A recent audit of computer systems at various U.S. government agencies shows that some 15% of them are still using software from Kaspersky Labs, a Russian company.
The Department of Homeland Security says that 94% of the agencies responded to an order to survey their networks to see if they were using any products from Kaspersky Labs.
The agency went on to say that they had no evidence that any systems running the software had been compromised.
Last September, the White House ordered civilian government agencies to remove all Kaspersky software from their systems, as they were concerned about the company’s ties to the Russian government.
These concerns included the possibility that the software could be used to spy on the U.S. government or to engage in some other type of malfeasance.
For the record, Kaspersky has repeatedly denied that it has any ties to the Russian government, but regardless, the U.S. government gave agencies using the company’s software 90 days to remove it from all of their systems.
96 out 102 agencies were quick to report that they were complying with the order. The Department of Homeland Security is working with the remaining agencies to see if they need help in either assessing the status of their networks or in removing the software from their systems.
There are rumors that Kaspersky may sue, but this has yet to be confirmed.
In an ideal world, secure government computers wouldn’t need antivirus software, and that’s particularly true of those that are not connected directly to the Internet. Unfortunately, most computer systems are either connected to the Internet or are connected to other networks that are.
In addition, many users are careless and may inadvertently introduce software to supposedly secure systems inadvertently, either by CD, DVD, or flash drive.
Most antivirus programs protect users against a wide variety of potential problems, including so-called “ransomware” attacks, which use encryption software to make all programs on the infected machine inaccessible to the users. The ransomware then displays a message on the screen telling the users that they must pay a ransom, usually sent in Bitcoin, to the creators of the software.
Failure to do so, the screen says, will result in all of the software on the computers being destroyed. The problem with ransomware is that the infected user has no way of knowing if paying the ransom will actually allow them to regain access to their computers. Sometimes, it’s just a lie, and the thieves take the money and leave the computers useless.
In the case of antivirus software, the government is less concerned about ransomware than they are spyware. There is obviously a lot of classified information on U.S. government computer systems and the White House is understandably concerned about potentially giving access to that classified information to any foreign power.
That is the nature of antivirus software, and several major brands are made by Russian companies or companies in Eastern Europe. You need the software to protect yourself, but you have to trust that the software itself isn’t a threat.
In the case of Kaspersky Labs, the government isn’t taking any chances.