Kaspersky: facts and analysis. The article by Umberto Rapetto, director of Infosec.news
A week after the story of the antivirus installed in the Ministries was brought up on the impertinent pages of Infosec News, despite at least certain principles of "opportunity", they all went wild to point the finger at a product that had found fluid methods of permeation of the public technological infrastructure (defense and law enforcement included).
Each newspaper - this time in spite of the calendar - seems to claim the scoop and since in our part no one reads anything (especially where you should treasure certain inputs from "open sources"), it is really easy to attribute the birthright.
The emotional wave even reached the crest of a parliamentary question with a written response (number 4/11474) presented to the Chamber of Deputies by the Honorable Paolo Nicolò Romano and three of his colleagues on 28 February last.
In this affair, important documents are gradually emerging which should quell doubts and concerns that the quisque de populo believed it legitimately had in mind.
All concentrated on saying that Eugene Kaspersky graduated from the HighSchool of the KGB, but no one who goes to look for the documentation that "absolves" the software products that have fallen out of favor due to suspicions of a link between the Russian entrepreneur and the government of his Village.
It is never possible that no one has taken into consideration the (elementary) circumstance that the continuous updates (essential for antivirus) involve a connection with the manufacturer who is authorized to access PCs, tablets and smartphones with full writing powers on the "disks" of the individual devices affected?
Was it possible that no one noticed that the delicate package of cyber security programs came from Putin's land?
Is it possible that no one has ever hypothesized the remote possibility that these interventions would turn into opportunities for inoculating malware or spyware, perhaps by a mad programmer but faithful to the orders of a particularly fickle political leader?
Possible.Now, however, the inevitable gossips and the great priests of retro-thought must immediately subside. The sophisticated technological solution which - irresistibly - has attracted a large part of the Public Administration (even that segment characterized by greater criticality) has been the subject of severe examination and evaluation by the Ministry of Economic Development. And it was not just any office that took care of it - bau bau micio micio, but the "Directorate General for Communications Technologies and Information Security" and in particular "the Higher Institute of Communications and Information Technologies".
"I will appear" exclaims without hesitation the reader who finally sees all sorts of perplexities dispelled.
The much criticized Kaspersky Endpoint Security for Windows (version 11.6.0.394 AES256) boasts a Certification Report issued by the Information Security Certification Body (OCSI) and registered as OCSI / CERT / CCL / 02/2021 / RC on January 31st 2022.
The authoritative "papyrus" n * 4/22 available on the Internet (this is the link in case it escaped a few lines ago) states that "The product indicated in this certificate complies with the requirements of the ISO / IEC 15408 (Common Criteria) standard v. 3.1 for the guarantee level ".
Whoever has doubts about the competence of public specialists, stop and be silent forever.
The Certificate was digitally signed by Dr. Eva Spina whose CV shows that it is not the classic "grand commis" fasting of these things and justified by not being a digital native.
On page 4 of the 7 (even if the latter is empty) of which the curriculum published on the Mise website is composed, it can be read clearly that whoever issued the complex certification declares among their "Skills in the use of information technologies" as many as four strengths: “Windows, Office, Use of e-mail and Internet browsing”.