How CIA Hackers Rate Your Computer's Antivirus

cia anti virus computer security wikileaks
The logo of the Central Intelligence Agency (CIA) is seen at CIA Headquarters in Langley, Virginia, April 13, 2016. A recent WikiLeaks’ CIA data dump exposed the intelligence agency’s views on the vulnerabilities of the popular antivirus systems individuals and businesses rely on. SAUL LOEB/AFP/Getty Images

Updated | Of all the revelations from WikiLeaks' CIA data dump this week, one of the most informative has been the intelligence agency's views on the antivirus software we use to keep our computers and devices safe from hackers.

More than 20 security products are mentioned across the 8,000-plus pages, including some of the world's largest computer security companies—Avast, Kaspersky, McAfee, Norton, Microsoft Security Essentials—together with comments from the CIA on how effective five of the firms are at actually protecting people from being spied on.

Many of the companies have been quick to respond to details of how the CIA uses "weaponized" hacking tools to break into phones, computers and televisions, with some offering advice on how to protect yourself from being spied on. Others said more collaboration is needed to protect people from other malicious actors that may try to exploit the vulnerabilities.

"Just like nation-states, bad actors like hackers are also looking to identify and exploit these vulnerabilities, the latest set of leaks actually serves to bring to our attention the very real challenge of securing targeted platforms," says Vince Steckler, CEO of Czech security firm Avast.

"There is an urgent need for industry collaboration and open platforms between security vendors and mobile operating systems in order to stay ahead in this cat and mouse game."

So what does the CIA make of the tools we use to protect our online security? Below are the five companies that the intelligence agency mentioned in any detail.


Finnish security company F-Secure, which provides its services to tens of millions of consumer customers and over 100,000 corporate customers, was described by the CIA as a "lower-tier product that causes us minimal difficulty."

In response, F-Secure's Chief Research Officer Mikko Hypponen said that it was no surprize that the CIA's hacking techniques were able to bypass security measures employed by software vendors like F-Secure.

"F-Secure is mentioned in the leak, citing the CIA can potentially bypass some of our products," Hypponen said in an emailed comment provided to Newsweek. "But the question is really not whether the CIA can bypass our products, the answer to that is always yes. If they cannot do it right now, they invest another million to find a flaw."


German software company Avira was described as "similar to F-Secure," with a similar vulnerability that can be exploited with the same tool.

Avira says it provides security protection to more than 100 million people through partnerships with other companies.

According to the CIA, Avira has historically been a popular product among counter-terrorism targets, but is "typically easy to evade."


Russian security giant Kaspersky was also exposed to have vulnerabilities in the Vault 7 documents, allowing the CIA to "bypass" the company's protections.

With over 400 million users worldwide, Kaspersky was one of the biggest firms to be implicated in the leak and was one of the first to respond.

Both flaws mentioned in the WikiLeaks dump, which contains documents spanning the course of 2016, have already been fixed by Kaspersky.


AVG proved a tougher challenge for CIA hackers, with several "simple defeats" proving useless against the Dutch security company.

The vulnerability that was eventually uncovered involved a complicated technique called Process Hollowing. It is described in the documents as: "Awesome, and by awesome, I mean totally sweet."


Security software firm Comodo, which deals with business solutions, received perhaps the best badge of honor from the CIA, described as: "a colossal pain in the posterior."

"It literally catches everything until you tell it not to, including standard windows services (say what?!?)," the documents state.

The self-proclaimed "global leader in cybersecurity solutions" trips up in one of its versions, however, which contain vulnerabilities that are apparently much easier to exploit. The CIA author describes an attack on a four-year-old version of Comodo's software.

"Comodo's user base, paranoid bastards that they are, has apparently caught wind of this and lots of them haven't upgraded to 6.X [sic]," the documents state. "Kind of a shame, cuz this is a hole you could drive a very large wheeled freight carrying vehicle through."

In an emailed comment to Newsweek, Comodo said: "The only thing worse than being talked about by the CIA is not being talked about by the CIA. To be called a colossal pain in the posterior and annoying by the CIA, one of the best-funded, most expert hacking organizations in the world, is high praise.

"Comodo Internet Security has come a long way since V6.x, and such tricks are obsolete."

Updated: This article has been updated to include a comment from Comodo.