A Jan. 30 photo shows a sign above the headquarters of Kaspersky Labs in Moscow. A National Security Agency employee’s use of Kaspersky Lab antivirus software reportedly enabled Russian hackers to see his files. (Pavel Golovkin/AP)

Regarding the Oct. 6 news article "Hackers used Russian antivirus software to steal U.S. cyber capabilities":

An antivirus software package can prevent damage from malware only by poking its tendrils into the operating system, allowing it to observe and intercept the activities of other applications. There is nothing "seemingly innocuous" about this. Even a simple calculator app could be a Trojan horse, a program that provides some desired benefit to the user but also does something nefarious in the background.

Regardless of the intended function, the true risk is in running programs whose source code is not available for inspection and analysis by security experts.

Josh Juran, Rockville