Kaspersky Labs, a software firm based in Moscow, and its popular anti-virus software have been under scrutiny of late. The company's software is installed on more than 400 million machines around the world. If there is a 'back door' or other mechanism built into the code that allows for something other than protecting a computer from malware, it would be a serious cause for concern. There doesn't seem to be any hard evidence that such a back-door exists.
However, just this week, the US government removed Kaspersky Labs from their approved vendors list - a resource that several agencies use to determine which software can be used on government computers. This action by the government has been argued to be politically motivated. It has been reported that some Kaspersky Labs' employees were former employees of the KGB. The CEO of the company, Eugene Kaspersky, denies any type of wrongdoing or cooperation with any outside agency or government but does not deny that some of his employees did have these types of connections in the distant past.
As a user of Kaspersky Labs anti-virus, I don't feel confident I have enough information to determine what is true or false regarding these claims. My gut feeling is Mr. Kaspersky is telling the truth. However, that's not the strongest metric to use when suggesting an anti-virus software to a client.
In addition, I have no desire to spend a lot of time worrying about the security of my 'security software'. Yet, here I am worrying about it.
Situations like these create another argument to make software open source*. If Kaspersky opened the source code to their anti-virus software for anyone to see, lingering concerns by it's users could be substantially alleviated. (There may be be others concerns, such as, if the company shared private user information with undisclosed entities. However, that doesn't necessarily deal with the security of our computers and/or devices but rather our privacy. An important but separate matter.)
Closed source software is, by its very nature, elusive. It doesn't necessarily let you know or see all it's doing. It requires the end users to trust the people behind the software or accept a level of ignorance for computer security and hope for the best.
"Which mechanic would you trust more? The one who lets you stand next to him while he works on your car or the mechanic who insists on working behind closed doors?"
As a firm focused on computer security, Kaspersky Labs could gain trust by opening the garage bay doors. If they invite their customers to 'stand next to them' while they tinker under the hood of our devices, it would give many users a bit more confidence in the safety of their software.
*This article refers to 'open source' as software where the source code is openly available for viewing by anyone who wishes to do so. In other words, you can see what's happening inside the box. Open source does not necessarily mean free, which is a common misunderstanding.