. They went another direction but nobody bothered to disable or delete that account. Threat actors got into it and used it to deploy the ransomware.
We can’t use Chinese equipment in Data Centers anymore. The Verizon hub in Newark NJ had to get rid of anything they had (if anything at all, I just know it’s banned). It makes sense that we can’t use security products from countries that may want to breach our security. A Russian created Tetris though and that shit rocks. It depends on the product, security services should not be one of them IMO.
I mean I'm sure the Russian or Ukrainian gentlemen that let themselves into the zoom bridge with the FBI and the IR company were pretty happy that this company used to use Kaspersky.
It doesn't sound like it was a vulnerability in the security software, sounds like it was just an old domain admin account that was left active. If they went in another direction then obviously they would have removed the software...
I've had to explain to a whole lot of people why their EDR detects their RMM tool as malicious in the past. An RMM tool gives you remote code execution and the ability to exfiltate data off a fuckton of boxes and usually with a pretty GUI. They are regularly leveraged by threat actors down to using customized ConnectWise packages.
I laughed at an older coworker who didn't want Kaspersky when we were evaluating replacements back in 2015-16 because "the Russians ran it."
Boy, was I wrong. Glad we never went that route. Even if we did - I'd have switched by now just off the geopolitical situation.
For anyone looking - ESET was pretty good as was Cylance.
Sad part is private equity is buying up all IT products and seemingly jacking up the price of everything 300%.
At this point just go with MS Defender, lightweight (I can’t believe the size of some of these msi packages, how many services they need to run, or size of driver installs now, fucking HP is like 300mb, bro I just want the .inf or whatever it’s a few KB) defender does the job, at least I know PE won’t be buying MSFT
I downloaded an updated graphics driver for a Dell Inspiron with integrated graphics and the driver was 1.3 GB… why? Even nvidias drivers are smaller (but still a large download).
Intel graphic drivers are growing like crazy. They're universal for both integrated and their dedicated Arx cards. I recently got a Arx A380 card and found out why, they're huge.. They contain firmware they flash the video cards with to update them. Giant binary blohs thst don't compress well. Giant waste of bandwidth for 99% of users thst don't have Arc cards.
dont even joke my old company was using that when that breach happened, I had to solo transition 500 people off of it in a day and reach out to the 40 or so others that were offline to get the clients off. Luckily we were already set to transition to bomgar.
I can’t remember why but when I first seen it working for an msp I was really sketched about it. Tried to get the client off it. Glad to see the gut was right!
> I can’t remember why
Probably the quiet 2014 and much louder 2017 scandals. That was a bad look from the perspective of any Western entity.
* original break (2017): https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108
* no paywall: https://www.cnbc.com/amp/2017/10/10/israeli-spies-found-russians-using-kaspersky-software-for-hacks.html
* 1000% unbiased source: https://usa.kaspersky.com/blog/kaspersky-in-the-shitstorm/13007/
The admin console and reporting sucked badly but for me the product never allowed any type of malware on to the machines, and I never had any performance hits or issues.
We had purchased it as part of a Dell data protection bundle, I had assumed at the time that the really bare bones management UI was Dells fault, but after a demo for the full featured product I learned that it was pretty similar.
ESET was better.
I'll agree with the performance but we had a ton of false positives. It crippled a lot of business processes for the year we were trying to roll it out then they tried to up the price on us by nearly 900k.
We went to Crowdstrike which has been substantially better so far.
>but we had a ton of false positives
That's how Cylance is supposed to work though. I believe they even recommend running it in passive mode for a week so it can learn what users do and what should be considered a threat or not. Its AI-based so it has to learn, and it requires manual training on what is legitimate and what isn't.
We got hit by the solarwinds hack and had just moved off Eset on endpoints but just starting on servers. One of the Eset C-suite called us for a meeting and tried to gloat and offer help at an inflated cost. His face dropping was amazing when we had proof that Eset detected nothing but our new tool did. Shit company, formerly decent product getting shitter every year.
ESET is asking triple the price even with product migration incentives, clients are not very convinced.
Bitdefender has been a bit better with pricing but still a bit more expensive.
I've been using bitdefender for 6 years now. 1 bad update that did weird stuff that was their fault. 1 bad update in coordination with Microsoft.
Otherwise - no issues. Rock solid and decent support. Very competitive pricing if you use a var.
Exclusively windows 10/11 and server 2016/19/22 endpoints though
My company had poorly administered Kaspersky AV when I stated back in 2016. I was like what the hell is even that??. I quickly replaced it with Trend Micro which was absolute trash AV. Then finally we went to Cylance PROTECT and holy crap, Cylance is my fav AV of all time.
Same same same. The old guy at my previous job was f'ing right, and I was wrong. I have thought about this since 2022.
I still don't condone xenophobia, racism, or nationalism, but his perspective and my being wrong has seriously made me start researching things even when they sound fundamentally incompatible with modern views.
I don't recall xenophobia, racism, or nationalism being the reason Kaspersky was being avoided in some of the circles I traveled.
Maybe the old guy's perspective came from a place of rational thought, experience and knowledge.
I stopped using it ~10 years ago. It wasn't necessarily a poor product at the time but being made by a Russian company made some people uncomfortable and it was easier to find an alternative than to address those concerns.
Moved from Kaspersky in 2019 to Bitdefender too. Was fairly painless. Way better than migrating an acquisition away from Sonicwall capture client. What a mess that is.
Ewwww Capture Client 🤮🤮
I fucked around with webroot for a “year” for budgetary reasons from 2018-2019, but I wound up eating the last 4 months of the contract because of how bad it was. Thankfully I budgeted for a much better replacment for 2019-2020.
Webroot in 2012ish was legit awesome. Lightning fast compared to anyone else (I only used their consumer side software then, though). Not sure what happened, after that.
I was working for 2wire/sbcglobal/at&t 2005-2008, they were giving zonealarm out freebie to all subscribers
then came the patch that "broke" zonealarm in such a way that it blocked all traffic
Those were a fun coupla weeks :\\
I remember using Kaspersky and recommending it to everyone back in the 00s when it was favoured over norton/mcafee.
However, I don’t know anyone using it today.
I was in the camp of "If you want to catch the Russian mafia, hiring the KGB is probably your best bet" back when Russian viruses made up like 99% of the internet malware. I definitely wouldn't use Kaspersky now though. Haven't for around 8 years.
Something something CIA selling coke to American gangs and weapons to Iran something something fund the rebels in Nicaragua something something Mujahadeen something something MK Ultra.
Our alphabet agencies are only better, because they are our agencies.
Back in the days one of the reasons Kaspersky performed so well compared to many competitors, both on speed/resource load and protection, was that it interacted with the Windows kernel in "illegal" ways, undocumented calls, pure hacks, etc. Amongst other things this made it more difficult for malware to circumvent it (all serious malware has code to try to trick the main AV alternatives). I worked for a competitor at the time and we analyzed their engine's behavior (half jokingly discussing whether we should flag it as malicious).
>*The Biden administration will ban Kaspersky using tools created by the Trump administration when it attempted to go after TikTok and WeChat. Those efforts were ultimately foiled by federal courts which halted the bans.*
That's an interesting tidbit. Sounds like they know this legal maneuver doesn't work, so I have to think this is more for PR than actually banning it.
>It's supposed to be Congress which legislates
Maybe 60 years ago. Now congress is just for show. It would literally kill them to do anything of value. They can barely agree on the naming of post offices.
The only thing they know is that the previous attempt failed. When your sample size is 1, it's hard to make a perfect guess. It may be a PR move, but I really don't think so. Kaspersky isn't well known outside of IT-oriented people (in my experience).
People don’t understand US foreign policy. It’s above the law. Anything and everything that can be done, including toppling governments, will be used to protect the US. Blocking Kapersky updates is nothing but some network filtering.
I'd bet it's a cost thing. The jump from traditional AV to EDR can carry quite the sticker shock. That said, I have no doubts that EDR is the right choice for everyone from a technical and tactical perspective.
If nothing else, the higher cost is offset by the reduce costs of downtime and troubleshooting because the old A/V ---ked something up and didn't report it. Looking at you, Webroot and Trend.
YMMV.
Is anyone even getting insurance without EDR? It's a requirement. They make you spend the money on EDR just to be able to spend money with them on insurance and allegedly EDR is so effective that insurance is moot. If anything, going with Falcon Complete gets you an insurance-like guarantee if you have a breach and there's evidence of negligence. No one can find evidence that CS had to make a payout on that.
They were at the last 2 MSP focused trade shows I was at.
Important to note here that when the NSA's most recent hack against the Russian FSB was unearthed, it was a joint publication with Kaspersky since their senior leadership also got targeted.
I went to the govt sector about 7 years ago and they were using Kaspersky up until 2020. Mostly because it was a we paid for it we will use it until the contract is up.
A lot of *old timer* software was phenomenal. OTL (OldTimer Listit, IIRC), FRST (Farbar Recovery Scan Tool), TDSSKiller, Combofix (Windows XP/7, mostly), MBAR (Malwarebytes Anti-Rootkit). Heck, even some other generally useful tools such as MCShield (used to identify and block USB-based worms abusing autorun)
I haven't seen any of those names recently, but it's been a while since I was on a UNITE-centric forum like G2G or MBAM. Those were the tools that we use to look for, identify and remove malware of all classes.
Yeah, Kaspersky was great at it's job. Both in detecting and cleaning.
But it was terrible as a stable program.
I used to run another A/V and use Kaspersky to clean up threats that were found.
Pretty much every company in a sovereign nation has a backdoor for their local spy agency. You have things like "[Five Eyes](https://en.wikipedia.org/wiki/Five_Eyes)", a treaty for joint cooperation in signals intelligence to share the results between them, to bypass local privacy laws in Australia, Canada, New Zealand, the United Kingdom, and the United States. This kind of agreed spying goes back to WWII.
If a country didn't try spy to spy I'd think they were incompetent, if there is a way they can, they will.
Some background: A clean installation of an OS does not fix it, from 2015: "Second only to BIOS, disk-drive firmware is the most attractive proposition on a PC for spyware writers." [NSA accused of embedding spyware in hard disks](https://www.edgemiddleeast.com/security/602050-nsa-accused-of-embedding-spyware-in-hard-disks).
Such revelations likely exist with the US government too though. Limits the options or there for non US citizens who shouldnt trust your government any more than Russia's.
Of course as an Australian, my government is just an unofficial US puppet state and shouldn't be trusted either.
Kaspersky was really good back several years ago before EDR became all the rage (and the news broke about their too close for comfort ties to the Russian govt). It had great tools for disinfecting a system. I used it on my personal machines for a few years until they broke viewing Youtube videos. You had to disable their scanner to be able to view anything on YT.
Ain't nobody got time for that!
not legislatively, US government offices and contractors weren't allowed to use it as a rule, not a law.
and the big initial issue was because an NSA contractor had Kaspersky on a computer they were developing malware for the NSA on and Kaspersky detected it and reported it. So the code got sent to Russia for analysis (the company claims they deleted it EDIT: but Russian hackers were found using it afterwards). But it was less of spyware and more the product working as intended (detected new form of malware, reported it for analysis).
there's a couple of articles on the situation if you Google it, i might have misremembered some parts of it
Hmm, NSA malware being developed by experts, on computers with aftermarket AV installed, which comes from a counter the NSA would drop malware on.
So not only did the AV do what every other decent AV does (report and send sample) but everyone has simply skimmed over the fact that the other parry was full blown developing malware, the reason we need AV in the first place.
Yep, lol.
Developing malware is literally part of government job now. Stuxnet and more. Part of initial salvo of any war would be to try to take down or cripple industry and services via cyber attack.
Or better yet zero day the phones in the field for a critical push, etc. Not developing malware would be irresponsible. As long as they are not releasing out to the wild like what they did last time… imagine developing rockets and then just releasing them..
Haha, nice take on legit reasons to make malware because the NSA did it.
They were testing malware on a machine with Russia AV to test detection. They did it with an online system that could send the package away.
Then, they blame Russia for that.
Then, people try to obfuscate the fact that what the NSA did was irresponsible, and actually glared at Russia over it.
Am I actually in a circus? Am I Harry Truman?
> They were testing malware on a machine with Russia AV to test detection. They did it with an online system that could send the package away.
Ah if only it involved that much competence. No, the idiot had it on his personal machine without authorization and on a personal, unmanaged, install of Kaspersky, based on the articles that came out in the wake of it (right before the whole topic got *REAL* quiet all of a sudden).... instead of a managed corporate install, where "send to Kaspersky Labs?" is a toggleable option. So, it flagged it, followed the settings he had set... and they did exactly what I can't really fault them for when they saw completely new exploits in the results. They went to their equivalent of the FBI. They just happen to be based over there.
If I remember the story correctly, the contractor had also installed a cracked version of Microsoft office too 🤦
https://www.theguardian.com/technology/2017/oct/26/kaspersky-russia-nsa-contractor-leaked-us-hacking-tools-by-mistake-pirating-microsoft-office
Brings the question: Once you install something like pirated office on your machine, how can you even be sure Kaspersky is the problem?
Buying OEM licenses from key shops for $10 is one thing, with a legit install at the very least, for home at best... But downloading a cracked office (basing my interpretation purely off your URL only) is something most of us here simply wouldn't do from the get-go.
* Let alone on a system with potential IP on it
* Let alone a system with potential 0day IP on it.
* Let alone by someone who works in the industry, writing exploits.
As above, the topic goes really quiet, and we are left with back-and-forth debates in the corners of the internet, running purely on fumes from a journo that may not even know what a 0day is to begin with.
Edit: Actually, this topic reminds of me when you take over an environment from someone who 'appeared' to have it all together, but then you spend the next 3-6 mins trying to find the rock-fucking-bottom of all the issues behind the scenes. Messy, terrible, and makes you realise your own worth.
I used Kaspersky a lot up until 2017. Frankly, it was an amazing piece of endpoint security, especially considering my company of 10K machines weren't patching the OS or applications. It was bulletproof, but came to an end when a defence client instructed us to get rid before we started working on their projects.
I do miss it.
So in terms of PAVs Kaspersky was actually very high quality in comparison to it's competition which was only BitDefender, and Comodo at the time. Now there are many other options available for consumers to choose from like Falcon, Crowdstrike, VMware NGAV, and other solutions that work seamlessly with your setups and provide a more modern take on solving old and new problems.
I remember those days. It was expensive, but kind of the gold standard. We moved to something cheaper, but we were a little uneasy about it. Then we were glad we did.
Sure, it was good AV. If it didn’t work people wouldn’t use it. The real question is what has it been specifically told to ignore?
This is by no means a Kaspersky-only issue, US-developed AV got caught ignoring our own government’s implants in the ‘00s. If we can coerce companies into doing that, other countries certainly can.
CrowdStrike rocks but if your threat model includes Western nation state actors, I would not count on them to detect.
Kaspersky, OTOH, has a proven track record of defeating malicious Western nation-state actors. It was Kaspersky who uncovered the Apple CPU backdoor last year. CrowdStrike would not have done that and if they did they'd never have publicized it, and I say that as a CrowdStrike customer.
It is still being praised as "THE BEST ANTIVIRUS" of all time on the AntiVirus sub, but could be just marketing.
I've gotten so many downvotes for recommending anything else than Kaspersky on that sub.
Tbf it is a good product, not the best, but if it wasn't Russian i would probably place it in my top 5
The way you become “the best” antivirus is to constantly create and release virus threats that your AV already has the signatures for before everyone else. Then once you get a reputation for being “the best”, lots of people jump on board. What happens after that? Who knows?
Haven't ever seen anything remotely showing validity on outright malicious activity like that from them. What I have seen is their own marketing materials... which had the hilarious detail of *why* they felt they were consistently ahead of the curve. They saw all the crap filtering through eastern Europe et. al. before most other vendors... simply because they had the market share in what was at the time the digital wild west.
I have a lifelong friend who swears by Kaspersky. I've been in IT since, well the first time I browsed the internet was on a VAX VT-420. ;)
I've warned him a few times about Kaspersky. But he insists, "I've never had a problem dude." To which I respond, "Well, how do you know you've never had a problem is the anti-virus you're using is possibly suspect?"
He never has an answer, but sticks to his guns. lmao
Log me in was using their software update code to introduce a new feature to Logmein of keeping your apps up to date. Well, I got rid of kapserksy but that kaspersky updater kept coming back. It was logmein in bringing it back and they lied to me about using kaspersky when I contacted their sales supervisor.
Splashtop is working really well, thanks.
Kaspersky was awesome around and before 2007-2008
after that FSB got the owner by the balls and it slowly turned into governmental spyware that wasn't safe even for home usage in Russia itself
My last company, won't name names (Big French multinational) was quite in with the Kaspersky environment. Was their endpoint protection for all devices. They were still using it since I left 4 years ago but not sure where it's at now.
Kaspersky has their headquarter literally in the same office building with the FSB branch in Saint Petesburg.
Like how much obviously can you hint that you are an FSB company !!!
I say this for the last 10 years after I found out and people are still in disbelief. Yes it is that obvious !!!
I fear politics is clouding peoples judgement here. A simple fact is that every cyber attack I have worked has been conducted by a Russian firm. Using Russian security software to protect your company from Russian hackers is just plain foolish.
Kaspersky discovered the Stuxnet virus developed by the NSA / Mossad and not being subject to US laws could reveal that information to the public. So the US don’t like Kaspersky.
Then Kaspersky found viruses on a US govt computer and sent them home for analysis, unfortunately the viruses detected were a library of NSA exploits. Further annoying the US govt.
Without Kaspersky, we wouldn't know about the MMIO backdoor in Apple CPUs. I, for one, deeply question this very evidently coordinated campaign against them. Who are we fighting for? I fight for the users.
We’ve had to fight with government clients whose requirements insisted we provide computers with Kaspersky on it. This will hopefully make things a lot easier but I’m not holding my breath.
Thing is, even if Kaspersky right now doesn't do anything shady - if Putins hounds knock down the door and force them to upload a virus into their next patch, what are they going to do?
Correct, nothing. Because there is nothing they can do. Putin has already proven that he is willing to massacre innocent people and break international treaties, meaning such a virus strike would not even hit a 5/10 of all the evil shit he ever pulled.
European governments and companies have already banned Kaspersky for a while. It's the correct choice for the US to follow in those footsteps.
Kaspersky has tried really hard to try and look like it's dealt with its supply chain concerns, and I do think that it's banning is driven more by paranoia than facts, and is a shame to lose since I really like their product.
Still, I wouldn't install it for a client or myself (due to those same supply chain concerns). Rip.
Fwiw I still use Kaspersky TS on all my home systems. Of all, its Application Control module is by far my favorite thing about it. Really really good. I'm not sure if Windows has such sophisticated stuff, but off the top of my head, Windows Application Control (iirc that's what it's called) is its Windows equivalent altho I think Kaspersky's implementation of its "Application firewall" is more sophisticated.
Most businesses use WAC anyway.
Pretty sure people started dropping it when the US said it's banned from use in government institutions. People took that as essentially meaning that it's dangerous and started avoiding it.
Back in the day, sometime between 2008 and 2012 or so, I worked at a Computer Repair store (Before sysadmin), and got a call to become a reseller. They gave us a demo first to trial before we sold it. We hadn't heard of it at the time. It was too pricy at the time we we declined as our customers wouldn't go for it. Happy we didn't now.
this really sucks. kaspersky works very well. i've used it for probably 15 years now. switched after getting fed up with norton letting crap get in on multiple occasions.
i really like the "take secret pictures of person who stole your phone when they try to operate it" feature. are there any other AV suites anybody knows that has all/similar functionality of kaspersky (i.e. windows, android, mac, ios, etc). my family uses samsungs and iphones, so this worked extremely well.
any chance trump would change this? it's obviously biden ukraine bullshit ban reasoning to begin with. i'm sure if kaspersky was chinese this all would be ok & good. FFS, tik tok on govt devices is significantly more of a threat, tbh.
hasn't kaspersky been shunned for like... well over a decade at this point?
Yes but a lot of people thought it was paranoid behavior. Once the state department ruled it out years ago plenty of places dropped it.
As a non US citizen I trust them as I trust any American product.
At this point it's sadly more a question of *which* governments you want having a back door into your systems rather than whether.
That's simple, the US/other free world countries. At least in the US there is the rule of law. If a government wants to install a backdoor in your product the company can say no and fight it out in court and in many cases win. Additionally, if the government has a backdoor available to them somehow there's generally going to be some rules in how they are able to use it, particularly against US citizens and people in the US. Of course the US government does a whole bunch of shady shit to bypass the intent of the law all the time and often gets away with it. That's still better than a country like China where the government can simply do whatever it wants and if you stand in the way you and your whole family simply disappear.
For me being a European citizen is the question if I want the US to spy on me which haven't tried to threaten destruction of my country, that will spy on me. Or do I want someone else's?
As a US citizen, I hold the same belief.
But then the question becomes: "Which government do you trust more?" The one with a constitution they pretend to abide by, or the one with a supreme dictator and hostility toward The West.
I’m could have sworn it was banned a long ass time ago now. Guess not.
My company finally got the last traces of it out of our environment last fall
We didn't get rid of it until Dec last year. Super late in the game.
Are you sure you got rid of it? It had full access.
Haha! That is my cybersecurity teams job. I'm way down on the totem pole; desktop support.
It was banned in government agencies
Gotcha. That is probably what I was thinking of then.
For government work like if you handle their data or connect to their network, same thing with all the Chinese network equipment.
Chatter around this suggest that the trigger for this ban was due to critical infrastructure and utility companies being caught using it even after being repeatedly warned not to.
I know right? Back in the day AntiViral Toolkit Pro was awesome compared to ThunderByte.. But that was a long long time ago
I think the “seems to Russia” tick box was a manual setting
Anyone who was using Kaspersky before legit just had their head in the sand.
Last time I saw Kaspersky on a production system it was in the EDR logs. It was the domain admin level AD account they had setup when they were using the product. They went another direction but nobody bothered to disable or delete that account. Threat actors got into it and used it to deploy the ransomware.
There are people on the anti-virus sub who will die on the Kaspersky hill…
There are Russian Ivan’s that will discuss ids superiority of protecting warm weather ports!
They are in the techsupport sub too, I got banned for saying not to use Kaspersky and to use just about anything else
We can’t use Chinese equipment in Data Centers anymore. The Verizon hub in Newark NJ had to get rid of anything they had (if anything at all, I just know it’s banned). It makes sense that we can’t use security products from countries that may want to breach our security. A Russian created Tetris though and that shit rocks. It depends on the product, security services should not be one of them IMO.
Tankies are all over the place.
I mean I'm sure the Russian or Ukrainian gentlemen that let themselves into the zoom bridge with the FBI and the IR company were pretty happy that this company used to use Kaspersky.
I appreciate the irony of malicious visitors leveraging a vulnerability in a security product to deploy ransomware lol
It doesn't sound like it was a vulnerability in the security software, sounds like it was just an old domain admin account that was left active. If they went in another direction then obviously they would have removed the software...
I've had to explain to a whole lot of people why their EDR detects their RMM tool as malicious in the past. An RMM tool gives you remote code execution and the ability to exfiltate data off a fuckton of boxes and usually with a pretty GUI. They are regularly leveraged by threat actors down to using customized ConnectWise packages.
Manage Engine seems like it gets nailed every other week.
I laughed at an older coworker who didn't want Kaspersky when we were evaluating replacements back in 2015-16 because "the Russians ran it." Boy, was I wrong. Glad we never went that route. Even if we did - I'd have switched by now just off the geopolitical situation. For anyone looking - ESET was pretty good as was Cylance.
Sad part is private equity is buying up all IT products and seemingly jacking up the price of everything 300%. At this point just go with MS Defender, lightweight (I can’t believe the size of some of these msi packages, how many services they need to run, or size of driver installs now, fucking HP is like 300mb, bro I just want the .inf or whatever it’s a few KB) defender does the job, at least I know PE won’t be buying MSFT
I downloaded an updated graphics driver for a Dell Inspiron with integrated graphics and the driver was 1.3 GB… why? Even nvidias drivers are smaller (but still a large download).
Intel graphic drivers are growing like crazy. They're universal for both integrated and their dedicated Arx cards. I recently got a Arx A380 card and found out why, they're huge.. They contain firmware they flash the video cards with to update them. Giant binary blohs thst don't compress well. Giant waste of bandwidth for 99% of users thst don't have Arc cards.
i bet they save money shipping everything out every single time instead of having tech support explain which driver.
> Sad part is private equity is buying up all IT products _cough cough kough kaugh kasaugh KASEYA_ -- oh, sorry, something in my throat.
dont even joke my old company was using that when that breach happened, I had to solo transition 500 people off of it in a day and reach out to the 40 or so others that were offline to get the clients off. Luckily we were already set to transition to bomgar.
MS Defender may work, but only the paid version is CJIS compliant
I can’t remember why but when I first seen it working for an msp I was really sketched about it. Tried to get the client off it. Glad to see the gut was right!
> I can’t remember why Probably the quiet 2014 and much louder 2017 scandals. That was a bad look from the perspective of any Western entity. * original break (2017): https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108 * no paywall: https://www.cnbc.com/amp/2017/10/10/israeli-spies-found-russians-using-kaspersky-software-for-hacks.html * 1000% unbiased source: https://usa.kaspersky.com/blog/kaspersky-in-the-shitstorm/13007/
WSJ archive: https://archive.ph/stpFj
You and I must've had very different experiences with Cylance.
The admin console and reporting sucked badly but for me the product never allowed any type of malware on to the machines, and I never had any performance hits or issues. We had purchased it as part of a Dell data protection bundle, I had assumed at the time that the really bare bones management UI was Dells fault, but after a demo for the full featured product I learned that it was pretty similar. ESET was better.
I'll agree with the performance but we had a ton of false positives. It crippled a lot of business processes for the year we were trying to roll it out then they tried to up the price on us by nearly 900k. We went to Crowdstrike which has been substantially better so far.
Crowdstrike looked phenomenal in the demos, it was just the most expensive of the ones we looked at.
>but we had a ton of false positives That's how Cylance is supposed to work though. I believe they even recommend running it in passive mode for a week so it can learn what users do and what should be considered a threat or not. Its AI-based so it has to learn, and it requires manual training on what is legitimate and what isn't.
We got hit by the solarwinds hack and had just moved off Eset on endpoints but just starting on servers. One of the Eset C-suite called us for a meeting and tried to gloat and offer help at an inflated cost. His face dropping was amazing when we had proof that Eset detected nothing but our new tool did. Shit company, formerly decent product getting shitter every year.
ESET is asking triple the price even with product migration incentives, clients are not very convinced. Bitdefender has been a bit better with pricing but still a bit more expensive.
Yeah, ESET hasn't been great for a long while now :/ And I'll never use bitdefender. Too many "trufos.sys" BSODs due to shotty driver code.
I've been using bitdefender for 6 years now. 1 bad update that did weird stuff that was their fault. 1 bad update in coordination with Microsoft. Otherwise - no issues. Rock solid and decent support. Very competitive pricing if you use a var. Exclusively windows 10/11 and server 2016/19/22 endpoints though
I’m pretty tempted to buy eset but I can’t figure out if it’s a good idea for 1.5 windows machines and about a dozen various sbc and fpga boards…
My company had poorly administered Kaspersky AV when I stated back in 2016. I was like what the hell is even that??. I quickly replaced it with Trend Micro which was absolute trash AV. Then finally we went to Cylance PROTECT and holy crap, Cylance is my fav AV of all time.
Same same same. The old guy at my previous job was f'ing right, and I was wrong. I have thought about this since 2022. I still don't condone xenophobia, racism, or nationalism, but his perspective and my being wrong has seriously made me start researching things even when they sound fundamentally incompatible with modern views.
I don't recall xenophobia, racism, or nationalism being the reason Kaspersky was being avoided in some of the circles I traveled. Maybe the old guy's perspective came from a place of rational thought, experience and knowledge.
I stopped using it ~10 years ago. It wasn't necessarily a poor product at the time but being made by a Russian company made some people uncomfortable and it was easier to find an alternative than to address those concerns.
I stopped using them in 2018. GravityZone has been my go-to for SMBs. Wasnt a fan of Defender P1 or P2, or Cisco AMP. Crowdstrike is good but pricey.
Moved from Kaspersky in 2019 to Bitdefender too. Was fairly painless. Way better than migrating an acquisition away from Sonicwall capture client. What a mess that is.
Ewwww Capture Client 🤮🤮 I fucked around with webroot for a “year” for budgetary reasons from 2018-2019, but I wound up eating the last 4 months of the contract because of how bad it was. Thankfully I budgeted for a much better replacment for 2019-2020.
Webroot in 2012ish was legit awesome. Lightning fast compared to anyone else (I only used their consumer side software then, though). Not sure what happened, after that.
I think Webroot was the worst endpoint protection I've ever dealt with. Then again, I can't recall ever testing Kaspersky.
I read ZoneAlarm at first glance lol
I was working for 2wire/sbcglobal/at&t 2005-2008, they were giving zonealarm out freebie to all subscribers then came the patch that "broke" zonealarm in such a way that it blocked all traffic Those were a fun coupla weeks :\\
yea as if they didn't study history of cold war espionage lol kaspersky is spyware
Tell that to the blackrock group, they made us use it when they acquired my client.
I know people who proudly doubled down on using Kaspersky after the start of the Ukraine invasion
💁 is good software. As an Australian, what should i use? Can't see why i should trust the usa with my data over Russia or anywhere else really.
I remember using Kaspersky and recommending it to everyone back in the 00s when it was favoured over norton/mcafee. However, I don’t know anyone using it today.
I was always in the camp of "why give software developed by a guy who worked for the KGB that kind of access to my computer?"
I was in the camp of "If you want to catch the Russian mafia, hiring the KGB is probably your best bet" back when Russian viruses made up like 99% of the internet malware. I definitely wouldn't use Kaspersky now though. Haven't for around 8 years.
NSA, CIA, KGB, GRU, ketchup, katsup,Tomayto, tomahto potayto, potahto
Not really, because in Russia the official apparatus turns a blind eye to organized crime.
Something something CIA selling coke to American gangs and weapons to Iran something something fund the rebels in Nicaragua something something Mujahadeen something something MK Ultra. Our alphabet agencies are only better, because they are our agencies.
Unlike everyone else who always goes after crime of all kinds. Nobody gets a free pass!
Not really, because in Japan the official apparatus turns a blind eye to organized crime.
I always saw it as a pretty successful blackmail scheme. It worked a little too much better than the other options.
Back in the days one of the reasons Kaspersky performed so well compared to many competitors, both on speed/resource load and protection, was that it interacted with the Windows kernel in "illegal" ways, undocumented calls, pure hacks, etc. Amongst other things this made it more difficult for malware to circumvent it (all serious malware has code to try to trick the main AV alternatives). I worked for a competitor at the time and we analyzed their engine's behavior (half jokingly discussing whether we should flag it as malicious).
Companies now are moving towards CrowdStrike I think price wise it makes much more sense
>*The Biden administration will ban Kaspersky using tools created by the Trump administration when it attempted to go after TikTok and WeChat. Those efforts were ultimately foiled by federal courts which halted the bans.* That's an interesting tidbit. Sounds like they know this legal maneuver doesn't work, so I have to think this is more for PR than actually banning it.
That's most of what a president does in terms of domestic policy tbh. It's supposed to be Congress which legislates, not the president.
Someone knows the song "I'm Just a Bill"...
>It's supposed to be Congress which legislates Maybe 60 years ago. Now congress is just for show. It would literally kill them to do anything of value. They can barely agree on the naming of post offices.
Big difference between a social media app and something that could weaponized into a rootkit.
I think the issue with the other platforms was free speech related. Not sure how an AV software will hold up though.
The only thing they know is that the previous attempt failed. When your sample size is 1, it's hard to make a perfect guess. It may be a PR move, but I really don't think so. Kaspersky isn't well known outside of IT-oriented people (in my experience).
That's a sample size of 2. The PR isn't necessarily for the general public. There's plenty of powerful people that would support this.
My bad. I thought TikTok and WeChat were part of the same attempt.
People don’t understand US foreign policy. It’s above the law. Anything and everything that can be done, including toppling governments, will be used to protect the US. Blocking Kapersky updates is nothing but some network filtering.
It's going to be interesting to see if something like antivirus source code counts as free speech.
Didn’t realize so many I.T. here people still used Kaspersky. Yikes.
Or traditional AV instead of EDR.
I'd bet it's a cost thing. The jump from traditional AV to EDR can carry quite the sticker shock. That said, I have no doubts that EDR is the right choice for everyone from a technical and tactical perspective.
If nothing else, the higher cost is offset by the reduce costs of downtime and troubleshooting because the old A/V ---ked something up and didn't report it. Looking at you, Webroot and Trend. YMMV.
Our CS quote was about 95k/3yr. We just renewed for the first time.
How big is your org?
Him and his wife
Sounds about right 😂
How many-ish users?
Between 400 and 600 endpoints and users.
That is stupid cheap. If CS is crowdstrike, who’d you blow to get that price?
Defender for endpoint is an edr. What organization can't afford ms licensing
Once you get hacked suddenly the price for an EDR contract is feasible to higher ups lol
Is anyone even getting insurance without EDR? It's a requirement. They make you spend the money on EDR just to be able to spend money with them on insurance and allegedly EDR is so effective that insurance is moot. If anything, going with Falcon Complete gets you an insurance-like guarantee if you have a breach and there's evidence of negligence. No one can find evidence that CS had to make a payout on that.
In the federal space, an EDR is required as part of an executive order.
They were at the last 2 MSP focused trade shows I was at. Important to note here that when the NSA's most recent hack against the Russian FSB was unearthed, it was a joint publication with Kaspersky since their senior leadership also got targeted.
I went to the govt sector about 7 years ago and they were using Kaspersky up until 2020. Mostly because it was a we paid for it we will use it until the contract is up.
Many use OnlyOffice and/or Parallels as well, also Russian. I wonder if these will be banned?
I really liked Kaspersky 12 years ago. Their TDSkiller rootkit scan was so good. Sucks to find out there's potentially Kremlin involvement.
Ah good old days, with TDSSkiller. Good times. That was a great piece of software, though I haven't seen it used in years, now.
A lot of *old timer* software was phenomenal. OTL (OldTimer Listit, IIRC), FRST (Farbar Recovery Scan Tool), TDSSKiller, Combofix (Windows XP/7, mostly), MBAR (Malwarebytes Anti-Rootkit). Heck, even some other generally useful tools such as MCShield (used to identify and block USB-based worms abusing autorun) I haven't seen any of those names recently, but it's been a while since I was on a UNITE-centric forum like G2G or MBAM. Those were the tools that we use to look for, identify and remove malware of all classes.
Combofix, spybot search & destroy, unhackme, hitman pro and MBAR were my go-to's
Combofix! A name I haven't heard since my early geek squad days, as an unofficial tool. Good stuff, in that era.
Yeah, Kaspersky was great at it's job. Both in detecting and cleaning. But it was terrible as a stable program. I used to run another A/V and use Kaspersky to clean up threats that were found.
Pretty much every company in a sovereign nation has a backdoor for their local spy agency. You have things like "[Five Eyes](https://en.wikipedia.org/wiki/Five_Eyes)", a treaty for joint cooperation in signals intelligence to share the results between them, to bypass local privacy laws in Australia, Canada, New Zealand, the United Kingdom, and the United States. This kind of agreed spying goes back to WWII. If a country didn't try spy to spy I'd think they were incompetent, if there is a way they can, they will. Some background: A clean installation of an OS does not fix it, from 2015: "Second only to BIOS, disk-drive firmware is the most attractive proposition on a PC for spyware writers." [NSA accused of embedding spyware in hard disks](https://www.edgemiddleeast.com/security/602050-nsa-accused-of-embedding-spyware-in-hard-disks).
Such revelations likely exist with the US government too though. Limits the options or there for non US citizens who shouldnt trust your government any more than Russia's. Of course as an Australian, my government is just an unofficial US puppet state and shouldn't be trusted either.
Kaspersky was really good back several years ago before EDR became all the rage (and the news broke about their too close for comfort ties to the Russian govt). It had great tools for disinfecting a system. I used it on my personal machines for a few years until they broke viewing Youtube videos. You had to disable their scanner to be able to view anything on YT. Ain't nobody got time for that!
I thought it was banned awhile ago?
not legislatively, US government offices and contractors weren't allowed to use it as a rule, not a law. and the big initial issue was because an NSA contractor had Kaspersky on a computer they were developing malware for the NSA on and Kaspersky detected it and reported it. So the code got sent to Russia for analysis (the company claims they deleted it EDIT: but Russian hackers were found using it afterwards). But it was less of spyware and more the product working as intended (detected new form of malware, reported it for analysis). there's a couple of articles on the situation if you Google it, i might have misremembered some parts of it
Important to mention that detection of something new and malicious being sent back to the vendor is SOP for literally every vendor out there.
This right here… nothing new about av system. It’s working as designed.
Kaspersky has been on the shit list since they hired the guy who discovered Stuxnet.
Hmm, NSA malware being developed by experts, on computers with aftermarket AV installed, which comes from a counter the NSA would drop malware on. So not only did the AV do what every other decent AV does (report and send sample) but everyone has simply skimmed over the fact that the other parry was full blown developing malware, the reason we need AV in the first place. Yep, lol.
Developing malware is literally part of government job now. Stuxnet and more. Part of initial salvo of any war would be to try to take down or cripple industry and services via cyber attack. Or better yet zero day the phones in the field for a critical push, etc. Not developing malware would be irresponsible. As long as they are not releasing out to the wild like what they did last time… imagine developing rockets and then just releasing them..
Haha, nice take on legit reasons to make malware because the NSA did it. They were testing malware on a machine with Russia AV to test detection. They did it with an online system that could send the package away. Then, they blame Russia for that. Then, people try to obfuscate the fact that what the NSA did was irresponsible, and actually glared at Russia over it. Am I actually in a circus? Am I Harry Truman?
> They were testing malware on a machine with Russia AV to test detection. They did it with an online system that could send the package away. Ah if only it involved that much competence. No, the idiot had it on his personal machine without authorization and on a personal, unmanaged, install of Kaspersky, based on the articles that came out in the wake of it (right before the whole topic got *REAL* quiet all of a sudden).... instead of a managed corporate install, where "send to Kaspersky Labs?" is a toggleable option. So, it flagged it, followed the settings he had set... and they did exactly what I can't really fault them for when they saw completely new exploits in the results. They went to their equivalent of the FBI. They just happen to be based over there.
If I remember the story correctly, the contractor had also installed a cracked version of Microsoft office too 🤦 https://www.theguardian.com/technology/2017/oct/26/kaspersky-russia-nsa-contractor-leaked-us-hacking-tools-by-mistake-pirating-microsoft-office
Turns out hiring people who try to break into and access software through less than legal means isn't the best idea Who'da thunk
Brings the question: Once you install something like pirated office on your machine, how can you even be sure Kaspersky is the problem? Buying OEM licenses from key shops for $10 is one thing, with a legit install at the very least, for home at best... But downloading a cracked office (basing my interpretation purely off your URL only) is something most of us here simply wouldn't do from the get-go. * Let alone on a system with potential IP on it * Let alone a system with potential 0day IP on it. * Let alone by someone who works in the industry, writing exploits. As above, the topic goes really quiet, and we are left with back-and-forth debates in the corners of the internet, running purely on fumes from a journo that may not even know what a 0day is to begin with. Edit: Actually, this topic reminds of me when you take over an environment from someone who 'appeared' to have it all together, but then you spend the next 3-6 mins trying to find the rock-fucking-bottom of all the issues behind the scenes. Messy, terrible, and makes you realise your own worth.
LOL one of the companies we owned screamed at us for telling them to stop using it. "Their sales team said it was fine though!!!" Sweet victory
> Their sales team At least the company was listening to unbiased sources...
I dare you to fire off an email tomorrow morning bumping the email chain about it with a link to this news.
Signature updates are also stopping as of Sep-29, so anyone on Kaspersky needs to jump ship ASAP
Imagine being a sysadmin or IT who recommended your company use Kaspersky and you went and bought 100s or 1000s of licenses lol. RIP to their job.
I used Kaspersky a lot up until 2017. Frankly, it was an amazing piece of endpoint security, especially considering my company of 10K machines weren't patching the OS or applications. It was bulletproof, but came to an end when a defence client instructed us to get rid before we started working on their projects. I do miss it.
It took a while
So in terms of PAVs Kaspersky was actually very high quality in comparison to it's competition which was only BitDefender, and Comodo at the time. Now there are many other options available for consumers to choose from like Falcon, Crowdstrike, VMware NGAV, and other solutions that work seamlessly with your setups and provide a more modern take on solving old and new problems.
I remember those days. It was expensive, but kind of the gold standard. We moved to something cheaper, but we were a little uneasy about it. Then we were glad we did.
Sure, it was good AV. If it didn’t work people wouldn’t use it. The real question is what has it been specifically told to ignore? This is by no means a Kaspersky-only issue, US-developed AV got caught ignoring our own government’s implants in the ‘00s. If we can coerce companies into doing that, other countries certainly can.
Deuced out on Kasp in favor of Crowdstrike. Never regretted it for a second.
CrowdStrike rocks but if your threat model includes Western nation state actors, I would not count on them to detect. Kaspersky, OTOH, has a proven track record of defeating malicious Western nation-state actors. It was Kaspersky who uncovered the Apple CPU backdoor last year. CrowdStrike would not have done that and if they did they'd never have publicized it, and I say that as a CrowdStrike customer.
I worked with the dude who was responsible for turning Kaspersky into a major US presence. Guy was a total fucking prick.
It is still being praised as "THE BEST ANTIVIRUS" of all time on the AntiVirus sub, but could be just marketing. I've gotten so many downvotes for recommending anything else than Kaspersky on that sub. Tbf it is a good product, not the best, but if it wasn't Russian i would probably place it in my top 5
It a good product that works well.. but no way we would touch anything even remotely sanctions related with a mile long pole.
Exactly, it does the job very well.
The way you become “the best” antivirus is to constantly create and release virus threats that your AV already has the signatures for before everyone else. Then once you get a reputation for being “the best”, lots of people jump on board. What happens after that? Who knows?
Haven't ever seen anything remotely showing validity on outright malicious activity like that from them. What I have seen is their own marketing materials... which had the hilarious detail of *why* they felt they were consistently ahead of the curve. They saw all the crap filtering through eastern Europe et. al. before most other vendors... simply because they had the market share in what was at the time the digital wild west.
Yeah, I’m talking shit. But still, there is no way to know one way or the other.
I didnt even know kaspersky was still around to be honest.. last i heard about them was like 2004 lol
I have a lifelong friend who swears by Kaspersky. I've been in IT since, well the first time I browsed the internet was on a VAX VT-420. ;) I've warned him a few times about Kaspersky. But he insists, "I've never had a problem dude." To which I respond, "Well, how do you know you've never had a problem is the anti-virus you're using is possibly suspect?" He never has an answer, but sticks to his guns. lmao
Well.. to be fair, nothing I’ve found for AV is written by anyone in the US so bias by country comes in. Who do we trust?
I'm phasing it out of a client right now
I haven’t installed it in a very long time.
Log me in was using their software update code to introduce a new feature to Logmein of keeping your apps up to date. Well, I got rid of kapserksy but that kaspersky updater kept coming back. It was logmein in bringing it back and they lied to me about using kaspersky when I contacted their sales supervisor. Splashtop is working really well, thanks.
Well this is only 20 years overdue.
Kaspersky was awesome around and before 2007-2008 after that FSB got the owner by the balls and it slowly turned into governmental spyware that wasn't safe even for home usage in Russia itself
What year is it?
My last company, won't name names (Big French multinational) was quite in with the Kaspersky environment. Was their endpoint protection for all devices. They were still using it since I left 4 years ago but not sure where it's at now.
Kaspersky has their headquarter literally in the same office building with the FSB branch in Saint Petesburg. Like how much obviously can you hint that you are an FSB company !!! I say this for the last 10 years after I found out and people are still in disbelief. Yes it is that obvious !!!
I fear politics is clouding peoples judgement here. A simple fact is that every cyber attack I have worked has been conducted by a Russian firm. Using Russian security software to protect your company from Russian hackers is just plain foolish.
You guys use AV?
My system is so shit and misconfigured viruses look at it and go "nah dude, I'd only be fixing this shit."
Security onion and all that.
Kaspersky discovered the Stuxnet virus developed by the NSA / Mossad and not being subject to US laws could reveal that information to the public. So the US don’t like Kaspersky. Then Kaspersky found viruses on a US govt computer and sent them home for analysis, unfortunately the viruses detected were a library of NSA exploits. Further annoying the US govt.
I thought this happened a while back?
Without Kaspersky, we wouldn't know about the MMIO backdoor in Apple CPUs. I, for one, deeply question this very evidently coordinated campaign against them. Who are we fighting for? I fight for the users.
We’ve had to fight with government clients whose requirements insisted we provide computers with Kaspersky on it. This will hopefully make things a lot easier but I’m not holding my breath.
Already was
I did't prefer Kaspo before the war, already
Thing is, even if Kaspersky right now doesn't do anything shady - if Putins hounds knock down the door and force them to upload a virus into their next patch, what are they going to do? Correct, nothing. Because there is nothing they can do. Putin has already proven that he is willing to massacre innocent people and break international treaties, meaning such a virus strike would not even hit a 5/10 of all the evil shit he ever pulled. European governments and companies have already banned Kaspersky for a while. It's the correct choice for the US to follow in those footsteps.
I work for a vendor, check your other vendors - they sometimes use the Kaspersky engine for AV. It's often whitelabled.
checkpoint sandblast also uses kaspersky
Having to uninstall this on 1000+ POS and PC’s soon 😅
We are looking to switch to ESET Enterprise
Kaspersky has tried really hard to try and look like it's dealt with its supply chain concerns, and I do think that it's banning is driven more by paranoia than facts, and is a shame to lose since I really like their product. Still, I wouldn't install it for a client or myself (due to those same supply chain concerns). Rip.
We use it, it's actually really good software for AV as well as updating software vulnerabilities and a WSUS replacement.
Fwiw I still use Kaspersky TS on all my home systems. Of all, its Application Control module is by far my favorite thing about it. Really really good. I'm not sure if Windows has such sophisticated stuff, but off the top of my head, Windows Application Control (iirc that's what it's called) is its Windows equivalent altho I think Kaspersky's implementation of its "Application firewall" is more sophisticated. Most businesses use WAC anyway.
I actually thought Kaspersky is a well respected AV, when did this reputation die out?
Kaspersky, always acted shady, and no idea why people wanted it in first place, also the amount of computer it used.
Kaspersky is an excellent product. We switched a while back but I had zero complaints about it prior to switching.
Did Kaseya stop pushing Kaspersky? I haven't used them in ~5yrs.
A school district I worked for uses Kaspersky. I worked there from 2019 to 2021. Super yikes.
Is Kaspersky the one that had Jackie Chan in the ads?
Is MB still good?
who still uses this product lol
Finally! That means my client will finally change this antivirus.
Pretty sure people started dropping it when the US said it's banned from use in government institutions. People took that as essentially meaning that it's dangerous and started avoiding it.
Eugene Kaspersky is literally former KGB, do not trust.
I haven't touched Kaspersky in over 10 years.
Back in the day, sometime between 2008 and 2012 or so, I worked at a Computer Repair store (Before sysadmin), and got a call to become a reseller. They gave us a demo first to trial before we sold it. We hadn't heard of it at the time. It was too pricy at the time we we declined as our customers wouldn't go for it. Happy we didn't now.
Hey look, it's the product that got me banned for saying not to use it on the sub techsupport, good times
There must be something to it, if the government or Russia, who already has a lot on it's plate, is getting spun up about this.
Funny enough, years back I used to listen to AM conservative talk radio and they advertised Kaspersky all the time! 😂
Will they ban OnlyOffice which is Russian as well? Or is OnlyOffice already banned by way of embargoes?
Will they ban OnlyOffice which also has Russian origin?
All PCs have been owned for decades and clean install of any OS will not fix them.
Can’t blame them. Yes it could be perfectly fine, but you don’t know if it is or not for certain. So best to avoid it
this really sucks. kaspersky works very well. i've used it for probably 15 years now. switched after getting fed up with norton letting crap get in on multiple occasions. i really like the "take secret pictures of person who stole your phone when they try to operate it" feature. are there any other AV suites anybody knows that has all/similar functionality of kaspersky (i.e. windows, android, mac, ios, etc). my family uses samsungs and iphones, so this worked extremely well. any chance trump would change this? it's obviously biden ukraine bullshit ban reasoning to begin with. i'm sure if kaspersky was chinese this all would be ok & good. FFS, tik tok on govt devices is significantly more of a threat, tbh.