Yeah this is a huge drawback. KSN is a big part of Kaspersky’s protection. It’s also the backbone of application control’s trust assignments. You’re losing a lot of protection by opting out of KSN.
Kaspersky and Cloud Privacy
- Thread starter MacDefender
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 17, 2020
- 542
I also have SysHardener and OS armor and use a firewall and don't think I will have any zero day malware issues so I feel safe not using the KSN because I thought the main reason for it was to upload samples and unknown zero day malware and "share" with the network of other Kaspersky users. It is very safe to use without that feature.
If you've already got those layers, then it seems like something like NOD32, F-Secure, or a BitDefender-based engine would make a lot of sense. KSN is a big part of what sets Kaspersky apart from other vendors. Many of the vendors I just mentioned allow you to look up their cloud signatures while opting out of contributing samples. That's the main thing Kaspersky doesn't let you do.
Kaspersky's offline performance has been getting worse over time:
- Apr 1, 2019
- 2,868
I think this may have to do with their anti-theft feature. Just a guess. This doesn’t bother me as my desktop doesn’t have a webcam, but it definitely is interesting.Ummmmmm I hope I'm misunderstanding what "data recorded by your computer's camera" means?End of Life | ESET Online Help
help.eset.com
Thank you -- that makes more sense -- I haven't tried the anti-theft feature but perhaps it has the ability to show you the webcam feed once you mark the device as stolen? That would be interesting!
- Apr 17, 2020
- 542
Yea I didn't know that. But I am also using is because it's FREE. Eset and F-secure are not. I know bitdefender has a free version but it bogs my system down and HORRIBLE to remove after install!
- May 16, 2013
- 844
@MacDefender
F-secure privacy policy is good but their practice not:
F-secure privacy policy is good but their practice not:
After the media coverage of Magic Lantern and claims by some AV vendors to purposely leave a backdoor for it in their products, F-Secure announced their policy on detecting these spying programs:
"F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.
"We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."
en.wikipedia.org
"F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.
"We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."
F-Secure - Wikipedia
- Apr 15, 2020
- 227
Avast free, it's light and with great protection too. It even has an option to suspend non-gaming processes.
- Apr 1, 2019
- 2,868
if it's been a while since you've tried Bitdefender you might want to give 2020 a try. I had no problems uninstalling multiple times in testing and have none of the slowdown people used to talk about. However, as with all security software, even the new improved version may have given you problems and I'd believe it.
@harlan4096 perhaps you can help us get some clarity here, but the KSN Network Statement and the UI seem to both state that if you opt out of the KSN, you lose cloud protection. However, Kaspersky's website says something different:
Trying to spot check, leaving the KSN seems to still get me UDS cloud detections when I click through on zero-days. I still see a bit of outbound communication when I trigger a manual scan. However, the "Check reputation in KSN" context menu option gets greyed out.
Above all of this, I do not see another privacy policy that covers the fact that with KSN disabled, KTS is still querying hashes of executables against the KSN cloud.
Maybe they tried to implement the home user opt out clause. I am in support of this behavior for home users (you can opt out of sample submission but still get read only protection from the cloud)..... HOWEVER, the implementation of this looks so conflicted and half-polished it's not inspiring confidence.
@MacDefender
F-secure privacy policy is good but their practice not:
After the media coverage of Magic Lantern and claims by some AV vendors to purposely leave a backdoor for it in their products, F-Secure announced their policy on detecting these spying programs:
"F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.
"We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would."
F-Secure - Wikipedia
Yeah I think this is a separate issue. Emsisoft is the only AV that I've seen that has a canary clause: Emsisoft | Privacy Policy
In terms of whether or not vendors are bucking to pressure to whitelist state sponsored malware, to be honest, it's been a mysterious grey area. Do we know for sure that NortonLifeLock isn't going to comply with CIA/DOJ arm twisting or Kaspersky isn't going to be pressured by the KGB? Honestly I don't know.
I'm not holding F-Secure on a pedestal. Technically Emsisoft's statement also covers just Emsisoft, not the BD engine, for example. That's going to be complicated.
For the scope of this thread, I really wanted to focus on the data collection policy of cloud based intelligence.
- Mar 16, 2019
- 3,868
This is related to Anti-Theft feature that ESET has. But it's not enabled by default and you need to go to account, enable it, etc some other extra things needs be done too. So, this is a special case and not active by default. Also I think it will record camera data only when the device is stolen.
I have logging enabled and I've never seen it uploading any zip, rar files. I see files like exe, scripts get submitted when I extract malwares from a zip but never the zip itself. It's really rare when ESET send any files back to them because I don't really have any suspicious programs for ESET to upload except like I just said, when I download malwares. The fact that users can be notified is a big plus and makes their file submission action transparent. For most other AVs you never really know what's it uploading.
Last edited:
- Apr 17, 2020
- 542
I agree and was under the impression that when you opt you, you STILL have the full protection of the product. That sounds like what I thought, just data collection and sharing. Hence why it is under the additional settings tools.. NOT a main backbone feature of the Antivirus.
Yea I had problems with lag using it a few months ago and couldn't get it to uninstall easy.
Not sure I trust Avast or AVG anymore and that latest AV testing shows the protection rate has dropped some. I MAY try avast again one day.
- Apr 15, 2020
- 227
You call top scores a drop? Anyway, those tests can change every month...
Test antivirus software for Windows 11 - October 2024
The current tests of antivirus software for Windows 11 from October 2024 of AV-TEST, the leading international and independent service provider for antivirus software and malware.
www.av-test.org
Malware Protection Test March 2020
The Malware Protection Test March 2020 assesses program’s ability to protect a system against malicious files before, during or after execution.
www.av-comparatives.org
Last edited:
I think this is the right interpretation. Kaspersky employees and moderators have said similar statements: KSN Statement, "....may receive objects..."? [Closed] | Kaspersky Community
Based off this, I am turning off KSN on my primary machine but will leave it on for other machines that don't hold as much of my private information.
EDIT: I still wish they made this much more clear in both the UI and the "KSN Statement" that holds the legal terms and conditions. I am happy with the description of how it currently works, but without it being covered by an agreement that I clicked to accept, I don't feel as comfortable.
- Feb 12, 2017
- 249
@MacDefender Pleasure to read your thread. Very thought provoking analysis on not only Kaspersky but all AVs.
My personally point of view is, I trust Kaspersky more than any other AV-companies. US AVs are the very last I would trust.
My personally point of view is, I trust Kaspersky more than any other AV-companies. US AVs are the very last I would trust.
- Apr 1, 2019
- 2,868
This is very good to know. I appreciate your digging into these policies. Peaks my interest in Kaspersky.
Thank you both! It's definitely my pleasure to dig into these issues. Testing the performance/effectiveness is one very important data point, but if we are choosing to use these products to protect our data and have them observe basically everything we are doing on our computer, I think the privacy implications are absolutely worth asking.
I've learned a lot from this thread too, and I'm glad that we do have an option to passively use KSN to still get the benefit without the privacy concerns. I still want to contribute to the KSN on machines that don't handle my sensitive data, but I am glad that a paid product has a choice to run in privacy-sensitive mode.
My main feedback to Kaspersky is I wish they'd be transparent in their event logs about submissions and telemetry. If they would show me when a submission happens and what exactly they uploaded, I could be more convinced that they are collecting harmless information and feel more comfortable in opting into KSN.
Until then, my opinion is that if I am paying $50-100 a year to use a product like KTS, I am paying for Kaspersky's R&D, and do not feel I should be required to contribute to their crowdsourced intelligence data. Kaspersky seems to agree as well. I also think it's somewhat reasonable to have a free product that forces participation in exchange for protection.
- Mar 16, 2019
- 3,868
I wanted to check this too recently but I just now realized that I made such a stupid mistake. I not only turned off KSN but also disabled Kaspersky's internet access while testing this. No wonder Kaspersky wasn't detecting by the UDS detection anymore
Btw, this is a very good find from you. I didn't expect this to happen. Good to know.
Sorry I missed this quote:
I think kudos goes to ESET for actually having a UI for communicating what they are uploading! Norton also has "File Insight" log events that roughly state that it uploaded something because you executed a download, for example, without a ton more detail than that.
Kaspersky's and F-Secure's are both really hush -- I don't see ANY log entries explaining that they are sending things back to the cloud.
