German Government Warns Companies Against Using Kaspersky Antivirus

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Germany’s Federal Office for Information Security (BSI) has warned companies against using Kaspersky antivirus products due to threats made by Russia against the EU, NATO, and Germany.

Kaspersky is a Moscow-based cybersecurity and antivirus provider founded in 1997, that has recently faced criticism over the company’s possible relationship with the Russian government.

Kaspersky’s founder and CEO, Eugene Kaspersky, expressed on March 1 a wish for “compromise” regarding Russia’s invasion of Ukraine, which faced a significant amount of backlash on Twitter.

Kaspersky is also believed to have offered its cybersecurity protection services to Russian state IT infrastructure, causing concerns that the company cannot stay completely neutral.

BSI Warning

On Tuesday, the BSI warned German companies to replace Kaspersky AV and any other products from the firm with alternative software from non-Russian providers.

As the office’s statement explains, antivirus software typically has higher-level privileges on Windows systems, maintaining a permanent, encrypted, and non-verifiable connection to the vendor’s servers for constant virus definition updates.

There is also concern that antivirus developers like Kaspersky could use their software to extract sensitive files.

As a Russia-based company, Kaspersky has to abide by Russian laws and regulations, including allowing state agents to access private firm databases.

BSI even suggested that Kaspersky could be forced into assisting the Russian intelligence forces in carrying out cyberattacks or conducting espionage.

“The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU, NATO, and the Federal Republic of Germany in the course of the current military conflict are associated with a considerable risk of a successful IT attack,” BSI stated.

“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.”

This warning has already caused some German organizations to no longer use Kaspersky’s services.

According to reports, however, Kaspersky believes that BSI’s warning to remove Kaspersky products is a politically-motivated decision instead of a technical assessment of their products.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.