Is Kaspersky Safe To Use

[Penny Bozic]

Totry to reduce risk of Russian cyberattacks, the US government has banned the sale of and updates to software developed by cybersecurity company Kaspersky Labs. In its statement, the US cited concerns that the privileged access security software uses to protect computer systems could be exploited to steal sensitive information, install malware, and more.

As part of this prohibition, Kaspersky will no longer be allowed to provide US customers with signature or code-base cybersecurity updates after September 29, 2024. That means that the protection provided to US customers who elect to keep using Kaspersky will deteriorate over time.

Along with the US, government agencies in Germany, Italy, Lithuania, and elsewhere have also warned consumers and operators of critical infrastructure about the potential security risks of using Kaspersky software.

Similar to the United States, Lithuania banned Kaspersky on sensitive computers back in 2017. Computers and networks deemed critical by the Lithuanian government include those that protect government information such as financial, transportation, and energy data. The Lithuanian ban extends to computers and networks of private companies, if they are holding similarly sensitive data.

After announcements from the US and UK governments, the Dutch government carried out their own independent risk analysis of Kaspersky. While the results (downloadable here in Dutch) showed that there were no known cases of misuse in the country, the risk was deemed too significant to ignore, leading the Dutch government to phase-out Kaspersky products as a precaution.

Kaspersky Internet Security is consumer cybersecurity software developed by Kaspersky, whose headquarters are in Moscow, Russia. Kaspersky Internet Security aims to remove viruses and protect against other threats to consumer devices.

While Kaspersky does offer free trials of its premium products, it doesn't offer comprehensive, free security software. Premium Kaspersky products (such as Kaspersky Total Security and Kaspersky Internet Security) are available with yearly subscriptions for a specified number of devices.

While no allegations have been publicly proved, many governments have warned against using Kaspersky products, or even banned their use, especially on systems operating critical infrastructure. Whether or not you should trust Kaspersky depends on how justifiable you think the government warnings are.

The potential security risks associated with using Kaspersky Internet Security and Kaspersky Total Security are just that: potential risks. According to Kaspersky, the accusations are merely speculations without technical or objective support, and the company is open to addressing any concerns.

With the situation deteriorating, Avast Threat Labs observed a noticeable spike in phishing attacks aimed at Ukrainian interests. The attacks targeted communication infrastructure, internet service providers, and other community services. Our security experts immediately analyzed the threat and offered clear advice on how to stay safe.

On March 15, 2022, the German government warned citizens to not use Kaspersky antivirus software due to concerns that the software might be used as a weapon during high international tensions following the Russian invasion of Ukraine.

Kaspersky antivirus software running on the contractor's computer noticed the NSA files, which may have contained NSA-designed malware, and somehow tipped off Russian state-sponsored hackers to its presence. The Russian hackers then targeted the contractor's home machine and copied the NSA files.

However, catching NSA malware on a user's computer is exactly what antivirus software is supposed to do. Kaspersky Lab has exposed several likely NSA cyberespionage efforts in the past few years, as well as some Russian ones, and it knows what state-sponsored spyware looks like.

A former NSA staffer told the Journal that Kaspersky antivirus software is "aggressive" in its search for malware on user machines. But for anyone who didn't have copies of NSA files on his or her computer, this would be a good thing.

Left unanswered in the Journal's story, and in a companion story in the Washington Post, was the question of whether Kaspersky Lab itself actively told the Russian government about the NSA files on the contractor's machines.

"The key question is what triggered the Kaspersky APT investigation. Was it bc he's an NSA employee? Looking at docs? If so, Kaspersky is toast," tweeted Matt Tait, a British cybersecurity expert and former staffer at GCHQ, the U.K.'s equivalent of the NSA. "But if it's just signatures on NSA implants and NSA exploits, then this is Kaspersky just doing its job, and not at all a Kaspersky-Russia thing."

Both Kaspersky the man and Kaspersky Lab the company have consistently denied any active collusion with the Russian government. In his blog post last night, Eugene Kaspersky said that doing so would make his job impossible.

In the face of this new information, our own position remains the same: Don't run Kaspersky antivirus software if you or your close family members work for the U.S. government, for a defense contractor or for a company involved in running or maintaining critical infrastructure.

UPDATE to the update: On Oct. 10 and 11, The New York Times, the Washington Post and The Wall Street Journal all published stories detailing further allegations made against Kaspersky Lab by unnamed current and former U.S. government officials. Our take on those allegations is here. While the allegations are very serious, we feel it would be unfair to act upon them based on accusations made anonymously and without proof.

Russian antivirus firm Kaspersky Lab has been in the news a lot lately, and not in a good way. The U.S. Congress may ban Kaspersky products from the Pentagon. The federal bureaucracy has removed Kaspersky Lab from its list of approved vendors. And FBI agents have interviewed some of Kaspersky's U.S. employees at their homes.

All this has happened mainly because Kaspersky Lab and its CEO and co-founder, Eugene Kaspersky, are perceived as being close to the Kremlin. Reports in major Western news outlets have alleged strong ties between Kaspersky Lab and the Russian security services, though there's not much of a smoking gun.

Eugene Kaspersky has fired back, insisting that his company is free from government interference. He's even offered to show the U.S. government the source code of his company's products. So far, the pushback isn't working.

I don't know how close Kaspersky Labs is to the Kremlin. I've met Eugene Kaspersky a few times, and I think he talks too much to make a good spy. But I do know one thing for sure: Kaspersky antivirus software is excellent, and unless you're running a nuclear power plant, designing a jet fighter or operating the New York Stock Exchange, it should be safe to use.

Let me state right off the bat that I am not a Russian apologist. The evidence is overwhelming that the Russian government influenced the 2016 U.S. presidential election through propaganda and selective disclosure of stolen information. Cybersecurity experts were aware of Russian electoral machinations in March of 2016, before the GOP primary process was even finished.

But there's no evidence Kaspersky Lab had anything to do with that. What is clear is that Kaspersky has a terrific team of researchers looking into malware and cyberespionage, and they freely and actively share what they discover.

The company has not one, but three cybersecurity blogs that I read every day: the general Kaspersky blog, the technical but informative Securelist blog and the excellent but less technical Threatpost news site.

Yes, Kaspersky has uncovered cyberespionage campaigns conducted by U.S. intelligence agencies, most notably the Flame spyware platform. (Contrary to widespread belief, Kaspersky did not discover the Israeli-NSA Stuxnet worm.) But Kaspersky has also uncovered Russian cyberespionage efforts, such as the Red October campaign.

Nevertheless, it's true that Kaspersky Lab couldn't have become such a successful Russian company, and Eugene Kaspersky a billionaire, without approval, both official and unofficial, from the Russian government, which likes to hold the reins on rich businesspeople. It's also true that Eugene Kaspersky was trained by the KGB's signals-intelligence division during the last years of the Cold War. Years ago, the company even touted that fact on the packaging of Kaspersky products.

The company admits that it works with the FSB, Russia's domestic-intelligence agency, when called upon. Kaspersky Lab got the government contract to secure the communications and computer systems at the 2014 Winter Olympics in Sochi, Russia. News reports have alleged that former Russian military and intelligence officials have been placed in sensitive jobs within the company. In January 2017, Russian authorities arrested a Kaspersky manager along with two active FSB officers. All were charged with treason.

But that doesn't make Kaspersky Lab an arm of the Kremlin, any more than top American information-security firms are arms of the U.S. government. (Many top American cybersecurity analysts have worked for the NSA, and there are rumors that the U.S. government places people high up in American telecommunications companies.) And Kaspersky itself insists that it can't favor one government over another, lest it lose customers worldwide.

So is Kaspersky software safe to use? It's probably not a good idea for any U.S. defense contractor, federal agency or critical-infrastructure operator to use antivirus software from a potential adversary country. That includes not only Russian companies like Kaspersky and Dr.Web, but also Chinese ones such as Qihoo 360.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil."}), " -0-10/js/authorBio.js"); } else console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); Paul WagenseilSocial Links NavigationPaul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

3a8082e126