Kaspersky Lab says German warning to stop using its software is politically motivated

midian182

Posts: 8,030   +89
Staff member
In context: Antivirus giant Kaspersky Lab has responded to a warning put out by the German government advising users of its software that they could be susceptible to cyberattacks or snooping. The Moscow-based company said the advisory is based on political motivations and not technical assessments.

The German Federal Office for Information Security (BSI) issued the warning following Russia's invasion of Ukraine. "A Russian IT manufacturer can carry out offensive operations itself, be forced against its will to attack target systems, or be spied on as a victim of a cyber operation without its knowledge or as a tool for attacks against its own customers," the BSI writes (via the BBC, which translated the message).

The BSI recommends Kaspersky antivirus products be replaced with alternatives.

As it has done several times in the past, Kaspersky Lab, which says it moved its data-processing infrastructure to Switzerland in 2018, denied it has any links to or could be coerced by the Russian government. "We believe this decision is not based on a technical assessment of Kaspersky products -- that we continuously advocated for with the BSI and across Europe -- but instead is being made on political grounds," the company said.

"The security and integrity of our data services and engineering practices have been confirmed by independent third-party assessments […] We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone."

Kaspersky co-founder Yevgeny (Eugene) Kaspersky previously worked for the Russian military and was educated at a KGB-sponsored technical college, raising suspicions that his company may have close links to the country's government.

In 2017, Kaspersky Lab was facing claims over a possible compromise of its source code by Moscow. President Trump banned the use of its antivirus products on federal government machines in the same year, for which Kaspersky Lab filed a lawsuit. There have also been claims that hackers working on behalf of the Russian government stole secret details of the NSA's offensive and defensive cyber capabilities by exploiting Kaspersky antivirus software.

Permalink to story.

 

Dimitriid

Posts: 2,216   +4,268
A message for either party in this discussion: Hate to brake it to you but the only way to truly substantiate or refute these claims, is open source software.

So you can't assert it and you can't refute the spying claims without having open source code. It is entirely dependent on *just* the politics around the situation and of course the current politics dictate that customers of Kapersky really need to be looking for some other anti-virus software: they can't really pay for upgrades because of the economical blockade anyway so Kapersky has literally no incentive to provide updates for free to international customers while their company slowly goes bankrupt devoid of any international sales so even without the explicit German declaration it should already be functionally useless to potentially dangerous keeping the software in use.

EDIT: Note that at least *some* Kapersky products are indeed, open source. Just not *all* of their products so it's not really possible to assert the entire thing as open source and just kind of uses the adjacent-to-grab-some-good-faith model that Google uses with Chromium for example.
 

psycros

Posts: 4,249   +6,074
A message for either party in this discussion: Hate to brake it to you but the only way to truly substantiate or refute these claims, is open source software.

So you can't assert it and you can't refute the spying claims without having open source code. It is entirely dependent on *just* the politics around the situation and of course the current politics dictate that customers of Kapersky really need to be looking for some other anti-virus software: they can't really pay for upgrades because of the economical blockade anyway so Kapersky has literally no incentive to provide updates for free to international customers while their company slowly goes bankrupt devoid of any international sales so even without the explicit German declaration it should already be functionally useless to potentially dangerous keeping the software in use.

EDIT: Note that at least *some* Kapersky products are indeed, open source. Just not *all* of their products so it's not really possible to assert the entire thing as open source and just kind of uses the adjacent-to-grab-some-good-faith model that Google uses with Chromium for example.

The one fly in the ointment is the inability to know exactly where the data is being funneled to after it hits Kaspersky's servers. Open source doesn't help with that. Its a given that an anti-malware package, by its very nature, is going to see chunks of your most sensitive data because protecting that is the highest priority.
 

donnieD

Posts: 18   +13
The one fly in the ointment is the inability to know exactly where the data is being funneled to after it hits Kaspersky's servers. Open source doesn't help with that. Its a given that an anti-malware package, by its very nature, is going to see chunks of your most sensitive data because protecting that is the highest priority.

Actually Open Source does help, as you would be able to review the code and figure out what kind of data is being sent back to their servers.

On the other note, do you know what is being sent back from your devices to Goolag/Apple/Amazon servers and where that data ends up afterwards?
 

GoldenGoat

Posts: 65   +69
The whole point of antivirus software is to maintain the integrity of your IT systems. If there is any doubt that a product will not be completely effective in this, it does not make sense to use that product. The German government is raising awareness of their doubt. Kaspersky Lab might not be bad, but they could be easily compromised by the Russian government who takes what they want and nobody stops them. I agree with Germany's assessment.
 

NumberSix

Posts: 147   +200
I'm so glad I paid for a 2 year Kaspersky subscription 2 months ago, mind I have never had any problems with it so I'll carry on using it for now.
 

DrSuess

Posts: 199   +183
Actually Open Source does help, as you would be able to review the code and figure out what kind of data is being sent back to their servers.

On the other note, do you know what is being sent back from your devices to Goolag/Apple/Amazon servers and where that data ends up afterwards?
Open source does help when the binaries generate from open source code comes from a trusted party. Otherwise, you have to just trust the vendor is providing malware/spyware/ransomware free binaries.
 

ZedRM

Posts: 1,067   +748

gdavid65

Posts: 39   +39
More virtue signaling.

People seriously act as if they can just "block people" and "block entire countries" with equal ease - as they do on Facebook.

This is what virtue signaling looks like on the Geo-political level.

Ok, so I am invading your home next week... and you're going to stand back and do absolutely nothing? Maybe put yourself into somebody else's shoes other than your own selfish ones.
 

Homerlovesbeer

Posts: 181   +206
Ok, so I am invading your home next week... and you're going to stand back and do absolutely nothing? Maybe put yourself into somebody else's shoes other than your own selfish ones.


You don't get it do you. You invade a home, that's you, not your brother, your sister, your parents, who may all live in the same house as you, so you should be punished and your family shouldn't have to suffer for things you've done and they haven't.