Court confirms: BSI may warn against Kaspersky
The BSI may warn against virus protection software from Kaspersky. A German court has now decided that.
© Alexey Smyshlyaev/Shutterstock.com
Success for the Federal Office for Information Security (BSI): The Administrative Court of Cologne has confirmed (Az.: 1 L 466/22) that the BSI may warn against virus protection software from Kaspersky (the BSI expressly warned PC-WELT repeated ). At the same time, the court rejected the urgent application of a company from the Kaspersky Group based in Germany.
Alternatives to Kaspersky: The best antivirus tools in the test
On March 21, 2022, Kaspersky Labs GmbH, which sells antivirus products from the Russian manufacturer, applied for an interim injunction to cease and desist and revoke the warning from the BSI. Kaspersky justified its application by saying that the BSI’s warning was “a purely political decision with no relation to the technical quality of the virus protection software”. Kaspersky emphasized that “a security gap in the sense of a technical vulnerability that has become known does not exist. Indications for there is also no influence of state bodies in Russia on Kaspersky” – claims Kaspersky, which was not only founded by a Russian entrepreneurial couple and is managed by a Russian IT expert, namely Eugene Kaspersky, but also has its headquarters in Moscow.
This is how the court justified its decision
However, the court sees the situation differently than Kaspersky and emphasizes: “The legislator has formulated the concept of security gaps, which entitle the BSI to issue a warning, in broad terms. Virus protection software basically meets all the requirements for such a security gap due to the far-reaching authorizations to access the respective computer system.”
In order to still recommend the use of such software, a high degree of trust in the company is required. If this trust is no longer given, then this actually represents a security gap. The court continues:
“This (that there is no longer any trust in the company, editor’s note) is currently the case with Kaspersky. The company is headquartered in Moscow and employs a large number of people there. In view of the Russian war of aggression in Ukraine, which is also being waged as a ‘cyber war’, it cannot be ruled out with sufficient certainty that Russian developers, of their own accord or under pressure from other Russian actors, will also exploit the technical possibilities of virus protection software for cyber attacks on German targets. Nor can it be assumed that state actors in Russia will comply with laws in a constitutional manner, according to which Kaspersky is not obliged to pass on information. In addition, the massive restrictions on press freedom in Russia in the course of the war with Ukraine have shown that the corresponding legal basis can be created quickly.
The court continues:
“The security measures cited by Kaspersky do not offer sufficient protection against state interference. It cannot be ruled out that programmers based in Russia can access the data of European users stored in data centers in Switzerland. On the other hand, permanent monitoring of the source code and updates seems practically impossible due to the amount of data, the complexity of the program code and the necessary frequency of updates.”
Kaspersky can lodge an appeal against the decision, which would then be decided by the Higher Administrative Court in Münster.
USA blacklists Kaspersky
Eugene Kaspersky criticizes BSI: Attack on German consumers
Eintracht Frankfurt throws out Kaspersky as a sponsor