Can Kaspersky still be used as security solution?

[German]Russia's invasion of Ukraine is currently plowing up the reality of many contemporaries. One reality is the question of whether security software and antivirus solutions from Russia can still be used. Especially the products of Kasperski are now under discussion. I have therefore written a small excerpt on the subject, since I have some information.

Kaspersky banned in Netherlands and USA

In May 2017, I had published the German article Kaspersky geht gegen Spionage-Vorwürfe in die Offensive. At that time, various U.S. authorities had stopped using security software from the Russian company Kaspersky Lab. The background to this was the suspicion that the software contained backdoors that Russia could use to spy on US authorities. The manufacturer Kaspersky denied any spying or cooperation with Russian. Then at the end of 2017 came the decision in the US that the use of Kaspersky products in US agencies was banned.  The days I then came across another tweet on the subject.

In the Netherlands, there has probably been a decision since 2018 that antivirus software from Kaspersky Lab B.V. will be gradually banned there. Now it seems that a new decision has been announced, because on this page it says: :

On March 1 and 3, 2022, the Minister of Justice and Security issued a new decision and a new decision on appeal, respectively, after the Administrative Law Department of the Council of State issued a ruling on January 19, 2022. These decisions implemented the ruling of the Council of State and issued a new decision on the publication of documents on the phasing out of the use of Kaspersky Lab B.V. antivirus software by the central government in accordance with the Wob.

In the Netherlands, Kaspersky will be eliminated as a provider of antivirus software in government agencies. In Germany, the BSI had no knowledge at the time that Kaspersky was manipulating its software. But due to the invasion of Ukraine by Russia, everything is being put to the test now in Germany as well.

Kaspersky's neutrality called into question

The Kaspersky company has always argued that it is neutral and committed to its customers – even if it is a Russian company. Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine has the cybersecurity community up in arms. To be sure, the Kaspersky company has been trying for years to loosen ties with the Russian government. But it doesn't seem to have succeeded yet, on the contrary. I've received another fund splitter from security vendor CyberNews the other day, which raises at least one question mark about how neutral the vendor can still be.

Mantas Sasnauskas, Senior Information Security Researcher at Cybernews, looked around with some simple commands (nslookup and traceroute) and discovered that the IP address behind mil.ru (the Russian Ministry of Defense) belongs to Kaspersky Labs (see above tweet). While this could mean many different things, researchers speculate that Kaspersky may have a contract with the Russian government where they host their front servers or the Internet through them. The main findings from a provided information from cybersecurity specialists are:

• Kaspersky Lab (presumably) protects Russian Defense Ministry resources and other high-value domains – such as Russia Today, the TASS news agency, and Gazprom Bank – that are vital to Russian propaganda.
• TASS and RT, among others, play a crucial role in Putin's propaganda, and the tech giants (Google, Facebook, Twitter, YouTube), at the request of many governments, have already restricted their access in many countries, including Ukraine, making it impossible for them to make money from their platforms.

Kaspersky, is admittedly a world-renowned brand, and the company has always taken issue with its origins in Russia. Kaspersky has made efforts to sever ties with the Russian government. This has included moving its core infrastructure from Russia to Switzerland and an unsuccessful lawsuit against the U.S. government over its decision to ban the use of Kaspersky Lab within the U.S. government. But more doubts now remain as to whether their products can be used in good conscience.

Security Researchers on CyberNews reached out to Kaspersky Labs to learn more about the nature of its cooperation with the Russian government and whether the company's customers are at risk as a result. "mil.ru is not hosted on Kaspersky infrastructure," Kaspersky told Cybernews via email. The company is now caught between two stools – and with security software working deep inside an operating system, trust is everything. More details on the above statements, as well as Kaspersky's comments on these services for the Russian Ministry of Defense, can be found in this CyberNews post. Here ist the answer from Kaspersky to CyberNews:

"The resources of this organization are protected according to the scheme of traffic redirection with reverse proxying: in order to put a resource on the Internet, the address of the proxy server of Kaspersky is used, to which the DNS A resource record points. "A" stands for "Address", it is one of the main DNS records that is used to transform domain names into IP addresses. For example, at the moment, such an entry for mil.ru points to the address 82.202.190.92 – which is the address of the Kaspersky DDoS Protection proxy server. The real address of the resource in such a scheme is hidden from users on the Internet, their requests are received by the Kaspersky proxy server, which already redirects them further to the real address of the resource, and the responses from it are sent to the client in the same way, through the proxy. Thus, the Kaspersky solution infrastructure deals exclusively with redirecting requests, pre-filtering them from spurious traffic and hiding the real address of the resource behind it. This is how all the resources protected under the reverse proxy scheme: not only by our solution but by those of any other companies which use a similar traffic redirection scheme. The Kaspersky DDoS Protection solution does not modify either requests to protected resources or responses from them to clients, but only filters them from attacks, the resource management is entirely carried out on the customer's side without the participation of Kaspersky."