With the attack on Ukraine, IT security topics in Germany again moved into products. Especially known and widely used are security products of the Russian provider Kaspersky. The reason is an official warning of the BSI that occurs concretely before the use of Kaspersky products. Affected there are companies, authorities and private users.
In his warning, BSI evokes from Kaspersky products to §7 BSI law. There is that the BSI may also be explicitly warned against security products. In the case of Kaspersky, the BSI advises to replace the manufacturer’s products through alternatives.
The BSI declares “that antivirus software must have far-reaching system permissions and systematically maintain a permanent, encrypted and non-testable connection to the manufacturer’s servers. Therefore, confidence in reliability and own protection of a manufacturer and its authentic act ability is crucial for the safe use of such systems. If there are doubts about the manufacturer’s reliability, virus protection software carries a special risk for a IT infrastructure to be protected “.
Furthermore, it says that a Russian IT manufacturer either himself can carry out offensive operations or forced his will to attack target systems. In addition, he himself could be spied on as a victim of a cyber operation without his knowledge or abused as a tool for attacks against his own customers.