Re: Having come up against Kaspersky's DRM...
"Kaspersky could have taken the decision to finally put their customers first and stop ignoring state malware"
Maybe I mis remember but I thought the whole thing that kicked this all off was Kaspersky catching NSA malware that some contractor wasn't supposed to bring home and automatically uploaded it to their cloud for analysis like they claim they do for pretty much all malware?
At the same time I do find it interesting that while Kaspersky is planning on opening up to outside audits and stuff the exact opposite has been happening in the U.S. security companies I recall an el reg article or two mentioning several companies at least say they will no longer allow other governments to inspect their code(which makes sense as those countries certainly can use the opportunity to find security issues with the code).
To me at the end of the day code inspection doesn't matter unless you're able to make sure the code you inspected is actually the code that is being installed(along with any updates). Also makes sense for any country that is highly concerned about security to use only locally sourced equipment/code which they can better maintain oversight of. Smaller countries are certainly at a disadvantage.
On my own systems anyway anti virus(currently kaspersky on my home windows systems and Sophos on my windows work VM and nothing on my linux systems(linux is my main system)) hasn't picked up anything new since the 90s(that I recall anyway). Obviously I am careful about what I download.
I believe Kaspersky is honest in they are not co-operating with the government, but also find it quite easily likely that there are government agents as employees(that the company isn't aware are agents) at the company that do stuff (I think the same is true for many/most/all big U.S. security companies too).