“The New York Times article misinterprets the research, which is based on the assumption that a malicious actor would have administrative access to a computer while a Kaspersky Lab product is running on it. The article does not present any evidence or novel method for subverting Kaspersky Lab products - or any other anti-virus products - for use as a spying tool. Any malicious actor who gains administrative access to a computer could theoretically engage in file searching activity on the computer or subvert almost any application running on it (which is the type of activity that Kaspersky Lab products are designed to detect and prevent).
“The article presents no evidence that Kaspersky Lab products have ever been used as a spying tool. In addition, all popular anti-virus security software – not just Kaspersky Lab products – have the capability to search for malicious files. Because the allegations in the article could be directed at almost every software security product in the industry, such allegations risk damaging not just our reputation, but that of the entire IT security industry.
“Further, it is not possible for Kaspersky Lab products to secretly deliver a specific signature or update to a single user, because all our signatures are available - and visible - to our users; and updates are digitally signed, further making it impossible to fake an update.
“It is unfortunate that unsubstantiated allegations against Kaspersky Lab continue. Through the company’s new Global Transparency Initiative, not just our initial source code, but also all subsequent code updates will be available for review by experts, in addition to our threat detection rules.
“The article also contains a number of other inaccuracies, and Kaspersky Lab would like to set the record straight on a few of these points: