Confusion hits over U.S. ban of Kaspersky
Some stores stop selling it, experts differ on whether to uninstall it.
Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Lab software on Wednesday. Best Buy and Office Depot said they will no longer sell software made by the Russian company, although one security researcher said most consumers don’t need to be alarmed.
The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.
Kaspersky has denied any unethical ties with Russia or any government. It said Thursday that it will continue to get its product to customers “through its website and other prominent retailers.” Kaspersky software is used by consumers in free and paid versions, available online and in stores.
To uninstall or not uninstall
The U.S. government action raised the question of whether those users should follow the U.S. government’s lead. Some companies sought to tread carefully, addressing questions from customers who asked about it without alarming those that didn’t.
“We’ve had few customers raise concerns, but for those that have, we’ve offered advice on how to remove Kaspersky from their computers,” said Craig VerColen, spokesman for Boston-based software provider LogMeIn, which offers Kaspersky as a complementary perk to small businesses buying its products.
Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision “prudent.” He had argued for such a step in July. But he added by email that “for most everybody else, the software is fine.”
Kaspersky products accounted for about 5.5 percent of anti-mal-
ware software products worldwide, according to research firm Statista.
Minimizing risk
Other experts, however, suggested that consumers also should uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one’s computer and network.
“Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk,” he said. “There are plenty of alternatives out there.”
The government ban should alarm any company that has been relying on Kaspersky’s software to protect its business, said Nate Fick, CEO of computer security specialist Endgame.
“I don’t think this is political posturing here, but a sign that there is some real risk,” Fick said. As a result, he expects most companies to find another alternative to Kaspersky. “It is all about risk mitigation in cybersecurity, and this is an easy risk mitigation to make,” he said.
Best Buy was the first big retailer this month to announce it would stop selling the software. Office Depot Inc. followed Thursday. Amazon, which also sells Kaspersky software, declined to comment. Staples, another seller of the software, didn’t return a message seeking comment.