Hello, Boys and Girls of Reddit!
20 years at Kaspersky Lab, and computer security still amazes me!
My business is about protecting people and organizations from cyberthreats. People often ask me “Hey Eugene, how’s business?” And I always say “Business is good, unfortunately”.
The threat landscape is evolving fast. We increasingly depend on computerized equipment and networks - which means the risks we face in cyberspace are growing as well. Plus: cybersecurity has also become a very hot political topic.
Future of cybersecurity, cyber-warfare, cyber-tactics in an increasingly politicized world, attribution, relationship between governments and cybersecurity, artificial intelligence, Russian hackers – what do you want to know?
And of course there’s our company: we’re different, and well-known, and that comes with a price. Myths start to appear, and many people don’t know what’s fact and what’s fiction. Well, I do.
The truth matters – and I’m ready to explain whatever you want to know, about cybersecurity, our company, or even myself.
You can start posting your questions right now! And from 9.00 am EST I’ll start answering them! Ask me anything! Let’s make it fun and interesting!
The answers will be all mine (although I’ve got one of our guys here with me to post the replies.)
My personal blog
PROOF

UPDATE 1:10 PM EST: Thanks for your questions folks! Especially for the tough ones. That was really interesting, but I have to go back to work now! I’ll do my best to come back later to answer questions which I couldn’t address today using my blog. Aloha!
UPDATE 2:20 PM EST OK. Answered more. Thank you all again. Have a nice day!

Comments: 2667 • Responses: 56  • Date: 

qwell6805 karma

The US Senate Intel committee is currently interviewing the heads of the intelligence community. They were just asked whether they would be comfortable running Kaspersky software on their computers. The answer was unanimous: No.

Thoughts?

Edit: He responded.

e_kaspersky2034 karma

I respectfully disagree with their opinion, and I’m very sorry these gentlemen can’t use the best software on the market because of political reasons.

jimohio240 karma

Brings to mind the Wired article from 7/2012 - Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals - Kaspersky has 300 million customers. His geek squad uncovers US cyberweapons. And he has deep ties to the KGB’s successors in Moscow."

e_kaspersky500 karma

Hi! As i said earlier, this article is complete and utter BS.

jazzchamp151 karma

Article referenced

What part(s) of the article is BS?

e_kaspersky688 karma

Hi! detailed here

HitlerLovedLemons1763 karma

What's your first dog's name and mother's maiden name?

e_kaspersky1411 karma

Nice try:-), and please note that phishing can be a punishable offense in the place you live in.

ArcticBlueCZ969 karma

Does Russian government have any influence on your company? Do you share any user data or information with the government?

e_kaspersky263 karma

We paid a speaker fee for DC public conference. Nothing scandalous here people, he was a good speaker.

e_kaspersky485 karma

We don’t share any user data with any government including Russia. We don't have ties to any government other than paying taxes (we pay taxes in many countries as we are a very international company).

goretsky776 karma

Hello Mr. Kaspersky,

I have three questions for you:

  1. Do you think it is still possible to secure embedded systems (aka the Internet of Things), or is that an impossibility now, practically speaking?

  2. If there was one thing you could every average computer user to do to improve their security, what would it be?

  3. If you were a person of interest in the murder of your neighbor in a tiny Central American country, what would your strategy be for clearing your name? (asking for a friend)

Thank you for taking the time to read this. I look forward to your answers.

Regards,

Aryeh Goretsky

e_kaspersky668 karma

  1. A secure embedded operating system is possible and we are working on it.
  2. Stop trusting everyone on the internet
  3. I will recommend not to be in such a situation. But if you are in it I think the best strategy is to answer allegations face to face, not to hide from them. And call a lawyer.

Waffles2g755 karma

Do you use a user account with local admin rights on your machine?

e_kaspersky868 karma

No, and neither should you.

D_Orb725 karma

What was your reaction to having your executive charged with treason? What is your response to this article?

http://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/

e_kaspersky694 karma

Unfortunately we have zero information about the case, it is classified, and the company is not involved in the investigation. I was very surprised because the arrested guy was very enthusiastic about fighting against cybercrime.

DeedTheInky338 karma

Do you still believe that anonymity should be removed from the internet and that everyone should be forced to have an online passport and be monitored by 'internet police' as stated in this interview? Excerpt:

That's it? What's wrong with the design of the Internet?

There's anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people--hundreds, or maybe thousands. Then it was introduced to the public and it was wrong…to introduce it in the same way.

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

e_kaspersky477 karma

I did change my mind on anonymity in the Internet. I was saying all this long ago. I believe there should be a special private part of the Internet with no need for any such ID, another part requiring identification, and one in between.

There’s no need for ID for watching news or sending e-mails. But if we speak about access to functions like government services / online elections, financial services, we need digital ID to reduce risk of crime / abuse here. And there is a middle zone like online stores that might need a proof of age for buying some goods.

AlexStann273 karma

Eugene, do you use a password manager?

e_kaspersky364 karma

I do, our own one.

Sovent255 karma

When did you wrote your last line of code? And what was it?

e_kaspersky364 karma

First days of January 2010, location: Patriot Hills base, Antarctica.

suitedupforaction243 karma

What are some of the myths about malware and cybersecurity that didn't hold water in the earlier days (say 1990-2005), but turned out to be real and threatening post that age?

e_kaspersky350 karma

Good question, was trying to recall such myths back from those days. Unrealistic myths, some ridiculous stuff never came into reality. But some bleak predictions like Internet worms, attacks on industrial systems, mobile malware, they all came true.

itisRobertK229 karma

What is the process of finding a solution to a cyberthreat? Is it like coding in reverse, or more like chess, or does it depend from time to time?

e_kaspersky435 karma

99.99%+ of the incoming malicious code is done automatically by our self-learning systems. The rest goes to the hands of our virus analysts working around the clock, mostly their job is about reverse-engineering of malicious code. Very complicated cases go to our special team of experts, and large investigations look more like collecting a very big and complicated puzzle, not chess.

FAHQT204 karma

What is your advice for teenagers that want to get a job in the cybersecurity field?Should we focus only on one field like web exploatation, reversing, cryptography?Do we really need a college degree?

e_kaspersky317 karma

I recommend cryptology, if you can do it, you can do anything. A college degree is not necessary, but university education is a very good helper to a bright mind.

InfoSec_Jackass170 karma

Would you say you are more of a fancy bear or a cozy bear?

e_kaspersky233 karma

I’m a Kamchatka bear-hunter.

liarandathief128 karma

What was the last big threat that really blew you away with its ingenuity?

second question, what is your interaction with law enforcement like? Do you assist governments in apprehending the virus makers?

e_kaspersky169 karma

  1. I’d need a lot of time to answer the first one. In short I can name Carbanak, Equation and Satellite Turla as those employing the most tricky tools. Check our reports for more details.
    2-3. There are many investigations in many regions and we assist many national and international cyberpolice forces like Interpol and Europol to stop criminal schemes and arrest the attackers. Many cases.

Riley_Groves124 karma

Second question:

How come Kaspersky don't offer a free AV like many of your competitors do?

e_kaspersky338 karma

We already offer free solution in several regions, but later this year we’ll have some good global news. Pure free global solution (not a trial).

liquidmoon106 karma

Have you seen a change in business in the US in recent months? (since there has been a focus on Russia and ties to the Leadership)

Edit- grammar

e_kaspersky173 karma

We didn’t see any real impact on our business, but all these stories, they don’t make me happy. But to some extent they give us something close to free advertising. But what makes me really feel good is how our international team, including in the U.S. is working great with all this media pressure.

zenomeno97 karma

Do the the new artificial intelligence based malware detection systems copy your signatures?

e_kaspersky97 karma

Hi! Not exactly but close to that

Richa65288 karma

I was doing a study abroad about 9 years ago in Belgium. We spent time at NATO and SHAPE and one of our lecturers made it a point to mention cyber security and cyber warfare would be the battles of the future.

How much work have you done with international governments? We will ever reach a period where security can't be outpaced by developing tech and tricks?

e_kaspersky152 karma

In the current technical situation and in our current stage of technical evolution it is usually so much easier to attack in cyberworld, than to defend, to prevent attacks and to defend them. But I hope that global leaders will be smart enough not to start wars in cyberspace. I vote 100% for forbidding cyberweapons, same as for chemical and biological weapons. I hope there will be an international treaty against cyberweapons. Unfortunately it won’t solve the threat of cyberterrorism.
See more here

abbjo67 karma

Guess many have heard of the complexity and the difficulty of reversing Stuxnet, but I was wondering if there is a sample, or family, that had you or the team working long and hard to understand it? Or maybe just baffled or amazed by it's complexity or stupidity.

Pretty much anything that have made an impression.

e_kaspersky218 karma

I personally don’t analyze the code since 2007, so I suggest my GReAT guys can give a much better answer.
One of the most idiotic things I saw was a 13-byte MS-DOS computer worm which simply copied itself on the hard drive. Once.

chrisfrap52 karma

Looking back on the past 20 years, is there any aspect of Security that you feel Kaspersky has gotten into too late?

e_kaspersky91 karma

20 years ago we were a tiny, globally invisible Moscow-based bootstrap. We simply didn’t have a lot of resources, and we knew we were losing opportunities. So first of all, we made the world’s best antivirus engine, and we licensed it to few other AV companies, because we didn’t have resources to develop a product. We had 5 engineers. We couldn’t do enterprise products, network security.
But ten years ago, based on our success, we invested in a wide range of security technologies, including our unique proprietary secure operating system.

judgedeath251 karma

Does the company have any plans to move farther away from signature-based AV to the more "next gen" solutions like Cylance or SentinelOne?

e_kaspersky83 karma

We are not relying on signature-based AV only for many-many years, check this whitepaper
About ‘next-gen’ solutions, way too often we don’t see them in regular independent tests. How do you they know they are effective, because they tell you so?

00xNull40 karma

There were articles on topic "Antivirus is dead". What is the future of antivirus ?

e_kaspersky77 karma

In future we need to move from security to immunity, we need to have immune platforms and network infrastructure that would be immune to cyberattacks.

TimeMachineToaster35 karma

How do you stay current on new threats/viruses?

e_kaspersky74 karma

My office is 5 meters away from some of my best researchers. And on my business trips I’m always in touch with our Global Research and Analysis Team (GReAT)

a_rybalchenko28 karma

Hello, Eugene

How is the investigation of the FAS against Microsoft proceeding? Do you plan to enter into settlement?

e_kaspersky39 karma

It’s a long story, but it’s going on and going well. Check for details on my blog

tacobellsupport24 karma

Favorite malware and why? When interviewed for the Vice documentary, you commented a bit on Stuxnet, but what else has been of high interest to you.

e_kaspersky108 karma

Ask the same question to your dentist, does he/she have a favourite cavity?

iwas99x23 karma

Do you prefer Redditors call you Eugene or Mr. Kaspersky?

e_kaspersky70 karma

Definitely Eugene

SergeantHiro21 karma

I've heard your surname pronounced as "Casper sky" and as "kas-per-skee." Which is it?

e_kaspersky38 karma

Like “Kasper-Ski”

suaveitguy20 karma

What apps and sites are good to use to monitor/evaluate the data being grabbed by other apps and sites?

e_kaspersky33 karma

I’m not an expert in such software, I can only say that we have a browser plugin in our consumer product that blocks tracking by websites.

Riley_Groves19 karma

One of the ex-developers of Firefox said that third party AVs were untrustworthy compared to Windows Defender because of how "hard" they made it to update browsers.

Obviously, they were speaking solely as a developer and not as an end-user, and I found their comments wholly irresponsible.

What did you think of them?

e_kaspersky42 karma

It would take me too long to reply, check this link with a detailed examination of the words of that ex-Firefox guy:
https://blog.kaspersky.com/is-antivirus-really-dead/13959/

the_drew18 karma

I worked for you for a few years about a decade ago. We had a few beers together in a restaurant (Armenian IIRC) in Moscow, it was fun.

Can you say hi to Sergey Nevstruev and Vartan Minasyan for me?

e_kaspersky21 karma

Sergey has left the company, but I will say hi to Vartan! From whom?

timkour16 karma

Are smartphones safe?? Is it true you don't own a smartphone?? Android or iOS is more vulnerable??

e_kaspersky29 karma

Smartphones are mini-computers. The same threats and risks apply on all platforms.

bigkbull16 karma

Hello Mr Kaspersky,

What are your thoughts on the theory that your company creates all the viruses seeing as how your company is the first to provide virus definitions?

Thank you.

e_kaspersky28 karma

This is 30-year old nonsense, a dinosaur of conspiracy theories in the cyberspace. Is it still alive?

iwas99x10 karma

Eugene, what are your short term and long term goals for Kaspersky Lab?

e_kaspersky13 karma

The short-term is to be number one company in cybersecurity. The long-term - to introduce the new immunity standards for everything digital

roi_scmag8 karma

Eugene what do you think of the 2012 WIRED article about you?? Is it all entirely accurate?? Link for reference: https://www.wired.com/2012/07/ff_kaspersky/

e_kaspersky13 karma

Hi! This article is complete and utter BS.

cteodor8 karma

Hello Eugene, on reputational risks: Why not move threat research to UK? Would that be legally and politically possible?

e_kaspersky14 karma

If we move all our threat research to one single location, we will lose ability to see new threats on a local level around the world. Our threat research is all around the world, and it helps us to see and understand what’s going on.

thewildestone5 karma

Which Star Wars character is your favorite and why?

e_kaspersky18 karma

I don’t know why, but sometimes I have the Imperial march playing in my mind while I’m walking in the office. No, Darth Vader is not my favorite hero.

iwas99x4 karma

Eugene,, what makes Kaspersky the best Anti-Virus protection software compared to its competitors available to buy?

e_kaspersky11 karma

We have best people who develop best technologies and make best products out of them. That’s the magic formula - people, technologies, products. Check the benchmark results

IntelligentPredator3 karma

How did Russian state react to your company research into its spying malware?

e_kaspersky3 karma

I haven’t heard of any reaction

kykypajko3 karma

Why do you think the US and it's media have restarted a cold war with Russia?

e_kaspersky8 karma

Hi! I'm the wrong man to ask this question. I don't speak for either group.

[deleted]2 karma

What is the worst and shi*** decision have you ever taken for Kaspersky?

e_kaspersky7 karma

The worst decision: 1998 (or maybe 1997?), single-threaded AV engine. It cost us a huge amount of man-hours to maintain and run it.

iwas99x1 karma

Eugene, what are the incorrect misconceptions about you and your company?

e_kaspersky15 karma

In the past there was a myth that anti-virus companies wrote viruses. Then there was a myth that antivirus is dead and is not needed. And now I’m tired to answer silly questions about my ties with the Kremlin.

iwas99x1 karma

Eugene, what are your favorite pizza toppings, your favorite beer, your favorite candy, your favorite soda, and your favorite mixed alcohol drink?

e_kaspersky2 karma

I prefer Asian food, I like Scotch single malt whiskey and my favourite beer is Guinness at the Guinness factory in Dublin (Think global, drink local!©), and I’m not big fan of sweets, soda and cocktails

TailSpinBowler1 karma

Do have jobs in Australia?

e_kaspersky3 karma

We are always looking for quality talent globally. Check our careers page. Btw, I will be at Cebit in Sydney in 2 weeks.