I’m Eugene Kaspersky, cybersecurity guy and CEO of Kaspersky Lab! Ask me Anything!

The US Senate Intel committee is currently interviewing the heads of the intelligence community. They were just asked whether they would be comfortable running Kaspersky software on their computers. The answer was unanimous: No.

Thoughts?

Edit: He responded.

I respectfully disagree with their opinion, and I’m very sorry these gentlemen can’t use the best software on the market because of political reasons.

Brings to mind the Wired article from 7/2012 - Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals - Kaspersky has 300 million customers. His geek squad uncovers US cyberweapons. And he has deep ties to the KGB’s successors in Moscow."

Hi! As i said earlier, this article is complete and utter BS.

Article referenced

What part(s) of the article is BS?

Hi! detailed here

What's your first dog's name and mother's maiden name?

Nice try:-), and please note that phishing can be a punishable offense in the place you live in.

Does Russian government have any influence on your company? Do you share any user data or information with the government?

https://www.google.ca/amp/s/www.washingtonpost.com/amphtml/politics/new-details-released-on-russia-related-payments-to-flynn-before-he-joined-trump-campaign/2017/03/16/52a4205a-0a55-11e7-a15f-a58d4a988474_story.html

We paid a speaker fee for DC public conference. Nothing scandalous here people, he was a good speaker.

We don’t share any user data with any government including Russia. We don't have ties to any government other than paying taxes (we pay taxes in many countries as we are a very international company).

Hello Mr. Kaspersky,

I have three questions for you:

1. Do you think it is still possible to secure embedded systems (aka the Internet of Things), or is that an impossibility now, practically speaking?

2. If there was one thing you could every average computer user to do to improve their security, what would it be?

3. If you were a person of interest in the murder of your neighbor in a tiny Central American country, what would your strategy be for clearing your name? (asking for a friend)

Thank you for taking the time to read this. I look forward to your answers.

Regards,

Aryeh Goretsky

1. A secure embedded operating system is possible and we are working on it.
2. Stop trusting everyone on the internet
3. I will recommend not to be in such a situation. But if you are in it I think the best strategy is to answer allegations face to face, not to hide from them. And call a lawyer.

Do you use a user account with local admin rights on your machine?

No, and neither should you.

What was your reaction to having your executive charged with treason? What is your response to this article?

http://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/

Unfortunately we have zero information about the case, it is classified, and the company is not involved in the investigation. I was very surprised because the arrested guy was very enthusiastic about fighting against cybercrime.

Do you still believe that anonymity should be removed from the internet and that everyone should be forced to have an online passport and be monitored by 'internet police' as stated in this interview? Excerpt:

That's it? What's wrong with the design of the Internet?

There's anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people--hundreds, or maybe thousands. Then it was introduced to the public and it was wrong…to introduce it in the same way.

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

I did change my mind on anonymity in the Internet. I was saying all this long ago. I believe there should be a special private part of the Internet with no need for any such ID, another part requiring identification, and one in between.

There’s no need for ID for watching news or sending e-mails. But if we speak about access to functions like government services / online elections, financial services, we need digital ID to reduce risk of crime / abuse here. And there is a middle zone like online stores that might need a proof of age for buying some goods.

Eugene, do you use a password manager?

I do, our own one.

When did you wrote your last line of code? And what was it?

First days of January 2010, location: Patriot Hills base, Antarctica.

What are some of the myths about malware and cybersecurity that didn't hold water in the earlier days (say 1990-2005), but turned out to be real and threatening post that age?

Good question, was trying to recall such myths back from those days. Unrealistic myths, some ridiculous stuff never came into reality. But some bleak predictions like Internet worms, attacks on industrial systems, mobile malware, they all came true.

What is the process of finding a solution to a cyberthreat? Is it like coding in reverse, or more like chess, or does it depend from time to time?

99.99%+ of the incoming malicious code is done automatically by our self-learning systems. The rest goes to the hands of our virus analysts working around the clock, mostly their job is about reverse-engineering of malicious code. Very complicated cases go to our special team of experts, and large investigations look more like collecting a very big and complicated puzzle, not chess.

What is your advice for teenagers that want to get a job in the cybersecurity field?Should we focus only on one field like web exploatation, reversing, cryptography?Do we really need a college degree?

I recommend cryptology, if you can do it, you can do anything. A college degree is not necessary, but university education is a very good helper to a bright mind.

Would you say you are more of a fancy bear or a cozy bear?

I’m a Kamchatka bear-hunter.

What was the last big threat that really blew you away with its ingenuity?

second question, what is your interaction with law enforcement like? Do you assist governments in apprehending the virus makers?

1. I’d need a lot of time to answer the first one. In short I can name Carbanak, Equation and Satellite Turla as those employing the most tricky tools. Check our reports for more details.
   2-3. There are many investigations in many regions and we assist many national and international cyberpolice forces like Interpol and Europol to stop criminal schemes and arrest the attackers. Many cases.

Second question:

How come Kaspersky don't offer a free AV like many of your competitors do?

We already offer free solution in several regions, but later this year we’ll have some good global news. Pure free global solution (not a trial).

Have you seen a change in business in the US in recent months? (since there has been a focus on Russia and ties to the Leadership)

Edit- grammar

We didn’t see any real impact on our business, but all these stories, they don’t make me happy. But to some extent they give us something close to free advertising. But what makes me really feel good is how our international team, including in the U.S. is working great with all this media pressure.

Do the the new artificial intelligence based malware detection systems copy your signatures?

Hi! Not exactly but close to that

I was doing a study abroad about 9 years ago in Belgium. We spent time at NATO and SHAPE and one of our lecturers made it a point to mention cyber security and cyber warfare would be the battles of the future.

How much work have you done with international governments? We will ever reach a period where security can't be outpaced by developing tech and tricks?

In the current technical situation and in our current stage of technical evolution it is usually so much easier to attack in cyberworld, than to defend, to prevent attacks and to defend them. But I hope that global leaders will be smart enough not to start wars in cyberspace. I vote 100% for forbidding cyberweapons, same as for chemical and biological weapons. I hope there will be an international treaty against cyberweapons. Unfortunately it won’t solve the threat of cyberterrorism.
See more here

Guess many have heard of the complexity and the difficulty of reversing Stuxnet, but I was wondering if there is a sample, or family, that had you or the team working long and hard to understand it? Or maybe just baffled or amazed by it's complexity or stupidity.

Pretty much anything that have made an impression.

I personally don’t analyze the code since 2007, so I suggest my GReAT guys can give a much better answer.
One of the most idiotic things I saw was a 13-byte MS-DOS computer worm which simply copied itself on the hard drive. Once.

Looking back on the past 20 years, is there any aspect of Security that you feel Kaspersky has gotten into too late?

20 years ago we were a tiny, globally invisible Moscow-based bootstrap. We simply didn’t have a lot of resources, and we knew we were losing opportunities. So first of all, we made the world’s best antivirus engine, and we licensed it to few other AV companies, because we didn’t have resources to develop a product. We had 5 engineers. We couldn’t do enterprise products, network security.
But ten years ago, based on our success, we invested in a wide range of security technologies, including our unique proprietary secure operating system.

Does the company have any plans to move farther away from signature-based AV to the more "next gen" solutions like Cylance or SentinelOne?

We are not relying on signature-based AV only for many-many years, check this whitepaper
About ‘next-gen’ solutions, way too often we don’t see them in regular independent tests. How do you they know they are effective, because they tell you so?

There were articles on topic "Antivirus is dead". What is the future of antivirus ?

In future we need to move from security to immunity, we need to have immune platforms and network infrastructure that would be immune to cyberattacks.

How do you stay current on new threats/viruses?

My office is 5 meters away from some of my best researchers. And on my business trips I’m always in touch with our Global Research and Analysis Team (GReAT)

Hello, Eugene

How is the investigation of the FAS against Microsoft proceeding? Do you plan to enter into settlement?

It’s a long story, but it’s going on and going well. Check for details on my blog

Favorite malware and why? When interviewed for the Vice documentary, you commented a bit on Stuxnet, but what else has been of high interest to you.

Ask the same question to your dentist, does he/she have a favourite cavity?

Do you prefer Redditors call you Eugene or Mr. Kaspersky?

Definitely Eugene

I've heard your surname pronounced as "Casper sky" and as "kas-per-skee." Which is it?

Like “Kasper-Ski”

What apps and sites are good to use to monitor/evaluate the data being grabbed by other apps and sites?

I’m not an expert in such software, I can only say that we have a browser plugin in our consumer product that blocks tracking by websites.

One of the ex-developers of Firefox said that third party AVs were untrustworthy compared to Windows Defender because of how "hard" they made it to update browsers.

Obviously, they were speaking solely as a developer and not as an end-user, and I found their comments wholly irresponsible.

What did you think of them?

It would take me too long to reply, check this link with a detailed examination of the words of that ex-Firefox guy:
https://blog.kaspersky.com/is-antivirus-really-dead/13959/

I worked for you for a few years about a decade ago. We had a few beers together in a restaurant (Armenian IIRC) in Moscow, it was fun.

Can you say hi to Sergey Nevstruev and Vartan Minasyan for me?

Sergey has left the company, but I will say hi to Vartan! From whom?

Hello Mr Kaspersky,

What are your thoughts on the theory that your company creates all the viruses seeing as how your company is the first to provide virus definitions?

Thank you.

This is 30-year old nonsense, a dinosaur of conspiracy theories in the cyberspace. Is it still alive?

Are smartphones safe?? Is it true you don't own a smartphone?? Android or iOS is more vulnerable??

Smartphones are mini-computers. The same threats and risks apply on all platforms.

Eugene, what are your short term and long term goals for Kaspersky Lab?

The short-term is to be number one company in cybersecurity. The long-term - to introduce the new immunity standards for everything digital

Eugene what do you think of the 2012 WIRED article about you?? Is it all entirely accurate?? Link for reference: https://www.wired.com/2012/07/ff_kaspersky/

Hi! This article is complete and utter BS.

Hello Eugene, on reputational risks: Why not move threat research to UK? Would that be legally and politically possible?

If we move all our threat research to one single location, we will lose ability to see new threats on a local level around the world. Our threat research is all around the world, and it helps us to see and understand what’s going on.

Which Star Wars character is your favorite and why?

I don’t know why, but sometimes I have the Imperial march playing in my mind while I’m walking in the office. No, Darth Vader is not my favorite hero.

Eugene,, what makes Kaspersky the best Anti-Virus protection software compared to its competitors available to buy?

We have best people who develop best technologies and make best products out of them. That’s the magic formula - people, technologies, products. Check the benchmark results

How did Russian state react to your company research into its spying malware?

I haven’t heard of any reaction

Why do you think the US and it's media have restarted a cold war with Russia?

Hi! I'm the wrong man to ask this question. I don't speak for either group.

What is the worst and shi*** decision have you ever taken for Kaspersky?

The worst decision: 1998 (or maybe 1997?), single-threaded AV engine. It cost us a huge amount of man-hours to maintain and run it.

Eugene, what are the incorrect misconceptions about you and your company?

In the past there was a myth that anti-virus companies wrote viruses. Then there was a myth that antivirus is dead and is not needed. And now I’m tired to answer silly questions about my ties with the Kremlin.

Eugene, what are your favorite pizza toppings, your favorite beer, your favorite candy, your favorite soda, and your favorite mixed alcohol drink?

I prefer Asian food, I like Scotch single malt whiskey and my favourite beer is Guinness at the Guinness factory in Dublin (Think global, drink local!©), and I’m not big fan of sweets, soda and cocktails

Do have jobs in Australia?

We are always looking for quality talent globally. Check our careers page. Btw, I will be at Cebit in Sydney in 2 weeks.