The U.S. on Wednesday banned federal agencies from using computer software supplied by Kaspersky Lab because of concerns about the company's ties to the Kremlin and Russian spy operations. However, worries rippled through the consumer market for antivirus software. Best Buy said it will no longer sell software made by the Russian company, although one security researcher said most consumers don't need to be alarmed. Best Buy Co. declined to give details about why it dropped Kaspersky products, saying that it doesn't comment on contracts with specific vendors. The Minneapolis Star Tribune first reported that Best Buy would stop selling Kaspersky software. The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage. Kaspersky has denied any unethical ties with Russia or any government. It said Wednesday that its products have been sold at Best Buy for a decade. Kaspersky software is widely used by consumers in both free and paid versions, raising the question of whether those users should follow the U.S. government's lead. Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision "prudent"; he had argued for such a step in July . But he added by email that "for most everybody else, the software is fine."
The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to "government-mandated malicious update," Weaver wrote this summer.
Kaspersky products accounted for about 5.5 percent of anti-malware software products worldwide, according to research firm Statista. Another expert, though, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one's computer and network.
"Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk," he said. "There are plenty of alternatives out there." Sulmeyer also said retailers should follow Best Buy's lead and stop selling the software. Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election. Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.
The decision by the U.S. government to stop using Kaspersky Lab products is "regrettable" and delays the prospects of a restoration of bilateral ties, the Russian embassy in the United States said. "These steps can only evoke regrets. They only move back the prospects of bilateral ties recovery," the embassy said in a statement issued late on Wednesday. It also called for consideration of Russia's proposal to form a joint group to address cyber security issues.