We are used to antivirus being programs that are responsible for dealing with different threats that can affect our computers, but according to the German cybersecurity agencies, the next threat would be precisely an antivirus.
The German Federal Cybersecurity Agency (Bundesamt für Sicherheit in der Informationstechnik, or simply BSI) has recommended the removal of the Russian Kaspersky antivirus, as well as the non-installation for new users. In addition, it recommends replacing applications from Kaspersky's antivirus protection software portfolio with alternative products.
Doubts about the reliability of the manufacturer
In an advisory published today, the BSI slams Kaspersky's reliability, evidently in relation to the armed conflict following Russia's invasion of Ukraine. Moscow-based Kaspersky has long been the subject of suspicious rumors in the West about its ownership and loyalty to Russia's rulers.
"If there are doubts about the reliability of the manufacturer, antivirus protection software poses a particular risk to the IT infrastructure that needs to be protected".
The BSI anticipates a possible Russian computer attack and the security solution could act against the interests it is supposed to defend.
"The conduct of the Russian military and/or intelligence forces, as well as the threats expressed by the Russian side in the course of the current war against the European Union (EU), NATO and Germany are associated with a considerable risk of a successful computer attack".
Beyond the threats and viruses themselves, antivirus software typically has high-level privileges on Windows systems, maintaining a permanent, encrypted, unverifiable connection to the vendor's servers for constant virus definition updates.
“A Russian information technology manufacturer may itself carry out offensive operations, be forced against its will to attack target systems, be spied upon without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against your own clients".
Suspected government affiliation
Although the war has been the trigger for such measures, the suspicions about Eugene Kaspersky and his company, as well as his government affiliation, are not exactly new.
Kaspersky has long been believed to offer its cybersecurity protection services to Russian state government infrastructures such as the Russian Federation Ministry of Defense, leading to concerns that the company may not be able to remain completely neutral.
Eugene Kaspersky, CEO and co-founder of the security company that bears his surname, has also not categorically denied these allegations, and in his post on social networks he did not even condemn the invasion of Putin's troops in Ukraine, which caused quite a bit of discomfort. among users of its computer security products.
While Mr. Kaspersky may indeed be trustworthy and ethical, as well as a proper professional, he should still comply with Russian laws and regulations, including allowing state agents access to private company databases and could be forced to help Russian intelligence forces conduct cyberattacks or conduct espionage.
Kaspersky official statement
The company has sent an official statement throughout the day regarding the BSI's decision, which indicates that it is taken "for political reasons and not because it is based on the technical evaluation" of the company's products. They indicate that they will contact this body to address any point on which they believe they are wrong.
From Kaspersky they indicate that their data infrastructure has been moved to Switzerland since 2018, where malicious and suspicious files voluntarily shared by users of Kaspersky products in Europe are found and processed. They add that the statistics provided by users to Kaspersky are processed in Kaspersky Security Network services located in different countries of the world, including Canada and Germany. Finally, from the antivirus company it is indicated that they have a SOC 2 audit and through the ISO 27001 certification of TÜV Austria and its recent recertification.
Finally, they indicate that clients, and regulators who request it, have the opportunity to carry out an exhaustive and free technical review of their products.