Company:Kaspersky Lab

From HandWiki
Kaspersky Lab
Native name
Лаборатория Касперского
Laboratoriya Kasperskogo
TypePrivate
IndustryComputer software[1]
FoundedMoscow, Russia
(1997; 29 years ago (1997))
Founders
  • Eugene Kaspersky
  • Natalya Kaspersky
  • Alexey De-Monderik
  • Vadim Bogdanov
HeadquartersMoscow, Russia

Regional units: Dubai, UAE; Istanbul, Turkey; Mexico City, Mexico; Midrand, South Africa; São Paulo, Brazil; Singapore

Area served
Worldwide
Key people
Eugene Kaspersky (CEO)
ProductsCybersecurity software
ServicesComputer security
RevenueIncreaseUS$822 million (2024)[2]
Number of employees
4,000+ (2020)[3]
Websitewww.kaspersky.com

Kaspersky Lab (/kæˈspɜːrski/; Russian: Лаборатория Касперского, romanized: Laboratoriya Kasperskogo) is a Russian multinational cybersecurity and anti-virus provider company, which is headquartered in Moscow, Russia,[1] and operated by a holding company in the United Kingdom until it closed in 2024.[4] It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, endpoint security, SIEM, XDR, and other cybersecurity products and services.[5][6] The Kaspersky Global Research and Analysis Team (GReAT) has led the discovery of sophisticated espionage platforms conducted by nations, such as Equation Group and the Stuxnet worm.[7] Their research has uncovered large-scale and highly technical cyber espionage attempts. Kaspersky also publishes the annual Global IT Security Risks Survey.[8]

Kaspersky expanded abroad from 2005 to 2010 and grew to $822 million in annual revenues by 2024.[9][2] In 2010, Kaspersky Lab ranked fourth in the global ranking of antivirus vendors by revenue.[10] It was the first Russian company to be included into the rating of the world's leading software companies, called the Software Top 100 (79th on the list, as of June 29, 2012).[11] In 2016, Kaspersky's research hubs analyzed more than 350,000 malware samples per day.[12] In 2016, the software had about 400 million users and was one the largest market-share of cybersecurity software vendors in Europe.

The US government has alleged that Kaspersky has engaged with the Russian Federal Security Service (FSB)—ties which the company has actively denied.[13][14][15] In 2017, the Trump administration issued a ban of Kaspersky software on federal civilian and military computers. In response to these and other allegations, Kaspersky began to solicit independent reviews and verification of its source code, and relocated core infrastructure and customer data from Russia to Switzerland. Multiple countries have banned or restricted their government agencies from using Kaspersky products, including Lithuania,[16] the Netherlands,[17] and the United States.[18]

As of 2025, Kaspersky has over 30 offices in Europe, Middle East, Africa, Asia, and Latin America, and customers in over 200 countries.[19][20]

History

The first version of Kaspersky Lab's antivirus software was developed by Eugene Kaspersky in 1989 in response to the Cascade Virus.[21][22] Early versions had just 40 virus definitions and were mostly distributed to friends and family members.[23] Kaspersky continued developing the software at KAMI,[23][24] resulting in the AntiViral Toolkit Pro (AVP) product released in 1992.[24][25][26] It was popularized in 1994 after a competitive analysis by Hamburg University gave his software first place.[24][25][26][27]

In 1997, Eugene Kaspersky, his wife Natalya Kaspersky, and Alexey De-Monderik left KAMI to form Kaspersky Lab,[28][lower-alpha 1] and to continue developing the antivirus product, then called AVP.[31][32] The product was renamed Kaspersky Anti-Virus after an American company registered the AVP trademark in the US.[31]

In 1998, a Taiwanese student released a virus called CIH. During the first three weeks of the outbreak, Kaspersky Lab's AVP was the only software at the time able to remove it. This increased demand and led to deals with antivirus companies in Japan, Finland and Germany to integrate AVP into their software.[23][31][33]

According to WIRED, Kaspersky's software was "advanced for the time". For example, it was the first software to monitor viruses in an isolated quarantine.[34] The company's revenue grew 280 percent from 1998 to 2000, with about 60 percent of its revenue coming from foreign sales.[31] Natalya worked to broker deals abroad and localize the software. It opened offices in the UK, Poland, Holland and China. It later expanded to Germany, France, the US and Japan.[33] By 2000, the company had 65 employees and sales in more than 40 countries.[31] Kaspersky opened new offices in South East Asia and the Middle East in 2008[24] and in South Africa in 2009.[35] It also expanded in India, the Middle East and Africa in 2010.[24][36] In 2009, retail sales of Kaspersky Lab's antivirus products reached almost 4.5 million copies per year.[28]

In 2011, General Atlantic bought a 20 percent share of Kaspersky Lab for $200 million, with the expectation of helping the company go public. A few months later, the decision was made to keep the firm private and Kaspersky re-purchased the shares from General Atlantic.[37][38][39] This was followed by numerous executive departures in 2011 and 2014 regarding disputes over going public and over Eugene Kaspersky's management style.[40]

On January 1, 2012, Kaspersky Lab officially left the Business Software Alliance (BSA) over SOPA. The BSA had supported the controversial anti-piracy bill, but Kaspersky Lab did not support it stating, "we believe that such measures will be used contrary to the modern advances in technology and the needs of consumers," and to show their disapproval, announced their intent to leave on December 5, 2011.[41][42]

By 2013, the company had an unaudited $667 million in annual revenues.[40] In 2014, Kaspersky Lab signed a distribution deal with Ingram Micro, which significantly expanded its reseller program.[43]

In August 2015, two former Kaspersky employees alleged that the company introduced modified files into the VirusTotal antivirus database to trick software from Kaspersky competitors into triggering false positives in virus and malware scans. A possible motive is that Eugene Kaspersky allegedly was furious at competitors perceived to be "unfairly" free-riding on Kaspersky's malware discoveries via the open-source VirusTotal database. The company denied the allegations.[44][45][46] On his personal blog, Eugene Kaspersky compared the accusations to unsubstantiated conspiracy theories.[47] Reuters followed up by publishing leaked emails allegedly from Kaspersky alluding to "falsies" and "rubbing out" foreign competitors; Kaspersky Lab stated the emails "may not be legitimate and were obtained from anonymous sources that have a hidden agenda".[48]

In 2016, Kaspersky executive Ruslan Stoyanov was arrested by Russian authorities on charges predating his work at Kaspersky.[49] In 2019, he was convicted of treason.[50][51]

In June 2023, Kaspersky Lab said many of its senior staff and managers were hit by an ongoing attack that it first suspected in early 2023 and has compromised thousands of iPhones. The oldest traces of infection date back to 2019.[52] The Russian Federal Security Service (FSB) separately accused the US National Security Agency and company Apple of being behind the attack and infiltrating the phones of diplomats from China, Israel, NATO members, and Syria. Kaspersky Lab said it does not believe itself to be the main target and that it had not shared its own findings about the attack with Russian authorities until the FSB announcement.[53]

On 20 June 2024, after the US announced that it would prohibit Kaspersky from selling or distributing updates to its software to US customers and sanctioned 12 of its senior leaders, the company announced it would leave the US market.[19][54][55] On September 25, the company abruptly replaced its software on US users' computers with UltraAV software developed by US cybersecurity firm Pango, angering some users.[56][57]

Products and services

See also: Software:Kaspersky Anti-Virus and Kaspersky Internet Security
Home screen of Kaspersky Internet Security

Kaspersky Lab develops and markets antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.[5] It is the fourth or fifth largest endpoint security vendor[24][58] and the third largest consumer IT security software company.[24] It is the sixth largest overall IT security company.[59] Its revenues are about 15 percent from Russian companies domestically, one-third from European organizations and one-fourth from US organizations.[60] The software has about 400 million users in all.[61]

Kaspersky's consumer software include the Antivirus, Internet Security and Total Security products.[62] The Antivirus software includes malware protection, monitors the PC for suspicious program behavior, and warns users about potentially dangerous websites. The Internet Security software adds privacy features, parental controls, anti-phishing tools.[63][64] Total Security adds parental controls, adult website filters, diagnostic tools, a Password Manager application, and other features.[62][65] Since 2023, the new lineup was introduced, with Kaspersky Basic, Plus and Premium replacing Antivirus, Internet Security and Total Security.[66] Kaspersky's software is available for Macs, PCs, Android, iOS, Windows Mobile, BlackBerry and Symbian.[67][68]

For businesses, the company has developed Kaspersky Industrial CyberSecurity for OT environments, and Kaspersky Hybrid Cloud Security for container infrastructures. Detection and response solutions include Kaspersky Next XDR Expert, Kaspersky Next EDR Optimum, and Kaspersky SIEM for centralized security monitoring. The company markets the Kaspersky Endpoint Security for Business suite. It includes a centralized user interface and management application called the Kaspersky Security Center. The cybersecurity software itself is called the Kaspersky Security Network. The Kaspersky Administration KitSecurity Center manages configuration, installation and remote use. The business suite also has quarantine, reporting, and other features.[69] Its software product for businesses with 25 staff or less is called Kaspersky Small Office Security (KSOS).[70] Within the suite are products specifically for virtualization security,[71] mobile security,[72] and fraud protection[73] among others. Kaspersky also develops a free tool that helps businesses gain access to Windows devices that are infected by ransomware.[74] In 2017, KasperskyOS, a secure operating system, was released,[75] and in 2021, Kaspersky IoT Secure Gateway 100 for IoT was introduced based on it.[76] Among cloud solutions, Kaspersky Hybrid Cloud Security protects cloud infrastructures, and Kaspersky SD-WAN ensures secure corporate networks.

KasperskyOS

KasperskyOS is a proprietary microkernel operating system built from scratch using secure-by-design principles. It's developed by Kaspersky for embedded and industrial devices with heightened cybersecurity demands. It features minimal trusted kernel, strict isolation of components in user space, default-deny policy enforcement and formal, policy-based control via the Kaspersky Security System. The aim is to create “Cyber Immune” systems that keep critical functions operating even if some parts of the system are attacked via unknown vulnerabilities. Key use cases are network equipment, industrial control/IoT gateways, smart cars, smart city and transport infrastructure, and other critical-infrastructure uses.[77]

KasperskyOS is distributed both as a platform and inside finished appliances such as the Kaspersky IoT Secure Gateway (KISG 100/1000), while early deployments also appeared in Kraftway routing/switching gear.

There is a community edition for prototyping and development.[78]

Threatpost

Threatpost is a discontinued[79] computer security blog which was funded by Kaspersky Lab. According to Eugene Kaspersky, it was independent of Kaspersky.[80] It was launched in 2009.[81][82] After August 2022, no new articles have been published on the site.[83]

Partnerships

The Kaspersky Anti-Virus engine also powers products or solutions by other security vendors, such as Check Point, Bluecoat, Juniper Networks, Microsoft Forefront,[84] Netintelligence, Clearswift, FrontBridge, Netasq, Wedge Networks, and others. Altogether, more than 120 companies are licensing technology from Kaspersky Lab. Kaspersky Lab also has a number of partnerships with various technology companies.

The International Multilateral Partnership Against Cyber Threats in which Datuk Mohd Noor Amin acts as the chairman, announced the appointment of Harry Cheung – Managing Director of Kaspersky Lab, APAC – as the Goodwill Ambassador for Greater China.[85]

Kaspersky Lab was a long-term partner of Scuderia Ferrari and in December 2021, announced a partnership extension with the Formula One team, and also became the team's esports partner.[86] However, in March 2022 the deal was paused as a joint decision taken by the two companies due to the 2022 Russian invasion of Ukraine.[87]

In 2024, Kaspersky and the African Union’s law enforcement agency, AFRIPOL, signed a five-year cooperation agreement to prevent and combat cybercrime.[88]

Interpol

INTERPOL and Kaspersky have maintained a long-standing partnership aimed at preventing and combating cybercrime worldwide. In 2013, Kaspersky supported INTERPOL’s Global Complex for Innovation in Singapore by providing advanced digital forensics tools and expertise to aid international investigations.[89]

In 2016, the two organizations signed a cyber threat intelligence exchange agreement to enhance real-time data sharing on emerging threats.[90] This cooperation was renewed and expanded in 2019, enabling joint operations targeting major malware campaigns and organized cybercrime groups.[91]

During the 2024 Summer Olympics in Paris, Kaspersky supported INTERPOL in countering cyberattacks aimed at the Games’ infrastructure and participants.[92] In 2025, their joint efforts helped dismantle over 20,000 malicious IP addresses and domains linked to information-stealing malware, as part of a global crackdown involving law enforcement from more than 50 countries.[93]

The partnership focuses on sharing threat intelligence and strengthening global cybersecurity resilience.[94]

Market assessments and reception

According to 2016 reviews in PC Magazine, Kaspersky AntiVirus and competitor Bitdefender were both consistently ranked at the top in independent competitive tests.[95][96] PC Magazine's own malware and phishing tests showed similar results. Noted pros — “bonus security tools” and a large number of Kaspersky Total Security features, including password management, encryption and parental control software. Minuses — scanning took longer than expected.[95] The product received high scores in lab tests for antivirus, antiphishing and other features and “average” scores in tests for antivirus and spam filtering.[97]

Kaspersky's 2013 Endpoint Security for Windows product was the top-ranked enterprise antivirus software in a competitive test by Dennis Technology Labs, followed by Symantec Endpoint Protection.[98] AV-Comparatives awarded Kaspersky "Product of the Year" for 2015, based on the number of high scores it received throughout the year on a wide range of tests.[96][99][100][lower-alpha 2] PC Magazine praised the software's features, but said it lacked policy management and deployment options.[101] Kaspersky's parental control software has been praised by PC Magazine for its “very affordable parental control and monitoring,” software content filtering, child profiles, social media monitoring and other features. Downsides noted: some features only available for iOS or Android.[97]

The anti-virus software testing group AV-Comparatives gave the Windows XP version of Kaspersky AV an "Advanced+" rating (its highest) in both its February 2008 on-demand detection test (with the fourth highest detection rate among 16 products tested).[102] However, in the Retrospective/Proactive Test May 2008, Kaspersky received the "Standard" rating, detecting 21% of new malware with 1-month old signatures and receiving a substantial amount of false positives.[103]

The firewall included in Kaspersky Internet Security 7.0 got a "Very Good" rating in Matousec's Firewall challenge,[104] with a result of 85%. Kaspersky Anti-Virus 7.0 has achieved a 6.5 result out of 8 in the Anti Malware Labs rootkit detection test.[105] It has also achieved a 31 out of 33 detection of polymorphic viruses[106] and a 97% result in the self-protection test.[107] In 2007, Kaspersky Internet Security 7 received an award from the British magazine PC Pro and also won a place in its "A List".[108]

Kaspersky has passed most of the Virus Bulletin comparative tests since August 2003.[109] In 2005, according to PC World magazine, Kaspersky anti-virus software provided the fastest updates for new virus and security threats in the industry.[110]

In PC World magazine's March 2010 comparison of consumer security suites, Kaspersky Internet Security 2010 scored 4.5/5 stars, and was rated second overall.[111] In the December 2011 version of AV-Comparatives' annual reports, Kaspersky Lab's software achieved the highest overall ranking and has earned the AV Comparatives' "Product of the Year" award.[112]

On February 1, 2012, Kaspersky Internet Security earned "AV-TEST Award for Best Repair 2011" award in the field of home user products from AV-TEST Institute.[113] On January 28, 2013, Kaspersky Endpoint Security earned "AV-TEST Award for Best Protection 2012" and "AV-TEST Award for Best Repair 2012" awards in the field of corporate products from AV-TEST Institute.[114]

Later in 2013, Kaspersky earned the product of the year award from AV-Comparatives and the highest score among Enterprise solutions in a Dennis Technology Labs report.[100][115]

Kaspersky has also received certification of its products through the OESIS OK Certification Program, which verifies that the applications are interoperable with third-party technology solutions like NAC and SSL VPN products from Cisco Systems, Juniper Networks, F5 Networks, and others.[116]

Kaspersky products regularly participate in and achieve high results[117][118] in independent tests by AV-Test,[119] AV-Comparatives,[120] and SE Labs.[121] These organizations are members of the Anti-Malware Testing Standards Organization (AMTSO),[122] which Microsoft has adopted as an “industry standard organization” for independent certification purposes.[123]

Finances

Year Revenue in million US$ Growth / Decrease Development rate
2012 628[124] Template:Growth 3 %
2013 667[40] Template:Growth 6 %
2014 711[125] Template:Growth 6,6 %
2015 619[126] Decrease 13 %
2016 644[127] Template:Growth 4 %
2017 698[127] Template:Growth 8 %
2018 726[128] Template:Growth 4 %
2019 685[129] Decrease 6 %
2020 703,9[130] Template:Growth 3 %
2021 752,3[130] Template:Growth 6,8 %
2022 752,5[130] Template:Growth 0,03 %
2023 721[131] Decrease 4,1 %
2024 822[2] Template:Growth 14 %

Malware discovery

Kaspersky Lab's Global Research and Analysis Team (GReAT) was established in 2008.[132] It investigates cybersecurity threats and other work by malware operations.[133] IT security companies are often evaluated by their ability to uncover previously unknown viruses and vulnerabilities.[134] Kaspersky's reputation for investigating cyber-security threats has been influential in gaining sales and prestige.[134][135] Beginning around 2010, Kaspersky exposed a series of government-sponsored cyber-espionage and sabotage efforts. These include Stuxnet, Duqu, Flame, Gauss, Regin and the Equation Group.[133][136] According to Wired, "many of them [were] seemingly launched by the US and its UK and Israeli allies. Kaspersky is especially well-known for its work uncovering Stuxnet, Careto,[137] and Flame."[61]

Stuxnet

Main article: Engineering:Stuxnet

In 2010, Kaspersky Lab worked with Microsoft to counteract the Stuxnet worm, which had infected 14 industrial locations in Iran using four zero-day vulnerabilities in Microsoft Windows.[138] According to IEEE Spectrum, the circumstances "strongly suggest" the worm was developed by the United States and Israel to damage centrifuges in Iran's nuclear-enrichment program. It was the first discovery of a major government-sponsored cyber-attack.[134][139]

Flame

Main article: Flame (malware)

In May 2012, Kaspersky Lab identified the malware Flame, which a researcher described as potentially "the most sophisticated cyber weapon yet unleashed".[140] According to the researchers in Kaspersky Lab, the malware had infected an estimated 1,000 to 5,000 machines worldwide[141][142] when asked by the United Nations International Telecommunication Union to investigate reports of a virus affecting Iranian Oil Ministry computers.[143] As Kaspersky Lab investigated, they discovered an MD5 hash and filename that appeared only on customer machines from Middle Eastern nations. After discovering more pieces, researchers dubbed the program "Flame" after the name of one of its modules.[143]

Flame was an earlier variant of Stuxnet. Kaspersky never verified the source of the software, but it is suspected to have been developed by the National Security Agency (NSA) to transmit keystrokes, Skype calls and other data.[144][145][141] Kaspersky created algorithms to find similar malware and found Gauss that July, which collected and transmitted data from devices infected by bluetooth or USB drives.[134][146]

Red October

Main article: Red October (malware)

In January 2013, Kaspersky discovered the Red October malware, which had been used for widespread cyber-espionage for five years. It targeted political targets like embassies, nuclear sites, mostly in Europe, Switzerland and North America. The malware was likely written by Russian-speaking hackers and the exploits by Chinese hackers.[147][148] That June, Kaspersky discovered NetTraveler, which it said was obtaining data on emerging technology from government targets and oil companies. Kaspersky did not identify who was behind it, but it was similar to other cyber-espionage coming from Beijing, China.[149][150] Later that same year, Kaspersky discovered a hacker group it called Icefog after investigating a cybersecurity attack on a Japanese television company. Kaspersky said the hacker group, possibly from China, was unique in that they targeted specific files they seemed to know about before planting malware to extract them.[151][152]

Mask

In February 2014, Kaspersky identified the malware Mask, which infected 380 organizations in 31 countries. Many organizations that were affected were in Morocco. Some of the files were in Spanish and the group is believed to be a state conducting espionage, but Kaspersky did not speculate on which country may have developed it.[153][154]

Regin

Main article: Regin (malware)

In November 2014, Symantec and Kaspersky authored papers that contained the first disclosure of malicious software named Regin.[155] According to Kaspersky, Regin is similar to QWERTY, a malware program discovered the next year.[156] Regin was used to take remote control of a computer and is believed to have originated from the Five Eyes alliance.[157] That same month Kaspersky reported on the Darkhotel attack, which targeted users of wireless networks at hotels in Asia. It asked users to update their software, and then download malware that gave up their passwords.[158][159][160]

Equation Group

In 2015, Kaspersky identified a highly sophisticated threat actor that it called "The Equation Group". The group incorporated sophisticated spying software into the firmware of hard drives at banks, government agencies, nuclear researchers and military facilities, in countries that are frequent targets of US intelligence efforts.[161] It is suspected to have been developed by the National Security Agency (NSA) and included many unique technical achievements to better avoid detection.[162] That same day, Kaspersky announced the discovery of a hacker group it called Carbanak, which was targeting banks and moving millions of dollars into fake accounts. Carbanak was discovered when one bank asked Kaspersky to investigate suspicious behavior from its ATMs.[163] A similar malware using some of the same techniques as Carbanak was discovered in 2016 and dubbed Carbanak 2.0.[164]

Duqu

Main article: Duqu

In June 2015, Kaspersky reported that its own network had been infiltrated by government-sponsored malware. Evidence suggested the malware was created by the same developers as Duqu and Stuxnet, in order to get intelligence that would help them better avoid detection by Kaspersky in the future. Kaspersky called it Duqu 2.0.[136] The malicious software resided in memory to avoid detection. The hack was believed to have been done by the same group that did Duqu in 2011. It used exploits in Microsoft installer files.[165]

Android cyber-espionage

Main article: Company:Hacking Team

In June 2015, Kaspersky Lab and Citizen Lab both independently discovered software developed by Hacking Team and used by 60 governments around the world to covertly record data from the mobile phones of their citizens. The software gave police enforcement a "menu of features" to access emails, text messages, keystrokes, call history and other data.[166][167][168] Kaspersky also identified 37,000 attacks against banking companies that used modifications of the malware called Asacub and took control of Android devices. Asacub targeted mostly banking customers in the US, Russia and Ukraine using an SMS message that baited users into installing a Trojan.[169]

Silverlight

In 2016, Kaspersky discovered a zero day vulnerability in Microsoft Silverlight.[170][171] Kaspersky identified a string of code often used by exploits created by the suspected author. It then used YARA rules on its network of Kaspersky software users to find that string of code and uncover the rest of the exploit. Afterwards, Microsoft issued a "critical" software patch to protect its software from the vulnerability.[170][171]

Poseidon Group

In 2016, Kaspersky uncovered the Poseidon Group, which would infiltrate corporations with malware using phishing emails, then get hired by the same company as a security firm to correct the problem. Once hired, Poseidon would install additional malware and backdoors.[172] In June 2016 Kaspersky helped uncover a Russian hacking group, leading to 50 arrests.[61]

Titanium

In 2019, Kaspersky uncovered Titanium, a very advanced and insidious backdoor malware APT, developed by PLATINUM, a cybercrime collective. Kaspersky Lab reported the malware on November 8, 2019.[173][174][175][176][177][178]

MATA Toolset Campaign

In 2020, Kaspersky published research on the MATA Toolset Campaign, a sophisticated cyber-espionage framework targeting multiple operating systems, including Windows, macOS, and Linux. The malware, attributed to the Lazarus Group, was used for stealing databases, distributing ransomware, and installing backdoors on infected systems. MATA's capabilities allowed attackers to execute a wide range of malicious activities, including exfiltrating sensitive data from corporate networks and compromising financial systems. The campaign highlighted the increasing cross-platform threat posed by state-sponsored actors. In September 2022 and October 2023, new malware samples linked to the MATA cluster were uncovered.[179][180][181]

PyPI Supply Chain Attack

In 2024, Kaspersky uncovered a year-long supply chain attack targeting the Python Package Index (PyPI), a popular repository for Python developers. Attackers uploaded malicious packages containing JarkaStealer, a malware designed to exfiltrate sensitive information from infected systems. These packages were disguised as legitimate tools and lured victims through social engineering tactics, including AI (OpenAI's ChatGPT) chatbots offering assistance. The campaign demonstrated the vulnerability of open-source ecosystems and emphasized the importance of scrutinizing dependencies in software development.[182][183]

NKAbuse Malware

In 2023, Kaspersky exposed NKAbuse, a sophisticated multiplatform malware written in the Go programming language. This malware leveraged blockchain technology for its peer-to-peer communication infrastructure, making it resilient to takedowns. NKAbuse functioned as a flooder and a backdoor, enabling attackers to launch distributed denial-of-service (DDoS) attacks and gain persistent access to compromised systems. The campaign illustrated the evolving use of blockchain in cybercrime and reinforced the need for enhanced detection methods.[184][185]

Triangulation

Main article: Operation Triangulation

In 2023, Kaspersky uncovered Triangulation, a sophisticated spyware campaign targeting iOS mobile devices. The malware exploited multiple zero-day vulnerabilities to gain full control of targeted devices. Triangulation was primarily distributed through malicious attachments in instant messaging apps. Once installed, it allowed attackers to access encrypted communications, GPS locations, and sensitive data. Kaspersky attributed the campaign to an advanced persistent threat (APT) group but refrained from naming a specific actor, though evidence suggested ties to state-sponsored espionage.[186][187]

CloudSorcerer/EastWind

CloudSorcerer APT and its EastWind campaign were identified by Kaspersky in 2024.The malware leveraged public cloud infrastructure to perform large-scale data exfiltration and surveillance. The attackers used sophisticated phishing campaigns to infiltrate government and private sector organizations, especially targeting research institutions and critical infrastructure. CloudSorcerer employed novel encryption techniques to disguise data flows, complicating detection. Kaspersky linked the malware to a state-affiliated group but did not specify which country was behind the attack.[188][189]

DuneQuixote

In 2024, Kaspersky exposed DuneQuixote, a stealthy malware campaign targeting intellectual property in the technology and energy sectors. The malware used custom-built exploits and employed fileless techniques, operating entirely in memory to evade detection by traditional security tools. DuneQuixote's attack vector included compromised software updates and supply chain vulnerabilities. Kaspersky attributed the operation to a well-funded APT group with global reach, though the precise origin remained unclear. The discovery highlighted the growing complexity of threats targeting high-value intellectual assets.[190]

SparkCat

In February 2025 discovers SparkCat, a first OCR infostealer found in iOS App Store.[191] On iOS and Android, infostealer requests access to users' photo galleries when they attempt to use support chat in an infected app. Once granted permission, the malware uses Google's OCR technology to decipher text in photos and looks for screenshots of passwords or phrases to regain access to cryptocurrency, then sends them to the attacker.[192] By February 10, 2025, Apple and Google had removed about 20 apps from their app stores, but the malware remained available in unofficial stores and websites.[193]

Bans and allegations of Russian government ties

Since 2015, Western media outlets and governments have accused Kaspersky of having close ties to the Russian government. In 2017, allegations emerged that hackers had used Kaspersky software to steal confidential data from the home computer of a contractor for the US National Security Agency (NSA). Kaspersky denied the allegations, reporting that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation.[194]

In September 2017, the US Department of Homeland Security banned federal agencies from using and purchasing Kaspersky software, requiring them to remove it from their systems within 90 days.[18] In December, President Donald Trump signed the National Defense Authorization Act for Fiscal Year 2018, which extended this ban to military computers.[195] In response, the company launched a “Global Transparency Initiative”, moving its infrastructure to process customer data to Switzerland and opening transparency centers in a number of countries to allow customers and regulators to review its source code and data processing practices.[196][197]

In 2022, following Russian invasion of Ukraine, the US warned companies about the risks of using Kaspersky software, and the FCC added it to its list of national security threats.[198] In response, the company said the decision was political and expressed its willingness to cooperate with the authorities to address their concerns.[199] In 2024, leaked emails showed that Kaspersky allegedly helped Russia develop software for spy drones.[200]

In April 2024, it became known that the US Department of Commerce was considering a complete ban on the sale of Kaspersky products.[201] On June 20, Secretary of Commerce Gina Raimondo announced that sales would be banned in the US from July 20 and software updates from September 29, as part of Trump and Biden's executive orders on protecting data from “foreign adversaries.”[202][201] In July, the company announced the closure of its US office and the dismissal of its staff,[203] and on July 17, it offered US customers six months of free updates, warning of limited functionality after September 29.[204]

In February 2025, Australia banned the use of Kaspersky software in government agencies due to national security concerns. The Department of Home Affairs ordered its removal from government devices by April 1, bringing the country into line with other members of the Five Eyes intelligence pact — the US, Canada, and the UK.[205][206]

See also

Notes

  1. Sources conflict and/or are ambiguous as to the exact number of engineers besides Kaspersky and his wife that cofounded the company.[23][29][30]
  2. Bitdefender received the same number of high scores; Kaspersky was chosen arbitrarily between the two as a matter of tie-breaking. The two companies both tend to tie for the top position in competitive tests.[95][96]

References

  1. 1.0 1.1 "Laboratoriya Kasperskogo, AO – Company Overview". D&B Hoovers. http://www.hoovers.com/company-information/cs/company-profile.laboratoriya_kasperskogo_ao.9ef9b249250ca034.html. 
  2. 2.0 2.1 2.2 "Kaspersky reports 2024 financial results with record revenue". ET CISO. indiatimes.com. https://ciso.economictimes.indiatimes.com/news/corporate/kaspersky-reports-2024-financial-results-with-record-revenue/120203701. 
  3. "About Us". Kaspersky Lab. https://www.kaspersky.com/about/company. 
  4. Jennings-Trace, Ellen (2024-10-09). "Kaspersky is closing its UK office". https://www.techradar.com/pro/kaspersky-is-closing-its-uk-office. 
  5. 5.0 5.1 Technologies, Kaspersky Lab. "Kaspersky Personal & Family Security Software". http://usa.kaspersky.com/. 
  6. Knowles, Catherine. "Kaspersky enhances SIEM solution with AI & new features" (in en). https://securitybrief.co.nz/story/kaspersky-enhances-siem-solution-with-ai-new-features. 
  7. "About Management Team". Kaspersky Lab. https://www.kaspersky.com/about/team. 
  8. "10 Stupid Moves That Threaten Your Company's Security". April 6, 2016. http://www.informationweek.com/strategic-cio/10-stupid-moves-that-threaten-your-companys-security/d/d-id/1324035. 
  9. "Kaspersky reports financial results with stable business growth in 2020" (in en). Kaspersky Lab. April 19, 2021. https://www.kaspersky.co.in/about/press-releases/2021_kaspersky-reports-financial-results-with-stable-business-growth-in-2020. 
  10. The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2010. The rating was published in the IDC report Worldwide IT Security Products 2011–2015 Forecast and 2010 Vendor Shares – December 2011. The report ranked software vendors according to earnings from sales of endpoint security solutions in 2010.
  11. Worldwide Endpoint Security Revenue by Vendor, 2010
  12. Ashford, Warwick (April 24, 2016). "Kaspersky Lab advances expansion plans with London research centre". http://www.computerweekly.com/news/4500246191/Kaspersky-Lab-advances-expansion-plans-with-London-research-centre. 
  13. Shaheen, Jeanne (2017-09-04). "The Russian Company That Is a Danger to Our Security". The New York Times. ISSN 0362-4331. https://www.nytimes.com/2017/09/04/opinion/kapersky-russia-cybersecurity.html. Retrieved 2017-09-09. 
  14. "Kaspersky under scrutiny after Bloomberg story claims close links to FSB". Ars Technica. https://arstechnica.com/information-technology/2017/07/kaspersky-denies-inappropriate-ties-with-russian-govt-after-bloomberg-story/. Retrieved 2017-09-09. 
  15. Solon, Olivia (2017-09-13). "US government bans agencies from using Kaspersky software over spying fears". The Guardian. ISSN 0261-3077. https://www.theguardian.com/technology/2017/sep/13/us-government-bans-kaspersky-lab-russian-spying. Retrieved 2017-12-18. 
  16. "Lithuania bans Kaspersky Lab software on sensitive computers". Reuters. 21 December 2017. https://www.reuters.com/article/us-lithuania-russia-idUSKBN1EF23M. 
  17. "Dutch government to phase out use of Kaspersky anti-virus software". Reuters. 14 May 2018. https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV. 
  18. 18.0 18.1 Nakashima, Ellen; Gillum, Jack (2017-09-13). "U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage". Washington Post. ISSN 0190-8286. https://www.washingtonpost.com/world/national-security/us-to-ban-use-of-kaspersky-software-in-federal-agencies-amid-concerns-of-russian-espionage/2017/09/13/36b717d0-989e-11e7-82e4-f1076f6d6152_story.html. Retrieved 2017-09-13. 
  19. 19.0 19.1 da Silva, João (16 July 2024). "Russia antivirus firm Kaspersky quits US after ban". https://www.bbc.com/news/articles/cyr7ex16p32o. 
  20. Abdullah, Amal (2022-04-20). "Kaspersky opens new office in Saudi Arabia - Bahrain This Week" (in en-US). https://www.bahrainthisweek.com/kaspersky-opens-new-office-in-saudi-arabia/. 
  21. "#1741 Eugene Kaspersky". Forbes. https://www.forbes.com/profile/eugene-kaspersky/. 
  22. Kramer, Andrew E.; Perlroth, Nicole (June 3, 2012). "Expert Issues a Cyberwar Warning". The New York Times. https://www.nytimes.com/2012/06/04/technology/cyberweapon-warning-from-kaspersky-a-computer-security-expert.html?pagewanted=all. 
  23. 23.0 23.1 23.2 23.3 Salem Press Bios, Salem Press, http://salempress.com/initstore/pdfs/bios_com_pgs.pdf, retrieved November 13, 2015 
  24. 24.0 24.1 24.2 24.3 24.4 24.5 24.6 Kshetri, N. (2014). Global Entrepreneurship: Environment and Strategy. Taylor & Francis. p. 110. ISBN 978-1-317-74803-8. https://books.google.com/books?id=swxgAwAAQBAJ&pg=PT110. Retrieved November 11, 2015. 
  25. 25.0 25.1 Springer, P.J. (2015). Cyber Warfare: A Reference Handbook. Contemporary World Issues. ABC-CLIO. p. 163. ISBN 978-1-61069-444-5. https://books.google.com/books?id=S6egBgAAQBAJ&pg=PA163. Retrieved November 11, 2015. 
  26. 26.0 26.1 Graham, L. (2013). Lonely Ideas: Can Russia Compete?. MIT Press. pp. 93–94. ISBN 978-0-262-31739-9. https://books.google.com/books?id=tciqAAAAQBAJ&pg=PA93. Retrieved November 11, 2015. 
  27. "The virus warrior: a start-up tale". April 29, 2010. http://rbth.com/articles/2010/04/29/the_virus_warrior_a_start_up_tale.html. 
  28. 28.0 28.1 Shachtman, Noah (April 19, 2011). "Russia's Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals". WIRED. https://www.wired.com/2012/07/ff_kaspersky/. Retrieved April 24, 2016. 
  29. Sambandaraksa, Don (September 3, 2015). "Kaspersky wants digital passports". Post Publishing. http://www.bangkokpost.com/tech/world-updates/198706/kaspersky-wants-digital-passports. 
  30. Swartz, Jon (November 25, 2008). "Russian Kaspersky Lab offers antivirus protection in U.S.". https://abcnews.go.com/Business/story?id=6329227&page=1. 
  31. 31.0 31.1 31.2 31.3 31.4 "Contemporary Biographies in Communications & Media". Salem Press. http://www.salempress.com/store/pdfs/bios_com_pgs.pdf. 
  32. "Interview: Eugene Kaspersky". March 17, 2010. https://www.infosecurity-magazine.com/interviews/interview-eugene-kaspersky/. 
  33. 33.0 33.1 Meyer, K.; Peng, M. (2016). International Business. Cengage Learning. p. 310. ISBN 978-1-4737-2264-4. https://books.google.com/books?id=OWeoCwAAQBAJ&pg=PA310. Retrieved April 24, 2016. 
  34. Shachtman, Noah (April 19, 2011). "Russia's Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals". WIRED. https://www.wired.com/2012/07/ff_kaspersky/all/. Retrieved November 12, 2015. 
  35. "IT firm Kaspersky sees African opportunity". November 23, 2009. http://www.bdlive.co.za/articles/2009/11/23/it-firm-kaspersky-sees-african-opportunity. 
  36. "STC, Russia's Kaspersky Lab in smartphone security deal". April 28, 2010. http://www.arabnews.com/node/343616. 
  37. "UPDATE 2-Kaspersky to buy out U.S. investors, rules out IPO". February 3, 2012. https://www.reuters.com/article/kaspersky-idUSL2E8D3ETO20120203. 
  38. Dunn, John E (February 8, 2012). "Kaspersky Lab CEO cancels IPO plans, wants to buy back 20% stake". Computerworld UK. http://www.computerworlduk.com/news/it-vendors/kaspersky-lab-ceo-cancels-ipo-plans-wants-buy-back-20-stake-3335881/. 
  39. Arnold, Martin (January 20, 2011). "General Atlantic buys 20% Kaspersky stake". Financial Times. https://www.ft.com/content/b7cc912a-24d7-11e0-a919-00144feab49a. 
  40. 40.0 40.1 40.2 Finkle, Jim (May 2, 2014). "Kaspersky Lab executives depart amid business strategy dispute". https://www.reuters.com/article/us-kaspersky-management-idUSBREA410RS20140502. 
  41. Espiner, Tom. "Kaspersky leaves BSA over US piracy bill" (in en). ZDNet. https://www.zdnet.com/article/kaspersky-leaves-bsa-over-us-piracy-bill/. 
  42. "Kaspersky leaves Business Software Alliance over SOPA" (in en-us). TechSpot. http://www.techspot.com/news/46532-kaspersky-leaves-business-software-alliance-over-sopa.html. 
  43. Hoffman, Stefanie (June 21, 2011). "Kaspersky Lab Expands Reach With Ingram Micro Partnership". http://www.crn.com/news/security/231000139/kaspersky-lab-expands-reach-with-ingram-micro-partnership.htm. 
  44. "Exclusive: Russian antivirus firm faked malware to harm rivals - Ex-employees". Reuters. August 14, 2015. https://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814. 
  45. "Russian antivirus firm Kaspersky faked malware to harm rivals, according to former employees". August 14, 2015. http://www.businessinsider.com/russian-antivirus-firm-kaspersky-faked-malware-to-harm-rivals-according-to-former-employees-2015-8. 
  46. Menn, Joseph (August 28, 2015). "Exclusive: Russia's Kaspersky threatened to 'rub out' rival, email shows". https://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QX2GO20150828. 
  47. Sharwood, Simon. "Kaspersky: Freemasons coded fake malware in the Bermuda Triangle". https://www.theregister.co.uk/2015/08/17/kaspersky_freemasons_coded_fake_malware_in_the_bermuda_triangle/. 
  48. Menn, Joseph (August 28, 2015). "Exclusive: Russia's Kaspersky threatened to 'rub out' rival, email shows". Reuters. https://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QX2GO20150828. 
  49. Goodin, Dan (January 25, 2017). "Kaspersky Lab's top investigator reportedly arrested in treason probe" (in en-us). Ars Technica. https://arstechnica.com/information-technology/2017/01/kaspersky-labs-top-investigator-reportedly-arrested-in-treason-probe/. 
  50. "Russia's ex-cybersecurity chief gets 22 sentence in jail" (in en). ABC News. February 28, 2019. https://abcnews.go.com/Technology/wireStory/russias-cyber-security-chief-22-year-sentence-61326988. 
  51. Wolff, Josephine (March 11, 2019). "The U.S.-Russia Relationship on Cybercrime Is About to Get Even More Strained" (in en). Slate Magazine. https://slate.com/technology/2019/03/russia-treason-trial-sergei-mikhailov-ruslan-stoyanov-cybercrime.html. 
  52. "Kaspersky traces spyware attack on staff iOS devices back to 2019" (in en). 2023-06-02. https://www.itpro.com/security/malware/kaspersky-traces-spyware-attack-on-staff-ios-devices-back-to-2019. 
  53. Faulconbridge, Guy (2023-06-01). "Russia says US hacked thousands of Apple phones in spy plot". Reuters. https://www.reuters.com/technology/russias-fsb-says-us-nsa-penetrated-thousands-apple-phones-spy-plot-2023-06-01/. 
  54. Stanton, Rich (16 July 2024). "Russian antivirus giant Kaspersky leaves the US after two decades, slams the 'theoretical concerns' that led to it being banned". https://www.pcgamer.com/gaming-industry/russian-antivirus-giant-kaspersky-leaves-the-us-after-two-decades-slams-the-theoretical-concerns-that-led-to-it-being-banned/. 
  55. Del Valle, Gaby (2024-06-21). "US sanctions Kaspersky Lab executives, board members over ‘cooperation’ with Russia". https://www.theverge.com/2024/6/21/24183274/kaspersky-lab-sanctions-treasury-department-russia. 
  56. "Kaspersky Antivirus Abruptly Replaced With UltraAV in the US, Angering Users". https://www.pcmag.com/news/kaspersky-antivirus-abruptly-replaced-with-ultraav-in-the-us-angering-users. 
  57. "Kaspersky deletes itself, installs UltraAV antivirus without warning". https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/. 
  58. "2016 Gartner Magic Quadrant for Endpoint Security". Gartner. https://www.gartner.com/en/documents/3196523. 
  59. Matlack, Carol (March 19, 2015). "The Company Securing Your Internet Has Close Ties to Russian Spies". https://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies. 
  60. Steiner, Eduard (July 5, 2016). "Wie Russland jetzt die Weltmärkte erobern will" (in de). https://www.welt.de/wirtschaft/article156816145/Wie-Russland-jetzt-die-Weltmaerkte-erobern-will.html. 
  61. 61.0 61.1 61.2 MacFarquhar, Neil (June 10, 2016). "A Russian Cybersleuth Battles the 'Dark Ages' of the Internet". https://www.nytimes.com/2016/06/11/world/europe/kaspersky-lab-russia-cybercrime-internet.html. 
  62. 62.0 62.1 "Kaspersky Total Security review". November 16, 2015. https://www.expertreviews.co.uk/software/internet-security/1401992/kaspersky-internet-security-2015-review. 
  63. Roy, Anirban (September 9, 2015). "Kaspersky Launches Antivirus, Internet Security, Total Security- Multi Device: Price, Availability". http://www.ibtimes.co.in/kaspersky-launches-antivirus-internet-security-total-security-multi-device-price-availability-646029. 
  64. Rubenking, Neil J. (July 29, 2015). "Kaspersky Anti-Virus (2016)". https://www.pcmag.com/article2/0,2817,2460689,00.asp. 
  65. "Antimalware protection products: Kaspersky Endpoint Security". May 9, 2016. http://searchsecurity.techtarget.com/feature/Antimalware-protection-products-Kaspersky-Endpoint-Security. 
  66. "Cybersecurity company Kaspersky launches new products to ensure digital protection, details here" (in en). 2023-03-05. https://www.indiatoday.in/technology/news/story/cybersecurity-company-kaspersky-launches-new-products-to-ensure-digital-protection-details-here-2342799-2023-03-05. 
  67. "Kaspersky Lab Kaspersky Security 10 for Mobile". SC Magazine. July 24, 2013. 
  68. "Android Antivirus". February 4, 2015. http://www.tomsguide.com/us/kaspersky-mobile-security,review-2100.html. 
  69. Forrest, Derek (August 27, 2015). "Kaspersky Lab Announces New Protection For Mac Endpoint Users". http://www.tomsitpro.com/articles/kaspersky-endpoint-security-mac-os,1-2843.html. 
  70. "Kaspersky Lab Launches Small Office Security". April 29, 2015. http://www.eweek.com/small-business/kaspersky-lab-launches-small-office-security.html. 
  71. Stephenson, Peter (July 1, 2015). "Kaspersky Security for Virtualization product review". http://www.scmagazine.com/kaspersky-security-for-virtualization/review/4401/. 
  72. Stephenson, Peter (July 1, 2013). "Kaspersky Lab Kaspersky Security 10 for Mobile v10 product review". http://www.scmagazine.com/kaspersky-lab-kaspersky-security-10-for-mobile-v10/review/3931/. 
  73. "Kaspersky Lab Adds Device-Reputation Fraud Prevention". August 24, 2015. http://www.darkreading.com/vulnerabilities---threats/kaspersky-lab-adds-device-reputation-fraud-prevention/d/d-id/1321894. 
  74. Palmer, Danny (August 9, 2016). "Kaspersky Lab offers free anti-ransomware tool for Windows". https://www.zdnet.com/article/kaspersky-lab-offers-free-anti-ransomware-tool-for-windows/. 
  75. Wei, Wang. "KasperskyOS — Secure Operating System released for IoT and Embedded Systems" (in en). https://thehackernews.com/2017/02/kasperskyos-operating-system.html. 
  76. "Kaspersky Presents its First Cyber Immune Solution at Hannover Messe" (in en). https://www.automation.com/en-us/products/april-2021/kaspersky-first-cyber-immune-solution-hannover. 
  77. Comment, Max Smolaks (2017-02-10). "Kaspersky finally launches secure industrial OS" (in en). https://www.datacenterdynamics.com/en/news/kaspersky-finally-launches-secure-industrial-os/. 
  78. Pauli, Darren (23 Aug 2016). "Kaspersky launches its own OS on Russian routers". https://www.theregister.com/2016/08/23/kasperskyos. 
  79. "Kaspersky Looks to Have Shuttered the Threatpost, the Security News Outlet They Secretly Own". 2022-09-28. https://www.pluginvulnerabilities.com/2022/09/28/kaspersky-looks-to-have-shuttered-the-threatpost-the-security-news-outlet-they-secretly-own/. 
  80. "Who's Afraid of Kaspersky?" (in en). May 22, 2018. https://www.vice.com/en/article/kaspersky-sas-conference-russia-spying/. 
  81. "Threatpost launches as best practice for enterprise IT and social media" (in en). https://www.zdnet.com/article/threatpost-launches-as-best-practice-for-enterprise-it-and-social-media/. 
  82. "One year later, Threatpost continues to succeed for Kaspersky" (in en). https://www.zdnet.com/article/one-year-later-threatpost-continues-to-succeed-for-kaspersky/. 
  83. "Threatpost | The first stop for security news". https://threatpost.com/. 
  84. "About our Partner: Microsoft Forefront". Kaspersky Lab. http://www.kaspersky.com/partners/oem/partners/microsoft_forefront. 
  85. "Event - Kaspersky Official eStore Southeast Asia". http://www.antivirus365.net/event/impact.php. 
  86. "Kaspersky extends partnership with Scuderia Ferrari and becomes brand's Esports team partner – Kaspersky". December 16, 2021. https://www.kaspersky.com/about/press-releases/2021_kaspersky-extends-partnership-with-scuderia-ferrari-and-becomes-brands-esports-team-partner. 
  87. "Ferrari pauses F1 partnership with Russian-based software maker Kaspersky: Spokesman". CNA. March 18, 2022. https://www.channelnewsasia.com/sport/ferrari-pauses-f1-partnership-russian-based-software-maker-kaspersky-spokesman-2571921. 
  88. Burger, Schalk. "Kaspersky, AFRIPOL sign partnership agreement to prevent and fight cybercrime". https://www.engineeringnews.co.za/article/kasperskyafripol-sign-partnership-agreement-to-prevent-and-fight-cybercrime-2024-11-19. 
  89. "Kaspersky Lab signs up to actively support INTERPOL Global Complex for Innovation, Singapore – IT Voice | IT in Depth" (in en-US). https://www.itvoice.in/kaspersky-lab-signs-up-to-actively-support-interpol-global-complex-for-innovation-singapore. 
  90. "Kaspersky teams up with Interpol in the fight against cyber crime" (in en). https://www.securityworldmarket.com/uk/Newsarchive/kaspersky-teams-up-with-interpol-in-the-fight-against-cyber-crime1. 
  91. Barth, Bradley (2017-10-12). "Kaspersky Lab renews threat sharing relationship with INTERPOL" (in en). https://www.scworld.com/news/kaspersky-lab-renews-threat-sharing-relationship-with-interpol. 
  92. "Kaspersky and INTERPOL Join Forces to Combat Cybercrime at the 2024 Summer Olympics" (in en-US). 2024-10-22. https://vsdaily.com/kaspersky-and-interpol-join-forces-to-combat-cybercrime-at-the-2024-summer-olympics/. 
  93. Bandhakavi, Swagath (2025-06-12). "Interpol's cybercrime operation dismantles over 20,000 malicious domains" (in en-US). https://www.techmonitor.ai/technology/cybersecurity/interpol-operation-secure-malicious-domains. 
  94. Seals, Tara (2014-10-01). "Kaspersky Expands Partnership with INTERPOL, Europol" (in en-gb). https://www.infosecurity-magazine.com/news/kaspersky-expands-partnership-with/. 
  95. 95.0 95.1 95.2 Rubenking, Neil J. (March 29, 2016). "The Best Antivirus Utilities for 2016". PC Magazine. https://www.pcmag.com/article2/0,2817,2372364,00.asp. 
  96. 96.0 96.1 96.2 Anti-Virus Comparative: Summary Report 2015, AV Comparatives, December 30, 2015, http://www.av-comparatives.org/wp-content/uploads/2016/01/avc_sum_201512_en.pdf, retrieved April 30, 2016 
  97. 97.0 97.1 Rubenking, Neil J. (August 12, 2016). "Kaspersky Total Security (2017)". https://www.pcmag.com/article2/0,2817,2476367,00.asp. 
  98. Mesmmer, Ellen (July 12, 2013). "Enterprise antivirus software test puts Kaspersky software out front, Microsoft at bottom". https://www.networkworld.com/article/676536/compliance-enterprise-anti-virus-software-test-puts-kaspersky-software-out-front-microsoft-at-bott.html. 
  99. Hachman, Mark (December 3, 2013). "Kaspersky, six others top malware removal tests". PCWorld. http://www.pcworld.com/article/2068485/kaspersky-six-others-top-malware-removal-tests.html. 
  100. 100.0 100.1 Rubenking, Neil. "Kaspersky Named Antivirus Tsar". http://securitywatch.pcmag.com/security-software/319752-kaspersky-named-antivirus-tsar. 
  101. Sarrel, Matthew D. (January 15, 2016). "Kaspersky Lab Small Office Security". PC Magazine. https://www.pcmag.com/article2/0,2817,2495688,00.asp. 
  102. "Anti-Virus comparative February 2008". http://www.av-comparatives.org/comparativesreviews/detection-test/168-file-detection-test-february-2008. 
  103. "Retrospective / ProActive - Test May 2008". http://www.av-comparatives.org/comparativesreviews/retrospective-test/92-heuristic-behaviour-test-may-2008a. 
  104. "Results and comments". http://www.matousec.com/projects/firewall-challenge/results.php. 
  105. "Anti-rootkit tests | Anti-Malware Test Lab". http://www.anti-malware-test.com/?q=taxonomy%2Fterm%2F7. 
  106. "Anti-Malware Solutions Test Results | Anti-Malware Test Lab". http://www.anti-malware-test.com/?q=taxonomy/term/5. 
  107. "Self-protection test | Anti-Malware Test Lab". http://www.anti-malware-test.com/?q=taxonomy%2Fterm%2F16. 
  108. "Kaspersky Internet Security 7.0 receives two top awards in testing conducted by the British magazine PC Pro". Kaspersky Lab. April 5, 2007. http://www.kaspersky.co.uk/news?id=207575604. 
  109. "All VB100 test history for vendor Kaspersky Lab". https://www.virusbulletin.com/testing/vendors/recent/vb100-antimalware/kaspersky/all. 
  110. "Anti-Virus Personal 5.0 (Full Product)". PC World Magazine. January 25, 2005. http://www.pcworld.com/article/id,124493-page,1/article.html. 
  111. Kaspersky Lab Internet Security 2010 Antivirus & Security Software Review . PCWorld (March 30, 2010). Retrieved on September 29, 2010.
  112. "AV-Comparatives - Independent Tests of Anti-Virus Software - Summary Reports". http://www.av-comparatives.org/comparativesreviews/summary-reports. 
  113. "AV-TEST Award 2011". AV-TEST. 2012. http://www.av-test.org/en/test-procedures/award/2011/. 
  114. "AV-TEST 2012 Awards". 2013. http://www.av-test.org/en/test-procedures/award/2012/. 
  115. Mesmmer, Ellen (July 12, 2013). "Enterprise anti-virus software test puts Kaspersky software out front, Microsoft at bottom". https://www.networkworld.com/article/676536/compliance-enterprise-anti-virus-software-test-puts-kaspersky-software-out-front-microsoft-at-bott.html. 
  116. New versions of Kaspersky Lab's personal products. Kaspersky.com (July 31, 2009). Retrieved on September 29, 2010.
  117. "Kaspersky makes a statement with 94% lead in comparative tests". Gearburn. https://memeburn.com/gearburn/2024/03/kaspersky-makes-a-statement-with-94-lead-in-comparative-tests/. 
  118. "Kaspersky held leading position in 2021 TOP3 metric". SecurityBrief. https://securitybrief.com.au/story/kaspersky-held-leading-position-in-2021-top3-metric. 
  119. "Kaspersky Lab Honored with AV-Test 2013 Innovation Award". PC Mag. https://www.pcmag.com/news/kaspersky-lab-honored-with-av-test-2013-innovation-award. 
  120. "AV-Comparatives confirms 100% anti-tampering protection of Kaspersky Endpoint Security for Business?". VAR Online. https://varonline.com/av-comparatives-confirms-100-anti-tampering-protection-of-kaspersky-endpoint-security-for-business/. 
  121. "Kaspersky products ace SE Labs testing with flawless defence". SecurityBrief. https://securitybrief.com.au/story/kaspersky-products-ace-se-labs-testing-with-flawless-defence. 
  122. "AMTSO Members". AMTSO. https://www.amtso.org/members/. 
  123. "Microsoft Virus Initiative". Microsoft. https://learn.microsoft.com/en-us/defender-xdr/virus-initiative-criteria?view=o365-worldwide. 
  124. Paul Sonne (2013-09-03). "Data-Security Expert Kaspersky: There Is No More Privacy". The Wall Street Journal. wsj.com. http://online.wsj.com/article/SB10001424127887324432404579053091175949708.html. 
  125. "PwC Global 100 Software Leaders". https://www.pwc.com/gx/en/technology/publications/global-software-100-leaders/assets/global-100-software-leaders-2016.pdf. 
  126. Sarah Kuranda (2017-07-12). "Kaspersky Removed From GSA Schedule". The Channel Co. crn.com. https://www.crn.com/news/security/300088591/kaspersky-removed-from-gsa-schedule-limiting-federal-sales-for-its-security-software. 
  127. 127.0 127.1 "Kaspersky Lab Reports". Radio Free Europe/Radio Liberty. rferl.com. 2018-01-20. https://www.rferl.org/a/kaspersky-reports-8-percent-revenue-growth-despite-us-government-ban-software-/28986290.html. 
  128. "Kaspersky Labs Revenue Up 4% in 2018 to $726m". TechBarrista. techbarrista.com. https://www.techbarrista.com/kaspersky-revenue-2018-726m/. 
  129. "Best cybersecurity companies to watch in 2021". Cybernews. cybernews.com. https://cybernews.com/security/top-cybersecurity-companies/. 
  130. 130.0 130.1 130.2 "Revenue of Kaspersky Lab worldwide from 2016 to 2022". Statista. statista.com. https://www.statista.com/statistics/1196100/kaspersky-lab-revenue-worldwide/. 
  131. "Kaspersky ‘Sad’ To Exit U.S. Market". The Channel Co. crn.com. https://www.crn.com/news/security/2024/kaspersky-sad-to-exit-us-market-layoffs-ahead-at-antivirus-software-company. 
  132. Graham, L. (2013). Lonely Ideas: Can Russia Compete?. MIT Press. p. 93. ISBN 978-0-262-31739-9. https://books.google.com/books?id=tciqAAAAQBAJ&pg=PA93. Retrieved April 24, 2016. 
  133. 133.0 133.1 Kovar, Joseph F. (March 13, 2015). "What Is Kaspersky's GReAT?". CRN. http://www.crn.com/news/storage/300075826/what-is-kasperskys-great.htm. 
  134. 134.0 134.1 134.2 134.3 Kushner, David (February 26, 2013). "The Real Story of Stuxnet". https://spectrum.ieee.org/the-real-story-of-stuxnet. 
  135. "The Kaspersky Equation; Cyber-Security". The Economist. February 21, 2015. https://www.highbeam.com/doc/1G1-402233169.html. 
  136. 136.0 136.1 Zetter, Kim (December 9, 2014). "Kaspersky Finds New Nation-State Attack—In Its Own Network". Wired. https://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-network/. Retrieved April 25, 2016. 
  137. "Kaspersky Lab Uncovers 'The Mask': One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers, 11 February 2014". http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers. 
  138. "Is Stuxnet the ‘best’ malware ever?" (in en). https://www.computerworld.com/article/1539067/is-stuxnet-the-best-malware-ever.html. 
  139. Weinberger, Sharon (2011). "Computer security: Is this the start of cyberwarfare?". Nature 474 (7350): 142–145. doi:10.1038/474142a. PMID 21654779. 
  140. Albanesius, Chloe (May 28, 2012). "Massive 'Flame' Malware Stealing Data Across Middle East". PC World. https://www.pcmag.com/article2/0,2817,2404951,00.asp. 
  141. 141.0 141.1 "Flame virus: Five facts to know". The Times of India. May 29, 2012. http://timesofindia.indiatimes.com/tech/enterprise-it/security/Flame-virus-Five-facts-to-know/articleshow/13640158.cms. 
  142. McElroy, Damien; Williams, Christopher (May 28, 2012). "Flame: world's most complex computer virus exposed". The Telegraph (London). https://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html. 
  143. 143.0 143.1 Zetter, Kim (May 28, 2012). "Meet 'Flame', The Massive Spy Malware Infiltrating Iranian Computers". Wired. https://www.wired.com/threatlevel/2012/05/flame/. Retrieved May 29, 2012. 
  144. Zetter, Kim (August 23, 2010). "Meet 'Flame,' The Massive Spy Malware Infiltrating Iranian Computers". Wired. https://www.wired.com/2012/05/flame/. Retrieved April 25, 2016. 
  145. Albanesius, Chloe (May 28, 2012). "Massive 'Flame' Malware Stealing Data Across Middle East". PC World. https://www.pcmag.com/article2/0,2817,2404951,00.asp. 
  146. Goodin, Dan (March 14, 2013). "Puzzle box: The quest to crack the world's most mysterious malware warhead". https://arstechnica.com/security/2013/03/the-worlds-most-mysterious-potentially-destructive-malware-is-not-stuxnet/. 
  147. Ngak, Chenda (January 14, 2013). "Kaspersky Labs finds 'Red October' cyber-espionage malware". http://www.cbsnews.com/news/kaspersky-labs-finds-red-october-cyber-espionage-malware/. 
  148. Perlroth, Nicole (January 14, 2013). "Security Firm Discovers Cyber-Spy Campaign". The New York Times. http://bits.blogs.nytimes.com/2013/01/14/security-firm-discovers-global-spy-campaign/. 
  149. Liberto, Jennifer (June 4, 2013). "New Chinese hacker group targets governments and nuclear facilities". https://money.cnn.com/2013/06/04/technology/security/cyber-hacker-group/index.html. 
  150. Wagenseil, Paul (June 5, 2013). "'NetTraveler' Online Espionage Campaign Linked to China". http://www.nbcnews.com/id/52099793/ns/technology_and_science-tech_and_gadgets/t/nettraveler-online-espionage-campaign-linked-china/. 
  151. Sonne, Paul (September 25, 2013). "Kaspersky: 'Hit and Run' Cyber-Espionage Hackers Emerge". The Wall Street Journal. https://blogs.wsj.com/digits/2013/09/25/kaspersky-hit-and-run-cyber-espionage-hackers-emerge/. 
  152. Menn, Joseph (September 25, 2013). "Hacker mercenaries linked to Japan, South Korea spying – researchers". https://www.reuters.com/article/cyberattacks-china-idUSL2N0HJ2AS20130925. 
  153. "Mask malware takes aim at governments and activists". February 11, 2014. https://www.bbc.com/news/technology-26136412. 
  154. Lee, Timothy (February 10, 2014). "This malware is frighteningly sophisticated, and we don't know who created it". Washington Post. https://www.washingtonpost.com/news/the-switch/wp/2014/02/10/this-malware-is-frighteningly-sophisticated-and-we-dont-know-who-created-it/. 
  155. Constantin, Lucian (January 27, 2015). "Source code reveals link between NSA and Regin cyberespionage malware". http://www.pcworld.com/article/2876112/link-between-nsa-and-regin-cyberespionage-malware-becomes-clearer.html. 
  156. Osborne, Charlie (January 28, 2015). "Infamous Regin malware linked to spy tools used by NSA, Five Eyes intelligence". https://www.zdnet.com/article/infamous-regin-malware-linked-to-spy-tools-used-by-nsa-five-eyes-intelligence/. 
  157. "Researchers link QWERTY keylogger code to NSA and Five Eye's Regin espionage malware". January 27, 2015. http://www.networkworld.com/article/2875739/microsoft-subnet/researchers-link-qwerty-keylogger-code-to-nsa-and-five-eyes-regin-espionage-malware.html. 
  158. Fleisher, Lisa (November 10, 2014). "Cybercrime Gang Targets Execs Using Hotel Internet". The Wall Street Journal. https://blogs.wsj.com/digits/2014/11/10/cybercrime-gang-targets-execs-using-hotel-internet/. 
  159. Hu, Denni (November 10, 2014). "Darkhotel Bug Targets Executives Traveling in Asia, Report Says". https://www.bloomberg.com/news/articles/2014-11-10/darkhotel-malware-spies-on-traveling-executives-report-says. 
  160. Auchard, Eric (November 10, 2014). "Execs in Asian luxury hotels fall prey to cyber espionage: study". https://www.reuters.com/article/us-cybersecurity-hotels-idUSKCN0IU0WB20141110. 
  161. "Kaspersky links US to spread of PC spyware across 30 countries". Financial Times. March 25, 2015. https://www.ft.com/content/4d4a8f9c-b668-11e4-95dc-00144feab7de. 
  162. Goodin, Dan (February 16, 2015). "How 'omnipotent' hackers tied to NSA hid for 14 years—and were found at last". https://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/. 
  163. "The Kaspersky equation". The Economist. February 21, 2015. https://www.economist.com/news/business/21644154-russian-antivirus-firm-impresses-sceptics-again-kaspersky-equation. 
  164. Perez, Rio (February 9, 2016). "Kaspersky confirms return of Carbanak and two more banking APT groups". SC Magazine. http://www.scmagazine.com/news/kaspersky-confirms-return-of-carbanak-and-two-more-banking-apt-groups/article/472224/. 
  165. "Kaspersky Lab cybersecurity firm is hacked". June 10, 2015. https://www.bbc.com/news/technology-33083050. 
  166. Zetter, Kim (June 24, 2014). "Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones". Wired. https://www.wired.com/2014/06/remote-control-system-phone-surveillance/. Retrieved May 1, 2016. 
  167. "Police learning surveillance tricks from hackers, cybersecurity experts say". June 24, 2014. http://www.cbsnews.com/news/police-learning-surveillance-tricks-from-hackers-cybersecurity-experts-say/. 
  168. "Eyes on you: Experts reveal police hacking methods". June 25, 2014. https://www.usatoday.com/story/tech/2014/06/25/police-hacking-methods/11348497/. 
  169. Barth, Bradley (January 21, 2016). "Kaspersky detects surge in 'Asacub' mobile banking trojan attacks". SC Magazine. http://www.scmagazine.com/news/kaspersky-detects-surge-in-asacub-mobile-banking-trojan-attacks/article/466638/. 
  170. 170.0 170.1 Osborne, Charlie (January 13, 2016). "Kaspersky Lab discovers Silverlight zero-day vulnerability". https://www.zdnet.com/article/kaspersky-lab-discovers-silverlight-zero-day-vulnerability/. 
  171. 171.0 171.1 Zetter, Kim (January 13, 2016). "Hacking Team's Leak Helped Researchers Hunt Down a Zero-Day". Wired. https://www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/. Retrieved April 25, 2016. 
  172. Jones, Brad (February 10, 2016). "Kaspersky fingers 'Poseidon' for attacks dating back to 2001". http://www.digitaltrends.com/computing/kapersky-identifies-poseidon-as-cyber-criminal-group/. 
  173. AMR (Anti-Malware Research); GReAT (Global Research & Analysis Team) (November 8, 2019). "Titanium: the Platinum group strikes again". Kaspersky Lab. https://securelist.com/titanium-the-platinum-group-strikes-again/94961/. 
  174. "Kaspersky identifies new Titanium backdoor used for attacks by notorious Platinum group in APAC region". Global Security Mag. November 2019. http://www.globalsecuritymag.com/Kaspersky-identifies-new-Titanium,20191108,92551.html. 
  175. Goodin, Dan (November 8, 2019). "One of the world's most advanced hacking groups debuts new Titanium backdoor". Ars Technica. https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/. 
  176. Osborne, Charlie (November 8, 2019). "Platinum APT's new Titanium backdoor mimics popular PC software to stay hidden". ZDNet. https://www.zdnet.com/article/platinum-apts-new-titanium-backdoor-mimics-popular-pc-software-to-stay-hidden/. 
  177. Ewell, Pauline (November 8, 2019). "Platinum APT Shines Up New Titanium Backdoor". MashViral. http://mashviral.com/platinum-apt-shines-up-new-titanium-backdoor/. 
  178. "'Platinum' Hacking Group Strikes Once more With Complicated Titanium Backdoor To Home windows". Market Research Base. November 9, 2019. https://marketresearchbase.com/2019/11/09/platinum-hacking-group-strikes-once-more-with-complicated-titanium-backdoor-to-home-windows/. 
  179. "MATA: Multi-platform targeted malware framework". July 22, 2020. https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/. 
  180. Ribeiro, Anna (October 18, 2023). "Kaspersky data reveals updated MATA attacks targeting industrial companies in Eastern Europe". https://industrialcyber.co/industrial-cyber-attacks/kaspersky-data-reveals-updated-mata-attacks-targeting-industrial-companies-in-eastern-europe/. 
  181. "MATA malware framework exploits EDR in attacks on defense firms". https://www.bleepingcomputer.com/news/security/mata-malware-framework-exploits-edr-in-attacks-on-defense-firms/. 
  182. "Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware". November 22, 2024. https://www.scworld.com/news/fake-chatgpt-claude-pypi-packages-spread-jarkastealer-malware. 
  183. "Malicious PyPi Package Mimic ChatGPT & Claude Steals Developers Data". November 21, 2024. https://cybersecuritynews.com/malicious-pypi-package-mimic-chatgpt-claude/. 
  184. "Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol". December 14, 2023. https://securelist.com/unveiling-nkabuse/111512/. 
  185. "Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines". https://www.darkreading.com/cloud-security/nkabuse-malware-blockchain-hide-linux-iot. 
  186. "Kaspersky opens up over spyware campaign targeting its staffers". https://www.computerweekly.com/news/366556873/Kaspersky-opens-up-over-spyware-campaign-targeting-its-staffers. 
  187. "Operation Triangulation: The last (hardware) mystery". December 27, 2023. https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/. 
  188. "'EastWind' Cyber-Spy Campaign Combines Various Chinese APT Tools". https://www.darkreading.com/cyberattacks-data-breaches/eastwind-cyber-spy-campaign-chinese-apt-tools. 
  189. "China-Linked Hackers Breach Russian Agencies With Sophisticated Malware, Kaspersky Reveals Widespread Espionage Campaign". August 15, 2024. https://www.ccn.com/news/technology/china-hackers-breach-russian-agencies-malware-kaspersky/. 
  190. "'DuneQuixote' shows stealth cyberattack methods are evolving. Can defenders keep up?". https://urgentcomm.com/cybersecurity/-dunequixote-shows-stealth-cyberattack-methods-are-evolving-can-defenders-keep-up-. 
  191. "SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images" (in en). https://thehackernews.com/2025/02/sparkcat-malware-uses-ocr-to-extract.html. 
  192. Davis, Wes (2025-02-05). "iOS App Store apps with screenshot-reading malware found for the first time" (in en-US). https://www.theverge.com/news/606649/ios-iphone-app-store-malicious-apps-malware-crypto-password-screenshot-reader-found. 
  193. Singh, Jagmeet (2025-02-11). "Apple and Google take down malicious mobile apps from their app stores" (in en-US). https://techcrunch.com/2025/02/10/apple-and-google-take-down-malicious-apps-from-their-app-stores/. 
  194. Goodin, Dan (November 16, 2017). "Kaspersky: Yes, we obtained NSA secrets. No, we didn't help steal them" (in en-us). Ars Technica. https://arstechnica.com/information-technology/2017/11/kaspersky-yes-we-obtained-nsa-secrets-no-we-didnt-help-steal-them/. 
  195. "Trump signs into law U.S. government ban on Kaspersky Lab software". Reuters. December 12, 2017. https://www.reuters.com/article/us-usa-cyber-kaspersky/trump-signs-into-law-u-s-government-ban-on-kaspersky-lab-software-idUSKBN1E62V4. 
  196. Fitzgerald, Jay. "Kaspersky Opens New 'Transparency Centers' Amid Concerns Over Possible Russian Ties". https://www.crn.com/news/security/kaspersky-opens-new-transparency-centers-amid-concerns-over-possible-russian-ties. 
  197. "Kaspersky shuts down data-processing activities in Russia". November 17, 2020. https://www.computerweekly.com/news/252492217/Kaspersky-shuts-down-data-processing-activities-in-Russia?asrc=EM_EDA_140344152. 
  198. "Exclusive: U.S. warned firms about Russia's Kaspersky software day after invasion". Reuters. March 31, 2022. https://www.reuters.com/technology/exclusive-us-warned-firms-about-russias-kaspersky-software-day-after-invasion-2022-03-31. 
  199. "Kaspersky statement on the FCC public notice". March 26, 2022. https://www.kaspersky.com/about/press-releases/2022_kaspersky-statement-on-the-fcc-public-notice. 
  200. "Ukraine Situation Report: Frontline Defenses Deteriorating Under Russian Pressure". April 29, 2024. https://www.twz.com/news-features/ukraine-situation-report-frontline-defenses-deteriorating-under-russian-pressure. 
  201. 201.0 201.1 Lyngaas, Sean (2024-04-09). "Biden administration preparing to prevent Americans from using Russian-made software over national security concern | CNN Politics" (in en). https://www.cnn.com/2024/04/09/politics/biden-administration-americans-russian-software/index.html. 
  202. Valle, Gaby Del (2024-06-20). "Biden administration to ban Russian company's antivirus software" (in en). https://www.theverge.com/2024/6/20/24182531/kaspersky-lab-antivirus-software-banned-us-biden-russia. 
  203. Zetter, Kim (2024-07-15). "Kaspersky Lab Closing U.S. Division; Laying Off Workers" (in en). https://www.zetter-zeroday.com/kaspersky-lab-closing-u-s-division-laying-off-workers-2/. 
  204. Lyons, Jessica (July 17, 2024). "Kaspersky gives US customers six months of free updates as a parting gift". https://www.theregister.com/2024/07/17/kaspersky_goodbye_gift/. 
  205. Page, Carly (2025-02-24). "Australia bans government use of Kaspersky software due to ‘unacceptable security risk’" (in en-US). https://techcrunch.com/2025/02/24/australia-bans-government-use-of-kaspersky-software-due-to-unacceptable-security-risk/. 
  206. Umbelino, Pedro (2024-12-18). "The Aftermath of the Kaspersky Ban". https://www.bitsight.com/blog/aftermath-kaspersky-ban. 
Short description: Computer software to defend against malicious computer viruses
ClamTk, an open-source antivirus based on the ClamAV antivirus engine, was originally developed by Tomasz Kojm in 2001.

Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect against other computer threats. Some products also include protection from malicious URLs, spam, and phishing.[1]

History

1949–1980 period (pre-antivirus days)

Although the roots of the computer virus date back as early as 1949, when the Hungarian scientist John von Neumann published the "Theory of self-reproducing automata",[2] the first known computer virus appeared in 1971 and was dubbed the "Creeper virus".[3] This computer virus infected Digital Equipment Corporation's (DEC) PDP-10 mainframe computers running the TENEX operating system.[4][5]

The Creeper virus was eventually deleted by a program created by Ray Tomlinson and known as "The Reaper".[6] Some people consider "The Reaper" the first antivirus software ever written – it may be the case, but it is important to note that the Reaper was actually a virus itself specifically designed to remove the Creeper virus.[6][7]

The Creeper virus was followed by several other viruses. The first known that appeared "in the wild" was "Elk Cloner", in 1981, which infected Apple II computers.[8][9][10]

In 1983, the term "computer virus" was coined by Fred Cohen in one of the first ever published academic papers on computer viruses.[11] Cohen used the term "computer virus" to describe programs that: "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself."[12] (note that a more recent definition of computer virus has been given by the Hungarian security researcher Péter Szőr: "a code that recursively replicates a possibly evolved copy of itself").[13][14]

The first IBM PC compatible "in the wild" computer virus, and one of the first real widespread infections, was "Brain" in 1986. From then, the number of viruses has grown exponentially.[15][16] Most of the computer viruses written in the early and mid-1980s were limited to self-reproduction and had no specific damage routine built into the code. That changed when more and more programmers became acquainted with computer virus programming and created viruses that manipulated or even destroyed data on infected computers.[17]

Before internet connectivity was widespread, computer viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable files and the boot sectors of floppy disks and hard disks. However, as internet usage became common, viruses began to spread online.[18]

1980–1990 period (early days)

There are competing claims for the innovator of the first antivirus product. Possibly, the first publicly documented removal of an "in the wild" computer virus (i.e. the "Vienna virus") was performed by Bernd Fix in 1987.[19][20]

In 1987, Andreas Lüning and Kai Figge, who founded G Data Software in 1985, released their first antivirus product for the Atari ST platform.[21] In 1987, the Ultimate Virus Killer (UVK) was also released.[22] This was the de facto industry standard virus killer for the Atari ST and Atari Falcon, the last version of which (version 9.0) was released in April 2004.[citation needed] In 1987, in the United States, John McAfee founded the McAfee company (was part of Intel Security[23]) and, at the end of that year, he released the first version of VirusScan.[24] Also in 1987 (in Czechoslovakia), Peter Paško, Rudolf Hrubý, and Miroslav Trnka created the first version of NOD antivirus.[25][26]

In 1987, Fred Cohen wrote that there is no algorithm that can perfectly detect all possible computer viruses.[27]

Finally, at the end of 1987, the first two heuristic antivirus utilities were released: Flushot Plus by Ross Greenberg[28][29][30] and Anti4us by Erwin Lanting.[31] In his O'Reilly book, Malicious Mobile Code: Virus Protection for Windows, Roger Grimes described Flushot Plus as "the first holistic program to fight malicious mobile code (MMC)."[32]

However, the kind of heuristic used by early AV engines was totally different from those used today. The first product with a heuristic engine resembling modern ones was F-PROT in 1991.[33] Early heuristic engines were based on dividing the binary into different sections: data section, code section (in a legitimate binary, it usually starts always from the same location). Indeed, the initial viruses re-organized the layout of the sections, or overrode the initial portion of a section in order to jump to the very end of the file where malicious code was located—only going back to resume execution of the original code. This was a very specific pattern, not used at the time by any legitimate software, which represented an elegant heuristic to catch suspicious code. Other kinds of more advanced heuristics were later added, such as suspicious section names, incorrect header size, regular expressions, and partial pattern in-memory matching.

In 1988, the growth of antivirus companies continued. In Germany, Tjark Auerbach founded Avira (H+BEDV at the time) and released the first version of AntiVir (named "Luke Filewalker" at the time). In Bulgaria, Vesselin Bontchev released his first freeware antivirus program (he later joined FRISK Software). Also Frans Veldman released the first version of ThunderByte Antivirus, also known as TBAV (he sold his company to Norman Safeground in 1998). In Czechoslovakia, Pavel Baudiš and Eduard Kučera started avast! (at the time ALWIL Software) and released their first version of avast! antivirus. In June 1988, in South Korea , Ahn Cheol-Soo released its first antivirus software, called V1 (he founded AhnLab later in 1995). Finally, in autumn 1988, in the United Kingdom, Alan Solomon founded S&S International and created his Dr. Solomon's Anti-Virus Toolkit (although he launched it commercially only in 1991 – in 1998 Solomon's company was acquired by McAfee). In November 1988 a professor at the Panamerican University in Mexico City named Alejandro E. Carriles copyrighted the first antivirus software in Mexico under the name "Byte Matabichos" (Byte Bugkiller) to help solve the rampant virus infestation among students.[34]

Also in 1988, a mailing list named VIRUS-L[35] was started on the BITNET/EARN network where new viruses and the possibilities of detecting and eliminating viruses were discussed. Some members of this mailing list were: Alan Solomon, Eugene Kaspersky (Kaspersky Lab), Friðrik Skúlason (FRISK Software), John McAfee (McAfee), Luis Corrons (Panda Security), Mikko Hyppönen (F-Secure), Péter Szőr, Tjark Auerbach (Avira) and Vesselin Bontchev (FRISK Software).[35]

In 1989, in Iceland, Friðrik Skúlason created the first version of F-PROT Anti-Virus (he founded FRISK Software only in 1993). Meanwhile, in the United States, Symantec (founded by Gary Hendrix in 1982) launched its first Symantec antivirus for Macintosh (SAM).[36][37] SAM 2.0, released March 1990, incorporated technology allowing users to easily update SAM to intercept and eliminate new viruses, including many that didn't exist at the time of the program's release.[38]

In the end of the 1980s, in United Kingdom, Jan Hruska and Peter Lammer founded the security firm Sophos and began producing their first antivirus and encryption products. In the same period, in Hungary, also VirusBuster was founded (which has recently being incorporated by Sophos).

1990–2000 period (emergence of the antivirus industry)

In 1990, in Spain, Mikel Urizarbarrena founded Panda Security (Panda Software at the time).[39] In Hungary, the security researcher Péter Szőr released the first version of Pasteur antivirus. In Italy, Gianfranco Tonello created the first version of VirIT eXplorer antivirus, then founded TG Soft one year later.[40]

In 1990, the Computer Antivirus Research Organization (CARO) was founded. In 1991, CARO released the "Virus Naming Scheme", originally written by Friðrik Skúlason and Vesselin Bontchev.[41] Although this naming scheme is now outdated, it remains the only existing standard that most computer security companies and researchers ever attempted to adopt. CARO members includes: Alan Solomon, Costin Raiu, Dmitry Gryaznov, Eugene Kaspersky, Friðrik Skúlason, Igor Muttik, Mikko Hyppönen, Morton Swimmer, Nick FitzGerald, Padgett Peterson, Peter Ferrie, Righard Zwienenberg and Vesselin Bontchev.[42][43]

In 1991, in the United States, Symantec released the first version of Norton AntiVirus. In the same year, in the Czech Republic, Jan Gritzbach and Tomáš Hofer founded AVG Technologies (Grisoft at the time), although they released the first version of their Anti-Virus Guard (AVG) only in 1992. On the other hand, in Finland , F-Secure (founded in 1988 by Petri Allas and Risto Siilasmaa – with the name of Data Fellows) released the first version of their antivirus product. F-Secure claims to be the first antivirus firm to establish a presence on the World Wide Web.[44]

In 1991, the European Institute for Computer Antivirus Research (EICAR) was founded to further antivirus research and improve development of antivirus software.[45][46]

In 1992, in Russia, Igor Danilov released the first version of SpiderWeb, which later became Dr.Web.[47]

In 1994, AV-TEST reported that there were 28,613 unique malware samples (based on MD5) in their database.[48]

Over time other companies were founded. In 1996, in Romania, Bitdefender was founded and released the first version of Anti-Virus eXpert (AVX).[49] In 1997, in Russia, Eugene Kaspersky and Natalya Kaspersky co-founded security firm Kaspersky Lab.[50]

In 1996, there was also the first "in the wild" Linux virus, known as "Staog".[51]

In 1999, AV-TEST reported that there were 98,428 unique malware samples (based on MD5) in their database.[48]

2000–2005 period

In 2000, Rainer Link and Howard Fuhs started the first open source antivirus engine, called OpenAntivirus Project.[52]

In 2001, Tomasz Kojm released the first version of ClamAV, the first ever open source antivirus engine to be commercialised. In 2007, ClamAV was bought by Sourcefire,[53] which in turn was acquired by Cisco Systems in 2013.[54]

In 2002, in United Kingdom, Morten Lund and Theis Søndergaard co-founded the antivirus firm BullGuard.[55]

In 2005, AV-TEST reported that there were 333,425 unique malware samples (based on MD5) in their database.[48]

2005–2014 period

In 2007, AV-TEST reported a number of 5,490,960 new unique malware samples (based on MD5) only for that year.[48] In 2012 and 2013, antivirus firms reported a new malware samples range from 300,000 to over 500,000 per day.[56][57]

Over the years it has become necessary for antivirus software to use several different strategies (e.g. specific email and network protection or low level modules) and detection algorithms, as well as to check an increasing variety of files, rather than just executables, for several reasons:

  • Powerful macros used in word processor applications, such as Microsoft Word, presented a risk. Virus writers could use the macros to write viruses embedded within documents. This meant that computers could now also be at risk from infection by opening documents with hidden attached macros.[58]
  • The possibility of embedding executable objects inside otherwise non-executable file formats can make opening those files a risk.[59]
  • Later email programs, in particular Microsoft's Outlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. A user's computer could be infected by just opening or previewing a message.[60]

In 2005, F-Secure was the first security firm that developed an Anti-Rootkit technology, called BlackLight.

Because most users are usually connected to the Internet on a continual basis, Jon Oberheide first proposed a Cloud-based antivirus design in 2008.[61]

In February 2008 McAfee Labs added the industry-first cloud-based anti-malware functionality to VirusScan under the name Artemis. It was tested by AV-Comparatives in February 2008[62] and officially unveiled in August 2008 in McAfee VirusScan.[63]

Cloud AV created problems for comparative testing of security software – part of the AV definitions was out of testers control (on constantly updated AV company servers) thus making results non-repeatable. As a result, Anti-Malware Testing Standards Organisation (AMTSO) started working on method of testing cloud products which was adopted on May 7, 2009.[64]

In 2011, AVG introduced a similar cloud service, called Protective Cloud Technology.[65]

2014–present: rise of next-gen, market consolidation

Following the 2013 release of the APT 1 report from Mandiant, the industry has seen a shift towards signature-less approaches to the problem capable of detecting and mitigating zero-day attacks.[66] Numerous approaches to address these new forms of threats have appeared, including behavioral detection, artificial intelligence, machine learning, and cloud-based file detonation. According to Gartner, it is expected the rise of new entrants, such Carbon Black, Cylance and Crowdstrike will force EPP incumbents into a new phase of innovation and acquisition.[67] One method from Bromium involves micro-virtualization to protect desktops from malicious code execution initiated by the end user. Another approach from SentinelOne and Carbon Black focuses on behavioral detection by building a full context around every process execution path in real time,[68][69] while Cylance leverages an artificial intelligence model based on machine learning.[70] Increasingly, these signature-less approaches have been defined by the media and analyst firms as "next-generation" antivirus[71] and are seeing rapid market adoption as certified antivirus replacement technologies by firms such as Coalfire and DirectDefense.[72] In response, traditional antivirus vendors such as Trend Micro,[73] Symantec and Sophos[74] have responded by incorporating "next-gen" offerings into their portfolios as analyst firms such as Forrester and Gartner have called traditional signature-based antivirus "ineffective" and "outdated".[75]

As of Windows 8, Windows includes its own free antivirus protection under the Windows Defender brand. Despite bad detection scores in its early days, AV-Test now certifies Defender as one of its top products.[76][77] While it isn't publicly known how the inclusion of antivirus software in Windows affected antivirus sales, Google search traffic for antivirus has declined significantly since 2010.[78]

Since 2016, there has been a notable amount of consolidation in the industry. Avast purchased AVG in 2016 for $1.3 billion.[79] Avira was acquired by Norton owner Gen Digital (then NortonLifeLock) in 2020 for $360 million.[80] In 2021, the Avira division of Gen Digital acquired BullGuard.[81] The BullGuard brand was discontinued in 2022 and its customers were migrated to Norton. In 2022, Gen Digital acquired Avast, effectively consolidating four major antivirus brands under one owner.[82]

Identification methods

In 1987, Frederick B. Cohen demonstrated that the algorithm, which would be able to detect all possible viruses, can't possibly exist (like the algorithm which determines whether or not the given program halts).[27] However, using different layers of defense, a good detection rate may be achieved.

There are several methods which antivirus engines can use to identify malware:

  • Sandbox detection: a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged which can include memory usage and network accesses,[83] the antivirus engine can determine if the program is malicious or not.[84] If not, then, the program is executed in the real environment. Albeit this technique has shown to be quite effective, given its heaviness and slowness, it is rarely used in end-user antivirus solutions.[85]
  • Data mining techniques: one of the latest approaches applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features, that are extracted from the file itself.[86][87][88][89][90][91][92][93][94][95][96][97][98][99][excessive citations]

Signature-based detection

Traditional antivirus software relies heavily upon signatures to identify malware.[100]

Substantially, when a malware sample arrives in the hands of an antivirus firm, it is analysed by malware researchers or by dynamic analysis systems. Then, once it is determined to be a malware, a proper signature of the file is extracted and added to the signatures database of the antivirus software.[101]

Although the signature-based approach can effectively contain malware outbreaks, malware authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.[102]

Heuristics

Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition.[103]

For example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct categories, Trojan.Vundo and Trojan.Vundo.B.[104][105]

While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code.[106] A detection that uses this method is said to be "heuristic detection".

Rootkit detection

Main article: Rootkit

Anti-virus software can attempt to scan for rootkits. A rootkit is a type of malware designed to gain administrative-level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases can tamper with the anti-virus program and render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-installation of the operating system.[107]

Real-time protection

Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, anti-spyware, and other anti-malware programs. This monitors computer systems for suspicious activity such as computer viruses, spyware, adware, and other malicious objects. Real-time protection detects threats in opened files and scans apps in real-time as they are installed on the device.[108] When inserting a CD, opening an email, or browsing the web, or when a file already on the computer is opened or executed.[109]

Issues of concern

Unexpected renewal costs

Some commercial antivirus software end-user license agreements include a clause that the subscription will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval. For example, McAfee requires users to unsubscribe at least 60 days before the expiration of the present subscription[110] while Bitdefender sends notifications to unsubscribe 30 days before the renewal.[111] Norton AntiVirus also renews subscriptions automatically by default.[112]

Rogue security applications

Main article: Rogue security software

Some apparent antivirus programs are actually malware masquerading as legitimate software, such as WinFixer, MS Antivirus, and Mac Defender.[113]

Problems caused by false positives

A "false positive" or "false alarm" is when antivirus software identifies a non-malicious file as malware. When this happens, it can cause serious problems. For example, if an antivirus program is configured to immediately delete or quarantine infected files, as is common on Microsoft Windows antivirus applications, a false positive in an essential file can render the Windows operating system or some applications unusable.[114] Recovering from such damage to critical software infrastructure incurs technical support costs and businesses can be forced to close whilst remedial action is undertaken.[115][116]

Examples of serious false-positives:

  • May 2007: a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.[117]
  • May 2007: the executable file required by Pegasus Mail on Windows was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running. Norton AntiVirus had falsely identified three releases of Pegasus Mail as malware, and would delete the Pegasus Mail installer file when that happened.[118] In response to this Pegasus Mail stated:
  • April 2010: McAfee VirusScan detected svchost.exe, a normal Windows binary, as a virus on machines running Windows XP with Service Pack 3, causing a reboot loop and loss of all network access.[119][120]
  • December 2010: a faulty update on the AVG anti-virus suite damaged 64-bit versions of Windows 7, rendering it unable to boot, due to an endless boot loop created.[121]
  • October 2011: Microsoft Security Essentials (MSE) removed the Google Chrome web browser, rival to Microsoft's own Internet Explorer. MSE flagged Chrome as a Zbot banking trojan.[122]
  • September 2012: Sophos' anti-virus suite identified various update-mechanisms, including its own, as malware. If it was configured to automatically delete detected files, Sophos Antivirus could render itself unable to update, required manual intervention to fix the problem.[123][124]
  • September 2017: the Google Play Protect anti-virus started identifying Motorola's Moto G4 Bluetooth application as malware, causing Bluetooth functionality to become disabled.[125]
  • September 2022: Microsoft Defender flagged all Chromium based web browsers and Electron based apps like WhatsApp, Discord, Spotify as a severe threat.[126]

Running (the real-time protection of) multiple antivirus programs concurrently can degrade performance and create conflicts.[127] However, using a concept called multiscanning, several companies (including G Data Software[128] and Microsoft[129]) have created applications which can run multiple engines concurrently.

It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.[130] Active antivirus protection may partially or completely prevent the installation of a major update. Anti-virus software can cause problems during the installation of an operating system upgrade, e.g. when upgrading to a newer version of Windows "in place"—without erasing the previous version of Windows. Microsoft recommends that anti-virus software be disabled to avoid conflicts with the upgrade installation process.[131][132][133] Active anti-virus software can also interfere with a firmware update process.[134]

The functionality of a few computer programs can be hampered by active anti-virus software. For example, TrueCrypt, a disk encryption program, states on its troubleshooting page that anti-virus programs can conflict with TrueCrypt and cause it to malfunction or operate very slowly.[135] Anti-virus software can impair the performance and stability of games running in the Steam platform.[136]

Support issues also exist around antivirus application interoperability with common solutions like SSL VPN remote access and network access control products.[137] These technology solutions often have policy assessment applications that require an up-to-date antivirus to be installed and running. If the antivirus application is not recognized by the policy assessment, whether because the antivirus application has been updated or because it is not part of the policy assessment library, the user will be unable to connect.

Effectiveness

Studies in December 2007 showed that the effectiveness of antivirus software had decreased in the previous year, particularly against unknown or zero day attacks. The computer magazine c't found that detection rates for these threats had dropped from 40 to 50% in 2006 to 20–30% in 2007. At that time, the only exception was the NOD32 antivirus, which managed a detection rate of 68%.[138] According to the ZeuS tracker website the average detection rate for all variants of the well-known ZeuS trojan is as low as 40%.[139]

The problem is magnified by the changing intent of virus authors. Some years ago it was obvious when a virus infection was present. At the time, viruses were written by amateurs and exhibited destructive behavior or pop-ups. Modern viruses are often written by professionals, financed by criminal organizations.[140]

In 2008, Eva Chen, CEO of Trend Micro, stated that the anti-virus industry has over-hyped how effective its products are—and so has been misleading customers—for years.[141]

Independent testing on all the major virus scanners consistently shows that none provides 100% virus detection. The best ones provided as high as 99.9% detection for simulated real-world situations, while the lowest provided 91.1% in tests conducted in August 2013. Many virus scanners produce false positive results as well, identifying benign files as malware.[142]

Although methods may differ, some notable independent quality testing agencies include AV-Comparatives, ICSA Labs, SE Labs, West Coast Labs, Virus Bulletin, AV-TEST and other members of the Anti-Malware Testing Standards Organization.[143][144]

New viruses

Anti-virus programs are not always effective against new viruses, even those that use non-signature-based methods that should detect new viruses. The reason for this is that the virus designers test their new viruses on the major anti-virus applications to make sure that they are not detected before releasing them into the wild.[145]

Some new viruses, particularly ransomware, use polymorphic code to avoid detection by virus scanners. Jerome Segura, a security analyst with ParetoLogic, explained:[146]

A proof of concept virus has used the Graphics Processing Unit (GPU) to avoid detection from anti-virus software. The potential success of this involves bypassing the CPU in order to make it much harder for security researchers to analyse the inner workings of such malware.[147]

Rootkits

Detecting rootkits is a major challenge for anti-virus programs. Rootkits have full administrative access to the computer and are invisible to users and hidden from the list of running processes in the task manager. Rootkits can modify the inner workings of the operating system and tamper with antivirus programs.[148]

Damaged files

If a file has been infected by a computer virus, anti-virus software will attempt to remove the virus code from the file during disinfection, but it is not always able to restore the file to its undamaged state.[149][150] In such circumstances, damaged files can only be restored from existing backups or shadow copies (this is also true for ransomware[151]); installed software that is damaged requires re-installation[152] (however, see System File Checker).

Firmware infections

Any writeable firmware in the computer can be infected by malicious code.[153] This is a major concern, as an infected BIOS could require the actual BIOS chip to be replaced to ensure the malicious code is completely removed.[154] Anti-virus software is not effective at protecting firmware and the motherboard BIOS from infection.[155] In 2014, security researchers discovered that USB devices contain writeable firmware which can be modified with malicious code (dubbed "BadUSB"), which anti-virus software cannot detect or prevent. The malicious code can run undetected on the computer and could even infect the operating system prior to it booting up.[156][157]

Performance and other drawbacks

Antivirus software has some drawbacks, first of which that it can impact a computer's performance.[158]

Furthermore, inexperienced users can be lulled into a false sense of security when using the computer, considering their computers to be invulnerable, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, it must be fine-tuned to minimize misidentifying harmless software as malicious (false positive).[159]

Antivirus software itself usually runs at the highly trusted kernel level of the operating system to allow it access to all the potential malicious process and files, creating a potential avenue of attack.[160] The US National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) intelligence agencies, respectively, have been exploiting anti-virus software to spy on users.[161] Anti-virus software has highly privileged and trusted access to the underlying operating system, which makes it a much more appealing target for remote attacks.[162] Additionally anti-virus software is "years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there", according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy.[162]

Alternative solutions

The command-line virus scanner of Clam AV 0.95.2 running a virus signature definition update, scanning a file, and identifying a Trojan.

Antivirus software running on individual computers is the most common method employed of guarding against malware, but it is not the only solution. Other solutions can also be employed by users, including Unified Threat Management (UTM), hardware and network firewalls, Cloud-based antivirus and online scanners.

Hardware and network firewall

Network firewalls prevent unknown programs and processes from accessing the system. However, they are not antivirus systems and make no attempt to identify or remove anything. They may protect against infection from outside the protected computer or network, and limit the activity of any malicious software which is present by blocking incoming or outgoing requests on certain TCP/IP ports. A firewall is designed to deal with broader system threats that come from network connections into the system and is not an alternative to a virus protection system.

Cloud antivirus

Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure.[163]

One approach to implementing cloud antivirus involves scanning suspicious files using multiple antivirus engines. This approach was proposed by an early implementation of the cloud antivirus concept called CloudAV. CloudAV was designed to send programs or documents to a network cloud where multiple antivirus and behavioral detection programs are used simultaneously in order to improve detection rates. Parallel scanning of files using potentially incompatible antivirus scanners is achieved by spawning a virtual machine per detection engine and therefore eliminating any possible issues. CloudAV can also perform "retrospective detection", whereby the cloud detection engine rescans all files in its file access history when a new threat is identified thus improving new threat detection speed. Finally, CloudAV is a solution for effective virus scanning on devices that lack the computing power to perform the scans themselves.[164]

Some examples of cloud anti-virus products are Panda Cloud Antivirus and Immunet. Comodo Group has also produced cloud-based anti-virus.[165][166]

Online scanning

Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. Periodic online scanning is a good idea for those that run antivirus applications on their computers because those applications are frequently slow to catch threats. One of the first things that malicious software does in an attack is disable any existing antivirus software and sometimes the only way to know of an attack is by turning to an online resource that is not installed on the infected computer.[167]

Specialized tools

The command-line rkhunter scanner is an engine to scan for Linux rootkits running on Ubuntu.

Virus removal tools are available to help remove stubborn infections or a certain type of infection. Examples include Windows Malicious Software Removal Tool,[168] Sophos Scan & Clean,[169] and Kaspersky Virus Removal Tool.[170] It is also worth noting that sometimes antivirus software can produce a false-positive result, indicating an infection where there is none.[171]

A rescue disk that is bootable, such as a CD or USB storage device, can be used to run antivirus software outside of the installed operating system in order to remove infections while they are dormant. A bootable rescue disk can be useful when, for example, the installed operating system is no longer bootable or has malware that is resisting all attempts to be removed by the installed antivirus software. Examples of software that can be used on a bootable rescue disk include the Trend Micro Rescue Disk,[172] Kaspersky Rescue Disk,[173] and Comodo Rescue Disk.[174] Most of the rescue disk software can also be installed onto a USB storage device that is bootable on newer computers.

Usage and risks

According to an FBI survey, major businesses lose $12 million annually dealing with virus incidents.[175] A survey by Symantec in 2009 found that a third of small to medium-sized business did not use antivirus protection at that time, whereas more than 80% of home users had some kind of antivirus installed.[176] According to a sociological survey conducted by G Data Software in 2010 49% of women did not use any antivirus program at all.[177]

See also

Citations

  1. "What is antivirus software?". Microsoft. http://www.microsoft.com/security/resources/antivirus-whatis.aspx. 
  2. von Neumann, John (1966) Theory of self-reproducing automata . University of Illinois Press.
  3. Thomas Chen, Jean-Marc Robert (2004). "The Evolution of Viruses and Worms". http://vx.netlux.org/lib/atc01.html. 
  4. From the first email to the first YouTube video: a definitive internet history . Tom Meltzer and Sarah Phillips. The Guardian . October 23, 2009
  5. IEEE Annals of the History of Computing, Volumes 27–28. IEEE Computer Society, 2005. 74 : "[...]from one machine to another led to experimentation with the Creeper program, which became the world's first computer worm: a computation that used the network to recreate itself on another node, and spread from node to node."
  6. 6.0 6.1 Metcalf, John (2014). "Core War: Creeper & Reaper". http://corewar.co.uk/creeper.htm. 
  7. "Creeper – The Virus Encyclopedia". http://virus.wikidot.com/creeper. 
  8. "Elk Cloner". http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci989616,00.html. 
  9. "Top 10 Computer Viruses: No. 10 – Elk Cloner". http://science.discovery.com/top-ten/2009/computer-viruses/computer-viruses-10.html. 
  10. "List of Computer Viruses Developed in 1980s". http://www.infoniac.com/hi-tech/list-of-computer-viruses-developed-in-1980s.html. 
  11. Fred Cohen: "Computer Viruses – Theory and Experiments" (1983) . Eecs.umich.edu (November 3, 1983). Retrieved on 2017-01-03.
  12. Cohen, Fred (April 1, 1988). "Invited Paper: On the Implications of Computer Viruses and Methods of Defense". Computers & Security 7 (2): 167–184. doi:10.1016/0167-4048(88)90334-3. 
  13. Szor 2005, p. [page needed].
  14. "Virus Bulletin :: In memoriam: Péter Ször 1970–2013". https://www.virusbtn.com/virusbulletin/archive/2013/12/vb201312-obituary-Peter-Szor. 
  15. Bassham, Lawrence; Polk, W. (October 1992). "History of Viruses". Nistir 4939. doi:10.6028/NIST.IR.4939. http://csrc.nist.gov/publications/nistir/threats/subsubsection3_3_1_1.html. 
  16. Leyden, John (January 19, 2006). "PC virus celebrates 20th birthday". The Register. https://www.theregister.co.uk/2006/01/19/pc_virus_at_20/. 
  17. "The History of Computer Viruses". November 10, 2017. https://www.bbvaopenmind.com/en/technology/digital-world/the-history-of-computer-viruses/. 
  18. Panda Security (April 2004). "(II) Evolution of computer viruses". http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?noticia=4974&entorno=&ver=&pagina=&producto=. 
  19. Kaspersky Lab Virus list. viruslist.com
  20. Wells, Joe (August 30, 1996). "Virus timeline". IBM. http://www.research.ibm.com/antivirus/timeline.htm. 
  21. G Data Software AG (2017). "G Data presents first Antivirus solution in 1987". https://www.gdatasoftware.com/about-g-data/company-profile. 
  22. Karsmakers, Richard (January 2010). "The ultimate Virus Killer Book and Software". http://st-news.com/uvk-book/. 
  23. "McAfee Becomes Intel Security". McAfee Inc. http://s927.t.en25.com/e/es.aspx?s=927&e=269752&elq=1610bb9546d14d169335d6b8d1b37f7c. 
  24. Cavendish, Marshall (2007). Inventors and Inventions, Volume 4. Paul Bernabeo. p. 1033. ISBN 978-0761477679. https://books.google.com/books?id=YcPvV893aXgC. 
  25. "About ESET Company". https://www.eset.com/int/about/. 
  26. "ESET NOD32 Antivirus". Vision Square. February 16, 2016. http://www.vsquare.co.th/index.php?option=com_djcatalog2&view=item&id=7:eset-nod32-antivirus&cid=1:soft-ware&Itemid=159. 
  27. 27.0 27.1 Cohen, Fred, An Undetectable Computer Virus (Archived), 1987, IBM
  28. Yevics, Patricia A.. "Flu Shot for Computer Viruses". americanbar.org. https://www.americanbar.org/newsletter/publications/gp_solo_magazine_home/gp_solo_magazine_index/tsp97flushot.html. 
  29. Strom, David (April 1, 2010). "How friends help friends on the Internet: The Ross Greenberg Story". wordpress.com. https://strom.wordpress.com/2010/04/01/ross-greenberg/. 
  30. "Anti-virus is 30 years old". spgedwards.com. April 2012. http://www.spgedwards.com/2012/04/anti-virus-is-30-years-old.html. 
  31. "A Brief History of Antivirus Software". techlineinfo.com. http://www.techlineinfo.com/a-brief-history-of-antivirus-software/. 
  32. Grimes, Roger A. (June 1, 2001). Malicious Mobile Code: Virus Protection for Windows. O'Reilly Media, Inc.. pp. 522. ISBN 9781565926820. https://books.google.com/books?id=GKDtVYJ0wesC&q=%22Ross+Greenberg%22+flushot&pg=PA43. 
  33. "Friðrik Skúlason ehf." (in is). http://www.frisk.is/fyrirtaeki.html. 
  34. Direccion General del Derecho de Autor, SEP, Mexico D.F. Registry 20709/88 Book 8, page 40, dated November 24, 1988.
  35. 35.0 35.1 "The 'Security Digest' Archives (TM) : www.phreak.org-virus_l". http://securitydigest.org/virus/mirror/www.phreak.org-virus_l/. 
  36. "Symantec Softwares and Internet Security at PCM". http://www.pcm.com/n/Symantec-Softwares/manufacturers-14. 
  37. SAM Identifies Virus-Infected Files, Repairs Applications, InfoWorld, May 22, 1989
  38. SAM Update Lets Users Program for New Viruses, InfoWorld, February 19, 1990
  39. Naveen, Sharanya. "Panda Security". http://www.gtts2012.com/panda-security/. 
  40. "Who we are – TG Soft Software House". http://www.tgsoft.it/english/about_eng.asp. 
  41. "A New Virus Naming Convention (1991) – CARO – Computer Antivirus Research Organization". http://www.caro.org/articles/naming.html. 
  42. "CARO Members". CARO. http://www.caro.org/users/index.html. 
  43. CAROids, Hamburg 2003
  44. "F-Secure Weblog : News from the Lab". F-secure.com. http://www.f-secure.com/weblog/. 
  45. "About EICAR". EICAR official website. http://www.eicar.org/6-0-General-Info.html. 
  46. Harley, David; Myers, Lysa; Willems, Eddy. "Test Files and Product Evaluation: the Case for and against Malware Simulation". AVAR2010 13th Association of anti Virus Asia Researchers International Conference. http://www.eset.com/resources/white-papers/AVAR-EICAR-2010.pdf. 
  47. "Dr. Web LTD Doctor Web / Dr. Web Reviews, Best AntiVirus Software Reviews, Review Centre". Reviewcentre.com. http://www.reviewcentre.com/reviews95169.html. 
  48. 48.0 48.1 48.2 48.3 [In 1994, AV-Test.org reported 28,613 unique malware samples (based on MD5). "A Brief History of Malware; The First 25 Years"]
  49. "BitDefender Product History". http://www.bitdefender.co.uk/site/Main/view/product-history.html. 
  50. "InfoWatch Management". InfoWatch. http://infowatch.com/company/management. 
  51. "Linuxvirus – Community Help Wiki". https://help.ubuntu.com/community/Linuxvirus. 
  52. "Sorry – recovering...". http://openantivirus.org. 
  53. "Sourcefire acquires ClamAV". ClamAV. August 17, 2007. http://www.clamav.org/2007/08/17/sourcefire-acquires-clamav/. 
  54. "Cisco Completes Acquisition of Sourcefire". October 7, 2013. http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html. 
  55. Der Unternehmer – brand eins online . Brandeins.de (July 2009). Retrieved on January 3, 2017.
  56. Williams, Greg (April 2012). "The digital detective: Mikko Hypponen's war on malware is escalating". Wired. https://www.wired.co.uk/magazine/archive/2012/04/features/the-digital-detective. 
  57. "Everyday cybercrime – and what you can do about it". http://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it.html. 
  58. Szor 2005, pp. 66–67.
  59. "New virus travels in PDF files". August 7, 2001. http://news.cnet.com/2100-1001-271267.html. 
  60. Slipstick Systems (February 2009). "Protecting Microsoft Outlook against Viruses". http://www.slipstick.com/outlook/antivirus.htm. 
  61. "CloudAV: N-Version Antivirus in the Network Cloud". usenix.org. https://www.usenix.org/legacy/event/sec08/tech/full_papers/oberheide/oberheide_html/index.html. 
  62. McAfee Artemis Preview Report . av-comparatives.org
  63. McAfee Third Quarter 2008 . corporate-ir.net
  64. "AMTSO Best Practices for Testing In-the-Cloud Security Products". AMTSO. http://www.amtso.org/download/amtso-best-practices-for-testing-in-the-cloud-security-products. 
  65. "TECHNOLOGY OVERVIEW". http://www.avgsecurity.co.za/technology-overview. 
  66. Barrett, Brian (18 October 2018). "The Mysterious Return of Years-Old Chinese Malware". Wired. https://www.wired.com/story/mysterious-return-of-years-old-chinese-malware-apt1/. Retrieved 16 June 2019. 
  67. "Magic Quadrant Endpoint Protection Platforms 2016". Gartner Research. https://www.gartner.com/doc/reprints?id=1-2XXIZ8F. 
  68. Messmer, Ellen (2014-08-20). "Start-up offers up endpoint detection and response for behavior-based malware detection". networkworld.com. http://www.networkworld.com/article/2466793/security0/start-up-offers-up-endpoint-detection-and-response-for-behavior-based-malware-detection.html. 
  69. "Homeland Security Today: Bromium Research Reveals Insecurity in Existing Endpoint Malware Protection Deployments". http://www.hstoday.us/briefings/industry-news/single-article/bromium-research-reveals-insecurity-in-existing-endpoint-malware-protection-deployments/05ccfa234d62872b3d3a5422f2cbd4bd.html. 
  70. "Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out". Forbes. July 6, 2016. https://www.forbes.com/sites/thomasbrewster/2016/07/06/duelling-unicorns-crowdstrike-vs-cylance-in-brutal-battle-to-knock-hackers-out/#9cd0a3b12114. 
  71. Potter, Davitt (June 9, 2016). "Is Anti-virus Dead? The Shift Toward Next-Gen Endpoints". http://thevarguy.com/blog/anti-virus-dead-shift-toward-next-gen-endpoints. 
  72. "CylancePROTECT® Achieves HIPAA Security Rule Compliance Certification". Cylance. https://www.cylance.com/cylanceprotect-achieves-hipaa-security-rule-compliance-certification. 
  73. "Trend Micro-XGen". Trend Micro. October 18, 2016. http://www.trendmicro.com/us/business/xgen/index.html?cm_mmc=VURL:www.trendmicro.com-_-VURL-_-/xgen/index.html-_-vanity. 
  74. "Next-Gen Endpoint". Sophos. https://www.sophos.com/en-us/products/endpoint-antivirus.aspx. 
  75. The Forrester Wave™: Endpoint Security Suites, Q4 2016 . Forrester.com (October 19, 2016). Retrieved on 2017-01-03.
  76. "Is Windows Defender Good Enough? Not Yet" (in en). 2016-05-25. https://www.tomsguide.com/us/avoid-windows-defender,news-22729.html. 
  77. "Test antivirus software for Windows 11 - October 2023" (in en-US). https://www.av-test.org/en/antivirus/home-windows/. 
  78. "Google Trends" (in en-US). https://trends.google.com/trends/explore?date=all&q=antivirus&hl=en. 
  79. "Avast Announces Agreement to Acquire AVG for $1.3B" (in en). https://press.avast.com/avast-announces-agreement-to-acquire-avg-for-13b. 
  80. Lunden, Ingrid (2020-12-07). "NortonLifeLock acquires Avira in $360M all-cash deal, 8 months after Avira was acquired for $180M" (in en-US). https://techcrunch.com/2020/12/07/nortonlifelock-acquires-avira-in-360m-all-cash-deal-8-months-after-avira-was-acquired-for-180m/. 
  81. "BullGuard to drop name in favour of Norton branding" (in en). 2022-02-07. https://www.itpro.com/business/business-strategy/367111/bullguard-to-drop-name-in-favour-of-norton-branding. 
  82. "NortonLifeLock Completes Merger with Avast" (in en). https://press.avast.com/nortonlifelock-completes-merger-with-avast. 
  83. Lv, Mingqi; Zeng, Huan; Chen, Tieming; Zhu, Tiantian (2023-10-01). "CTIMD: Cyber Threat Intelligence Enhanced Malware Detection Using API Call Sequences with Parameters". Computers & Security 136: 103518. doi:10.1016/j.cose.2023.103518. ISSN 0167-4048. https://www.sciencedirect.com/science/article/pii/S0167404823004285. 
  84. Sandboxing Protects Endpoints | Stay Ahead Of Zero Day Threats . Enterprise.comodo.com (June 20, 2014). Retrieved on 2017-01-03.
  85. Szor 2005, pp. 474–481.
  86. Kiem, Hoang; Thuy, Nguyen Yhanh and Quang, Truong Minh Nhat (December 2004) "A Machine Learning Approach to Anti-virus System", Joint Workshop of Vietnamese Society of AI, SIGKBS-JSAI, ICS-IPSJ and IEICE-SIGAI on Active Mining; Session 3: Artificial Intelligence, Vol. 67, pp. 61–65
  87. Data Mining Methods for Malware Detection. 2008. pp. 15–. ISBN 978-0-549-88885-7. https://books.google.com/books?id=lZto6RraGOwC&pg=PR15. 
  88. Dua, Sumeet; Du, Xian (April 19, 2016). Data Mining and Machine Learning in Cybersecurity. CRC Press. pp. 1–. ISBN 978-1-4398-3943-0. https://books.google.com/books?id=1-FY-U30lUYC&pg=PP1. 
  89. Firdausi, Ivan; Lim, Charles; Erwin, Alva; Nugroho, Anto Satriyo (2010). "Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection". 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies. p. 201. doi:10.1109/ACT.2010.33. ISBN 978-1-4244-8746-2. 
  90. Siddiqui, Muazzam; Wang, Morgan C.; Lee, Joohan (2008). "A survey of data mining techniques for malware detection using file features". Proceedings of the 46th Annual Southeast Regional Conference on XX – ACM-SE 46. p. 509. doi:10.1145/1593105.1593239. ISBN 9781605581057. 
  91. Deng, P.S.; Jau-Hwang Wang; Wen-Gong Shieh; Chih-Pin Yen; Cheng-Tan Tung (2003). "Intelligent automatic malicious code signatures extraction". IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, 2003. Proceedings. p. 600. doi:10.1109/CCST.2003.1297626. ISBN 978-0-7803-7882-7. 
  92. Komashinskiy, Dmitriy; Kotenko, Igor (2010). "Malware Detection by Data Mining Techniques Based on Positionally Dependent Features". 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing. p. 617. doi:10.1109/PDP.2010.30. ISBN 978-1-4244-5672-7. 
  93. Schultz, M.G.; Eskin, E.; Zadok, F.; Stolfo, S.J. (2001). "Data mining methods for detection of new malicious executables". Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001. p. 38. doi:10.1109/SECPRI.2001.924286. ISBN 978-0-7695-1046-0. 
  94. Ye, Yanfang; Wang, Dingding; Li, Tao; Ye, Dongyi (2007). "IMDS". Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining – KDD '07. p. 1043. doi:10.1145/1281192.1281308. ISBN 9781595936097. 
  95. Kolter, J. Zico; Maloof, Marcus A. (December 1, 2006). "Learning to Detect and Classify Malicious Executables in the Wild". J. Mach. Learn. Res. 7: 2721–2744. http://dl.acm.org/citation.cfm?id=1248547.1248646. 
  96. Tabish, S. Momina; Shafiq, M. Zubair; Farooq, Muddassar (2009). "Malware detection using statistical analysis of byte-level file content". Proceedings of the ACM SIGKDD Workshop on Cyber Security and Intelligence Informatics – CSI-KDD '09. p. 23. doi:10.1145/1599272.1599278. ISBN 9781605586694. 
  97. Ye, Yanfang; Wang, Dingding; Li, Tao; Ye, Dongyi; Jiang, Qingshan (2008). "An intelligent PE-malware detection system based on association mining". Journal in Computer Virology 4 (4): 323. doi:10.1007/s11416-008-0082-4. 
  98. Sami, Ashkan; Yadegari, Babak; Peiravian, Naser; Hashemi, Sattar; Hamze, Ali (2010). "Malware detection based on mining API calls". Proceedings of the 2010 ACM Symposium on Applied Computing – SAC '10. p. 1020. doi:10.1145/1774088.1774303. ISBN 9781605586397. 
  99. Shabtai, Asaf; Kanonov, Uri; Elovici, Yuval; Glezer, Chanan; Weiss, Yael (2011). ""Andromaly": A behavioral malware detection framework for android devices". Journal of Intelligent Information Systems 38: 161. doi:10.1007/s10844-010-0148-x. 
  100. Fox-Brewster, Thomas. "Netflix Is Dumping Anti-Virus, Presages Death Of An Industry". Forbes. https://www.forbes.com/sites/thomasbrewster/2015/08/26/netflix-and-death-of-anti-virus/. 
  101. Automatic Malware Signature Generation . (PDF) . Retrieved on January 3, 2017.
  102. Szor 2005, pp. 252–288.
  103. "Generic detection". Kaspersky. http://www.securelist.com/en/glossary?glossid=189210517. 
  104. Symantec Corporation (February 2009). "Trojan.Vundo". http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99. 
  105. Symantec Corporation (February 2007). "Trojan.Vundo.B". http://www.symantec.com/security_response/writeup.jsp?docid=2005-042810-2611-99. 
  106. "Antivirus Research and Detection Techniques". ExtremeTech. http://www.extremetech.com/article2/0,2845,1154648,00.asp. 
  107. "Terminology – F-Secure Labs". http://www.f-secure.com/en_EMEA/security/virus-removal/virus-information/encyclopedia/encyclopedia_rootkit.html. 
  108. "Real-Time Protection". https://support.kaspersky.com/KISA/MR21/en-us/71782.htm. 
  109. "Kaspersky Cyber Security Solutions for Home & Business | Kaspersky". Archived from the original on March 12, 2006. https://web.archive.org/web/20060312194238/http://www.kaspersky.com/faq?chapter=170710015&qid=173727547. 
  110. Kelly, Michael (October 2006). "Buying Dangerously". http://michaelkelly.blogs.com/buyingdangerously/2006/10/bad_mcafee_on_a.html. 
  111. Bitdefender (2009). "Automatic Renewal". http://www.bitdefender.com/site/KnowledgeBase/consumer/#542. 
  112. Symantec (2014). "Norton Automatic Renewal Service FAQ". https://support.norton.com/sp/en/uk/home/current/solutions/kb20080417115558EN_EndUserProfile_en_us. 
  113. SpywareWarrior (2007). "Rogue/Suspect Anti-Spyware Products & Web Sites". http://www.spywarewarrior.com/rogue_anti-spyware.htm. 
  114. Protalinski, Emil (November 11, 2008). "AVG incorrectly flags user32.dll in Windows XP SP2/SP3". Ars Technica. https://arstechnica.com/microsoft/news/2008/11/avg-incorrectly-flags-user32-dll-in-windows-xp-sp2sp3.ars. 
  115. "McAfee to compensate businesses for buggy update". http://www.zdnet.co.uk/news/security-management/2010/04/27/mcafee-to-compensate-businesses-for-buggy-update-40088779/. 
  116. "Buggy McAfee update whacks Windows XP PCs". http://news.cnet.com/8301-1009_3-20003074-83.html. 
  117. Tan, Aaron (May 24, 2007). "Flawed Symantec update cripples Chinese PCs". CNET Networks. http://news.cnet.com/Flawed-Symantec-update-cripples-Chinese-PCs/2100-1002_3-6186271.html. 
  118. 118.0 118.1 Harris, David (June 29, 2009). "January 2010 – Pegasus Mail v4.52 Release". Pegasus Mail. http://www.pmail.com/v45x.htm. 
  119. "McAfee DAT 5958 Update Issues". April 21, 2010. http://isc.sans.org/diary.html?storyid=8656. 
  120. "Botched McAfee update shutting down corporate XP machines worldwide". April 21, 2010. https://www.engadget.com/2010/04/21/mcafee-update--shutting-down-xp-machines/. 
  121. Leyden, John (December 2, 2010). "Horror AVG update ballsup bricks Windows 7". The Register. https://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/. 
  122. MSE false positive detection forces Google to update Chrome, 2011-10-03, http://www.theinquirer.net/inquirer/news/2113892/mse-false-positive-detection-forces-google-update-chrome, retrieved October 3, 2011 
  123. Sophos Antivirus Detects Itself as Malware, Deletes Key Binaries, The Next Web, 2012-09-20, https://thenextweb.com/insider/2012/09/20/sophos-antimalware-software-detects-malware-deletes-critical-binaries/, retrieved March 5, 2014 
  124. Shh/Updater-B false positive by Sophos anti-virus products, Sophos, 2012-09-19, http://nakedsecurity.sophos.com/2012/09/19/sshupdater-b-fsophos-anti-virus-products/, retrieved March 5, 2014 
  125. If Google Play Protect is breaking bluetooth on your Moto G4 Plus, don't worry because there's a fix, Android Police, 2017-09-11, http://www.androidpolice.com/2017/09/11/google-play-protect-breaking-bluetooth-moto-g4-plus-dont-worry-theres-fix/, retrieved November 1, 2017 
  126. Windows Defender is reporting a false-positive threat 'Behavior:Win32/Hive.ZY'; it's nothing to be worried about, Windows Central, 2022-09-05, https://www.windowscentral.com/software-apps/windows-11/windows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about, retrieved September 5, 2012 
  127. "Plus! 98: How to Remove McAfee VirusScan". Microsoft. January 2007. https://support.microsoft.com/kb/189264. 
  128. Vamosi, Robert (May 28, 2009). "G-Data Internet Security 2010". PC World. http://www.pcworld.com/article/165600/gdata_internet_security_2010.html. 
  129. Higgins, Kelly Jackson (May 5, 2010). "New Microsoft Forefront Software Runs Five Antivirus Vendors' Engines". Darkreading. http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224700879. 
  130. "Steps to take before you install Windows XP Service Pack 3". Microsoft. April 2009. http://support.microsoft.com/kb/950717. 
  131. "Upgrading from Windows Vista to Windows 7". http://windows.microsoft.com/en-gb/windows7/help/upgrading-from-windows-vista-to-windows-7?T1=tab03.  Mentioned within "Before you begin".
  132. "Upgrading to Microsoft Windows Vista recommended steps.". http://www.computerhope.com/issues/ch000924.htm. 
  133. "How to troubleshoot problems during installation when you upgrade from Windows 98 or Windows Millennium Edition to Windows XP". May 7, 2007. http://support.microsoft.com/kb/310064.  Mentioned within "General troubleshooting".
  134. "BT Home Hub Firmware Upgrade Procedure". http://www.stevelarkins.freeuk.com/bthomehub_softwareupgrade.htm. 
  135. "Troubleshooting". http://www.truecrypt.org/docs/?s=troubleshooting. 
  136. "Spyware, Adware, and Viruses Interfering with Steam". https://support.steampowered.com/kb_article.php?ref=6057-YLBN-1660.  Steam support page.
  137. "Field Notice: FN – 63204 – Cisco Clean Access has Interoperability issue with Symantec Anti-virus – delays Agent start-up". http://www.cisco.com/en/US/ts/fn/632/fn63204.html. 
  138. Goodin, Dan (December 21, 2007). "Anti-virus protection gets worse". Channel Register. http://www.channelregister.co.uk/2007/12/21/dwindling_antivirus_protection/. 
  139. "ZeuS Tracker :: Home". https://zeustracker.abuse.ch/. 
  140. Illett, Dan (July 13, 2007). "Hacking poses threats to business". Computer Weekly. http://www.computerweekly.com/Articles/2007/07/13/225537/hacking-poses-threats-to-business.htm. 
  141. Espiner, Tom (June 30, 2008). "Trend Micro: Antivirus industry lied for 20 years". ZDNet. http://www.zdnet.com/trend-micro-antivirus-industry-lied-for-20-years-3039440184/. 
  142. AV Comparatives (December 2013). "Whole Product Dynamic "Real World" Production Test". http://www.av-comparatives.org/wp-content/uploads/2013/12/avc_prot_2013b_en.pdf. 
  143. Kirk, Jeremy (2010-06-14). "Guidelines released for antivirus software tests". http://www.computerworld.com/s/article/9178037/Guidelines_released_for_antivirus_software_tests. 
  144. Harley, David (2011). AVIEN Malware Defense Guide for the Enterprise. Elsevier. p. 487. ISBN 9780080558660. https://books.google.com/books?id=LBzXf0A-jQwC. 
  145. Kotadia, Munir (July 2006). "Why popular antivirus apps 'do not work'". http://www.zdnet.com.au/why-popular-antivirus-apps-do-not-work-139264249.htm?omnRef=NULL. 
  146. 146.0 146.1 The Canadian Press (April 2010). "Internet scam uses adult game to extort cash". CBC News. http://www.cbc.ca/consumer/story/2010/04/16/con-adult-video-virus.html. 
  147. "Researchers up evilness ante with GPU-assisted malware". https://www.theregister.co.uk/2010/09/28/gpu_assisted_malware/. 
  148. Iresh, Gina (April 10, 2010). "Review of Bitdefender Antivirus Security Software 2017 edition". Digital Grog. http://www.digitalgrog.com.au/software/how-to-secure-your-desktop-and-laptop-with-antivirus-software/. 
  149. "Why F-PROT Antivirus fails to disinfect the virus on my computer?". http://www.f-prot.com/support/windows/fpwin_faq/324.html. 
  150. "Actions to be performed on infected objects". http://latam.kaspersky.com/knowledge-base-article/1526. 
  151. "Cryptolocker Ransomware: What You Need To Know". 2013-10-08. http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/. 
  152. "How Anti-Virus Software Works". http://www-cs-faculty.stanford.edu/~eroberts/cs201/projects/viruses/anti-virus.html. 
  153. "The 10 faces of computer malware". July 17, 2009. http://www.techrepublic.com/blog/10things/the-10-faces-of-computer-malware/881. 
  154. "New BIOS Virus Withstands HDD Wipes". March 27, 2009. http://www.tomshardware.co.uk/bios-virus-rootkit-security-backdoor,news-30759.html. 
  155. "Phrack Inc. Persistent BIOS Infection". June 1, 2009. http://www.phrack.com/archives/66/p66_0x07_Persistent%20BIOS%20infection_by_aLS%20and%20Alfredo.txt. 
  156. "Turning USB peripherals into BadUSB". https://srlabs.de/badusb/. 
  157. Greenberg, Andy (July 31, 2014). "Why the Security of USB Is Fundamentally Broken". Wired. https://www.wired.com/2014/07/usb-security/. Retrieved October 11, 2014. 
  158. "How Antivirus Software Can Slow Down Your Computer". Support.com Blog. http://www.support.com/blog/post/how-antivirus-software-can-slow-down-your-computer. 
  159. "Softpedia Exclusive Interview: Avira 10". Ionut Ilascu. Softpedia. April 14, 2010. http://news.softpedia.com/news/Avira-s-New-Anti-Malware-Fleet-139829.shtml. 
  160. "Norton AntiVirus ignores malicious WMI instructions". Munir Kotadia. CBS Interactive. October 21, 2004. http://www.zdnet.com.au/news/security/soa/Norton-AntiVirus-ignores-malicious-WMI-instructions/0,130061744,139163678,00.htm. 
  161. "NSA and GCHQ attacked antivirus software so that they could spy on people, leaks indicate". June 24, 2015. http://www.belfasttelegraph.co.uk/technology/nsa-and-gchq-attacked-antivirus-software-so-that-they-could-spy-on-people-leaks-indicate-31327280.html. 
  162. 162.0 162.1 "Popular security software came under relentless NSA and GCHQ attacks". Andrew Fishman, Morgan Marquis-Boire. June 22, 2015. https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/. 
  163. Zeltser, Lenny (October 2010). "What Is Cloud Anti-Virus and How Does It Work?". http://blog.zeltser.com/post/1256199682/what-is-cloud-anti-virus. 
  164. Erickson, Jon (August 6, 2008). "Antivirus Software Heads for the Clouds". Information Week. http://www.informationweek.com/blog/main/archives/2008/08/antivirus_softw.html. 
  165. "Comodo Cloud Antivirus released". wikipost.org. http://wikipost.org/topic/2h7PggduooGeXanMKUGFghAIw1AqK6Xg/Comodo-Cloud-Antivirus-Beta3-Version-1-0-376043-87-is-Released.html. 
  166. "Comodo Cloud Antivirus User Guideline PDF". help.comodo.com. https://help.comodo.com/uploads/helpers/Comodo_Cloud_Antivirus_ver.1.0_User_Guide.pdf. 
  167. Krebs, Brian (March 9, 2007). "Online Anti-Virus Scans: A Free Second Opinion". The Washington Post. http://voices.washingtonpost.com/securityfix/2007/03/online_antivirus_scans_a_free.html. 
  168. "Windows Malicious Software Removal Tool 64-bit". Microsoft. https://www.microsoft.com/en-us/download/details.aspx?id=9905. 
  169. "Sophos Scan & Clean". Sophos. https://www.sophos.com/en-us/free-tools/virus-removal-tool. 
  170. "Download Kaspersky Virus Removal Tool application". Kaspersky Lab. https://www.kaspersky.com/downloads/free-virus-removal-tool. 
  171. "How To Tell If a Virus Is Actually a False Positive". How To Geek. https://www.howtogeek.com/180162/how-to-tell-if-a-virus-is-actually-a-false-positive/. 
  172. "Rescue Disk". Trend Micro. https://www.trendmicro.com/en_us/forHome/products/free-tools/rescue-disk.html. 
  173. "Download Kaspersky Rescue Disk". Kaspersky Lab. https://www.kaspersky.com/downloads/free-rescue-disk. 
  174. "Best Comodo Rescue Disk 2022". Comodo Group. https://www.comodo.com/business-security/network-protection/rescue-disk.php. 
  175. "FBI estimates major companies lose $12m annually from viruses". January 30, 2007. http://www.chattanoogan.com/articles/article_100752.asp. 
  176. Kaiser, Michael (April 17, 2009). "Small and Medium Size Businesses are Vulnerable". National Cyber Security Alliance. http://www.staysafeonline.org/blog/small-and-medium-size-businesses-are-vulnerable. 
  177. Nearly 50% Women Don’t Use Anti-virus Software . Spamfighter.com (September 2, 2010). Retrieved on January 3, 2017.

General bibliography

  • Szor, Peter (2005). The Art of Computer Virus Research and Defense. Addison-Wesley. ISBN 978-0-321-30454-4. 


      PLEASE BE CAUTIOUS ADDING MORE EXTERNAL LINKS.

Wikipedia is not a collection of links and should not be used for advertising. 

    Excessive or inappropriate links will be removed.

See Wikipedia:External links and Wikipedia:Spam for details.

If there are already suitable links, propose additions or replacements on the article's talk page, or submit your link to the relevant category at the Open Directory Project (dmoz.org) and link there using Lab Kaspersky Lab at Curlie. -->

This article is part of a series on
Information security
Related security categories
Threats
Defenses




Retrieved from "https://handwiki.org/wiki/index.php?title=Company:Kaspersky_Lab&oldid=4021895"