September 1, 2015

A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company’s eponymous chief executive — Eugene Kaspersky — who called the story “complete BS” and noted that his firm was a victim of such activity.  But according to interviews with the CEO of Dr.Web — Kaspersky’s main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms.

quarantineThe Reuters piece cited anonymous, former Kaspersky employees who said the company assigned staff to reverse-engineer competitors’ virus detection software to figure out how to fool those products into flagging good files as malicious. Such errors, known in the industry as “false positives,” can be quite costly, disruptive and embarrassing for antivirus vendors and their customers.

Reuters cited an experiment that Kaspersky first publicized in 2010, in which a German computer magazine created ten harmless files and told antivirus scanning service Virustotal.com that Kaspersky detected them as malicious (Virustotal aggregates data on suspicious files and shares them with security companies). The story said the campaign targeted antivirus products sold or given away by AVG, Avast and Microsoft.

“Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010,” wrote Reuters’ Joe Menn. “When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.”

Eugene Kaspersky posted a lengthy denial of the story on his personal blog, calling the story a “conflation of a number of facts with a generous amount of pure fiction.”  But according to Dr.Web CEO Boris Sharov, Kaspersky was not alone in probing which antivirus firms were merely aping the technology of competitors instead of developing their own.

Dr. Web CEO Boris Sharov.

Dr.Web CEO Boris Sharov.

In an interview with KrebsOnSecurity, Sharov said Dr.Web conducted similar analyses and reached similar conclusions, although he said the company never mislabeled samples submitted to testing labs.

“We did the same kind of thing,” Sharov said. “We went to the [antivirus] testing laboratories and said, ‘We are sending you clean files, but a little bit modified. Could you please check what your system says about that?'”

Sharov said the testing lab came back very quickly with an answer: Seven antivirus products detected the clean files as malicious.

“At this point, we were very confused, because our explanation was very clear: ‘We are sending you clean files. A little bit modified, but clean, harmless files,'” Sharov recalled of an experiment the company said it conducted over three years ago. “We then observed the evolution of these two files, and a week later, half of the antivirus products were flagging them as bad. But we never flagged these ourselves as bad.”

Sharov said the experiments by both Dr.Web and Kaspersky — although conducted differently and independently — were attempts to expose the reality that many antivirus products are simply following the leaders.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” Sharov said. “It’s unacceptable.”

According to Sharov, a good antivirus product actually consists of two products: One that is sold to customers in a box and/or or online, and the second component that customers will never see — the back-end internal infrastructure of people, machines and databases that are constantly scanning incoming suspicious files and testing the overall product for quality assurance. Such systems, he said, include exhaustive “clean file” tests, which scan incoming samples to make sure they are not simply known, good files. Programs that have never been seen before are nearly always given more scrutiny, but they also are a frequent source of false positives.

“We have sometimes false positives because we are unable to gather all the clean files in the world,” Sharov said. “We know that we can get some part of them, but pretty sure we never get 100 percent. Anyway, this second part of the [antivirus product] should be much more powerful, to make sure what you release to public is not harmful or dangerous.”

Sharov said some antivirus firms (he declined to name which) have traditionally not invested in all of this technology and manpower, but have nevertheless gained top market share.

“For me it’s not clear that [Kaspersky Lab] would have deliberately attacked other antivirus firm, because you can’t attack a company in this way if they don’t have the infrastructure behind it,” Sharov said.

“If you carry out your own analysis of each file you will never be fooled like this,” Sharov said of the testing Dr.Web and Kaspersky conducted. “Some products prefer just to look at what others are doing, and they are quite successful in the market, much more successful than we are. We are not mad about it, but when you think how much harm could bring to customers, it’s quite bad really.

Sharov said he questions the timing of the anonymous sources who contributed to the Reuters report, which comes amid increasingly rocky relations between the United States and Russia. Indeed, Reuters reported today the United States is now considering economic sanctions against both Russian and Chinese individuals for cyber attacks against U.S. commercial targets.

Missing from the Reuters piece that started this hubub is the back story to what Dr.Web and Kaspersky both say was the impetus for their experiments: A long-running debate in the antivirus industry over the accuracy, methodology and real-world relevance of staged antivirus comparison tests run by third-party firms like AV-Test.org and Av-Comparatives.org.

Such tests often show many products block 99 percent of all known threats, but critics of this kind of testing say it doesn’t measure real-world attacks, and in any case doesn’t reflect the reality that far too much malware is getting through antivirus defenses these days. For an example of this controversy, check out my piece from 2010, Anti-Virus Is a Poor Substitute for Common Sense.

How does all this affect the end user? My takeaway from that 2010 story hasn’t changed one bit: If you’re depending on an anti-virus product to save you from an ill-advised decision — such as opening an attachment in an e-mail you weren’t expecting, installing random video players from third-party sites, or downloading executable files from peer-to-peer file sharing networks — you’re playing a dangerous game of Russian Roulette with your computer.

Antivirus remains a useful — if somewhat antiquated and ineffective — approach to security.  Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication. So, take a few minutes to browse Krebs’s 3 Rules for Online Safety, and my Tools for a Safer PC primer.

Further reading:

Antivirus is Dead: Long Live Antivirus!

Exclusive: Russia’s Kaspersky Threatened to ‘Rub Out’ Rival, Email Shows


41 thoughts on “Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals

  1. NotMe

    “United States is now considering economic sanctions against both Russian and Chinese individuals for cyber attacks against U.S. commercial targets.”

    Wow, just days after the news of new REGIN modules mapped by symantec with the main target being russia.

    We sure waste a lot of time on attribution while we simply keep doing the same dirty work as the other guys.

    1. 0x

      Perhaps I’m not as up to date as you are – but what US government body attacked foreign companies with the goal of helping US based companies?

      1. Don't be Ridiculous

        Just because most people and businesses don’t get ‘help’ doesn’t mean those at the top don’t. That’s what a Military-Industrial Complex is all about. There IS no trickle down. The real difference is in structure — just as in most countries where ‘bribery’ is mocked, the ‘little man’ often has more opportunities to bribe than in the West, so, too, does the little man have little opportunity to gain. The information stays with the people who have the most money to begin with. Politics and the war/’defense’ industry are intimately intertwined. There’s a reason there’s a revolving door there that never stops.

        Best not to think about such things too much, though — but probably not a terrible thing to not forget about it either.

      2. Don't be Ridiculous

        It’s not really all about the money. The money’s there, too, of course, and it’s definitely increased by people with knowledge and money to benefit from it — the real difference is in how the information is used. Some cultures merely want to make money and keep up commercially (which is arguably also a crime, I’m not debating that); others use it for influence and the larger game of commerce. There’s always far more games going on than you see — or could even imagine. Some people just see everybody as playing the same game, when they’re not.

      3. Kevin

        NSA supposedly targeted Brazil’s Petrobras oil/energy company for economic manipulation. This was to help US energy companies.

  2. kurt wismer

    “But according to interviews with the CEO of Dr.Web — Kaspersky’s main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms.”

    because malware intelligence, freely shared by reputable sources with more expert qualifications than anyone else should be considered untrustworthy?

    something doesn’t quite sound right about that.

    also, you have profoundly misrepresented the kind of testing performed by (and test results produced by) the likes of AV-Test and AV-Comparatives – even for the time frame in question. have you never heard of retrospective testing? did you not see test results that showed the most products only detected about 40% of previously unknown samples?

    just as AV products have multiple types of technologies, AV testing labs have had multiple types of tests.

    1. BrianKrebs Post author

      “profoundly misrepresented”? Have, I? There’s a reason one of those links is to a recent (2015) test. Here’s a quote:

      “With 17 points apiece, German program Avira Antivirus Pro ($50), and Chinese programs Qihoo 360 Internet Security/Total Security Essentials (free, and available outside China) and Tencent PC Manager (free, for users outside China) also gave a very respectable showing. Qihoo 360 Internet Security protected against 99 percent of real-world malware attacks, while the other two covered the full 100 percent.”

      In any case, this story isn’t about antivirus product testing; I only mention it to provide a historical backdrop.

      1. kurt wismer

        doesn’t providing historical context call for historical data? luckily the AV-Compatatives link provides access to tests from that time frame. the “Heurisitic / Behaviour Tests” in particular contradict the picture you were painting.

        but yes, this isn’t about testing, it’s apparently about the disconnect between providing value to competitors in the form of high quality malware intelligence and then expressing sour grapes about the fact that competitors are deriving value from that malware intelligence.

        it seems to me that somebody doesn’t actually like the culture of collaboration that exists in the anti-virus industry.

    2. Jarrad

      I see the problem here isn’t about collaboration in the AV industry, it’s the lack of independent verification and trust for the consumer.

      It’s all well and good for an AV company to update their definitions based on what other companies are showing as malicious, but the point Kaspersky and Dr.Web are trying to make is that without first verifying through their own testing, no AV company should just blindly follow the lead of others.

      False positives will happen, they don’t argue that. What they are arguing is why they can submit intentional false positives and in a very short timeframe later, other vendors are pouncing on those files as malicious. Surely there should have been some due diligence on the part of the vendors to ensure such files are indeed malicious before flagging them?

      Back to the trust of the consumer part, I would feel not just annoyed, but also frustrated that my vendor was just following the lead instead of doing their own verification. The last thing I want is my corporate network frazzled because of a rogue AV definition (and our network has so many pieces of random legitimate software its not funny) that my vendor didn’t confirm was malicious themselves.

      In the end, it comes down to everyone working together, not just waiting for someone else to do the work and reap the monetary profits (which I can see they have sour grapes about and thats understandable). If the industry was going to be collaborative like you suggest, each company would be doing their own independent testing to confirm with their own experts, because in security everyone should be considered untrustworthy until you can verify their findings yourself (or they release a proof of concept, one way or the other.)

      1. kurt wismer

        “Surely there should have been some due diligence on the part of the vendors to ensure such files are indeed malicious before flagging them?”

        for files from just about any other source, there absolutely should be, but files that your trusted colleagues at a rival company have already classified as malicious? really?

        sure, mistakes happen, and those mistakes spread through the industry when competitors don’t double-check each others’ findings, but of all the potential malware streams a vendor deals with, ones from other vendors are the least likely to have garbage in them.

        “In the end, it comes down to everyone working together, not just waiting for someone else to do the work and reap the monetary profits (which I can see they have sour grapes about and thats understandable).”

        no, it seems what you actually want is everyone working independently, not together. if everyone were working together then there would naturally be a division of labour (we’ll classify this sample, you classify that sample) not a duplication of labour.

        “If the industry was going to be collaborative like you suggest, each company would be doing their own independent testing to confirm with their own experts, because in security everyone should be considered untrustworthy until you can verify their findings yourself (or they release a proof of concept, one way or the other.)”

        collaboration without trust? it’s exceptionally difficult to make that work. that being said, the industry-wide attacks have forced their hands with regards to trusting each others’ classifications.

      2. Robert

        I’ll have to agree with Kurt: “…if everyone were working together then there would naturally be a division of labour (we’ll classify this sample, you classify that sample) not a duplication of labour…”

        With over 100,000 (I’ve seen 200k numbers) of unique samples every day, there is just no way any one company is going to be able to analyze them all. AI will only get you so far, especially since the criminals are using real people to defeat your AI. The money just isn’t there, especially with many companies offering free versions of their software. You can’t just raise prices, or customers will jump to your competitors.

        So the AV companies have a choice: (1) accept the results of other company’s research and concentrate on the samples that are truly new to everyone, or (2) allow [more] malware to get through to their customers (free and paid) because they didn’t have the resources (including time) to analyze the samples they got.

        I vote for (1).

        Now if the company isn’t doing any work to analyze samples and is entirely relying on others to do the work, then they deserve to go out of business.

    3. MJ

      Well, its been over 10 years for AV-Test/AV-Comparatives, and Ill say it loudly and without any reservations, both “so-called” testing firms are extremely flawed in every aspect of thier testing, simply because they dont employ the entire capacity of any one solution being tested, too lazy and starved for attention, not one has the time or man power to perform these test, fully, using all resources available from the AVSecuritySuite being tested.

      Dont be a stickler about names here but Ive limited contacts at Qihoo and Tencent, cant say I know many actual facts about either and refuse to repeat unfounded rumors, as I wouldnt want anyone doing that to the AV company I work for. I do have extensive experience with Avira,Avast,BitDefender,Dr.Web,Eset,Kaspersky and several others, as a collector of malware from 2001-2007, emphasis always on sharing knowledge with samples, I found this to be the “Norm” for the industry by 2005 and could see this problem arising, even back then and this argument has been going on since 2006-2007. 2008 being the first year I ever saw a researcher buy a current “Wild List” So much for trust among colleagues!!

      There was always plenty of friction among researchers, as some US and RUs just dont get along and will always refuse to work together, its not just the AV industry where this exist, thats the world we live in. I came to respect both Dr.Web and Kaspersky for standing tall and firm in a constant barrage of accusations, soon after befriending many of the researchers from both and others from the RU with no association to the industry at all, I still believe these early days of the industry are where this BS started at and appears it never ended. E. Kaspersky has been under fire from all over for as long as I can recall, I knew who Eugene the Russian AV guy was before I knew what Kaspersky was, go figure.

      Praise these testing firms if you must but remember this one thing about each of them, they are owned by humans, operated by humans and all test are designed by humans and performed by humans, inheritly flawed and suspect as every human is by design.

      Lucky enough, I dont trust any humans, dont much care for most humans and never, ever believe a human fully.

      Proving these test are flawed and inaccurate at best is the easy part, convincing those who sign the checks is an entirely different animal!

  3. Z00kz

    I predict that sometime approaching the year 2024 Anno Domini Brian Krebs might have a lightbulb moment and realise that probably every AV (‘real’ or ‘fake’, from every nation) generates false positives. The AV industry’s got a rather interesting history. I’m not sure I can give a flying figlet about false positives. I suspect they’re more about testing for competitive sneakiness than about bringing in bucks — sort of like how databases get seeded by any respectable DBA to know if their db got stolen and is being used by mailers.

    I’d rather you discussed who this harms than (a) point convenient fingers at convenient times (yeah, we get you’re a Patriot, but why are you using your pulpit trying to exacerbate political nonsense? You’re a blogger, not a fearmonger, aren’t you?) You’ve always been very quick to point the finger, but only when it fits the definition you want to exist of your ‘villain’.

    To be clear that doesn’t mean I think you should go around butting your nose in national security matters in any country, either (especially not with your standard of evidence). Clearly you’re being used. Convenient timing given the recent announcement of a desire to instantiate sanctions (which I predicted when they said, back on April 1st, that…. THEY WERE GOING TO WANT TO INSTANTIATE SANCTIONS on people who they dub ‘hackers’ — regardless of who or what they work or stand for… unless it’s one of their own.

    If you want to be responsible, include some context, otherwise why not just go around calling Kaspersky a big ol furry Siberian walrus and, I dunno, shoot guns off at bottles of Stoli.

    It was VERY important to point out that that AV firm was Russian, though, wasn’t it?

    Signed,
    A NON-Russian in the AV industry.

    1. Soy Tenley

      Brian is a journalist, you obviously are not.
      And he does discuss who this harms, yet you seem to not have noticed.

      Everything you wrote is to discredit Brian, and this isn’t the first “how dare you not investigate what I think is important” rant that has appeared in the comments.

      The rest of us who appreciate what Brian is finding wonder if you are in the scam business, or are just a holier-than-thou crank.

      1. Sauce Twelvely

        Calling something a “Russian” anything kind of business as a way to point out it’s different IS THE POINT. Krebs does this ALL of the time. If he wanted to be fair, he’d just call it an AV business, which it is. Why not just call it a Commie Security Company next? I don’t see him going around saying “American [insert type of business here]”. It’s discriminatory. And that was the poster’s point. Some of us are sick of xenophobia, even when we’re not the ones being painted as ‘different’ and thus ‘worse’.

        1. BrianKrebs Post author

          It’s interesting that you thought this was somehow a negative piece about Russian antivirus firms. I’m guessing you didn’t read the story, which focused on the companies’ stated motivations for conducting this testing. Whether or not you agree with their motives for doing what they did or were alleged to have done, it sheds light on an area of the security industry not often exposed to scrutiny.

          1. Sauce Twelvel

            I won’t argue with that. My argument is with your (perhaps unintentional) slant, mostly because I’ve been seeing more and more of it in the press lately. And I won’t really put all of that on the press (including you, Brian). I think a lot of people in a lot of places are looking for information in some places more than others because it’s sexier and brings in more money to point fingers at a country’s currently perceived enemy/set of enemies. So I’m probably misplacing SOME of my dissatisfaction on you, but I also have higher expectations of the media than what we’ve been getting lately. I understand that news comes in and I understand the temptation to report on that news, but it also behooves us to remember that none of us (researchers, media, innocent bystanders, random schmucks living in Bofunk) are required not to apply filters and understand that sometimes it’s better to report on the bigger problem without using the lure of the wrapper, even if that’s how it’s presented to us.

            I’m not even talking about attribution. I’m just talking about cultural respect. It’s logical to assume ALL of the AV companies do this because this is an old, old practice (and before, AV companies even created viruses themselves — and I mean AV companies in all regions of the world (well, most likely). In ways, the industry has gotten *better*. American AV looks at Russian AV (see: Snowden). Russian AV looks at American AV). The fact that each of them are doing this not the real story. Maybe I don’t really think it’s a story at all? I’m not sure. It’s just getting hard to see through all the FUD (again, I’m not blaming that on you, although your last AM story had me a bit befuddled).

            I’d prefer to see a study where ALL of the AV firms were surveyed, and to me it appears that only some are (and given the political climate, it’s not difficult to see why, but that doesn’t mean we shouldn’t be aware of the ‘whys’, too). And I’m not judging the AV companies for doing what they’re doing (or indeed the countries who often sponsor studies on how to break other countries’ AV systems). It’s an arms race that used to be a scene. I don’t think that’s going to change. At this point I’m not sure it can, or should. I have no idea how it can be dialed back, and I honestly don’t believe it can be. This is just a bigger part of that puzzle. Every last company competes against other companies. That’s kind of what capitalism is. It’s just tiring to watch sometimes. Sorry if I offended.

      2. Sauce Twelvely

        And this is hardly the first time Krebs has had sycophantic fans chime in and cheer him on and believe he is without fault. I get it. Some of his stuff is good. And he does report on some things well. But his prejudices in HOW he covers certain subjects repeatedly make him look like a lackey (even if it’s not ‘by contract’ or ‘at request’). And I get it. We all have prejudices. But considering what’s going on right now (hypocrisy abounds!) pointing out what Kaspersky or Dr Web is doing while not talking about what the US does is, indeed, ONE-SIDED. And that is the point, and that is why it’s xenophobic.

        1. MJ

          Pretty Simple if you ask me, dont like, dont agree, he banged your sister or mom, whatever it is, so you dont much care for the Brian Krebs guy or his work?

          WTF are you doing here? All I see is your bashing his name and disrespecting his work, which seems like the only reasons you are here.

          Lordy!…GoGetLaid or whatever it is that you do!!

          1. Sauce Twelvely

            See what I mean? Journalism isn’t about ONE SIDE. It’s about the truth.

            FFS. Like I’ve posted anywhere else or disparaged him at all.

  4. CooloutAC

    I’m like one of those old guys i use to argue with as a kid. That use to tell me virus scans are useless as long as I didn’t click on crazy links and i would argue that they were crazy and naive. Now I feel the way they did, and probably more rightly so nowadays.

    These a/v companies can’t keep up with literally millions of viruses made every month that don’t stay in the wild long and are designed to evade them. I ‘ve always suspected they probably create more viruses then they find lmao. I still remember about the personal antivirus scam that I was getting calls from people in florida about years ago. They can’t scan the bios or hardware firmwares or gpu memory, and all these security “suites” do is hog resources and thrash your hdd.

    For my internet security suite i just use MSE and windows firewall, along with free version of windows 10 firewall control from sphinx software (works on w7 too), and blacklists from iblocklist.com with peerblock. They are all based on WFP so all layer and work and log together and are super lightweight and I leave it at that. (also emet since recommended by BK)

    On linux I have rkhuner and clamav (and grsec,apparmor, ufw,pgl,psad,tripwire) and I will still probably never detect anything in my lifetime lol.

  5. Gerry

    All the more reason to supplement traditional AV detection dependent on continuously scanning for the “known bad” file hashes with ATD or Threat Intelligence. This is a next gen approach to analyzing malware by running analysis on unseen files in a sandboxed environment.

    The alternative is to identify the known good in your environment and blacklist everything else from executing. McAfee/ Intel Security leads the pack for those seeking an easily implementable defense-in-depth security approach with a product suite for every layer of the security “onion” Brian is referring to.

    1. CooloutAC

      oh speaking of sandboxing, a program called sandboxie is a must on windows especially for the browser but you can also easily sandbox any program. Its very user friendly.

      One thing you can do to stop programs from running is use the built in windows group policy. If on a window home system which doesn’t come with group policy, you can use a program called simple software restriction to stop any programs from running unless in the programs folder. Good for stopping malware.

      Here is a good website with windows hardening suggestions that covers both of these programs. http://hardenwindows7forsecurity.com

      I can’t see wasting money on any of these a/v companies or security suites.

  6. Gromit45

    Obviously if you want a lot of comments for any post the subject line should be something like: “Ashley Madison Denies Knowledge That Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals”

  7. Alessop

    Hi Brian,

    going OT but recently we used Dr. Web to decrypt cryptolocker files.

    From our knowledge Dr. Web is the only antivirus company that allows to decrypt cryptolocker files with a 35$ software.

    1. CooloutAC

      Hmm how long ago was this? I thought the keys were made available on the net by FireEye and FoxIT for free? I hope you didn’t pay them money just for that…

      Unless Dr. Web is actually decrypting some recent variants.

      1. Alessop

        We tried to decrypt the encrypted files using FireEye site but didn’t work out.

        No idea on how Dr. Web managed to let this work but with their tool all files where decrypted without paying 300 euro!

  8. Lol

    Looks like Dr. Web and Kaspersky are a little upset about your article.

  9. Mike

    A conflation of facts would be to suggest that anti-virus software is actually worth paying money for. It’s like paying money for online porn. It’s pointless (if not dangerous). AV software is reaching that point of complete irrelevance anyway. It isn’t just about false positives. There are too many things these programs miss. As if slowing down the computer to a crawl wasn’t bad enough. That’s not even to mention that as more people continue to rely on Apple and their iphone/ipad setup via cloud support, there isn’t much of a point anyway. Ya know, I’ve never seen AV software on a smart phone. Is there a phone maker out there that allows it?

      1. New root

        Nice job of bots. Nice exaple, like scammers trying to destroy the Russian company.

  10. jim

    As very interesting report. But, many critiques of the messenger are grounding the story in baffled bs. The story itself, is, very helpful to the small businesses, and mom and pops, thru its references to free and low cost, and low footprint av software. Which the small mom and pops can use, and desperately need. And the repair routes for the process of recovery, if needed. And this being the time of the year, where the new colleges are introducing students to their networks. The same with the all the local systems, being introduced to the junior highs and high schools, who unfortunately are basically just opening the boxes for their first look.
    My only critique, is somehow, to get Krebs into the local papers, so this type of information would be more widespread.

  11. Nobby

    AFAIK, Brian Krebs taught himself Russian specifically for tech reporting, is it no wonder he tends to focus on things that might not get as much coverage from the English-speaking security bloggers?

    And this piece, by offering insights into their behavior is in effect DEFENDING these companies from the shallow reporting that has simply vilified them elsewhere.

    Do more than just scan for keywords and post knee-jerk rants, please.

    1. Um No

      Brian Krebs didn’t teach himself Russian for tech reporting. Brian Krebs taught himself Russian so he could lie to people and pretend he was Russian and infiltrate their communities — in effect, he wanted to spy and deceive people. Whether that’s a good thing or a bad thing isn’t something I personally feel like going around judging (and I’m sure most readers would call it ‘good’), but it’s the reason, and that’s the word for it: spying, a/k/a infiltration. Call it what it is.

      He didn’t pick up the Pimsleur-et-al so he could get an education in Russian culture, history, or technology, and I’d be very surprised if he read much Russian news in the original language (and by that I mean technology news, not just international news).

  12. George Appiah

    This is a similar trick map makers way back then used to catch competitors who were stealing their maps: you plant a fake street somewhere in your map. When you see a competitor’s map with your fake street, you know you’ve caught a thief.

    1. C. Clay

      Exactly. I have a friend who works at one of the major mailing list companies (the legit kind, not spam — promotions and the like) and he pretty much confirmed what I always knew — pretty much every single one of them with a clue seeds their data so they can know if it’s been filched (and if they’re lucky, by whom, and how often). I really don’t see this as unethical at all. It’s a logical, common business practice. I consider it anti-plagiarism measures, nothing nefarious.

  13. Hollywood Bob

    Bryan,
    I hadn’t heard of Dr. Web and the Chinese anti-virus programs before. I wonder if the Chinese and Russians might even be better than the US programmers at catching (their own country’s) viruses.

    So I’m confused. Please write an article with recommendations of who we can trust to protect our computers.

Comments are closed.