Tutman

Level 5
Yeah this is a huge drawback. KSN is a big part of Kaspersky’s protection. It’s also the backbone of application control’s trust assignments. You’re losing a lot of protection by opting out of KSN.
I also have SysHardener and OS armor and use a firewall and don't think I will have any zero day malware issues so I feel safe not using the KSN because I thought the main reason for it was to upload samples and unknown zero day malware and "share" with the network of other Kaspersky users. It is very safe to use without that feature.
 

MacDefender

Level 11
Verified
I also have SysHardener and OS armor and use a firewall and don't think I will have any zero day malware issues so I feel safe not using the KSN because I thought the main reason for it was to upload samples and unknown zero day malware and "share" with the network of other Kaspersky users. It is very safe to use without that feature.
If you've already got those layers, then it seems like something like NOD32, F-Secure, or a BitDefender-based engine would make a lot of sense. KSN is a big part of what sets Kaspersky apart from other vendors. Many of the vendors I just mentioned allow you to look up their cloud signatures while opting out of contributing samples. That's the main thing Kaspersky doesn't let you do.

Kaspersky's offline performance has been getting worse over time:

1588366445023.png
 

MacDefender

Level 11
Verified
I think this may have to do with their anti-theft feature. Just a guess. This doesn’t bother me as my desktop doesn’t have a webcam, but it definitely is interesting.
Thank you -- that makes more sense -- I haven't tried the anti-theft feature but perhaps it has the ability to show you the webcam feed once you mark the device as stolen? That would be interesting!
 

Tutman

Level 5
If you've already got those layers, then it seems like something like NOD32, F-Secure, or a BitDefender-based engine would make a lot of sense. KSN is a big part of what sets Kaspersky apart from other vendors. Many of the vendors I just mentioned allow you to look up their cloud signatures while opting out of contributing samples. That's the main thing Kaspersky doesn't let you do.

Kaspersky's offline performance has been getting worse over time:

View attachment 238492
Yea I didn't know that. But I am also using is because it's FREE. Eset and F-secure are not. I know bitdefender has a free version but it bogs my system down and HORRIBLE to remove after install!
 

Paul.R

Level 16
Verified
@MacDefender

F-secure privacy policy is good but their practice not:

After the media coverage of Magic Lantern and claims by some AV vendors to purposely leave a backdoor for it in their products, F-Secure announced their policy on detecting these spying programs:

"F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.

"We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."


 

blackice

Level 27
Verified
Yea I didn't know that. But I am also using is because it's FREE. Eset and F-secure are not. I know bitdefender has a free version but it bogs my system down and HORRIBLE to remove after install!
if it's been a while since you've tried Bitdefender you might want to give 2020 a try. I had no problems uninstalling multiple times in testing and have none of the slowdown people used to talk about. However, as with all security software, even the new improved version may have given you problems and I'd believe it.
 

MacDefender

Level 11
Verified
Yea I didn't know that. But I am also using is because it's FREE. Eset and F-secure are not. I know bitdefender has a free version but it bogs my system down and HORRIBLE to remove after install!

@harlan4096 perhaps you can help us get some clarity here, but the KSN Network Statement and the UI seem to both state that if you opt out of the KSN, you lose cloud protection. However, Kaspersky's website says something different:
Home users not sharing data with KSN will not lose cloud protection, but if many choose this option, the overall level of security will inevitably be affected in the long run. If a corporate user opts out of KSN, it means that they will not be able to receive cloud protection at all, unless they apply an additional layer of protection – Kaspersky Private Security Network - which provides them with the advantages of cloud protection without any data leaving the company’s facility.
Trying to spot check, leaving the KSN seems to still get me UDS cloud detections when I click through on zero-days. I still see a bit of outbound communication when I trigger a manual scan. However, the "Check reputation in KSN" context menu option gets greyed out.

Above all of this, I do not see another privacy policy that covers the fact that with KSN disabled, KTS is still querying hashes of executables against the KSN cloud.

Maybe they tried to implement the home user opt out clause. I am in support of this behavior for home users (you can opt out of sample submission but still get read only protection from the cloud)..... HOWEVER, the implementation of this looks so conflicted and half-polished it's not inspiring confidence.
 

MacDefender

Level 11
Verified
@MacDefender

F-secure privacy policy is good but their practice not:

After the media coverage of Magic Lantern and claims by some AV vendors to purposely leave a backdoor for it in their products, F-Secure announced their policy on detecting these spying programs:

"F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.

"We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."


Yeah I think this is a separate issue. Emsisoft is the only AV that I've seen that has a canary clause: Emsisoft | Privacy Policy
We can confirm that:

  • Emsisoft has never modified its software for the purpose of collecting data due to political pressure.
  • Emsisoft has never modified its software to prevent detection of any malicious software due to political pressure.
  • Emsisoft has never terminated a customer or taken down content due to political pressure.
In terms of whether or not vendors are bucking to pressure to whitelist state sponsored malware, to be honest, it's been a mysterious grey area. Do we know for sure that NortonLifeLock isn't going to comply with CIA/DOJ arm twisting or Kaspersky isn't going to be pressured by the KGB? Honestly I don't know.

I'm not holding F-Secure on a pedestal. Technically Emsisoft's statement also covers just Emsisoft, not the BD engine, for example. That's going to be complicated.

For the scope of this thread, I really wanted to focus on the data collection policy of cloud based intelligence.
 

SeriousHoax

Level 29
Verified
Malware Tester
Ummmmmm I hope I'm misunderstanding what "data recorded by your computer's camera" means?
This is related to Anti-Theft feature that ESET has. But it's not enabled by default and you need to go to account, enable it, etc some other extra things needs be done too. So, this is a special case and not active by default. Also I think it will record camera data only when the device is stolen.
Note that "Except documents" still includes archives (zip and RAR files)....
I have logging enabled and I've never seen it uploading any zip, rar files. I see files like exe, scripts get submitted when I extract malwares from a zip but never the zip itself. It's really rare when ESET send any files back to them because I don't really have any suspicious programs for ESET to upload except like I just said, when I download malwares. The fact that users can be notified is a big plus and makes their file submission action transparent. For most other AVs you never really know what's it uploading.
 
Last edited:

Tutman

Level 5
@harlan4096 perhaps you can help us get some clarity here, but the KSN Network Statement and the UI seem to both state that if you opt out of the KSN, you lose cloud protection. However, Kaspersky's website says something different:


Trying to spot check, leaving the KSN seems to still get me UDS cloud detections when I click through on zero-days. I still see a bit of outbound communication when I trigger a manual scan. However, the "Check reputation in KSN" context menu option gets greyed out.

Above all of this, I do not see another privacy policy that covers the fact that with KSN disabled, KTS is still querying hashes of executables against the KSN cloud.

Maybe they tried to implement the home user opt out clause. I am in support of this behavior for home users (you can opt out of sample submission but still get read only protection from the cloud)..... HOWEVER, the implementation of this looks so conflicted and half-polished it's not inspiring confidence.
I agree and was under the impression that when you opt you, you STILL have the full protection of the product. That sounds like what I thought, just data collection and sharing. Hence why it is under the additional settings tools.. NOT a main backbone feature of the Antivirus.

if it's been a while since you've tried Bitdefender you might want to give 2020 a try. I had no problems uninstalling multiple times in testing and have none of the slowdown people used to talk about. However, as with all security software, even the new improved version may have given you problems and I'd believe it.
Yea I had problems with lag using it a few months ago and couldn't get it to uninstall easy.

Avast free, it's light and with great protection too. It even has an option to suspend non-gaming processes.
Not sure I trust Avast or AVG anymore and that latest AV testing shows the protection rate has dropped some. I MAY try avast again one day.
 

DSD27

Level 5
Not sure I trust Avast or AVG anymore and that latest AV testing shows the protection rate has dropped some. I MAY try avast again one day.
You call top scores a drop? Anyway, those tests can change every month...
 
Last edited:

MacDefender

Level 11
Verified
I agree and was under the impression that when you opt you, you STILL have the full protection of the product. That sounds like what I thought, just data collection and sharing. Hence why it is under the additional settings tools.. NOT a main backbone feature of the Antivirus.
I think this is the right interpretation. Kaspersky employees and moderators have said similar statements: KSN Statement, "....may receive objects..."? [Closed] | Kaspersky Community

If you accept the conditions, your anti-virus can actively participate in the KSN. If unknown malware is found on your computer, it can be sent to the rightholder (Kaspersky) for analysis, in part or in whole.
If you do not accept the conditions, your Anti-Virus will passively participate in the KSN. It only receives information, but does not send any.
Based off this, I am turning off KSN on my primary machine but will leave it on for other machines that don't hold as much of my private information.


EDIT: I still wish they made this much more clear in both the UI and the "KSN Statement" that holds the legal terms and conditions. I am happy with the description of how it currently works, but without it being covered by an agreement that I clicked to accept, I don't feel as comfortable.
 

MacDefender

Level 11
Verified
@MacDefender Pleasure to read your thread. Very thought provoking analysis on not only Kaspersky but all AVs.

My personally point of view is, I trust Kaspersky more than any other AV-companies. US AVs are the very last I would trust.
This is very good to know. I appreciate your digging into these policies. Peaks my interest in Kaspersky.
Thank you both! It's definitely my pleasure to dig into these issues. Testing the performance/effectiveness is one very important data point, but if we are choosing to use these products to protect our data and have them observe basically everything we are doing on our computer, I think the privacy implications are absolutely worth asking.

I've learned a lot from this thread too, and I'm glad that we do have an option to passively use KSN to still get the benefit without the privacy concerns. I still want to contribute to the KSN on machines that don't handle my sensitive data, but I am glad that a paid product has a choice to run in privacy-sensitive mode.

My main feedback to Kaspersky is I wish they'd be transparent in their event logs about submissions and telemetry. If they would show me when a submission happens and what exactly they uploaded, I could be more convinced that they are collecting harmless information and feel more comfortable in opting into KSN.

Until then, my opinion is that if I am paying $50-100 a year to use a product like KTS, I am paying for Kaspersky's R&D, and do not feel I should be required to contribute to their crowdsourced intelligence data. Kaspersky seems to agree as well. I also think it's somewhat reasonable to have a free product that forces participation in exchange for protection.
 

SeriousHoax

Level 29
Verified
Malware Tester
Trying to spot check, leaving the KSN seems to still get me UDS cloud detections when I click through on zero-days. I still see a bit of outbound communication when I trigger a manual scan.
I wanted to check this too recently but I just now realized that I made such a stupid mistake. I not only turned off KSN but also disabled Kaspersky's internet access while testing this. No wonder Kaspersky wasn't detecting by the UDS detection anymore 😆
Btw, this is a very good find from you. I didn't expect this to happen. Good to know.
 

MacDefender

Level 11
Verified
This is related to Anti-Theft feature that ESET has. But it's not enabled by default and you need to go to account, enable it, etc some other extra things needs be done too. So, this is a special case and not active by default. Also I think it will record camera data only when the device is stolen.

I have logging enabled and I've never seen it uploading any zip, rar files. I see files like exe, scripts get submitted when I extract malwares from a zip but never the zip itself. It's really rare when ESET send any files back to them because I don't really have any suspicious programs for ESET to upload except like I just said, when I download malwares. The fact that users can be notified is a big plus and makes their file submission action transparent. For most other AVs you never really know what's it uploading.
Sorry I missed this quote:

I think kudos goes to ESET for actually having a UI for communicating what they are uploading! Norton also has "File Insight" log events that roughly state that it uploaded something because you executed a download, for example, without a ton more detail than that.

Kaspersky's and F-Secure's are both really hush -- I don't see ANY log entries explaining that they are sending things back to the cloud.
 
Top