The Internet Security Dragon

An Unintuitive Investigation

¹

Kaspersky’s tweet, which I shared in The Quantum Dragon, is the first (and only) take on quantum computers I’ve seen from a traditional personal Internet security provider. Subsequently, Amara Graps suggested that this might be a good investigative story for someone.

Despite the comic demonstrating awareness of the threat, by the way, Kaspersky makes no mention whatsoever of post-quantum cryptography (PQC). It’s the one prominent company I didn’t reach out to because, quite frankly, I don’t trust it with my personal information.

I did, however, reach out to the following companies:

• Avast

• Bitdefender

• ESET

• Malwarebytes

• McAfee

• Microsoft

• Norton

• Trend Micro

I would like to inform you that Avast has not integrated post-quantum cryptography into its consumer products as of now.

Avast

Well, at least Avast seems to know what PQC is.

Currently, there is no information available regarding post-quantum cryptography support in Bitdefender products.

Bitdefender

That’s not encouraging.

Currently, the retrieved documents do not specifically mention the inclusion of post-quantum cryptography in ESET products.

ESET

I don’t know about you, but I don’t think that response came from a human.

I appreciate your interest in our security products! Unfortunately, I couldn't find specific information regarding the inclusion of post-quantum cryptography in our products.

Malwarebytes

That’s not good. In fact, you could say it’s “mal.”

As of now, McAfee does not publicly offer or market a specific post-quantum cryptography solution or product.

McAfee

That’s a little surprising. I might be dating myself here, but I recognize McAfee as one of the biggest names in personal Internet security going back about three decades.

Yes, Windows now includes support for post-quantum cryptography (PQC) — but currently, it's available in early-access builds for testing and development purposes.

Microsoft

Okay, okay, this one’s not a shocker. Considering Microsoft’s roles in the industry, we all ought to expect something to be in the works.

As of now, Norton products do not publicly list post-quantum cryptography (PQC) as part of their encryption standards. Norton uses strong, industry-standard encryption to protect your data, but PQC is still emerging and being standardized. We're closely watching developments to ensure future readiness as quantum threats evolve.

Norton

Compared to the other pure-play personal Internet security providers (not Microsoft), this is the only response that demonstrates true recognition of my inquiry.

Trend Micro

I reached out but, apparently, no one could be bothered to respond.

Conclusion

Microsoft and Norton are implementing and tracking PQC, respectively. That’s the relatively good news. Aside from them, Avast and McAfee at least seem to know what it is, while Bitdefender, ESET, and Malwarebytes don’t convincingly do.

From Lawrence Gasman’s Desk

Mr. Gasman knows that The Quantum Dragon is his biggest fan, always peeking at his desk through his window, so he was kind enough to share some notes with him, which he brought back to me:

1. Although the focus today with regard to PQC is on government markets and then enterprise markets, there is the intention of deploying PQC in consumer electronics markets.

2. On the “consumer side” of things, there are alliances of major vendors such as Intel, Microsoft, NVIDIA, and AWS to get PQC into phones and consumer electronics. Also, Meta is working to get PQC into smart glasses, which are especially vulnerable.

3. In the future, PQC development would address websites and digital signatures. For websites, at least, NIST was working with “the industry,” especially Microsoft and Google. Google had an experiment with PQC that is now disbanded.

4. No mention of VPNs, at least not in his notes. In fact, he has never heard VPNs come up in the context of PQC, but that seems an obvious product direction. There do seem to be a few articles that mention PQC VPNs, but never actual products.

5. The problem here is that it is hard to guess how much consumers really want quantum security and especially how much they are willing to pay to get it. It’s not even clear that there is much of a threat – most consumers do not have much data they have to protect from quantum computers. However, one must acknowledge that IDs are stolen and quantum protection may be required.

1

Image generated by Google's language model AI.