It has been official for several weeks: The Federal Office for Information Security (BSI) advises users to replace the virus protection software from the Russian manufacturer Kaspersky with other programs. But what exactly makes Kaspersky so dangerous? And what can affected users do now?
It is bad news for many Germans. “The Federal Office for Information Security (BSI) warns against the use of virus protection software from the Russian manufacturer Kaspersky in accordance with Section 7 of the BSI Act,” says an official statement published a few weeks ago.
The background to the warning is the Ukraine war. From the Russian side, threats were made to NATO, the EU, but also the Federal Republic of Germany. The BSI has therefore classified the risk of a “successful IT attack” via programs such as Kaspersky as “considerable”.
“A Russian IT manufacturer can conduct offensive operations itself, be forced to attack target systems against its will, or […] misused as a tool for attacks against its own customers”, reads the justification.
What makes Kaspersky so dangerous now?
IT security expert Manuel Atug considers the BSI’s warning to be appropriate. After all, antivirus software usually has far-reaching system permissions – for updates, eThere is a permanent, encrypted and non-verifiable connection to the manufacturer’s servers. Therein lies the crux of the matter.
“The Russian state, like any other state, could use online updates to create a manipulated version of the software and have it installed on the affected devices as a kind of state trojan“says Atug in an interview with CHIP. All user data would then be accessible – photos, chat messages, bank details. “It’s about sensitive content that Russia could access and process.”
Jörn Müller-Quade, who works at the Karlsruhe Institute of Technology (KIT) and specializes in IT security, also considers the danger emanating from the Kaspersky software to be “big enough to (rightly) warn”. “Especially when cyber attacks continue to escalate, for example in response to economic sanctions,” he says to CHIP.
Alternatives needed: BSI warns against using Russian Kaspersky virus protection
According to the BSI, companies are particularly at risk
Companies in particular should take the BSI’s Kaspersky warning to heart. They are considered “particularly” at risk – just like authorities with special security interests and operators of critical infrastructures.
As Atug explains, a company’s entire production could be paralyzed by such security software. “But it would also be conceivable for international companies or politicians to be spied on.” So there are many ways to harm corporations, but also private users.
This is alarming precisely because Kaspersky’s virus protection is widely used. According to the company’s website, more than 400 million people worldwide use the Russian software. There is also talk of 240,000 corporate customers. The figures do not show how many of them are based in Germany.
After BSI warning: CHIP blocks all Kaspersky downloads
Remove Kaspersky antivirus
Kaspersky warning: what can those affected do now?
The BSI recommends that Kapersky users uninstall the Russian software and switch to other virus protection programs. “It’s important not to simply remove Kaspersky without an alternative and only do that if you really see a risk yourself. A PC without virus protection is also a bad solution,” Atug warns.
Müller-Quade, who heads the Chair for Cryptography and Security at KIT, also points out that “elementary precautionary measures” should be observed. “Users should always keep their software up to date and use good passwords – or even better, a password manager,” he says.
Because even if the expert considers the Kaspersky risk to be lower for private individuals than for companies. “One should not underestimate the danger.” It’s not just annoying when private data is lost, he explains. Corrupted computers could also be used for further attacks.
Kaspersky has been criticized before
At Kaspersky, there is ultimately disillusionment. “We believe that this decision is not based on the technical evaluation of Kaspersky products – which we have repeatedly campaigned for at the BSI and across Europe – but rather was made for political reasons,” it says in a short statement published after the BSI notification.
For the group it is a painful déjà vu. After all, US authorities have been allowed to use the Russian software since September 2017 no longer use it – for fear that the Russian government could use it to spy on computers.