Last week, the US government announced an unprecedented ban on the sale in the US of any software made by Russian cybersecurity company Kaspersky.
Just days after the ban was announced, some U.S. companies that are official Kaspersky resellers, or managed service provider (MSP) partners, say they are confused, angry and anxious about how the ban affects them.
The Commerce Department's Bureau of Industry and Security called the ban “the first of its kind” and said it was taking the action because the antivirus and security software maker's headquarters are in Russia and pose unacceptable cybersecurity and privacy risks to Americans.
Kaspersky's top executives will also be sanctioned, and U.S. companies and customers will be unable to make payments to the company after July 20, when it will be banned from selling its software to new customers. Kaspersky will be allowed to provide software and security updates to existing U.S. customers until September 29, but after that updates will be halted, significantly reducing the effectiveness of Kaspersky's software.
The Commerce Department acknowledged in online guidance that U.S. companies will be unable to resell Kaspersky Lab software after the ban takes effect but offered little guidance for affected companies. A Commerce Department spokesman did not respond to a request for comment before the announcement.
TechCrunch spoke to executives from four companies listed as US MSP partners on Kaspersky's official website, all of whom criticized the impending ban.
Avi Fleischer, founder of Technical Difficulties, told TechCrunch that he not only sells Kaspersky to his customers, but also uses the company's products on his phone and computer. He added that the ban is “annoying to say the least,” because now he'll have to find another antivirus company and migrate all his customers to the new product, which will cost him time and money.
“It's just a lot of time wasted for nothing. I don't think we can charge the end user for this,” Fleischer said by phone. “I was the one who suggested using Kaspersky, and now Kaspersky has been banned by the U.S. government. What am I supposed to do?”
Fleischer said there are currently between 300 and 400 customer endpoints (i.e. computers or servers) running Kaspersky software, and he explained that moving all of those customers to another provider isn't just a matter of uninstalling Kaspersky and installing a competitor's antivirus: When switching to a different software, you have to make sure the new software is configured properly, doesn't break other network-based programs, and has firewall rules set properly.
“So when you move to another product, you have to manually build all of your exclusions, configurations, etc. into the new product,” he said.
Fleischer said he previously migrated a customer from another antivirus software to Kaspersky, but the transition took two months to complete.
Contact Us Want more information about how the Kaspersky ban might affect you or your business? You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device via Signal (+1 917 257 1382), Telegram, Keybase, Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Danny Fallin, president of Georgia IT Consulting, said the ban is a “burden” on his company, his customers and other MSP services, and that it's a “political” decision by the Biden administration that will ultimately only hurt the American people.
“Millions of American consumers [use Kaspersky] household use [antivirus]”Biden is not punishing Kaspersky, he is punishing us,” Fallin told TechCrunch in an email.
Fallin said he and his company “plan to stay with Kaspersky as long as we can. Kaspersky is a good company.”
“As long as they support me, I'll sell to them. I won't reveal what we sell or make as a company, but [the ban] “It will hurt because they are a cheaper and better company than a lot of the companies here,” he added.
William Finnigan, owner of Office Smith, another Kaspersky MSP partner, told TechCrunch that while his company is still a partner at the moment, the ban is “causing problems” because it's unclear who will refund clients who have been forced to stop using the service.
“I am currently evaluating what remedies my customers can receive from the wholesaler (the companies are seeking refunds). A ban on future sales would have been sufficient, but the fact that updates from Kaspersky will be actively blocked starting at the end of September is a major problem for the company and its customers,” Finnigan said in an email. “It is unclear what costs will be incurred as the wholesaler and Kaspersky have yet to decide on a response.”
In an email to TechCrunch, the owner of Adkins IT Support, who asked not to be named, said the ban and subsequent sanctions against Kaspersky executives are “complete bullshit.”
“Against my will, I was forced to terminate my MSP partnership with Kaspersky. Time was running out and geopolitical circumstances forced me to replace software that had been a reliable line of defense for my clients,” they said.
The owner said his plan going forward is to offer customers a product that competes with Kaspersky Lab's, and that the financial impact his company can withstand will depend on the pricing of the competing product and how it compares to Kaspersky Lab's previous pricing.
It's unclear how many Kaspersky Lab users there are in the U.S.; the company doesn't break out country-by-country figures, and a spokesman didn't respond to a request for comment. On its website, Kaspersky Lab says it has more than 400 million consumer and 240,000 corporate customers worldwide.