Information Assurance recommends removing AO Kaspersky Lab software from computers


In light of recent reports that classified National Security Agency (NSA) documents were stolen by exploiting Kaspersky Lab anti-virus software, Information Assurance (IA) is recommending that you remove any AO Kaspersky Lab software you may have on your computers and replace it with an alternative product.

The U.S. Department of Homeland Security has ordered federal agencies to identify and plan to remove products from the Russian cybersecurity firm AO Kaspersky Lab running on government computers. Researchers who work with federal agencies may be asked to remove Kaspersky products. For example, faculty researchers at some of our peer institutions have received letters from NASA asking them to ensure removal of Kaspersky products from any systems that interface with NASA.

The NSA leak resulted from a contractor's transfer of data to a home computer with Kaspersky anti-virus software installed. Transferring the classified data to the personally-owned computer was a violation of government policy regarding the handling of classified data.

Members of the Michigan Medicine community are expected to abide by Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33). Information about individual and unit responsibilities associated with that policy is available on the Safe Computing website.

Some security professionals have questioned whether the vulnerability in Kaspersky software was intentional or an inadvertent bug. Regardless, given the Department of Homeland Security directive, Information Assurance recommends that you remove and replace any Kaspersky Lab products you may be using from your devices.

Tip: Use the anti-virus software recommended by IA. IA recommends free software for use on personal computers and university-provided software for university-owned computers.

Note: Devices owned by Michigan Medicine (i.e., CoreImage Windows/PCs and CoreMac devices) are being managed by Health Information Technology & Services (HITS). Devices enrolled in AirWatch are also protected.