Kaspersky Takes the Hit

You know who doesn’t suck? Kaspersky.

In case you missed it, they got hacked a few days ago in a pretty embarassing incident that I’m sure was pretty painful for folks over there. And they have proceeded to handle this thing in an honest and forthright manner.

Now, I’ve been pretty critical of Kaspersky before. But I have to say that I’m downright impressed by how they’re handling this thing. First, they’ve refrained from minimizing the impact until they’ve had a chance to have an independent well-respected party determine what was accessed vs. what wasn’t. They’ve taken ownership of the issue and admitted it was “their fault”. And they’ve admitted that it shouldn’t have happened. All in all, the right response in my opinion.

They’re right – it’s an embarrassing thing to happen to them because they’re a security company. They’re also right that it probably shouldn’t have happened and it’s their fault. Fair enough. No data was compromised – they’ve proved that already. And they’re an AV company, so I don’t really expect them to be perfect when it comes to application security (a totally different discipline). So I’m on board with giving them a pass on this one.

Actually, more than a pass – Kaspersky went up a notch in my esteem. They went from a value added reseller for grep (true of most AV) to a company that actually has the spine to stand up and admit to making a mistake – without the BS and drama that usually accompanies these types of things.

I am now a full-fledged Kaspersky fan.