Germany tells Kaspersky users to uninstall Russian antivirus software — should you?

A product box of Kaspersky Internet Security on a store shelf.
(Image credit: Jakub Porzycki/NurPhoto via Getty Images)

Germany's national information-security agency yesterday (March 15) advised the country's citizens to remove Kaspersky antivirus software from their computers, warning that the Russian-made programs might be used as weapons by the Russian government as tensions with the West rise following the invasion of Ukraine.

"The BSI recommends replacing applications from Kaspersky's virus-protection software portfolio with alternative products," said the German Federal Office for Information Security, or BSI, in a public advisory that we ran through Google Translate. 

"The warlike actions of Russia as well as the threats made against the EU, NATO and the Federal Republic of Germany harbor a considerable risk of a successful IT attack, which could have far-reaching consequences," said a BSI FAQ (in German) linked to from the advisory.

How antivirus software could be used against you

"Antivirus software ... has extensive system authorizations and ... must maintain a permanent, encrypted and non-verifiable connection to the manufacturer's servers," the BSI's advisory explained. "If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected."

The FAQ took pains to make clear that Germany is not banning Kaspersky software, just "raising awareness of possible dangers." It added that "the decision on whether to continue using the software must be made individually by the users."

The German warning generally falls in line with our own 2017 advisory about not using Kaspersky software for machines involved with national security or critical infrastructure. But it goes further than our own in recommending that ordinary citizens consider removing Kaspersky software as well.

"All users of antivirus software can be affected by such operations," said the advisory, while the FAQ said, "Consumers may be the least targeted, but in the event of a successful attack, could also be victims of collateral effects."

Tom's Guide and its parent company Future have "de-monetized" our reviews of Kaspersky products, removing links to websites where you can buy Kaspersky software and foregoing the affiliate revenue that comes from those sales.

Kaspersky might have to do what Putin says

The German authority stopped short of accusing Kaspersky of actively colluding with Russian security agencies. American and Israeli government agencies have tried to make that case in recent years, but the evidence has been largely lacking.

Instead, the BSI hypothesized that Kaspersky might not have a choice but to do the Kremlin's bidding.

"A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers," said the BSI advisory.

For consumers, this might mean that "data will be deleted or encrypted," according to the BSI's FAQ. "The data that Kaspersky has stored about [consumers] could leak if Kaspersky itself becomes a victim of a cyber operation."

Kaspersky responds to the German warning

The Kaspersky company responded to the BSI advisory with an English-language statement of its own, arguing that the BSI warning was "made on political grounds" and that Kaspersky "does not have ties to the Russian or any other government."

"We believe that peaceful dialogue is the only possible instrument for resolving conflicts," the Kaspersky statement added. "War isn't good for anyone."

That last bit repeats a statement that company co-founder and CEO Eugene Kaspersky tweeted on March 1.

See more

Such words might be charitably viewed as the most a Russian company or individual can say while still staying on the good side of an increasingly repressive and punitive government. 

It's nonetheless noteworthy that Eugene Kaspersky uses the "war" even as Russia has banned public statements using the word when referring to Russia's "special operation" in Ukraine.

The company co-founder put up an angry blog post today (March 16) addressing the BSI advisory.

"Kaspersky, the long-time partner and contributor of BSI and German cybersecurity industry, was given mere hours to address these bogus and unfounded allegations," Eugene Kaspersky wrote. "This is not an invitation for dialogue — it is an insult."

"Not having Kaspersky in Germany will not make Germany or Europe safer," he added. "We consider this decision to be unfair and outright wrong."

"This war is a tragedy that has already brought suffering to innocent people and repercussions across our hyper-connected world," Eugene Kaspersky concluded. "The global cybersecurity industry that has been built on the basis of trust and cooperation to protect the digital links connecting us with each other may well be its collateral damage — and thus leave everyone even less safe."

It's up to you to decide

Kaspersky the company has been trying to evade Russian-Western conflicts for some time, legally domiciling the company in London, offering to privately disclose its source code and moving many of its servers and operations to Switzerland. Meanwhile, Kaspersky the man has, to our knowledge, not set foot on U.S. soil for several years.

We still think that Kaspersky makes some of the best antivirus software, and is one of the top information-security companies overall. Its researchers are among the best in the world, and the company exposes Russian state-sponsored hacking campaigns as often as it does American ones.

Yet the reality is that Kaspersky still has most of its operations in Moscow and has numerous Russian government agencies as clients. Installing Kaspersky software creates an unnecessary risk for any Westerner involved in highly sensitive matters, and, now that war has come to Ukraine, perhaps for everyone else too.

"Manipulation of the virus-protection software from the manufacturer Kaspersky cannot be ruled out," read the BSI's FAQ. "So if you want to be on the safe side, you should use other antivirus software for the time being."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.