show image

Kaspersky might not be certified by the NCSC, but that doesn’t mean it’s blacklisted either

Last week, the Trump administration took steps to restrict government access to software made by Kaspersky Lab.

The move came after Bloomberg alleged that the Russian security firm had worked particularly closely with Russia’s spy agency. Kaspersky denies the claims.

Now, Reuters is reporting that the UK’s National Cyber Security Centre [NCSC] has never certified any of Kaspersky’s products. That much is true, but not for the reasons some might think.

In its own words, Kaspersky provides “antivirus & internet security software [that] offers premium protection against viruses, malware, spam & other threats for your home or business”.

NCSC doesn’t certify anti-virus software. A search through its public list of certified products reveals just one from Symantec, a US rival to Kaspersky, and it’s an encryption tool.

When NS Tech asked NCSC about the statement reported by Reuters and followed up by other publications, a spokesperson said: “The NCSC is not a regulator, and does not mandate or ban any products.

“We provide advice and guidance on how organisations can protect their networks. Our certification schemes do not currently cover anti-virus or anti-malware services.

“Kaspersky, like any other supplier, is welcome to participate in NCSC certifications. We welcome engagement from all industry partners as we develop and improve our initiatives.”

Kaspersky Lab’s Adam Maskatiya reiterated the message: “The NCSC is not a regulator and they do not certify anti-virus products.

“We work closely with public sector across the world and where required with regulatory and certification bodies.” 

The US government’s General Services Administration (GSA) removed Kaspersky from its list of approved vendors last week.

It followed a Bloomberg report alleging the firm had built tools that captured information about hackers which could then be passed on to Russian intelligence services.

In a statement refuting claims at the time, the firm said:

“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”