Where is Your Antivirus Made?
Recently, I ran across a new free antivirus program that scored well on Virus Bulletin’s detection tests. I was about to download it for a thorough review when I discovered it’s made in China. That got me thinking: does it really matter where antivirus software is made? Are the good guys who defend us against bad guys all completely good? Can we trust them implicitly just because they make antivirus software and get it tested by independent labs? Well, it seems we do. But should we? Read on...
Is Your AntiVirus Made in China?
The new anti-virus software that I came across is called Tencent PC Manager, even though it doesn’t cost a dime. But I hesitated when I saw that it was made in China. So I did a little digging, to find out where the other popular internet security tools come from. The results of my trip around the world may surprise you...
Bloomberg News recently published an article suggesting that Moscow-based antivirus developer Kaspersky Lab is a tool of Russia’s FSB, the equivalent of the USA’s National Security Agency. As rather weak “evidence,” Bloomberg claims that founder/CEO Eugene Kaspersky shares a public sauna with Russian spies; replaced a top executive with someone who was drafted into the Russian border patrol years ago; and ordered the company’s Japanese distribution partner to destroy retail packaging that used the untruthful slogan, “A Specialist in Cryptography from KGB.” The implication is that you can’t trust Kaspersky security products; they might very well be spying for the Russian government.
Eugene Kaspersky destroyed Bloomberg’s article on his blog, pointing out numerous errors that could have been avoided easily. His implication, serious or not, is that Bloomberg is the NSA’s tool, attacking Kaspersky Lab for its part in exposing NSA-sponsored cyberespionage campaigns.
Other antivirus software is made in countries that are not exactly staunch allies of the USA. Tencent is China’s biggest Internet services and software provider. But when it comes to spying, no country is off-limits to any other country. BitDefender is Romanian. Avast comes from the Czech Republic. Avira and GDATA are made in Germany. AVG is Dutch. Trend Micro is based in Tokyo. Bullguard and Comodo are British. Checkpoint comes from Israel. ESET is Slovakian. Their governments are as likely to spy on friends and foes alike as Russia or China.
If you insist on an American-made antivirus program, there's PC Matic, which proudly advertises that fact in television commercials. McAfee, Norton, Fortinet, Webroot and Vipre are also based in the USA. Oh, and of course, you have Microsoft Security Essentials and Windows Defender (included in Windows 8). If you want both FREE and made-in-America, Fortinet's FortiClient and the two Microsoft products mentioned above are the only freebies I know of that meet those criteria.
Who Can You Trust?
According to Edward Snowden, the busiest busybody on Earth is the good old USA. And truth be told, unless the source code is available for scrutiny, we have no assurances that even "Made in America" antivirus products aren't keeping tabs on what we do online. I don't have reason to believe that any of them are, but that's just the nature of proprietary software.
So “country of origin” is not necessarily a useful litmus test of antivirus software’s trustworthiness. My hesitancy over Tencent’s Chinese heritage was an kneejerk association of “Chinese” with “hackers.” China is the number-one source of hacker attacks upon U. S. computers, but it’s unclear how many of those hackers work for the Chinese government, let alone Tencent.
As Eugene Kaspersky explains in his blog post, trust is dependent upon transparency. “We’ve nothing to hide,” he wrote, “we’re in the security business and to be successful in it you have to be open to scrutiny.” Kaspersky software’s source code is made available to large customers; if there were any backdoors or spyware in it, they would have been exposed long ago.
As for the likelihood that your antivirus software is "phoning home" any of your personal or private data to the corporate mothership, you could install a firewall that monitors for or blocks outbound data flows. But that requires a few geek badges.
The average consumer hasn’t the time or expertise to thoroughly examine source code, or analyze outbound data packets. But it’s pretty easy to learn if an antivirus developer has submitted its products to independent testing labs such as AV Comparatives, AV Test, or Virus Bulletin. If not, I would steer clear of it.
For the present, I'll continue to use my free Avast antivirus software. The company has offices in the Czech Republic, Germany, China, South Korea, Taiwan, and (whew) the United States of America. What's your opinion? Is the geographic origin of your antivirus software important to you? Post your comment or question below...
This article was posted by Bob Rankin on 21 Apr 2015
|For Fun: Buy Bob a Snickers.|
The Shocking Truth About ESD
The Top Twenty
Geekly Update - 21 April 2015
There's more reader feedback... See all 63 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Where is Your Antivirus Made? (Posted: 21 Apr 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Where is Your Antivirus Made?"(See all 63 comments for this article.)
14 Dec 2015
Eugene Kaspersky's comments on transparency while valid don't really alleviate my overarching concerns.
While I am not a card carrying member of the tinfoil hat brigade, I do still think they have some points.
Here is my thought on foreign AV vendors. I think that they have every intention of being 100% above board, and I am sure they are today.
But... lets assume the USA gets into a more serious militaryish action with someone, lets say that it degenerates to full blown war, It would be fairly trivial for said foreign government to get into one of these legitimate firms within its borders and push some nasty code via updates and have that code go out instantly to target customers, either a whole country, or a specific group. Possibly even without the legit company knowing its occurring.
While this sounds far fetched, its not impossible. And while full blown war is fairly unlikely, the cyber skirmish between the USA and China may heatup in the next decade or so.
In my mind it only makes sense to be very aware of the country of origin for software. Especially non-security software, which doesn't get the same scrutiny.
I am not saying always avoid, but I am saying pay attention and judge your own level of risk you are willing to make.
Lots of what if's here, and having said that I run Kaspersky at home at My office, so I am not that worried. But it certainly bears some consideration.
02 Apr 2016
hi, I would like to know if there is a us based antivirus company and it being free that has a tech support in the us also, I mean I want to talk to a American tech agent ?, I plan getting a paid version soon though ! a basic set it and forget it company also, thanks
30 Apr 2016
Bought McAfee which is supposedly a US Company, but spent almost an hour on the phone to download the software (got Microsoft first, then had to be transferred to Apple, and they had to refund my money for the Microsoft version). All the phone calls and transfers took place in the Phillippines. I won't buy another product until the corporations start "manufacturing" their products in the US. I don't think these corporations should be able to sell in the US if they don't make the product in the US. Are there any anti-virus programs produced in the US with the help desk in the US?
24 Jul 2016
I have tried a lot of different anti virus/firewalls and Microsoft security with Malware bytes paid version and a good browser like firefox is all you need as it does not bog down your
Now if you go to questionable web sites you always run a risk of intrusion no matter what security you use.
24 Jul 2016
Follow up to my last note. There is a free online mcafee scan online to recheck your computer so you can make sure your free version has not missed anything. I do that recheck and I have not found anything. So even if Microsoft is not the best it works fine with malware bytes in protecting you.
07 Nov 2016
Yes, indeed! The geographic origin of my av software is very important to me. I want to support a strong America as it used to be. Not "American" globalists who are really fascists, unwilling to stand up to an intrusive, swinelike BIG govt, not at all what our Founding Fathers and our Creator intended.
I'm looking for American companies or corporations, with USA based customer support. And i don't mean H1B visa foreign workers who are used to lower costs, but also lower American wages and have made it difficult for college graduates with computer related degrees to quickly find a job, if that's what they want. Do you know of any like that currently, Bob?
22 Nov 2016
I have one rule and that is not to buy or subscribe to anything Made in China. Although there products are cheap it really does not matter to me. To defeat them the world needs to know that the reason why they are flexing their muscles now is because there are a lot that buys Made in China products. I wouldn't if i were you. Let's admit it. They are now a very rich nation and are a threat to us. Their aim is to muscle their way in.
17 Dec 2016
No country in the world has any laws to protect the citizens of any other nation, but legal protections don't always help you. Companies like Symantec have admitted to working with the FBI to assure their products never catch the FBI's keyboard logger, https://en.wikipedia.org/wiki/Magic_Lantern_(software) as violating our Forth Amendments rights has become sadly routine for America's laws (hello PATRIOT Act). Every copy of say Windows that leaves the US has been widely known to contain a backdoor to the NSA. It was due to this that the governments of at least Germany and China discussed banning Windows from their countries - only to decide their economy was already too dependent. But, the city of Munich, Germany migrated all of it's desktops, as did the German Foreign Office and others, to Unix. What used to be the #1 firewall in America, CheckPoint (banned from NSA networks), managed their leadership despite having a backdoor to the Israeli Mossad (due to coming from an Israeli company). CheckPoint is no longer a serious market leader. #1 today is an American company headquartered in Sunnyvale: Fortinet. It would be naive to believe the nation of origin of those companies didn't play a part in the reversal.
Just as it would be foolish for any American to use a non-American anti-virus, it would be equally foolish for anyone living outside of the United States to use one from an American company. The Sun Microsystems security software completely came from groups of old Russian hackers and yet there was never been any discussion concerning the real dangers as Sun was always a major contributor to security conferences and magazines. Such has been likewise allowed in every other industry - that leaders are routinely able to dominate the research and dictate trends. I live in Tucson, AZ. Tucson may be the top target of military attacks on this country from China. We are the country's top producers of meth and spice. It comes from Mexico where the chemicals are subsidized by China. Google it. You'll find such claims made in major US newspapers and TV shows. Of course, attacks are going to be done digitally as well. Russia has just been identified as taking the leadership role in digital attacks from Chine. You'll also find articles mention that an American asking for a business room in Europe (even before the Internet) will likely have their hotel room bugged. Similarly, the primary use of American spy networks in Europe seek technological rather than military secrets. It's why all of the spy laws created in the US over the past two decades have names like the ECONOMIC Espionage Act of 1996. Why would anyone take such risks with anti-virus software specifically meant to help you mitigate risk? It's silly.
17 Dec 2016
UPDATE: Russia has just been identified as taking the leadership role in digital attacks (OVER China). For example, the U.S. Intelligence Community’s 2015 Worldwide Threat Assessment report claimed Russia and China are the "most sophisticated nation-state actors" in the new generation of cyber warfare and that Russian hackers have been identified as leading in terms of sophistication, programming power, and inventiveness.
12 Apr 2017
Thanks for you comments, TucsonJim; however I'm not able to find where Fortinet is in the personal computer security industry. I'm looking for a decent security system. I currently have Advanced System Care and lately they are spamming me more than anyone else and their driver program keeps uninstalling my video drivers. I seriously need to replace this program (I think also known as IOBIT).
I'm willing to pay for a good program, I just don't want it to turn on me and become worse than the problems I'm trying to prevent.
11 Oct 2017
Well it seems Kapersky is a tool from the FSB, isn't it?
31 Mar 2018
So, after reading this article several times, while informative, I don't feel any closer to an answer for what AV software I can feel safe using than before I found this page. The only fact I've confirmed after reading this article and subsequent comments is that my concerns about whether or not there is any funny business going on from the AV companies is valid.
02 Jul 2018
My Kaspersky is made in Russia, because I TRUST Kaspersky much, much more than any US software...US software have backdoors to NSA and American authorities !
27 Jan 2019
While I understand the concern over internet security programs, I would also wonder about your internet provider which makes the connections for you on the internet.
10 Jul 2019
So I've seen almost every one I've heard of on here except the one I use, Iobit Advanced System Care Ultimate. I can't find any information anywhere about whether this is an American company or not - unless it goes by another name. I've been using it for many years now and it works great. But I was just wondering.
14 Dec 2019
I have to agree that it does matter where you AV software is made. As evidenced in the recent past interference from other countries like Russia, China, Ukraine, Iran, N Korea and others into our politics, businesses (IP Theft) and personal identity theft of millions that any software from these countries should be suspect. NO ONE should be blindly trusted, even with products made here in the U.S.. As there are too many ways to get into a network...not just through malware, spyware, trojans etc...on the front end, but by more nefarious ways means on the back end with the injection of roque USBs, and other manipulated devices through insider threats.
26 Feb 2020
You have to be an idiot to install AV from China.
04 May 2020
Thanks for this resource, Bob. I was just thinking, isn’t anyone else concerned that almost all the antivirus software scanning our personal data is not made here?
18 May 2020
** Here is what people don't understand or discuss, including the author of this article. When you install a program, you grant that program privileges to your computer. For anti-virus to work it must be allowed to automatically update itself at any time. This means you've granted an outside authority to rights to change how your computer operates at any time.
If a nation-state wanted to attack millions of users around the world at one time it would simply push out an update that runs instantly, installs itself, and goes to work. I'd rather take the chance that my country would not attack its own citizens than trust an authoritarian regime with no regards for me or my country. And we all have zero recourse if anything happens.
If we've seen anything this past six months is that government does not have a clue about protecting its own economies. They, too, make knee-jerk reactions.
03 Feb 2021
I'm agast at the naivete of the concept from just 4 years ago. Bad actors only need $ and a willing vendor to buy their way into your network. China has has been shown to have done just that in addition to potentially influencing 'paying off' people and organizations who should be keeping us safe. In fact I now have doubts about almost every 'big tech' firm.
EDITOR'S NOTE: Alec Baldwin and Charlie Sheen are hacking into our networks? Yikes.