Security

Germany advises citizens to uninstall Kaspersky antivirus

Russian biz founder calls it 'an insult'


Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."

Russia-based Kaspersky has long been a target of suspicious rumors in the West over its ownership and allegiance to Russia's rulers.

In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products."

It added: "A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers."

The warning does not appear to be based on any specific threat. Instead, however, it focuses on the notion that Kaspersky could find itself being used against its management's will to harm instead of protect its customers. The advisory noted, via Google Translate:

Antivirus software, including the associated real-time capable cloud services, has extensive system authorizations and, due to the system (at least for updates), must maintain a permanent, encrypted and non-verifiable connection to the manufacturer's servers. Therefore, trust in the reliability and self-protection of a manufacturer as well as his authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected.

Kaspersky, a stalwart of the consumer antivirus scene since its foundation in the late 1990s, denied – unsurprisingly – that it poses a risk to Westerners. Instead it said the decision is politically motivated.

A company spokesman told The Register: "We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds... Kaspersky is a private global cybersecurity company and, as a private company, does not have any ties to the Russian or any other government."

He also added, without mentioning Russia's military invasion of Ukraine and its indiscriminate killing of unarmed civilians as a result: "We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone."

Like US-sanctioned enterprise infosec firm Positive Technology, Kaspersky tried to soothe fears in the West by moving its European base of operations to Switzerland in 2018. This failed when the Dutch government said it was banning internal use of Kaspersky; both Britain and the US did likewise.

In America's case, however, an NSA hacker's carelessness proved to be Kaspersky's undoing. Nghia Hoang Pho, who worked in the NSA's Tailored Access Operations (TAO) unit, was in the habit of taking his work home with him. When he uploaded an exploit onto his home laptop in 2015, his Kaspersky antivirus functioned exactly as intended: it recognized the malware and uploaded a copy to Kaspersky's servers.

Enraged, the US said Kaspersky had handed the exploit to Russia's FSB spy agency, jailed Pho, and banned the use of Kaspersky across its entire government.

Days after the Pho story first broke, however, rumors (started by the New York Times newspaper) began swirling that Israeli spies had hacked Kaspersky only to discover (so the story went) the infosec firm was working hand-in-glove with Russian spy agencies. This explosive allegation served its evident purpose: Kaspersky was, as far as the US government was concerned, kaput, and its denials of espionage collusion fell on deaf ears.

The company has occasionally repeated its promise of setting up transparency centers, similar to how Huawei has dealt with suspicious Western countries. A page on Kaspersky's website says potential customers can review source code through one of three pre-defined programs. These are said to include verification of binary equivalence ("rebuild the source code to make sure it corresponds to publicly available modules") and details of Kaspersky's Software Bill of Materials (SBOM) for its consumer and enterprise products.

None of this appears to be washing in the West – and today's announcement by Germany won't help the company's position. ®

Updated to add

Co-founder of the eponymous Russian security biz Eugene Kaspersky has hit back the warning.

"Without going into details I can say that these claims are speculations not supported by any objective evidence nor offering technical details,." he said in a statement.

"The reason is simple. No evidence of Kaspersky use or abuse for malicious purpose has ever been discovered and proven in the company's twenty-five years' history notwithstanding countless attempts to do so."

Kaspersky asserted that the German government had given the security shop only hours to answer allegations against it, and that it has offered its code up for review by the BSI years ago. "This is not an invitation for dialogue - it is an insult," he said.

"This is not an invitation for dialogue - it is an insult"

"This war is a tragedy that has already brought suffering to innocent people and repercussions across our hyper-connected world. The global cybersecurity industry that has been built on the basis of trust and cooperation to protect the digital links connecting us with each other may well be its collateral damage - and thus leave everyone even less safe."

Send us news
102 Comments

Stalkerware usage surging, despite data privacy concerns

At least 31,031 people affected last year

US sanctions spree continues with 15 more for Russian entities

Financial firms that help evade existing restrictions in crosshairs

German defense chat overheard by Russian eavesdroppers on Cisco's WebEx

Officials can't tell whether the tape was edited, but fear Kremlin has more juicy bits to release in the future

Is Russia using Starlink in Ukraine? Congress demands answers

And saying Starlink doesn't work inside Russian borders isn't sufficient...

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

One might say this is a wurst case scenario

Russia's Cozy Bear caught phishing German politicos with phony dinner invites

Forget the Riesling, bring on the WINELOADER

FTC goes undercover to probe suspected antivirus scam, scores $26M settlement

Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents

Kremlin accuses America of plotting cyberattack on Russian voting systems

Don't worry, we have a strong suspicion Putin's still gonna win

Russia plans to put a nuclear reactor on the Moon – with China's help

Roscosmos has had a few problems landing on the lunar surface recently

Microsoft confirms Russian spies stole source code, accessed internal systems

Still 'no evidence' of any compromised customer-facing systems, we're told

Tesla Berlin gigafactory to take week-long nap after suspected arson

Losses could surpass €1B as 1,000 vehicles a day go unfinished

Tesla Berlin gigafactory goes dark after alleged eco-sabotage

Left-wing extremist group claims responsibility, says goal is to 'bring Tesla to its knees'