Moscow-based Kaspersky Labs, founded in 1997 by Yevgeny Kaspersky, has been selling one of the most lauded antivirus programs on the market for more than 20 years. Today the company's revenues are closing in on a billion dollars annually, and significantly, more than 85% of these revenues come from outside Russia.
In September, the U.S. government moved to ban the use of Kaspersky products from government computers after it was revealed that Russian hackers managed to obtain U.S. National Security Agency information through the software two years ago. Subsequent fears that Kaspersky Labs could be vulnerable to pressure from the Kremlin, and that the use of Kaspersky products could pose a risk to national security led the U.S. government to cease using Kaspersky products, and U.S. retailers like Best Buy to pull the Russian company's products from its shelves.
In December 2017, President Donald Trump signed legislation that banned the use of Kaspersky Lab products within the government. The September ban gave civilian agencies 90 days to remove Kaspersky software from their computers. The December ban also applies to military networks and was included in a more general defense spending bill.
In 2018, the questions around Kaspersky may only get more complicated and confusing. Kaspersky lab is suing the Trump administration over the ban, a decision it made only days after the December decision. They've called the accusations against them subjective and uncorroborated.
While Kaspersky and the U.S. Government hash things out, Kaspersky Lab is unlikely to get any government contracts in the U.S. anytime soon, even after promising independent reviews of its code. Kaspersky additionally claims that some of the allegations against it are generalized issues that impact most antivirus software.
Still, the software has been used for a very long time and the ban does not affect independent businesses and companies, who can still choose to use any software they prefer. Unless your business works closely with the U.S. Government, the decisions about Kaspersky Lab should not necessarily preclude you from using their software.
So, what does this all mean to the average Kaspersky user, and small business owners in particular? Independent reviewers say the product is of exceptional quality and it made our list of the best antivirus software available to small businesses, albeit with a notable asterisk.
Since Kaspersky first began selling its product in the United States, the company has been dogged by rumors about connections to Russian intelligence and the military. Kaspersky himself is a graduate of the KGB Higher School, from which he received degrees in mathematical engineering and computer technology. U.S. officials are concerned by the specter of former military and intelligence officers working at Kaspersky, and fear that the company's software could allow Russian state-sponsored hackers to steal user files, read private email correspondence or attack critical infrastructure in the United States.
In 2015, a private contractor for the National Security Agency took home classified files and put them on his home computer. The consultant ran Kaspersky on his home computer, and the program found NSA-designed malware. Russian state-sponsored hackers were somehow alerted to the malware on the U.S. state-sponsored hacker's home computer and they copied the NSA files. The antivirus program did exactly what it's supposed to do--identify malware. How the Russian hackers got involved is a matter of conjecture. Some suspect Kaspersky's involvement, while others put it down to the cunning of the Russian black hats. Yevgeny Kaspersky is an outspoken critic of cyberwarfare, and emphasizes that the health and credibility of his company depend on his ability to defend against all cyber threats without bias. The perception that his company would serve the interests of any government by spying has and could further impact users' comfort with the product.
Kaspersky claims that he's caught up in a geopolitical power struggle given the escalating tensions between the U.S. and Russia. He may well be right about that, and have the best of intentions. Nonetheless, Kaspersky Labs is based in Russia and the government can bring considerable pressure to bear even on billionaire software developers. Indeed, keeping Kaspersky off U.S. government machines and computers controlling important infrastructure like the electrical grid may be a wise precaution. Small business owners already using Kaspersky to keep their operations safe from cyberattacks seem unlikely to be impacted based on evidence to date, nevertheless they should continue to monitor the situation should new information come to light.
This article was updated February 19, 2018.