EU Considers Banning Kaspersky Software ‘Confirmed as Malicious’

EU Considers Banning Kaspersky Software ‘Confirmed as Malicious’

Kaspersky Labs isn’t having a particularly good time of it. The company’s attempts to defeat the US ban on its products have been unsuccessful, the UK has banned all Russian software from government networks that carry traffic rated Secret or higher, and Kaspersky’s decision to move some of its infrastructure to Switzerland from Russia hasn’t prevented the Netherlands from planning to phase out its use of Kaspersky products, either.

Now, on top of these moves, the EU could adopt a resolution of its own to block the use of Kaspersky software. While the motion, which was voted on today, is non-binding, it follows a series of actions by various EU member and non-member states to restrict (or at least recommend restricting) the ways that the company’s software is deployed.

The text of the resolution name-checks Kaspersky specifically according to The Register, stating:

Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab.

Kaspersky Lab would undoubtedly argue with the characterization of its own software as malicious, but it’s not clear how seriously those protests should be taken. Last year, evidence surfaced of a connection between Kaspersky and Russian intelligence, after Israel revealed it had been the one to detect Russian agents searching US computers and assets for keywords and code names in real time. Those searches were possible because of Kaspersky products installed on the machines in question. Kaspersky counter-attacked the allegations, but has offered no concrete refutation of them. More lately, it’s been tweeting very hard about its transparency initiative.

Want to know more about our on-going transparency initiative? Learn more here:

— Kaspersky Lab (@kaspersky) June 12, 2018

The problem here is that any meaningful disclosure that would tilt the scales for or against Kaspersky’s overall innocence in this matter would probably also require the disclosure of intel that governments are unwilling to share. With that said, however, the fact that this issue continues to be taken up by various European countries could be considered at least circumstantial evidence that there could be some risk factors. Of course, the counter argument to that is that any unilateral, unequivocal evidence of foreign spying would probably have been treated as immediate grounds to dump Kaspersky by every Western government with access to the information.

If you’re happy with Kaspersky products and want to continue using them, the US government has not made its rationale for banning those products public knowledge, and the EU seems to think that the software remains safe for consumer use as well. The other view — and based on what we know, it’s equally valid — is that PC security is difficult enough without taking the chance that your AV solution is also designed to exfiltrate data in the event that the Russian government finds it interesting. (The chances that the Russian government finds any of our hard drives interesting is, needless to say, remote.)

In the past, has recommended a “better safe than sorry” approach and we continue to do so. Nonetheless, it’s only fair to note that while governments are collectively moving away from Kaspersky, that shift has not been accompanied by declarations that the software is compromised at the personal level. Despite what the EU statement says, Kaspersky products haven’t been “confirmed” as malicious — at least, not publicly.

Continue reading

Apple to Revamp Software Development Cycle, Adopt Slower Cadences

Apple is reportedly reconsidering its iOS optimization schedule and prioritization for development projects, but this may not be as large a departure from the norm as it appears.

Software Cheat May Have Helped Mercedes-Benz Pass US Emissions Rules

Reports say Mercedes-Benz diesels stopped cleansing the exhaust after 21 miles. The cars also recognized emissions tests and went to full-clean mode.

Alphabet Company Launches Free VPN Software for Windows and Android

A new VPN software solution from Jigsaw (formerly Google Ideas) is intended to allow journalists, activists, and others to roll their own VPN solutions without using a third-party provider of uncertain provenance.

Motorola Announces Moto E5 Play with Android Go Software

This phone looks a lot like the regular Moto E5, but the specs have gotten a tweak to fit within the Android Go guidelines, and it won't be available in most markets.