News and Information on world security issues

US to ban popular anti-virus software

Washington is set to announce plans to prohibit the sale of anti-virus software made by the Russian cybersecurity company Kaspersky Labs in the United States, according to a Reuters report which cited sources.

People familiar with the matter told the outlet that the company’s close ties to the Russian government were considered by the Biden administration as posing a “critical risk.” The sources cited Washington’s concerns over the software’s privileged access to computer systems could allow it to steal sensitive information from American users, install malware or withhold critical updates.

According to the report, the Russian cybersecurity firm could also be added to a trade restriction list, which effectively prevents a company’s US suppliers from selling it. Such a move could mean a massive hit to the company’s reputation and international sales, the sources said.

The restrictions will reportedly come into effect on September 29, giving the businesses 100 days to find alternatives. Downloads of software updates, resales and licensing of the product will also be barred. Kaspersky Labs will be banned in the US 30 days after the announcement of the restrictions. The Commerce Department will notify the companies before taking enforcement action against them.

If the department only adds the Russian entity to its trade restriction list, the damage will be largely reputational, Reuters said. If foreign units are added, the move could significantly hamper the cybersecurity company’s supply chain, it said.

Sellers and resellers who violate the restrictions will face fines, with potential criminal cases being brought by the Justice Department in the event of willful violations. Software users will not face any legal penalty but are advised to stop using it.

In 2017, the US Department of Homeland Security banned all federal agencies from using Kaspersky software, citing national security concerns but providing no evidence. Company founder and Chief Executive Eugene Kaspersky denounced the move as “baseless paranoia at best” at the time, with the company filing a lawsuit, which was later dismissed by the court.

According to Reuters’ sources, there was a “significant back and forth” with Kaspersky before the ban, which proposed mitigating measures instead of an outright ban.

Founded in 1997, the cybersecurity and anti-virus provider Kaspersky is headquartered in Moscow and operated by a holding company in the UK. According to the firm, it operates in more than 200 countries and territories and has 400 million users around the world.