U.S. ban of Kaspersky antivirus software causes confusion
Possible ties between unnamed Kaspersky officials and Russian intelligence services worry government
Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Labs software on Wednesday. Best Buy said it will no longer sell software made by the Russian company, although one security researcher said most consumers don't need to be alarmed.
Best Buy Co. declined to give details about why it dropped Kaspersky products, saying that it doesn't comment on contracts with specific vendors. The Minneapolis Star Tribune first reported that Best Buy would stop selling Kaspersky software.
The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.
Kaspersky has denied any unethical ties with Russia or any government. It said Wednesday that its products have been sold at Best Buy for a decade. Kaspersky software is widely used by consumers in both free and paid versions, raising the question of whether those users should follow the U.S. government's lead.
Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision "prudent"; he had argued for such a step in July . But he added by email that "for most everybody else, the software is fine."
The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to "government-mandated malicious update," Weaver wrote this summer.
Kaspersky products accounted for about 5.5 per cent of anti-malware software products worldwide, according to research firm Statista.
Another expert, though, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one's computer and network.
"Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk," he said. "There are plenty of alternatives out there."
Sulmeyer also said retailers should follow Best Buy's lead and stop selling the software.
Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn't immediately return messages seeking comment.
Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.
Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.