The US Government doesn’t like a lot of things, and this controversial anti-virus software is one of them.

According to law, reports The Daily Beast, American agencies must eliminate the use of Kaspersky Lab software by October.

The National Defense Authorization Act (NDAA) that was put into place last December requires the government to fully purge itself of “any hardware, software, or services developed or provided, in whole or in part,” by Kaspersky Lab.

The law came into being after the US grew increasingly anxious about Kaspersky’s presence in federal networks, in the wake of Russia’s 2016 election interference campaign.

A few months later, and the Kaspersky Lab software has not yet been removed.

Why? Because it’s embedded too deep in their infrastructure, and US officials say it’s nigh impossible to remove. Routers, firewalls, other hardware – you name it, the code written by the Moscow-based security company is pretty much stuck there, and nobody knows how the hell to get rid of it.

Oh dear.

One stressed US official reckons that getting rid of the software is not going to be easy, and Congress isn’t helping much:

It’s messy, and it’s going to take way longer than a year. Congress didn’t give anyone money to replace these devices, and the budget had no wiggle-room to begin with.

Really, Congress?

Look, Kaspersky Lab is still respected in security circles, but for some quarters of the U.S. national security community, it’s a company that has “long been tainted by perceived ties to Russian intelligence and the Kremlin—charges that the company denies”.

Thing is, though, like other anti-virus products, Kaspersky’s software has complete access to any computer on which it’s running. Like, it can literally go through your files and, depending on the configuration, upload them to Kaspersky’s servers in Russia. The company can also transmit and execute arbitrary instructions through its software.

Welp, that does sound a little disconcerting.

But, per The Daily Beast:

Despite company founder Eugene Kaspersky’s [pictured above] training at a KGB-sponsored institute, despite his close parroting of Kremlin rhetoric, and despite his team’s habit of exposing the most sensitive of US cyber-espionage operations, there’s no public, conclusive evidence that these capabilities have ever been co-opted by Moscow.

Eugene Kaspersky frequently points out, accurately, that the company has revealed cyber-espionage campaigns originating from a multitude of countries, including some linked to the Russian government.

So you see? It’s not only Russia who’s carrying out these campaigns.

But that hasn’t stopped the anti-Kaspersky train from going full steam ahead, especially in light of an incident that occurred last year:

The company slurped up classified documents and source code from the home computer of a National Security Agency contractor running Kaspersky Internet Security software. That contractor, Nghia Hoang Pho, pleaded guilty last year to willfully mishandling classified material by taking it home.

Kaspersky claimed the incident was an unintended byproduct of its routine malware scanning. The source code was for an NSA hacking tool, which Kaspersky’s product properly flagged for analysis by malware researchers. But because the code was bundled in a ZIP archive with the classified documents, Kaspersky’s software uploaded the entire thing.

When Eugene Kaspersky realized what had happened, he ordered his researchers to immediately delete their copy of the documents and code.

Yeah, it’s a real debacle, this Kaspersky purging problem. Plenty of blame is being heaped upon lawmakers and officials (and Kaspersky himself), third-party vendors are noping out of using Kaspersky new products, and people in general are freaking about the state of government cyber-security.

All in all, just another ordinary day in America, then.

[source:dailybeast]