您应该购买卡巴斯基安全产品吗

Is Russian security software company Kaspersky in Putin’s pocket? Rumors abound, but there’s still no real evidence of these claims. We will continue to rate Kaspersky products based on their performance and value like we do for every other company we evaluate.

俄罗斯安全软件公司Kaspersky是否在普京的怀抱中？ 谣言比比皆是，但是仍然没有这些说法的真实证据。 我们将继续像评估其他公司一样，根据卡巴斯基产品的性能和价值来对其进行评估。

By Neil J. Rubenking

由 尼尔J. Rubenking

2017 wasn’t a great year for global security company Kaspersky. Rumors were flying. Kaspersky reports to the Russian government. Kaspersky steals private data. Kaspersky spies on its customers. Kaspersky cheats at solitaire. At the time, we looked closely at all the available information, consulted with a number of experts, and concluded that there was no actual evidence to back those rumors.

对于全球安全公司卡巴斯基来说，2017年不是丰收的一年。 谣言四起。 卡巴斯基向俄罗斯政府报告。 卡巴斯基窃取私人数据。 卡巴斯基对其客户进行间谍。 卡巴斯基在单人游戏中作弊。 当时，我们仔细研究了所有可用信息，并与许多专家进行了磋商，得出的结论是， 没有任何实际证据支持这些谣言 。

Little has changed since then. The rumors still exist; the evidence still does not. US government agencies are still enjoined from using Kaspersky software. But other than putting its products on the no-buy list, the US government hasn’t punished Kaspersky, while it has come down like a ton of bricks on other foreign companies. The difference is worth consideration. Let’s compare a few cases.

从那以后几乎没有改变。 谣言仍然存在； 证据仍然没有。 美国政府机构仍然禁止使用卡巴斯基软件。 但是，除了将其产品列入不购买清单之外，美国政府没有对卡巴斯基进行惩罚，而卡巴斯基却像其他外国公司的许多砖块一样倒下。 差异值得考虑。 让我们比较一下几种情况。

不幸的NSA事件 (The Unfortunate NSA Incident)

There is evidence of one security incident involving Kaspersky, something that came to light not long after the government ban. The media-hysteria version of the story is that Kaspersky stole hacking software from the NSA. What happened was much more mundane.

有一个安全事件涉及卡巴斯基，即揭发政府的禁令后不久，一些证据。 这个故事的媒体歇斯底里版本是卡巴斯基从NSA窃取了骇客软件。 发生的事情平凡得多。

Like most antivirus software, Kaspersky Anti-Virus keeps an eye out for programs that exhibit suspicious behaviors but don’t match any known malware signatures. Such a program might be a brand-new malware strain, often called a zero-day attack. With the user’s permission (typically granted at installation) it uploads suspicious never-before-seen programs to its research team for analysis. That automated behavior is what caused the incident.

与大多数防病毒软件一样，卡巴斯基反病毒软件会密切注意那些表现出可疑行为但与任何已知恶意软件签名都不匹配的程序。 这样的程序可能是一种全新的恶意软件，通常称为零时差攻击 。 经用户许可(通常在安装时授予)，它会将可疑的，从未见过的程序上载到其研究团队进行分析。 这种自动行为是造成事件的原因。

An NSA consultant broke protocol and copied some NSA hacking tools to his Kaspersky-protected laptop. The security software detected the tools as dangerous unknowns and sent them to Kaspersky HQ for analysis. When the company’s researchers realized what they had received, they immediately deleted it . End of story. Neither the NSA nor any other US agency took action, because it’s not against the law to obtain classified data by accident.

NSA顾问违反了协议，并将一些NSA黑客工具复制到了受卡巴斯基保护的笔记本电脑上。 安全软件将这些工具检测为危险的未知信息，并将其发送给卡巴斯基总部进行分析。 当公司的研究人员意识到收到的东西后，他们立即将其删除 。 故事结局。 美国国家安全局和美国其他机构均未采取任何行动，因为偶然获取机密数据并不违法。

Avast的尴尬 (The Avast Embarrassment)

Robert Heinlein popularized the acronym TANSTAAFL in his novel, The Moon is a Harsh Mistress. It stands for “There ain’t no such thing as a free lunch.” A more modern take might be, “If you’re not paying, you are the product.” That became clear earlier this year in a fiasco involving the very popular Avast Free Antivirus.

罗伯特·海因莱因(Robert Heinlein)在他的小说《月亮是一个苛刻的情妇》中推广了TANSTAAFL。 它代表“没有免费的午餐之类的东西。” 一个更现代的说法可能是，“如果您不付款，那您就是产品。” 今年早些时候，涉及非常流行的Avast Free Antivirus的惨败变得显而易见。

An Avast subsidiary, Jumpshot, was gathering clicks and other data from users of the free antivirus, allegedly stripping out anything that could identify the individual user. Research proved that Jumpshot could (and did) compromise the personal information of Avast users. This was no rumor; this was fact.

Avast的子公司Jumpshot正在从免费的防病毒软件用户那里收集点击和其他数据，据称它剥离了任何可以识别个人用户的信息。 研究证明Jumpshot可以(并且确实) 破坏了Avast用户的个人信息 。 这不是谣言。 这是事实。

Reaction was swift. Avast shut down Jumpshot completely and ceased the problematic data gathering. What happened is still an embarrassment for Avast, but the company is working hard to regain the trust of its users. Here again, there was evidence of a problem. This time it was the company’s own fault, but the executive team quickly implemented a solution, and the government didn’t get involved at all.

ReactSwift。 Avast完全关闭了Jumpshot，并停止了有问题的数据收集。 发生的事情仍然使Avast感到尴尬，但是该公司正在努力恢复其用户的信任。 再次有证据表明存在问题。 这次是公司自己的错，但执行团队Swift实施了解决方案，而政府根本没有介入。

犯罪，惩罚和TikTok (Crime, Punishment, and TikTok)

Kaspersky picked up NSA tools due to a consultant’s error. Avast tried to depersonalize data shared with third parties but failed to do so completely. Both companies worked quickly to put things right. What happens when a company actively steals personal information?

由于顾问的错误，卡巴斯基选择了NSA工具。 Avast试图取消与第三方共享的数据的个性化设置，但没有完全这样做。 两家公司都Swift开展工作以纠正问题。 当公司积极窃取个人信息时会发生什么？

In May of 2020, privacy watchdogs accused the popular short-form video app TikTok of putting children at risk. They claimed that TikTok continued to misuse children’s data in ways that previously earned the company a $5.7 million dollar fine. But FTC fines and COPPA violations were just the beginning.

2020年5月，隐私监管机构指责流行的短视频应用TikTok 将儿童置于危险之中 。 他们声称，TikTok继续滥用儿童数据，其方式以前曾为该公司赢得570万美元的罚款 。 但是联邦贸易委员会的罚款和违反COPPA仅仅是开始。

More recently, US government agencies determined that TikTok deliberately captures information about American citizens and supplies it to the Chinese government. Our government’s reaction was swift and draconian. An executive order aims to “cripple…TikTok by prohibiting US app stores, credit card companies, and software providers from working with it.” The order also applies to WeChat, an extremely popular messaging, social media, and payment app. It’s big in China, but also important for US citizens who have family in China.

最近，美国政府机构确定TikTok故意捕获有关美国公民的信息，并将其提供给中国政府。 我们政府的React是Swift而严厉的。 一项行政命令旨在“禁止美国应用程序商店，信用卡公司和软件提供商与之合作，从而削弱……TikTok。” 该订单还适用于微信，一种非常流行的消息传递，社交媒体和支付应用程序。 它在中国很大，但对在中国有家庭的美国公民也很重要。

Unless something big changes, like Microsoft buying TikTok, the order effectively means the end of TikTok and WeChat in the US. Not only that, since the order applies to app stores, iPhone users in China won’t be able to get the apps.

除非发生重大变化，例如微软购买TikTok ，否则该订单实际上意味着TikTok和微信在美国的终结。 不仅如此，由于该订单适用于应用商店，因此中国的iPhone用户将无法获得这些应用。

手腕拍击与去骨 (Wrist Slap Versus Defenestration)

The situation with TikTok and WeChat illustrates what kind of action the US government takes when it has evidence that a foreign company is endangering our security. The proposed ban affects everyone in the US as well as US companies around the world. It’s a hard blow to the foreign company in question.

TikTok和微信的情况说明了美国政府有证据表明外国公司正在危害我们的安全时采取了何种行动。 拟议的禁令影响到美国所有人以及世界各地的美国公司。 这对有问题的外国公司是沉重的打击。

In September of 2019, the Federal Acquisition Regulation Council formalized its policy forbidding federal agencies to purchase Kaspersky products, but that’s the extent of government involvement. You or I can buy Kaspersky products on Amazon, or Walmart, or any store that carries them. Some outlets, like Best Buy, choose not to carry these products, but that’s their right. By comparison with the WeChat ban, Kaspersky’s punishment is a politically motivated wrist slap. Why? Because there’s no evidence.

2019年9月，联邦采购监管委员会正式制定了禁止联邦机构购买卡巴斯基产品的政策，但这就是政府参与的程度。 您或我可以在亚马逊，沃尔玛或任何携带这些产品的商店中购买卡巴斯基产品。 某些商店(如百思买)选择不携带这些产品，但这是他们的权利。 与微信禁令相比，卡巴斯基的惩罚是出于政治动机的一巴掌。 为什么？ 因为没有证据。

相信专家 (Trust the Experts)

There is, of course, another possible explanation for the government’s wildly different reactions. Maybe the current administration loves Russia and hates China, maybe that’s all it is. But even if you don’t trust the government to act in your best interests, there’s no doubt that other security companies look to their own interests.

当然，对于政府的巨大React，还有另一种可能的解释。 也许现任政府爱俄罗斯却恨中国，仅此而已。 但是，即使您不信任政府为您的最大利益而采取行动，毫无疑问，其他安全公司也会尊重自己的利益。

Keeping a security product viable requires a research team, to stay ahead of the malware coders. In addition to looking for new trends in malicious software, these teams put legitimate software and hardware to the test. If Kaspersky’s antivirus software included any backdoors or illicit behaviors, the competition wouldn’t hesitate to shine a light on it.

要使安全产品保持可行，就需要研究团队保持领先于恶意软件编码者的地位。 这些团队除了寻找恶意软件的新趋势外，还对合法的软件和硬件进行了测试。 如果卡巴斯基的防病毒软件包含任何后门或违法行为，那么竞争对手将毫不犹豫地向其炫耀。

Independent testing labs also put security products through rigorous analysis. Some labs, like Google’s Project Zero, are devoted entirely to finding security flaws in products of all kinds. Scrutiny by security experts all over the world hasn’t turned up evidence of inappropriate behavior by Kaspersky. If you don’t trust the government, trust the experts.

独立的测试实验室还对安全产品进行了严格的分析。 一些实验室，例如Google的Project Zero ，完全致力于发现各种产品中的安全漏洞。 全世界安全专家的审查还没有发现卡巴斯基有不当行为的证据。 如果您不信任政府，请信任专家。

卡巴斯基回应 (Kaspersky Responds)

While it originated in Russia, Kaspersky is a global company, with sales and locations around the world. A ban on purchases by the US government doesn’t put a big hurt on Kaspersky’s bottom line. Still, nobody likes being accused of illicit behavior. Kaspersky has a lot to say about just why there’s no problem:

卡巴斯基(Kaspersky)起源于俄罗斯，但它是一家全球性公司，其销售和地点遍布全球。 美国政府禁止购买产品并不会给卡巴斯基的利润带来很大的伤害。 不过，没有人喜欢被指控犯有非法行为。 卡巴斯基对于为什么没有问题有很多话要说：

Kaspersky’s Global Transparency Initiative is aimed at reaffirming the company’s commitment to earning and maintaining the trust of its customers and partners. The initiative, launched in 2017, engages the IT security community in validating and verifying the trustworthiness of its products, internal processes and business operations.

卡巴斯基的全球透明度计划旨在重申该公司对赢得并保持其客户和合作伙伴信任的承诺。 该计划于2017年启动，旨在使IT安全社区参与验证和验证其产品，内部流程和业务运营的可信度。

In 2018 the company started moving US and Canada customer data to its processing center in Switzerland. It also commissioned audits of its system security and the security of its data centers. European agencies have certified its protocols:

该公司于2018年开始将美国和加拿大的客户数据移至其位于瑞士的处理中心。 它还委托对其系统安全性和数据中心安全性进行审计。 欧洲机构已认证其协议：

These actions demonstrate Kaspersky’s continued willingness to go above and beyond to protect its customers, and will enhance the company’s already proven, global leadership in cybersecurity products and solutions.

这些行动表明，卡巴斯基始终愿意超越自我，以保护其客户，并将增强该公司在网络安全产品和解决方案方面业已证明的全球领导地位。

卡巴斯基并不傻 (Kaspersky Is Not Stupid)

Kaspersky’s eponymous CEO is no dummy, nor are the Kaspersky researchers I’ve met.

卡巴斯基同名CEO绝非虚构，我见过的卡巴斯基研究人员也不是空谈。

Kaspersky Lab has the biggest market share of security vendors in Europe. Globally, it’s the fifth-largest antivirus company by revenue, and more than 80 percent of that come from outside Russia. Collaborating with the Russian government would put that global success at risk. It would be an act of corporate suicide. And this is not a stupid group.

卡巴斯基实验室在欧洲安全厂商中拥有最大的市场份额。 就收入而言，它是全球第五大防病毒公司，其中超过80％来自俄罗斯以外的国家。 与俄罗斯政府合作将使全球成功陷入危险。 这将是公司自杀的行为。 这不是一个愚蠢的团体。

There’s no doubt that Eugene Kaspersky has met Vladimir Putin, nor that Elon Musk has met Donald Trump. When your company is big enough, you move in government circles. I don’t see any real evidence of illicit activities on Kaspersky’s part, and I don’t see a government reaction commensurate with the existence of such evidence. Unless things change, we’ll continue to recommend products such as Kaspersky Anti-Virus based on their merits.

毫无疑问，尤金·卡巴斯基会见了弗拉基米尔·普京，伊隆·马斯克也遇到了唐纳德·特朗普。 当您的公司规模足够大时，您就会进入政府圈子。 我没有发现卡巴斯基方面有任何非法活动的真实证据，也没有政府与这种证据的存在相称的React。 除非情况有所变化，否则我们将根据其优点继续推荐产品，例如Kaspersky Anti-Virus 。

Originally published at https://www.pcmag.com.

最初发布在 https://www.pcmag.com 。

翻译自: https://medium.com/pcmag-access/should-you-buy-kaspersky-security-products-8ca787c3beaa