UK ‘big four’ bank Barclays has stopped offering consumers Kaspersky antivirus for free in response to UK spy agency GCHQ’s warning that government agencies should avoid the product.
After a decade long partnership aimed at improving online banking security Barclays has stopped offering consumers a one-year free trial subscription to Kaspersky antivirus.
Barclays on Saturday emailed around 290,000 online banking customers who may have downloaded the software over the past decade, according to the BBC.
Barclay’s page that offered information about renewing Kaspersky Internet Security has been updated with the message: “We’re sorry — this software isn’t available at the moment”. It directs users to Kaspersky’s own user guides. The page that offered Kaspersky also notes this change. Kaspersky was the only antivirus product Barclays currently offered as a free service to its customers. HSBC partners with IBM's Trusteer, while Lloyds doesn't offer any free anti-malware service.
Barclays told customers the decision to stop offering Kaspersky was “precautionary” and that there was “nothing to suggest that customers need to stop using Kaspersky”. It also reminded users they needn’t take any action at present and should be using antivirus. It has not offered an alternative product.
The message Barclays sent to customers echos the complexity of the guidance Ciaran Martin, CEO of the GCHQ’s public facing cybersecurity unit, the National Cyber Security Centre (NCSC), delivered to UK agencies last week.
Martin told department secretaries last week not to use a Russia-based antivirus on systems that process information classified as SECRET and above. The guidance was limited to central government agencies, but Martin also advised critical infrastructure providers to assess its guidance and implications for national security.
The NSCS specifically doesn’t want consumers to be “ripping out Kaspersky software at large”, given it considers consumers not to be a target of Russian spying that abuses antivirus software, as Ian Levy, technical director of NCSC, outlined in a blogpost.
GCHQ’s guidance follows an order by the US Department of Homeland Security in September instructing federal agencies to remove any instance Kaspersky software within two months. The directive notes concern over Russian laws that could compel an antivirus firm to provide support.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” it said.