Kaspersky to open anti-virus software to outside review
Moscow-based cybersecurity company Kaspersky Lab, battered by suspicion of Russian government influence, wants to reassure customers by opening up its software’s underlying code for outside review. But security experts and some U.S. politicians say the move is mostly meaningless.
In September, the U.S. government barred federal agencies from using Kaspersky’s anti-virus products because of concerns about its ties to the Kremlin and Russian spy operations. News reports have since linked Kaspersky software to an alleged theft of cybersecurity information from the U.S. National Security Agency.
The company has repeatedly denied the allegations and says it’s been dragged into the middle of a “geopolitical fight.”
Now Kaspersky says it will provide the source code of its software — including software updates and threat-detection rules updates — for independent review and assessment.
Outside experts, however, say such a review can only reveal so much and thus would do little to address concerns of customers and the U.S. government.
“They’re trying to salvage their reputation,” said Blake Darche, a former NSA worker. “I don’t see how it addresses the allegations against them in any meaningful way.”
“This review is a red herring that doesn’t address any of the fundamental underlying concerns with Kaspersky products, most significantly, that Russian law enables the Kremlin to monitor data transmissions, including Kaspersky’s,” said Sen. Jeanne Shaheen, D-N.H., a regular Kaspersky critic.
The suspicion has taken a toll on Kaspersky. Shortly after the federal ban, retailers such as Best Buy and Office Depot also stopped selling its consumer security software.
Then news broke this month that hackers allegedly working for the Kremlin used Kaspersky’s software to steal information from a National Security Agency contractor about how the U.S. infiltrates foreign networks and defends against cyberattacks.