RejZoR

Level 14
Verified
i dont remember the full story in detail, but does the sample got uploaded without the employee consent?
- if he agreed to the upload then it is an idiot, but i highly doubt it is the case.
- automatic upload of the raw file without consent? then it is a privacy breach and Kaspersky deserve all the drama and loss.
I find it hard to believe you actually don't understand how cloud systems in every single antivirus actually work. Because that's literally how they work. Submit binaries for classification and analysis. It's not some new secret, it's how they worked pretty much since the beginning of their time.

Also what even is "raw" file by your definition? Files that antiviruses upload automatically are binaries, meaning EXE and DLL files. None of which carry personal data unlike PDF's, DOC's etc. Kaspersky does ask about KSN participation, but I believe that's for EU region because of GDPR. I see no reason for users to be asked about it otherwise. Not using cloud systems in this time means you may just as well not bother using antivirus at all.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
i dont remember the full story in detail, but does the sample got uploaded without the employee consent?
- if he agreed to the upload then it is an idiot, but i highly doubt it is the case.
- automatic upload of the raw file without consent? then it is a privacy breach and Kaspersky deserve all the drama and loss.
A recollection from an earlier article ...
The NYT, citing unnamed people, said on Tuesday that Israeli spies indeed carried out the attack. More revealing still, the report said, that during the course of the hack, the spies watched in real time as Russian government hackers turned Kaspersky antivirus software used by 400 million people worldwide into an improvised search tool that scoured computers for code names of US intelligence programs. The NYT likened to a "sort of Google search for sensitive information." The Israeli spies, in turn, reported their findings to their counterparts in the US.
As reporters Nicole Perlroth and Scott Shane reported:
Kaspersky's researchers noted that attackers had managed to burrow deep into the company's computers and evade detection for months. Investigators later discovered that the Israeli hackers had implanted multiple back doors into Kaspersky's systems, employing sophisticated tools to steal passwords, take screenshots, and vacuum up emails and documents.
In its June 2015 report, Kaspersky noted that its attackers seemed primarily interested in the company's work on nation-state attacks, particularly Kaspersky’s work on the "Equation Group"—its private industry term for the NSA—and the "Regin" campaign, another industry term for a hacking unit inside the United Kingdom’s intelligence agency, the Government Communications Headquarters, or GCHQ.
Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky's access to aggressively scan for American government classified programs and pulling any findings back to Russian intelligence systems. [Israeli intelligence] provided their NSA counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.
In a statement, Kaspersky Lab officials wrote:
Kaspersky Lab was not involved in, and does not possess any knowledge of, the situation in question. As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company. Kaspersky Lab reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems, and [Kaspersky] respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity. In addition, Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.
As the WSJ reported last week, the NSA worker breached agency rules by bringing home code and other classified material and storing them on an Internet-connected computer that had Kaspersky software running on it.

Contradictions in conspiracies are normal right? ...

Coming to Kaspersky's Privacy Policy (current one though) :
Information Provided by Users and How We Use Information
  • Suspicious files and files that could be exploited by intruders
If an (as yet) unknown file, exhibiting suspicious behavior is detected on a device, it can be automatically sent for a more thorough analysis by machine learning-based technologies and, in rare cases, by a malware analyst. The ‘suspicious’ category includes mainly executable files (.exe). For the purpose of reducing the likelihood of false positives, executable and non-executable "white files" or their parts may be sent.
Personal data processing at Kaspersky Lab is based on the following principles:
Consent and choice

  • Presenting to the users the choice whether or not to send their personal data except where the users cannot freely withhold consent or where applicable law specifically allows the processing of personal data without the natural person's consent. The user's election must be freely given, specific and made on a knowledgeable basis;
 
Last edited:
F

ForgottenSeer 823865

I find it hard to believe you actually don't understand how cloud systems in every single antivirus actually work. Because that's literally how they work. Submit binaries for classification and analysis. It's not some new secret, it's how they worked pretty much since the beginning of their time.
I see no reason for users to be asked about it otherwise. Not using cloud systems in this time means you may just as well not bother using antivirus at all
We are talking of uploads of suspicious files after the analysis... (i thought you understood it...seems not).
Cloud scanning works with hashes, not the raw file...do you think every cloud will upload all the files of the system to their servers...come on...
You know adding a secret criteria to the cloud scanner engine and you can detect whatever you want (for example file with particular keywords or name)... so you don't mind they upload any files they "deems" suspicious without your consent? ok good for you.

Also what even is "raw" file by your definition? Files that antiviruses upload automatically are binaries, meaning EXE and DLL files. None of which carry personal data unlike PDF's, DOC's etc. Kaspersky does ask about KSN participation, but I believe that's for EU region because of GDPR.
From the post above:
The ‘suspicious’ category includes mainly executable files (.exe). For the purpose of reducing the likelihood of false positives, executable and non-executable "white files" or their parts may be sent.
 
Last edited by a moderator:

RejZoR

Level 14
Verified
We are talking of uploads of suspicious files after the analysis... (i thought you understood it...seems not).
Cloud scanning works with hashes, not the raw file...do you think every cloud will upload all the files of the system to their servers...come on...
You know adding a secret criteria to the cloud scanner engine and you can detect whatever you want (for example file with particular keywords or name)... so you don't mind they upload any files they "deems" suspicious without your consent? ok good for you.


From the post above:
The ‘suspicious’ category includes mainly executable files (.exe). For the purpose of reducing the likelihood of false positives, executable and non-executable "white files" or their parts may be sent.
That's not how clouds work. And no one uses hashes of whole files anymore. And yes, they need whole files, because they feed them into their classification systems that then create threat models for further classification of files and they feed this back to users in real-time. EXE files don't contain personal information, so why would you care if it's uploaded? It's again something users consent to with the use of product anyway...
 
F

ForgottenSeer 823865

And no one uses hashes of whole files anymore.
there is no such thing as "Hash of whole file"... what are you talking about... hash is a unique fingerprint of a file like a DNA trace, so of course there is no "hash of whole file"...
Hash and eventually other criterias are used for fast comparison of files during a scan...

And yes, they need whole files, because they feed them into their classification systems that then create threat models for further classification of files and they feed this back to users in real-time.
i think you are confounding what I say, hash are for cloud scan with full files are for cloud upload of suspicious file...

Dont forget my background, I know from the inside how cloud works, thanks.
 
Last edited by a moderator:

RejZoR

Level 14
Verified
there is no such thing as "Hash of whole file"... what are you talking about... hash is a unique fingerprint of a file like a DNA trace, so of course there is no "hash of whole file"...
Hash and eventually other criterias are used for fast comparison of files during a scan...


i think you are confounding what I say, hash are for cloud scan with full files are for cloud upload of suspicious file...

Dont forget my background, I know from the inside how cloud works, thanks.
Do you really? Coz it doesn't sound like you do... from many things said here.
 
F

ForgottenSeer 823865

Do you really? Coz it doesn't sound like you do... from many things said here.
Unlike you i'm not just a forum member, i do have experience as a security vendors employee. My sources aren't forum posts or blog articles.
And the fact, you have nothing much to reply than some pitiful sarcasm attempts, just proved my point.

You claim not to be a fanboy, all i see is you only intervening when Avast is attacked...well...well, Have a nice evening.
 

RejZoR

Level 14
Verified
Unlike you i'm not just a forum member, i do have experience as a security vendors employee. My sources aren't forum posts or blog articles.
And the fact, you have nothing much to reply than some pitiful sarcasm attempts, just proved my point.

You claim not to be a fanboy, all i see is you only intervening when Avast is attacked...well...well, Have a nice evening.
LMAO AHAHAHAHA. You're going that route and calling me avast! fanboy. AHAHAHAHAHA. Dude, this is thread about Kaspersky. KASPERSKY. So I must be avast! fanboy. I'm in defense of things that I'm well aware and know things about. I know avast! and Kaspersky well. I couldn't give a s**** about stupid AVIRA though I might step in their defense if people spread some obviously wrong info.

Also I don't care where you were employed, it's just what you're actually saying that makes no sense. I mean, your surprise that Kaspersky literally collects ENTIRE binary files is what's telling that you don't understand things. Yes, you need a whole file in today's cloud systems, because they need to train the system. Having only hash of the file is of absolutely no use to them other than knowing if they already gathered the exact same file (which in case of server side polymorphic malware means nothing as they can churn out thousands of same EXE files with different hashes). They'll collect them all thinking it's new unique files if only hash is taken into account and when fed into their ML systems, the system will realize they are all the same.
 
F

ForgottenSeer 823865

I mean, your surprise that Kaspersky literally collects ENTIRE binary files is what's telling that you don't understand things.
Either you don't know how to read or you do it with purpose, who said im surprised?
stop twisting words please.
i said collection of files without user consent is privacy breach, not talking about the collection mechanism itself ! damn, learn to read dude !
Hitman Pro upload files as well, so do WD, every knows that and you are here explaining how it works LOL.
 
Last edited by a moderator:

RejZoR

Level 14
Verified
What frigging consent? Kaspersky asks you about participation in KSN during install. It's the same thing as with avast!. UH OH BUT THEY DIDN'T ASK ME FOR CONSENT!!!!!!111111 Well, they kinda have, during program install, but you can't be bothered to read. Or know how to. Also expecting anything else from cloud system is kinda weird. It's how they all work and are efficient as a result. Which Kaspersky is among the best at what they do. But muh consent and muh privacy all over again. It's EXE files. 99% of them are downloaded from elsewhere so not private data and those that are made at home, it's likely it's either malware which you'd be dumb to compile on system with Kaspersky on. There is the other small percent of home grown software that would be sent there. But given it's fully automated classification process, chances of Kaspersky stealing your home made nature noise generator is very very unlikely. Especially since their ML would probably already classify it as non-issue/non-malicious unless you stuffed it with really bizarre code that would be tripping their classification systems. So, yeah, I really don't understand what you're panicking about and making huge deal out of it. If that's the case, go use ClamWin or something, which is devoid of any cloud systems and you won't have any privacy problems. It'll also be miracle if it detects anything, but hey, you'll have complete and absolute privacy.
 
F

ForgottenSeer 823865

What frigging consent? Kaspersky asks you about participation in KSN during install. It's the same thing as with avast!. UH OH BUT THEY DIDN'T ASK ME FOR CONSENT!!!!!!111111 Well, they kinda have, during program install, but you can't be bothered to read. Or know how to. Also expecting anything else from cloud system is kinda weird. It's how they all work and are efficient as a result. Which Kaspersky is among the best at what they do. But muh consent and muh privacy all over again. It's EXE files. 99% of them are downloaded from elsewhere so not private data and those that are made at home, it's likely it's either malware which you'd be dumb to compile on system with Kaspersky on. There is the other small percent of home grown software that would be sent there. But given it's fully automated classification process, chances of Kaspersky stealing your home made nature noise generator is very very unlikely. Especially since their ML would probably already classify it as non-issue/non-malicious unless you stuffed it with really bizarre code that would be tripping their classification systems. So, yeah, I really don't understand what you're panicking about and making a huge deal out of it. If that's the case, go use ClamWin or something, which is devoid of any cloud systems and you won't have any privacy problems. It'll also be a miracle if it detects anything, but hey, you'll have complete and absolute privacy.
wow dude you are mixing everything...Panicked? who say that? just you again. And please, keep your advice for yourself, i don't need any AV to secure my system, i'm way past that. if WD wasn't built-in, i won't even use any AV.

Now back to the discussion, we were in the context of the Kaspersky drama, where a secret file was uploaded to its server for analysis, obviously without at least notifying the user in case by case scenario. Some other cloud software ask you before uploading any file, they don't do it automatically.
The point of my post (before you derailed about how cloud works) is that any software shouldn't upload a whole file without asking in case by case basis.
Don't you see then, the concerns of corporations and why Kaspersky is now seen, justified or not, as a Russian spying tool? and now Eugene doing his best to convince the world otherwise, all that wouldn't happen if there wasn't automatic uploads...

If you can't get my point, no need to discuss further. Have a nice day.
 

Outpost

Level 5
Verified
in 2006 my PC
it did not install or authenticate the original registration key;
to uninstall was very difficult;
Free softwares like, 360 total security, CIS, avast and windows defender give practically the same protection...
What does it have to do with the topic of this 3d?
 

RejZoR

Level 14
Verified
wow dude you are mixing everything...Panicked? who say that? just you again. And please, keep your advice for yourself, i don't need any AV to secure my system, i'm way past that. if WD wasn't built-in, i won't even use any AV.

Now back to the discussion, we were in the context of the Kaspersky drama, where a secret file was uploaded to its server for analysis, obviously without at least notifying the user in case by case scenario. Some other cloud software ask you before uploading any file, they don't do it automatically.
The point of my post (before you derailed about how cloud works) is that any software shouldn't upload a whole file without asking in case by case basis.
Don't you see then, the concerns of corporations and why Kaspersky is now seen, justified or not, as a Russian spying tool? and now Eugene doing his best to convince the world otherwise, all that wouldn't happen if there wasn't automatic uploads...

If you can't get my point, no need to discuss further. Have a nice day.
He doesn't have to convince anyone. Idiots who believe news that pushed the bullshit news won't really change their minds and those of us who understand how cloud systems work already know the whole drama was manufactured to shift blame away from NSA to "evil Russians".
 

Lenny_Fox

Level 11
@Parsh Thanks for the link to the article.

As a youngster not interested in security at the time of Kaspersky controversy, I sort of thought Kaspersky (like Huawei now) was banned because of their possible access to data more than based on actual proof of gathering data. Due to its core function, an AV-program has to check all other programs and therefor has high integrity level rights, this gives an AV-access to nearly everything on your PC.

At that time 2017 I was not interested in security and only vaguely noticed the rumors around Kaspersky. To be honest, most of my Dutch school mates thought it was just an "America First" accusation to discredit a Russian security provider. This accusation (in my mind) was more based on money than on security.

I was unaware that the source of this accusation was The Wall Street Journal. The WSJ is a reputable newspape and would not throw these accusations without dealing with their journalistic quality standards. In a popular daily Dutch news-show (DWDD) WSJ was once quoted for their strict two independent reliable sources policy before they would publish something.

My question to more seasoned members of this forum: I have always taken these allegations with a fairly large grain of salt. Now I know that WSJ published the initial scoop, should i take these Kaspersky allegations more seriously?
 

Lenny_Fox

Level 11
1. You are free to believe what you want.
2. I do not take for real a piece of news that has as its only "reliable" source the report of the "boys" of Israeli intelligence and their parent company NSA.
1. That is reassuring, I don't believe anything yet, therefor asking other opinions, thanks for your response
2. So your opinion is that it is a defamation campaign?
 

Outpost

Level 5
Verified
@Lenny_Linux

2) I am more inclined to think about Geopolitics. I'm inclined to think about this. If the "evidence" of Kaspersky's espionage were tangible and real, we would not only have the NSA's "word" today, but there would be overwhelming and incontrovertible evidence. Instead, the only thing we know for sure is that the NSA was controlling its own contractor.
 

bribon77

Level 32
Verified
In Kaspersky's career, there has only been, this case, that in my opinion, if someone is guilty,
It is the contractor, when he takes work home with a PC, full of crack or pach or whatever.
"It is said that you cannot throw all the stew for a bad chickpea."
 
Top