The United States government may impose sanctions on Kaspersky Lab products, Cyberscoop reports, as part of a larger package of sanctions against Russia.
The move might effectively ban the sale of Kaspersky antivirus packages and other Kaspersky products in the U.S. But the sanction would not be enacted until two lawsuits that Kaspersky Lab has filed against the U.S. government are resolved, Cyberscoop said.
It's not clear what the justification for banning Kaspersky products would be. We at Tom's Guide have yet to be persuaded that the company, which makes excellent antivirus software, is a tool of the Kremlin, or favors any particular government over another. Yesterday (April 23), the company blog posted a report summarizing the activities of a Russian state-sponsored hacking group that has been targeting the energy industry worldwide.
Last week, Twitter announced that it would no longer accept ads from Kaspersky Lab, lumping the company together with Russian bots and disinformation campaigns. But at the same time, Kaspersky courted the press at a private luncheon in San Francisco, unveiling a transparency initiative that aims to show the world that the company, which is registered in London but keeps its headquarters in Moscow, has nothing to hide.
Kaspersky's efforts at goodwill have done nothing to quell criticism on Capitol Hill.
"The evidence of close ties and cooperation between Kaspersky Lab and the Kremlin is overwhelming," Sen. Jeanne Shaheen, D-N.H., told Cyberscoop. "Sanctioning Kaspersky Lab is a logical next step."
Sen. Shaheen may have information that we don't, because most of the evidence we've seen against Kaspersky Lab amounts to normal antivirus activity. It may well be that the U.S. government has conclusive proof that the company is working with the Kremlin, but if so, the government has yet to reveal it publicly.
In response to the possible ban, Kaspersky told Cyberscoop (and later gave the same statement to Tom's Guide): "The continued actions by the U.S. government against Kaspersky Lab lack sufficient basis, have been taken without any evidence of wrongdoing by the company, and rely upon subjective, non-technical public sources, such as uncorroborated and often anonymously sourced media reports and rumors, which is why the company has challenged the validity of these actions in federal court."
The U.S. government has already banned its own agencies and contractors from using Kaspersky software, which prompted the Kaspersky lawsuits, but the government ban does make sense. To use a common term, using any Russian or Chinese antivirus software on those systems would create an unacceptable risk. (Arguably, Kaspersky Lab brought this mess upon itself when it opened a Washington office and tried to go after U.S. government contracts a few years ago.)
That's not to say you should be running Kaspersky Lab software on your home machines if you work in the U.S. government or the defense industry. You shouldn't. But for everyone else, it's great software.