According to Section 7 of the BSI Act, the Federal Office for Information Security (BSI) warns against the use of virus protection software from the Russian manufacturer Kaspersky. The BSI recommends replacing applications from Kaspersky's portfolio of virus protection software with alternative products.
Antivirus software, including the associated real-time capable cloud services, has extensive system permissions and, due to the system (at least for updates), must maintain a permanent, encrypted and non-verifiable connection to the manufacturer's servers. Therefore, trust in the reliability and self-protection of a manufacturer as well as his authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for an IT infrastructure to be protected.
Russian threats force BSI to act
The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU, NATO and the Federal Republic of Germany in the course of the current armed conflict are associated with a considerable risk of a successful IT attack. A Russian IT manufacturer can conduct offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be used as a tool for attacks against its own customers.
Companies and KRITIS should change direction
All anti-virus software users may be affected by such operations. Companies and authorities with special security interests and operators of critical infrastructures are particularly at risk. You have the option of obtaining advice from the BSI or the responsible authorities for the protection of the constitution.
Companies and other organizations should carefully plan and implement the replacement of essential parts of their IT security infrastructure. If IT security products and in particular virus protection software were to be switched off without preparation, one might be vulnerable to attacks from the Internet. Switching to other products is associated with temporary losses in comfort, functionality and safety. The BSI recommends carrying out an individual assessment and consideration of the current situation and, if necessary, consulting IT security service providers certified by the BSI.
More at BSI.bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.