Germany Tells Kaspersky Users To Uninstall Russian Antivirus Software Should You

“The BSI recommends replacing applications from Kaspersky’s virus-protection software portfolio with alternative products,” said the German Federal Office for Information Security (opens in new tab), or BSI, in a public advisory that we ran through Google Translate. 

How antivirus software could be used against you

“Antivirus software … has extensive system authorizations and … must maintain a permanent, encrypted and non-verifiable connection to the manufacturer’s servers,” the BSI’s advisory explained. “If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected.” The German warning generally falls in line with our own 2017 advisory about not using Kaspersky software for machines involved with national security or critical infrastructure. But it goes further than our own in recommending that ordinary citizens consider removing Kaspersky software as well. Tom’s Guide and its parent company Future have “de-monetized” our reviews of Kaspersky products, removing links to websites where you can buy Kaspersky software and foregoing the affiliate revenue that comes from those sales.

Kaspersky might have to do what Putin says

The German authority stopped short of accusing Kaspersky of actively colluding with Russian security agencies. American and Israeli government agencies have tried to make that case in recent years, but the evidence has been largely lacking. Instead, the BSI hypothesized that Kaspersky might not have a choice but to do the Kremlin’s bidding. “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers,” said the BSI advisory.

Kaspersky responds to the German warning

The Kaspersky company responded to the BSI advisory with an English-language statement of its own (opens in new tab), arguing that the BSI warning was “made on political grounds” and that Kaspersky “does not have ties to the Russian or any other government.” “We believe that peaceful dialogue is the only possible instrument for resolving conflicts,” the Kaspersky statement added. “War isn’t good for anyone.” That last bit repeats a statement that company co-founder and CEO Eugene Kaspersky tweeted on March 1. Such words might be charitably viewed as the most a Russian company or individual can say while still staying on the good side of an increasingly repressive and punitive government.  It’s nonetheless noteworthy that Eugene Kaspersky uses the “war” even as Russia has banned public statements using the word when referring to Russia’s “special operation” in Ukraine. The company co-founder put up an angry blog post (opens in new tab) today (March 16) addressing the BSI advisory. “Kaspersky, the long-time partner and contributor of BSI and German cybersecurity industry, was given mere hours to address these bogus and unfounded allegations,” Eugene Kaspersky wrote. “This is not an invitation for dialogue — it is an insult.” “Not having Kaspersky in Germany will not make Germany or Europe safer,” he added. “We consider this decision to be unfair and outright wrong.” “This war is a tragedy that has already brought suffering to innocent people and repercussions across our hyper-connected world,” Eugene Kaspersky concluded. “The global cybersecurity industry that has been built on the basis of trust and cooperation to protect the digital links connecting us with each other may well be its collateral damage — and thus leave everyone even less safe.”

It’s up to you to decide

Kaspersky the company has been trying to evade Russian-Western conflicts for some time, legally domiciling the company in London, offering to privately disclose its source code and moving many of its servers and operations to Switzerland. Meanwhile, Kaspersky the man has, to our knowledge, not set foot on U.S. soil for several years. We still think that Kaspersky makes some of the best antivirus software, and is one of the top information-security companies overall. Its researchers are among the best in the world, and the company exposes Russian state-sponsored hacking campaigns as often as it does American ones. Yet the reality is that Kaspersky still has most of its operations in Moscow and has numerous Russian government agencies as clients. Installing Kaspersky software creates an unnecessary risk for any Westerner involved in highly sensitive matters, and, now that war has come to Ukraine, perhaps for everyone else too.

title: “Germany Tells Kaspersky Users To Uninstall Russian Antivirus Software Should You " ShowToc: true date: “2022-11-05” author: “William Delisio”

“The BSI recommends replacing applications from Kaspersky’s virus-protection software portfolio with alternative products,” said the German Federal Office for Information Security (opens in new tab), or BSI, in a public advisory that we ran through Google Translate. 

How antivirus software could be used against you

“Antivirus software … has extensive system authorizations and … must maintain a permanent, encrypted and non-verifiable connection to the manufacturer’s servers,” the BSI’s advisory explained. “If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected.” The German warning generally falls in line with our own 2017 advisory about not using Kaspersky software for machines involved with national security or critical infrastructure. But it goes further than our own in recommending that ordinary citizens consider removing Kaspersky software as well. Tom’s Guide and its parent company Future have “de-monetized” our reviews of Kaspersky products, removing links to websites where you can buy Kaspersky software and foregoing the affiliate revenue that comes from those sales.

Kaspersky might have to do what Putin says

The German authority stopped short of accusing Kaspersky of actively colluding with Russian security agencies. American and Israeli government agencies have tried to make that case in recent years, but the evidence has been largely lacking. Instead, the BSI hypothesized that Kaspersky might not have a choice but to do the Kremlin’s bidding. “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers,” said the BSI advisory.

Kaspersky responds to the German warning

The Kaspersky company responded to the BSI advisory with an English-language statement of its own (opens in new tab), arguing that the BSI warning was “made on political grounds” and that Kaspersky “does not have ties to the Russian or any other government.” “We believe that peaceful dialogue is the only possible instrument for resolving conflicts,” the Kaspersky statement added. “War isn’t good for anyone.” That last bit repeats a statement that company co-founder and CEO Eugene Kaspersky tweeted on March 1. Such words might be charitably viewed as the most a Russian company or individual can say while still staying on the good side of an increasingly repressive and punitive government.  It’s nonetheless noteworthy that Eugene Kaspersky uses the “war” even as Russia has banned public statements using the word when referring to Russia’s “special operation” in Ukraine. The company co-founder put up an angry blog post (opens in new tab) today (March 16) addressing the BSI advisory. “Kaspersky, the long-time partner and contributor of BSI and German cybersecurity industry, was given mere hours to address these bogus and unfounded allegations,” Eugene Kaspersky wrote. “This is not an invitation for dialogue — it is an insult.” “Not having Kaspersky in Germany will not make Germany or Europe safer,” he added. “We consider this decision to be unfair and outright wrong.” “This war is a tragedy that has already brought suffering to innocent people and repercussions across our hyper-connected world,” Eugene Kaspersky concluded. “The global cybersecurity industry that has been built on the basis of trust and cooperation to protect the digital links connecting us with each other may well be its collateral damage — and thus leave everyone even less safe.”

It’s up to you to decide

Kaspersky the company has been trying to evade Russian-Western conflicts for some time, legally domiciling the company in London, offering to privately disclose its source code and moving many of its servers and operations to Switzerland. Meanwhile, Kaspersky the man has, to our knowledge, not set foot on U.S. soil for several years. We still think that Kaspersky makes some of the best antivirus software, and is one of the top information-security companies overall. Its researchers are among the best in the world, and the company exposes Russian state-sponsored hacking campaigns as often as it does American ones. Yet the reality is that Kaspersky still has most of its operations in Moscow and has numerous Russian government agencies as clients. Installing Kaspersky software creates an unnecessary risk for any Westerner involved in highly sensitive matters, and, now that war has come to Ukraine, perhaps for everyone else too.