The Federal Office for Information Security (BSI) warnsaccording to §7 BSI law before using virus protection software from the Russian manufacturer Kaspersky. The BSI recommends replacing applications from Kaspersky’s virus protection software portfolio with alternative products.
Antivirus software , including the associated real-time capable cloud services, has extensive system authorizations and, due to the system (at least for updates), must maintain a permanent, encrypted and non-verifiable connection to the manufacturer’s servers . Therefore, trust in the reliability and self-protection of a manufacturer as well as his authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected.
The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU , NATO and the Federal Republic of Germany in the course of the current military conflict are associated with a considerable risk of a successful IT attack. A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.
All users of anti-virus software can be affected by such operations. Companies and authorities with special security interests and operators of critical infrastructures are particularly at risk. You have the option of obtaining advice from the BSI or the competent authorities for the protection of the constitution.
Companies and other organizations should carefully plan and implement the replacement of essential components of their IT security infrastructure. If IT security products and in particular virus protection software were to be switched off without preparation, one might be vulnerable to attacks from the Internet. Switching to other products is associated with temporary losses in comfort, functionality and safety. The BSI recommends carrying out an individual assessment and consideration of the current situation and, if necessary, consulting IT security service providers certified by the BSI.