Kaspersky Ban Stirs Confusion, Fear in U.S.
Best Buy Co. declined to give details about why it dropped Kaspersky products, saying that it doesn’t comment on contracts with specific vendors. The Minneapolis Star Tribune first reported that Best Buy would stop selling Kaspersky software.
The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.
Kaspersky has denied any unethical ties with Russia or any government. It said Wednesday that its products have been sold at Best Buy for a decade. Kaspersky software is widely used by consumers in both free and paid versions, raising the question of whether those users should follow the U.S. government’s lead.
Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision “prudent”; he had argued for such a step in July . But he added by email that “for most everybody else, the software is fine.”
The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to “government-mandated malicious update,” Weaver wrote this summer.
Kaspersky products accounted for about 5.5 percent of anti-malware software products worldwide, according to research firm Statista.
Another expert, though, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one’s computer and network.
“Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk,” he said. “There are plenty of alternatives out there.”
Sulmeyer also said retailers should follow Best Buy’s lead and stop selling the software.
Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn’t immediately return messages seeking comment.
Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.
Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.
© 2017 Associated Press under contract with NewsEdge/Acquire Media. All rights reserved.
Image credit: Product shots by Kaspersky Labs.
Jeff Hudson, Venafi CEO:
Posted: 2017-09-14 @ 9:58am PT
And, it is not even controversial to know that other governments will be taking the same steps against U.S. software manufacturers if they are forced to include encryption backdoors. U.S. software companies will suffer.
The net result is that the entire internet will become completely untrustable — there will be back doors everywhere and governments and bad guys will use them at will. We have to hold ourselves to a higher standard and lead the way to show the rest of the world the right way to secure the internet.