By nature of the job, security professionals tend to be skeptical and overly suspicious, but the good ones are also good at weighing the evidence before making their decisions. Which is why it\u2019s so perplexing that rumors about Moscow-based security company Kaspersky Lab being in bed with the Russian government keeps swirling, absent any proof.\u00a0Report after report\u00a0over the past few months show various figures in the U.S. government concerned about ties between Kaspersky Lab executives and the Russian government. The chiefs of five U.S. intelligence agencies (including the National Security Agency [NSA] and Central Intelligence Agency [CIA]) and the acting director of the Federal Bureau of Investigation (FBI) said they don\u2019t recommend using Kaspersky Lab software during a Senate intelligence committee meeting in the spring.This summer, the company was removed from the list of approved vendors for the federal bureaucracy. The Senate is considering banning Kaspersky Lab products from the Pentagon in its draft of the National Defense Authorization Act, and the clause is expected to make it into the final version of the bill. The latest voice to join the chorus: Rob Joyce, the current White House cybersecurity coordinator, who this week said he doesn\u2019t use Kaspersky Lab software and that consumers should avoid using the antivirus.While the barrage of negative headlines is bad news for the company, these reports are even more damaging for enterprises around the world trying to determine whether they should rely on Kaspersky Lab products to protect their systems. And\u2014this is key\u2014enterprises are being forced to make this decision without any shred evidence indicating why they should be suspicious.Let\u2019s repeat that: the U.S. government has yet to disclose why it is concerned there may be hidden backdoors in Kaspersky Lab products, that Russian intelligence agencies may be able to use Kaspersky Lab\u2019s antivirus software to collect valuable information on users around the world, or that company\u2019s executives may be vulnerable to Russian government influence.What does the government know, and why isn\u2019t it sharing it? It can\u2019t be because the government doesn\u2019t disclose its cyber discoveries. Just this week, the Department of Homeland Security (DHS), in conjunction with the FBI, published IP addresses and descriptions of malware used by the \u201ccyber actors of the North Korean government\u201d to launch distributed denial-of-service attacks around the world. Earlier this year, the DHS released evidence compiled by intelligence agencies pointing to Russian malicious cyberactivity, codenamed Grizzly Steppe. But the government\u2019s case against Kaspersky Lab appears to be limited to a persistent and insidious whisper campaign.Vincent Stewart, director of the Defense Intelligence Agency (DIA), said during the Senate intelligence committee hearing in the spring the DIA was \u201ctracking Kaspersky and their software.\u201d At the same hearing, Michael Rogers, director of the NSA said he was "personally involved" in probing Kaspersky Lab's code at his agency. So what did these agencies find? Nothing, as far as we know.Kaspersky Lab CEO and founder Eugene Kaspersky have repeatedly\u00a0denied\u00a0that his company had any inappropriate relationships with the Russian government. \u201c[A]s a private company, Kaspersky Lab and I have no ties to any government, and we have never helped, nor will help, any government in the world with their cyber-espionage efforts (cyber-espionage is what we\u2019re fighting!),\u201d Kaspersky wrote on his blog earlier this summer. He has also volunteered to hand over the source code for the U.S. government to audit, but it doesn\u2019t appear the U.S. government has taken him up on that offer.Practical politics, bad infosecIf the government has any evidence\u2014or even compelling reasons for being suspicious\u2014it should be sharing that, because many companies and consumers rely on Kaspersky Lab products. The fact that the government hasn\u2019t done so makes it likely this is all just geo politics: Distrust the Russian government, distrust all Russians.That attitude, that level of distrust, makes for good spies, but terrible security professionals. Buying technology\u2014security technology, especially, relies on evaluating the technical merits of the product or service, considering the relevant business requirements, and deploying the technology that addresses those requirements. There is no room for rumors or innuendo, and that\u2019s how it should be. The technology is solid, as independent testing laboratories around the world consistently award Kaspersky Lab high scores. Why wouldn\u2019t you want the best tech protecting your users?\u201cEvidence\u201d doesn\u2019t hold upDespite the fact that these rumors have been around for years, no one has yet to uncover any hint of a smoking gun. Bloomberg Businessweek recently claimed to have leaked emails proving Kaspersky Lab had closer ties to the Russian intelligence agency, FSB, than previously admitted. But all those emails showed was the company had designed a tool for service providers to use fighting distributed denial of service attacks, and that it would assist law enforcement in identifying attackers.\u00a0Assuming that is the correct interpretation of the emails, it\u2019s hard to see the problem. Building anti-DDoS technologies is exactly what good security companies do to protect users. Security companies\u2014even U.S.-based ones-- regularly work with law enforcement to track down cybercriminals. That\u2019s pretty much how law enforcement and security researchers worked together to dismantle some of the world\u2019s largest botnets over the past few years.\u201cRegardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime,\u201d Kaspersky (the man) wrote in response to the Bloomberg report."I would be very happy to testify in front of the Senate, to participate in the hearings and to answer any questions they would decide to ask me,"\u00a0Kaspersky said in an Ask-Me-Anything on Reddit. "I think that due to political reasons, these gentlemen don't have an option, and are deprived from the opportunity to use the best endpoint security on the market without any real reason or evidence of wrongdoing from our side."Another \u201cproof\u201d which keeps coming up is the fact that Eugene Kaspersky was trained by the KGB\u2019s signals-intelligence division during the Cold War. As \u201cpast ties\u201d with the government goes, this is weak, since Kaspersky was fulfilling his compulsory military service requirement, something every Russian male of that generation had to do. Israel has mandatory military service, but no one seems to be linking the current crop of Israeli security startups to the Mossad. (Actually, if people are making that accusation, I don\u2019t want to know.)Many Kaspersky Lab employees are former government employees. That doesn\u2019t seem like a big deal, since every self-respecting security company in the world, even the ones in the United States, recruit employees with intelligence, law enforcement, and military backgrounds. Kevin Mandia, the CEO at FireEye, was a computer security officer in the U.S. Air Force. Gen. Keith Alexander was the director of the National Security Agency and the commander of the U.S. Cyber Command before retiring and setting up a private consulting firm. Shawn Henry, the president of CrowdStrike Services and CSO, is the former executive assistant director of the FBI.The U.S. government would be outraged\u2014and justifiably so\u2014if other countries decided to ban contracts with U.S. firms employing former government officials, especially without any proof of wrongdoing.What if this was a U.S. company?"I think they should look at the decisions the government is making, and then make their own decisions," said Joyce, the White House\u2019s cybersecurity coordinator. Except that doesn\u2019t make sense because intelligence communities have to consider political implications so their decisions will always be different from what everyone else should do.There is enough FUD in the market without throwing in politics into decision-making. Organizations should focus on deploying the technology which best addresses their needs. Kaspersky has excellent technology and a top-notch team of security researchers who actively share their discoveries about the latest malware and cyberespionage campaigns, regardless of whether they were conducted by U.S. intelligence agencies or Russian ones. It doesn\u2019t help enterprise security one whit to switch to a lesser-rated security product just because it was Made in the U.S.A.Punishing Kaspersky Lab because of the hostilities between the U.S. and Russian governments is a big mistake as it puts U.S. security companies at risk for similar retaliatory actions by other countries. It was bad enough when the Snowden revelations caused many European companies to\u2014understandably\u2014be reluctant to use U.S. cloud services. But the U.S. government is potentially setting a bad precedent for other countries to follow if it continues this campaign against Kaspersky Lab.Now here is a thought: Did any countries ban the use of RSA Security products in their government after\u00a0a report alleged the company had a secret deal with the NSA to incorporate a weaker, flawed, algorithm into an encryption product? (It\u2019s a tangent, but now I am curious.)Security practitioners and CISOs around the world are wondering why the U.S. government\u2014hello, NSA, FBI, DoD, U.S. Cyber Command, anyone?\u2014dislikes Kaspersky Lab so much. Enterprise security is critical\u2014reverting to schoolyard behavior and gossiping about the kid different from everyone else isn\u2019t the way toward making good technology decisions.