BSI: Warning against Kaspersky products still valid after US sanctions
The BSI warned against antivirus software from the Russian manufacturer back in 2022 - this remains true even after the US steps against Kaspersky became known.
(Image: gemeinfrei)
After the US government announced far-reaching measures against the Russian software manufacturer Kaspersky last week, the Federal Office for Information Security (BSI) continues to warn against its antivirus products. A spokesperson made this clear to heise security. However, a sales ban as in the USA is not an issue in Germany.
Last week, the US government put its money where its mouth is: First, the Bureau of Industry and Security (BIS), a sub-agency of the US Department of Commerce, published a far-reaching ban on the sale of Kaspersky products. Due to the "unacceptable risks to the national security of the United States" posed by the use of security software from Russia, according to the BIS, Kaspersky will no longer be allowed to process new sales in the USA from July 20, 2024. From September, third parties will also no longer be allowed to sell Kaspersky products or incorporate them into their own. From the end of September, signature and software updates will cease and Kaspersky will no longer be allowed to collect threat data via the "Kaspersky Security Network" in the USA.
But that's not all: three companies in the Kaspersky Group, namely AO Kaspersky Lab, OOO Kaspersky Group and the British branch of Kaspersky Labs, have been placed on the Department of Commerce's "Entity List", which makes doing business in the United States even more difficult for them. On June 21, the US Treasury Department announced personal sanctions against the Kaspersky Board of Directors, thus tightening the measures already adopted in 2017 against the Russian manufacturer. Kaspersky management is now on the "Specially Designated Nationals and Blocked Persons List" alongside drug traffickers and terrorists.
BSI warning remains in place
What effect will the US sanctions have in Germany? Not at all at first, says the BSI. As a spokesperson for the Federal Office explained to heise security, a warning against the use of Kaspersky's antivirus software has been in place since March 15, 2022, and the company has attempted to defend itself legally against this. Warnings based on Section 7 of the BSI Act are archived after six months, but this does not invalidate them – so the Kaspersky warning is still valid.
"The BSI is continuously monitoring the threat situation and currently sees no reason to update the archived warning," said the authority spokesperson. However – unlike the BIS in the USA –, no bans can be issued, as the BSI lacks the necessary legal basis to do so. In addition, the BSI warning relates exclusively to antivirus software from Kaspersky. It is currently unclear whether other security products such as EDR and XDR solutions (Endpoint Detection and Response and Extended Dection and Response) for companies are also covered. The BSI has not answered a query from heise security in this regard at short notice – we will provide the answer by updating this report if necessary.
(cku)
