The U.S. Department of Homeland Security (DHS) told federal agencies to "take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities." In a statement, DHS said this decision was prompted by security concerns in Kaspersky's products as well as fears about the company's numerous ties to Russian intelligence agencies.
Kaspersky's connections to Russian intelligence have dipped in and out of the news cycle over the last year. ABC News reported in May that the FBI was investigating the company for those ties, which Kaspersky denied, and in July leaked emails showed that the company helped FSB agents conduct physical raids on suspected hackers. Kaspersky was also said to have worked on tools to allow Russia to "hack the hackers."
None of those concerns are new. People have questioned the Kaspersky-Russia connection for years. But the U.S. government seems to be more interested in those ties than ever before, and as the DHS' Binding Operational Directive (BOD) made clear, it's certainly more willing to act on those fears. Here's what the department said about its decision to bar federal agencies from using products made by or associated with Kaspersky:
The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.
These fears stem from the access that security products have to files and the systems on which they're stored. These products don't work unless they're given the ability to monitor and control many aspects of a system. If those products are compromised—willfully or not—they could be used to gather the sensitive information they were supposed to protect. That's why security products are prime targets for hackers.
Those aren't hypothetical concerns. A security researcher discovered a serious vulnerability in Kaspersky's TLS interception tool in January, and in March, Wikileaks revealed that the CIA had bypassed most major antivirus programs. (Later, though, several said their products had been updated to defend against those intrusions.) The U.S. government knows all too well what kind of data can be gleaned via compromised tools.
DHS said it would give Kaspersky a chance to submit a written statement "addressing the Department’s concerns or to mitigate those concerns" so it could "ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant." Businesses affected by the decision will also be able to send their comments about the decision before anything is finalized.
Only idiots have questioned for sure -- those are rubbish allegations and FUD by the obnoxious government!*
*After years of so-called Russian b$ doping, WADA couldn't find anything to prove on 95 athletes. This is all political <mod edit> show!
<Moderator Warning: Watch your language in these forums>
It's easy to picture a 'good cop/bad cop' type of deal. On one hand the Russian Government hacks into something. Kaspersky says 'look we figured out how to stop it'
In the background Russia's government and Kaspersky are trying to find holes in systems. The Russian Government uses found holes for a certain amount of time (or until found out by others) at which point Kaspersky comes to the rescue.
I do know I've seen Kaspersky volunteer to have their software audited, and this DHS blackballing comes before any attempt to take K up on their offer. That does come across as more politics and FUD than fact.
Also DHS want to take action against Kaspersky and they forgot how crappy the security they have and how many leaks happened in US and has nothing to do with any anti virus except unprofessional...Ah! I forgot some department asked Apple to provide away to decrypt/access any apple device! Imagine that happened, then got lecked!
Who is to say that other virus software providers are not also engaged in questionable behavior?
As a result of 400% price increases by MalwareBytes, I evaluated 8 products a couple of months ago, not a single one would pass the acid test for "doing only what it should be doing - protecting against viruses & malware". All of them installed bloatware, send continuous stream of data back to various servers, and run a multitude of potentially useless, resource hogging processes.
Oh, and I forgot the bit about the FBI trying to scare off Kaspersky's major customers and force Kaspersky out of retail! Don't think Tom's has reported it but you'll see it around other tech sites, back in August. With K's offer to be audited, this behavior comes off as just evil unless/until the FBI actually discloses an actual reason for any of this.
Too much naivety and trolling in this thread.
It is far to "coincidental" that Kaspersky has roots with Pootin and the FSB, and over the past 5 years has ventured into critical infrastructure projects including telecommunications, power plants & electric grids, gas pipelines, and IoT,
Better safe than cyber'ly obliterated.
Couldn't find anything because the Russian doping agency conveniently destroyed all the urine and blood tests, Ivan.