Kaspersky Labs isn’t having a particularly good time of it. The company’s attempts to defeat the US ban on its products have been unsuccessful, the UK has banned all Russian software from government networks that carry traffic rated Secret or higher, and Kaspersky’s decision to move some of its infrastructure to Switzerland from Russia hasn’t prevented the Netherlands from planning to phase out its use of Kaspersky products, either.
Now, on top of these moves, the EU could adopt a resolution of its own to block the use of Kaspersky software. While the motion, which was voted on today, is non-binding, it follows a series of actions by various EU member and non-member states to restrict (or at least recommend restricting) the ways that the company’s software is deployed.
The text of the resolution name-checks Kaspersky specifically according to The Register, stating:
Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab.
Kaspersky Lab would undoubtedly argue with the characterization of its own software as malicious, but it’s not clear how seriously those protests should be taken. Last year, evidence surfaced of a connection between Kaspersky and Russian intelligence, after Israel revealed it had been the one to detect Russian agents searching US computers and assets for keywords and code names in real time. Those searches were possible because of Kaspersky products installed on the machines in question. Kaspersky counter-attacked the allegations, but has offered no concrete refutation of them. More lately, it’s been tweeting very hard about its transparency initiative.
Want to know more about our on-going transparency initiative? Learn more here: https://t.co/nOdYdKIPPs pic.twitter.com/cCASKqZISk
— Kaspersky Lab (@kaspersky) June 12, 2018
The problem here is that any meaningful disclosure that would tilt the scales for or against Kaspersky’s overall innocence in this matter would probably also require the disclosure of intel that governments are unwilling to share. With that said, however, the fact that this issue continues to be taken up by various European countries could be considered at least circumstantial evidence that there could be some risk factors. Of course, the counter argument to that is that any unilateral, unequivocal evidence of foreign spying would probably have been treated as immediate grounds to dump Kaspersky by every Western government with access to the information.
If you’re happy with Kaspersky products and want to continue using them, the US government has not made its rationale for banning those products public knowledge, and the EU seems to think that the software remains safe for consumer use as well. The other view — and based on what we know, it’s equally valid — is that PC security is difficult enough without taking the chance that your AV solution is also designed to exfiltrate data in the event that the Russian government finds it interesting. (The chances that the Russian government finds any of our hard drives interesting is, needless to say, remote.)
In the past, has recommended a “better safe than sorry” approach and we continue to do so. Nonetheless, it’s only fair to note that while governments are collectively moving away from Kaspersky, that shift has not been accompanied by declarations that the software is compromised at the personal level. Despite what the EU statement says, Kaspersky products haven’t been “confirmed” as malicious — at least, not publicly.
Asus Acknowledges, Responds to Attack but Disputes Kaspersky Numbers
Asus has acknowledged being infected by unusual, highly targeted malware, but insists very few people were impacted. That's difficult to square with what we know about the attack thus far.
Kaspersky Products Leak Everything You Do Online, Straight Through Inc
Kaspersky Labs has been leaking data from any machine that runs its antivirus products. It broadcasts a unique identifier straight through incognito mode.