Last week, WikiLeaks published an enormous amount of data about the CIA’s ability to monitor electronic devices.
One of the underreported parts of the 8,000 page leak, however, was the CIA’s thoughts on popular antivirus software.
What do America’s top cybersecurity experts have to say about Kaspersky? What do they really think about Avira? Here are some of the highlights according to the latest data from WikiLeaks:
The CIA gives mixed praise to this antivirus software overall. One CIA hacker, however, appears to have been particularly frustrated by the effectiveness of Comodo, calling it “a colossal pain in the posterior. It literally catches everything until you tell it not to”.
Unfortunately, the CIA leak shows that Comodo 6 took a step in the wrong direction and that it “doesn’t catch nearly as much stuff”. The hacker went on to describe Comodo 6’s backdoor flaws as a “Gaping hole of DOOM”.
Comodo has now upgraded its software to Comodo 10. Comodo’s Chief Executive actually released a statement saying that it was “a badge of honor” to be called a “pain in the posterior” by a CIA hacker.
Kaspersky is widely recognized as one of the most powerful and popular antivirus programs available today. But what does the CIA think of Kaspersky?
The WikiLeaks data dump contains a message saying that Kaspersky has a flaw in the code that “enables us to bypass Kaspersky’s protections”.
Eugene Kaspersky, founder of the software, said in a Twitter message that the company had fixed that flaw years ago, and dismissed the CIA’s comment as irrelevant.
Avira is Germany’s popular antivirus software. One message in the data dump said that the antivirus software is “typically easy to evade”.
Avira’s team didn’t dispute the WikiLeaks-reported security hole. They patched what they called a “minor vulnerability” within a few hours of the release of the WikiLeaks documents. They also claimed that there was no evidence any of their users were affected by the security hole.
AVG is another popular antivirus software. The CIA reportedly has a trick to defeat AVG that they described as “totally sweet”. AVG’s parent company, Avast, claims that the CIA’s security flaw was a “theoretical bypass”, and that additional work was needed before the flaw could be implemented in the real world.
F-Secure was described as a “lower tier product that causes us minimal difficulty”, one person who appears to be a CIA hacker said.
In response to the leak, Finland-based F-Secure cited another quote in the WikiLeaks documents where a hacker described the software as an “annoying troublemaker” – so it wasn’t all bad news.
Bitdefender, made in Romania, seems to give a surprising number of headaches to CIA hackers. One post claims that “Bitdefender is still mad” after the hacker made another unsuccessful attempt.
In response, Bitdefender claims that this is good news because it means they’re “detecting the CIA tools” that are trying to get by the software’s defenses.
Ultimately, you can read antivirus software reviews online all you want – but it’s rare you get to see unfiltered commentary from CIA hackers. That’s a pretty legitimate way to determine the effectiveness of antivirus software. Based on the information listed above, it seems like no antivirus software is 100% safe – but popular options like Bitdefender, Kaspersky, and F-Secure are particularly effective at defeating the CIA’s hackers.