Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Lab software on Wednesday. Best Buy and Office Depot said they will no longer sell software made by the Russian company, although one security researcher said most consumers don’t need to be alarmed.
The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.
Kaspersky has denied any unethical ties with Russia or any government. It said Thursday that it will continue to get its product to customers “through its website and other prominent retailers.” Kaspersky software is used by consumers in both free and paid versions, available both online and in stores.
TO UNINSTALL OR NOT UNINSTALL
The U.S. government action raised the question of whether those users should follow the U.S. government’s lead. Some companies sought to tread carefully, addressing questions from customers who asked about it without alarming those that didn’t.
“We’ve had few customers raise concerns, but for those that have, we’ve offered advice on how to remove Kaspersky from their computers,” said Craig VerColen, spokesman for Boston-based software provider LogMeIn, which offers Kaspersky as a complementary perk to small businesses buying its products.
Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision “prudent;” he had argued for such a step in July . But he added by email that “for most everybody else, the software is fine.”
The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to “government-mandated malicious update,” Weaver wrote this summer.
Kaspersky products accounted for about 5.5 percent of anti-malware software products worldwide, according to research firm Statista.
Other experts, however, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one’s computer and network.
“Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk,” he said. “There are plenty of alternatives out there.”
The government ban should alarm any company that has been relying on Kaspersky’s software to protect its business, said Nate Fick, CEO of computer security specialist Endgame.
“I don’t think this is political posturing here, but a sign that there is some real risk,” Fick said. As a result, he expects most companies to find another alternative to Kaspersky. “It is all about risk mitigation in cybersecurity, and this is an easy risk mitigation to make,” he said.
Best Buy was the first big retailer this month to announce it would stop selling the software. Office Depot Inc. followed Thursday. Amazon, which also sells Kaspersky software, declined to comment. Staples, another seller of the software, didn’t return a message seeking comment.
A RUSSIAN COMPANY WITH TIES TO RUSSIA
Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.
Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.
Russia also came to its defense Thursday, with a spokesman for Russian President Vladimir Putin criticizing the U.S. ban.
Dmitry Peskov told journalists on Thursday the move “cast a shadow over the image of our American colleagues as reliable partners” and was designed to cripple Kaspersky’s competitive advantage on the international market.
Company spokesman Anton Shingarov said Thursday in Moscow that the U.S. ban was “part of a geopolitical game” and “there is no proof provided of any improper ties to the Russian government.”