Yes, both are trustworthy. I see you've decided, but I really want to post it here after some time editing a little of this absolute mess:
My view regarding this "Should Kaspersky be trusted?" may contain unintended political issues, it's just from what I've read:
Kaspersky Lab has tons of major malware discoveries. Regarding this question whether they're trustworthy or not, note:
In 2010, Kaspersky Lab worked with Microsoft to counter-act the Stuxnet worm, which had infected 14 industrial locations in Iran using four zero-day vulnerabilities in Microsoft Windows. According to
IEEE Spectrum, the circumstances "strongly suggest" the worm was developed by the United States and Israel to damage centrifuges in Iran's nuclear enrichment program.
In June 2015, Kaspersky reported that its own network had been infiltrated by government-sponsored malware. Evidence suggested the malware was created by the same developers as Duqu and Stuxnet, in order to get intelligence that would help them better avoid detection by Kaspersky in the future.
This
source noting that:
“Kaspersky determined the best approach was to not only admit it had been hacked, but also to provide extensive information on the malware (dubbed Duqu 2.0) it found attempting to infiltrate information from its servers,” Cluley wrote in a
blog post.
Kaspersky Lab revealed it detected a cyber intrusion affecting several of its internal systems in early spring 2015, using a prototype of an anti-APT (advanced persistent threat) technology.
I remembered this from other sources I've read in the past:
- Kaspersky was hacked for 3 months until they tried out their anti-APT tech on their own system, looking for or learn about this kind of tech was one of the goals of the attacker. The attacker also probably tied to the 2010 Stuxnet worm discovery. Additionally, Stuxnet (according to this book) was one of the reasons behind the bans of Kaspersky in US govt systems.
- Cyber security researchers and spokesperson from the various country even government officials still not convinced of allegations of Russian government ties.
- The US government didn't respond to Kaspersky lab who tried to address the allegation also didn't respond to the source code investigation request.
Kaspersky did a lot of things to regain trust, one of them is the Global Transparency Initiative.
- Third-party assessment of internal processes to verify the integrity of Kaspersky solutions and processes: SOC 2 audit by one of the Big Four accounting firms; ISO 27001 certification for data security systems.
- Transparency center all around the world. Switzerland, Spain, Malaysia, and Brazil. Additionally, Kaspersky has relocated data storage and processing activities from Russia to Switzerland ("long and famous history of neutrality", "robust approach to data protection legislation").
- They publish Law enforcement and government requests reports. Even though they can cooperate with their own Government or just help them, they can't just cooperate if there's nothing to give and the request wasn't meet legal verification requirements. Interestingly in the latest report, the most approved request is from South Korea, and the most rejected is from Russia (very low approval rate compared to others) | One of the requirements of the procedure: "their implementation should not affect the security or privacy of Kaspersky’s users or the integrity of Kaspersky’s products and services."
- And many more...
Other things to consider:
GDPR, CCPA, Anti-Corruption Compliance Policy based on various laws around the world and other regulation-compliant just like what other companies do right?; Kaspersky (and other major vendors and organizations) are also members of AMTSO; Tons of independent testers still test and trust Kaspersky, competing with the others on the top list [all test results to consider], while a couple of other cases from other vendors are ever banned because of some reason like cheating; Kaspersky, McAfee (another US company), Europol, Netherlands Police was the founding partner of NoMoreRansom project, alongside hosting partners, other AV vendors, government agencies around the world, and even Interpol; Interpol strengthens cooperation with Kaspersky in the global fight against cybercrime since
2014 and extended in
2019-present; Just like other companies, Kaspersky has a
dedicated page for something like deleting personal information if you have a concern about privacy; Kaspersky has a specific product for privacy-strict companies like Private KSN, no any of data leaving company's perimeter; Customer reviews like from Gartners, etc; A vendor with one of the best dedication to provide most comprehensive components into a free product; And there's a lot more...
Just a company getting crossfire in between politics? I don't side with any of these. IMO, I agree with the idea of limiting the usage of rival security products into the government's PC system, pretty sure Russia also did the same, maybe just update the allegation and continues the real investigation to obtain real and concrete proof? And limit it to certain govt agencies, something like Environmental Protection Agencies is unnecessary.
The same goes for other companies, I also have my own view that I should not consider something like Avast data selling incident affecting the trustworthiness of their product after their response to that issue.
A lot of vendors are as trustworthy or even better than Kaspersky, based on an individual evaluation, of course, the first thing to consider before start looking for an AV solution is to ask a question and find out reasonable proof of
Which vendor you can trust the most?
