The Biden administration will ban all sales of Kaspersky antivirus software in the US starting in July, according to reporting from Reuters and a filing from the US Department of Commerce (PDF).
The US believes that security software made by Moscow-based Kaspersky Lab represents a national security risk, and that the Russian government could use Kaspersky’s software to install malware, block other security updates, and “collect and weaponize the personal information of Americans,” said US Commerce Secretary Gina Raimondo.
“When you think about national security, you may think about guns and tanks and missiles,” said Raimondo during a press briefing, as reported by Wired. “But the truth is, increasingly, it’s about technology, and it’s about dual-use technology, and it’s about data.”
US businesses and consumers will be blocked from buying new software from Kaspersky starting on or around July 24, 2024, 30 days after the restrictions are scheduled to be published in the federal register. Current users will still be able to download the software, resell it, and download new updates for 100 days, which Reuters says will give affected users and businesses time to find replacement software. Rebranded products that use Kaspersky’s software will also be affected.
Companies that continue to sell Kaspersky’s software in the US after the ban goes into effect could be subject to fines.
The ban follows a two-year national security probe of Kaspersky’s antivirus software by the Department of Commerce. It’s being implemented using authority that the government says it was given under a national defense authorization act signed during the Trump administration in 2018.
The ban is the culmination of long-running concern across multiple presidential administrations. Kaspersky’s software was banned from systems at US government agencies following allegations of the company’s links to Russian intelligence operations. A month after Russia began its invasion of Ukraine in early 2022, the US Federal Communications Commission went one step further, adding Kaspersky to a security threat list that included Chinese hardware makers Huawei and ZTE. Adding Kaspersky to that list didn’t ban consumer sales, but it did prevent Kaspersky from receiving funding from the FCC.
For its part, Kaspersky and its representatives have always denied the US government’s allegations. CEO Eugene Kaspersky called the 2017 reports “BS brewed on [a] political agenda,” and the company similarly accused the FCC in 2022 of making decisions “on political grounds” and “not based on any technical assessment of Kaspersky products.”
https://arstechnica.com/?p=2032766