Get Avast One for real-time cybersecurity trusted by experts
- Security
- Privacy
- Performance
Russia’s February 2022 invasion of Ukraine led to growing security concerns associated with Moscow-based cybersecurity company Kaspersky. Since then, governments around the world have warned against the company’s products, with the US government announcing in June 2024 a ban on the sale of Kaspersky software in the US. Read on to learn about the potential security risks associated with Kaspersky and why you should switch to a safe and reliable alternative.
To try to reduce risk of Russian cyberattacks, the US government has banned the sale of and updates to software developed by cybersecurity company Kaspersky Labs. In its statement, the US cited concerns that the privileged access security software uses to protect computer systems could be exploited to steal sensitive information, install malware, and more.
While independent experts have historically judged Kaspersky’s cybersecurity products to be safe, Russia’s war against Ukraine has called this assessment into question. Western governments have responded to the war with an array of economic sanctions against Russian companies, along with warnings about the potential security risks of using Kaspersky.
The US and other governments have even banned Kaspersky products, calling the company a threat to national security over fears that the Kremlin could exploit the company's network. Kaspersky has denied the allegations, claiming that they’re politically motivated.
This Article Contains :
Today, wars are fought with cyberattacks as often as physical ones. Russia’s February 2022 invasion of Ukraine has given rise to many new cyber threats, including an increasing number of phishing attacks seeking to take advantage of the political situation. Governments around the world have taken notice, with calls to shore up their own cybersecurity.
Kaspersky’s threat-detection capabilities have always been respected, and the company employs many talented members of the security industry. Kaspersky products consistently perform well in third-party tests of security software — in the AV-Comparatives Summary Report for 2021, Kaspersky Internet Security ranked just behind Avast as a top consumer product for Advanced Threat Protection (ATP).
But the current political situation in Europe has now caused governments to warn against using Kaspersky, while independent review sites like PCMag have stopped recommending its products.
Security issues surrounding Kaspersky aren’t new, but they have grown as a result of Russia’s invasion of Ukraine. Back in 2017, the US government banned federal employees from using Kaspersky. Then, in March 2022, the US Federal Communications Commission (FCC) added the company to its list of national security risks.
More recently, the US Department of Commerce issued a prohibition banning Kaspersky from selling its products and services to US customers, declaring that Kaspersky’s cybersecurity and antivirus software poses “unacceptable risks to US national security.”
As part of this prohibition, Kaspersky will no longer be allowed to provide US customers with signature or code-base cybersecurity updates after September 29, 2024. That means that the protection provided to US customers who elect to keep using Kaspersky will deteriorate over time.
Along with the US, government agencies in Germany, Italy, Lithuania, and elsewhere have also warned consumers and operators of critical infrastructure about the potential security risks of using Kaspersky software.
To work effectively, antivirus software requires deep access to your computer — that’s how antivirus tools scan devices to identify and remove malware and other harmful files. Along with extensive system privileges, antivirus software maintains a permanent connection to the manufacturer’s servers — used for application and virus definition updates.
Kaspersky antivirus products — like Kaspersky Internet Security and Kaspersky Total Security — are no different. They monitor devices in real-time, push updates from remote servers, and send files from your computer back to company servers for analysis.
Trustworthy cybersecurity software protects devices from malicious files and connects to company servers to ensure virus detection capabilities remain updated.
The risks that Western governments are highlighting stem from questions about Kaspersky’s ability to keep its business — and the networks used to process customers’ sensitive information — private from the Russian government. As a company headquartered in Moscow, there are concerns that its network could be exploited.
But so far no direct proof has been given to support these allegations. And as part of Kaspersky’s ongoing Global Transparency Initiative, much of its core infrastructure and customer data has been moved to Switzerland, which would apparently protect its databases from unwanted government intrusion.
According to the US government, Kaspersky presents a national security risk because of the company’s alleged “cooperation with Russian military and intelligence authorities.” Russia has well-established cyber warfare capabilities, and the US ban cites concerns that the Russian government might use its power and influence to direct company operations and exploit sensitive US information through the deep access its software has to customers’ computers.
Governments in the US, Germany, Italy, Lithuania, and elsewhere have warned about the potential security risks of using Kaspersky software.
In Lithuania, Kaspersky is banned from being used on sensitive computers over worries that the country’s critical infrastructure could be compromised. Other countries, such as Italy and Germany, have issued warnings recommending that people switch from Kaspersky to other cybersecurity providers.
Several governments have raised concerns about using Kaspersky’s products. Some government warnings may also be part of the larger international response to sanction Russian entities as a result of the war in Ukraine.
Kaspersky banned by the US governmentIn 2017, the US government’s Department of Homeland Security banned Kaspersky software from being used by US federal government agencies. The ban was signed into law after concerns were raised in Congress about the company's alleged ties to Russian intelligence.
Immediately after Russia attacked Ukraine in February 2022, the US government started privately briefing companies responsible for critical state infrastructure about possible Russian interference.
At the time, Kaspersky and its affiliates landed on the FCC’s Covered List, which includes companies whose products and services appear to pose a high risk to US national security and are therefore excluded from receiving government subsidies.
Now, the US has gone further, banning the sale of Kaspersky software and encouraging consumers and businesses to find Kaspersky alternatives. And while current US customers aren’t compelled to uninstall Kaspersky products, the prohibition against the company providing code-base updates starting on September 29, 2024 will hamstring Kaspersky’s ability to offer real-time protection.
UK highlights risks of using KasperskyIn March 2022, the UK government updated its cybersecurity guidance. The UK’s National Cyber Security Center advised a variety of organizations to consider the risk of using Russian-controlled tech services — including Kaspersky. In particular, the NCSC highlighted organizations that provide services to Ukraine, are responsible for critical UK infrastructure, or could be used in pro-Russia propaganda if compromised.
In a blog post outlining the updated recommendations, Ian Levy, the NCSC’s Technical Director, warned that while individual users are likely safe, if sanctions render Kaspersky unable to update its products remotely, then safety concerns would increase. In that case, critical virus definition updates would likely cease, leaving the antivirus protection vulnerable.
The European Parliament calls on the EU to ban KasperskyIn 2018, the European Parliament voted to ban Kaspersky products. In a report submitted to the EP before the vote, Kaspersky is said to have been “confirmed as malicious.” But no actual test results or proof of malicious activity were explicitly mentioned, and the European Commission later admitted that it had no evidence.
Germany recommends replacing KasperskyA recent statement from Germany's Federal Office for Information Security (BSI), recommends replacing Kaspersky software on all devices, because, as outlined above, Kaspersky antivirus software has deep access to the device it’s installed on.
That level of access is not unique to Kaspersky’s antivirus products, and by itself is hardly cause for concern. At their most basic level, antivirus tools require extensive system access to protect computers from harmful files.
The BSI’s fear, however, is that Kaspersky could be misused by the Russian government or even forced into offensive operations. But no public evidence has come to light to call into question the security of Kaspersky’s products, and the company denies any ties to the Russian government, saying that the BSI’s decision was “made on political grounds.”
Italy’s public sector told to replace KasperskyAfter expressing concerns about increased cybersecurity risks amid the war in Ukraine, and fears that “Moscow could hijack [antivirus] programs to hack key websites,” Italy’s government announced that its public sector must replace Kaspersky software.
The Italian government’s cybersecurity agency is reviewing the potential risks of using Kaspersky software, but there’s currently no concrete evidence that Kaspersky's safety has been compromised or misused in Italy since the Russian invasion.
Lithuania bans Kaspersky on sensitive computer networksSimilar to the United States, Lithuania banned Kaspersky on sensitive computers back in 2017. Computers and networks deemed critical by the Lithuanian government include those that protect government information such as financial, transportation, and energy data. The Lithuanian ban extends to computers and networks of private companies, if they are holding similarly sensitive data.
Netherlands phasing out Kaspersky productsAfter announcements from the US and UK governments, the Dutch government carried out their own independent risk analysis of Kaspersky. While the results (downloadable here in Dutch) showed that there were no known cases of misuse in the country, the risk was deemed too significant to ignore, leading the Dutch government to phase-out Kaspersky products as a precaution.
Kaspersky Internet Security is consumer cybersecurity software developed by Kaspersky, whose headquarters are in Moscow, Russia. Kaspersky Internet Security aims to remove viruses and protect against other threats to consumer devices.
Initially released in 2006, Kaspersky Internet Security is an antivirus solution focused on malware removal, ransomware protection, and blocking hacking attempts on Windows, Mac, and Android devices. Kaspersky’s top-tier product — Kaspersky Total Security — extends protection to iOS devices.
While Kaspersky does offer free trials of its premium products, it doesn't offer comprehensive, free security software. Premium Kaspersky products (such as Kaspersky Total Security and Kaspersky Internet Security) are available with yearly subscriptions for a specified number of devices.
Kaspersky, one of the world’s largest privately held cybersecurity companies, was founded in Russia in 1997 by Eugene Kaspersky. For the last 20 years, Kaspersky has been consistently ranked as a strong antivirus product. The company is headquartered in Moscow, Russia, with offices around the world.
Kaspersky at a glance:
While no allegations have been publicly proved, many governments have warned against using Kaspersky products, or even banned their use, especially on systems operating critical infrastructure. Whether or not you should trust Kaspersky depends on how justifiable you think the government warnings are.
Kaspersky is known for developing high-quality products with strong threat-detection capabilities. Unfortunately, because of Kaspersky’s origins and the ongoing political uncertainty in Europe, questions surrounding Kaspersky may persist for some time.
The potential security risks associated with using Kaspersky Internet Security and Kaspersky Total Security are just that: potential risks. According to Kaspersky, the accusations are merely speculations without technical or objective support, and the company is open to addressing any concerns.
If you’re worried about the risks involved with using Kaspersky, you can switch to a reputable alternative like Avast, a company with a deep understanding of how repressive regimes operate.
With Avast on your side, you’ll be getting ironclad cybersecurity protection from a company with a fierce commitment to digital freedom. As the invasion of Ukraine unfolded, Avast responded swiftly, suspending operations in Russia.
With the situation deteriorating, Avast Threat Labs observed a noticeable spike in phishing attacks aimed at Ukrainian interests. The attacks targeted communication infrastructure, internet service providers, and other community services. Our security experts immediately analyzed the threat and offered clear advice on how to stay safe.
And when an insidious ransomware strain called HermeticRansomware was found circulating in Ukraine, we made our new ransomware decryptor tool available for free.
Protecting digital freedom around the world is our core commitment. And that principle is the reason we built Avast One — our comprehensive, free cybersecurity tool. Avast One goes way beyond traditional antivirus software to provide all-encompassing security and privacy protection. Stay safer online with protection that’s trusted by millions of customers around the world.