Advice Request Kaspersky and Cloud Privacy

Please provide comments and solutions that are helpful to the author of this topic.

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784
All these privacy policies are well and good, but we will never know if they are following them. I assume I have very little privacy online and in most devices for that matter.
I think the privacy policies tend to be accurate in terms of describing what they are submitting/collecting from you. The reason there is simple -- anyone with the same tools we use for malware analysis can easily detect and catch red-handed deviations from that policy. It's very hard to hide what you are collecting and uploading for software you distribute to millions of users.

However, what they claim to do with it, that's purely based on trust and short of whistleblowers/disgruntled ex-employees, it's pretty hard to get the truth. For example, F-Secure claims that their automation strips your IP and identity from your automated submissions before any human can look at the information. That's not verifiable from the outside -- all you and I know is that the file left my computer tied to my IP address and exact timestamp. What they do with the info, as soon as it leaves your computer it's basically out of your control.


So long story short, the part of the privacy policy I care about is the part that explains what they are collecting from me. The part about how they promise to use it holds zero meaning to me because there is no way for me to hold them accountable. Sure I will generally prefer to use products from companies that have a great track record on privacy but that's still just a gut feeling.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
FWIW this wording is a ton clearer on some parts of the website, especially the GDPR versions, compared to what ships in the software here in North America.

The USA agreements say nothing about passive participation, but that language is in the GDPR version.
This is one thing I don't like about them. Their GDPR version and other versions have some difference in data collection. I haven't noticed this difference for other AVs. Let me know if others do this too. The EU version of Kaspersky also let you opt out of "Statement regarding.....marketing...." which is not possible in other versions.
 
Last edited:

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
537
They also dedicated a page to GPDR when it was announced: https://www.kaspersky.com/gdpr.
And another explaining their data protection principles: https://www.kaspersky.com/about/data-protection.

This is one thing I don't like about them. Their GDPR version and other versions have some difference in data collection. I haven't noticed this difference for other AVs. Let me know if others do this too. The EU version of Kaspersky also let you opt out of "Statement regarding.....marketing...." which is not possible in other versions.
Yep, in my opinion, anyone who is afraid that their data may be used in a malicious way should download the EU version that is GDPR compliant.
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
569
Honestly? The cost of stealing data is much bigger than only doing malware research.

The cost only worth it if data is sell (like avast) or if you are a very important person with confidential documents.
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,519
NOTE: This is not meant to be a political/conspiracy related thread. I'd prefer to just focus on the cloud telemetry / automatic sample submission aspect.

Using Kaspersky for about a week now, it's gotten me to take a closer look at the whole NSA controversy. In terms of what factually happened, it seems like the verifiable part of the story is:
  1. A NSA worker plugged in a thumb drive containing state sponsored malware
  2. Kaspersky scanned and detected malware
  3. An automated cloud submission process reported that back (or collected the entire sample?)
  4. This helped Kaspersky identify the source (the NSA), but the NSA accuses Kaspersky of exfiltration through this process.
In general, this is basically how every cloud based AV works. You are contributing to the cloud intelligence every time you encounter a new executable/file, and the cloud reserves the right to collect either the entire binary or just metadata about it as you encounter such files. In fact, some like the F-Secure or Avira cloud, their privacy policy states that they may collect the entire executable as part of cloud / sandbox scanning.


So this got me to look at Kaspersky's privacy policy, and here's the section I could find:


Namely, with regards to binary submissions:


Long story short, there's very permissive language being used here that basically say that if Kaspersky detects a suspected attack, they are willing to upload many files that they think are related to the attack.

What's interesting to me is that most cloud services have a clause where they basically say they only upload executables (WinPE executables, DLLs, etc) and not documents/scripts. Kaspersky does not. Kaspersky's also has a lot of language regarding unique identifiers -- they don't usually send things like serial numbers or MAC addresses, but they do mention they send hashes of such information and use it. This is very different from a lot of other cloud providers who anonymize this sort of information.

Overall I think this makes their cloud a lot more powerful in terms of being able to analyze zero day samples on customer machines, but it's worth remembering, as a general reminder, ALL cloud AVs perform this kind of automatic sample submission. They usually have a way to turn it off, but sometimes that comes at the expense of no longer being able to use the cloud database anymore (e.g. you have to participate to get the benefits). Kaspersky's KSN policy is very transparent in terms of spelling out what they are doing, but what they are spelling out is rather broad. The kinds of things they are collecting (exact paths of files, samples of files, hash of your MAC address, name of your wifi network, list of all installed applications and their exact versions) can be used to form a very specific fingerprint that de-anonymizes the user, which can be easily part of the explanation for how a cloud sample submission was enough for Kaspersky to tie one person's file on a thumb drive to the organization that it came from.


I'm curious what thoughts and experiences we have about the Kaspersky cloud or any other cloud in terms of what gets automatically submitted, etc.
Good for me running SPEM as I can disable all submissions to Symantec while receiving live updates :)
 
  • Like
Reactions: Cortex

miguelang611

Level 2
Apr 13, 2020
99
You have a Download link?
bit. ly/ 2yiJmqM
I think that should work out of the box. It is UK version. When installing u should be asked twice about KSN and later on about marketing. If u r not asked, something is changed I think. Then u will need VPN of an EU country I guess
Cheers
PS: For your case u may use a Portugal VPN and download the portuguesse GDPR installer
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784
This is applicable to any online service, application, av firm, operating system, etc... so :rolleyes:
That's very true. The flipside though, is a good point -- in practice, there's very little if any repercussions for violating your own privacy policy. I would say 50-75% of my phishing emails today are because a popular virtualization software got compromised and lost most of my personal info (including credit card and billing address). This was "allowed" because of very vague language around being able to share this with the third party that was compromised, but even after working with the Attorney General's office I was unable to build much more of a case other than getting offered a few years of their software for free (lol thanks I guess?)

Either way, long story short, apart from the GDPR in the EU, there's almost no punishment for violating your privacy policy. It simply boils down to the amount of trust you have in your vendor, and how much they have to lose if their privacy reputation is tarnished.
 

miguelang611

Level 2
Apr 13, 2020
99
That's very true. The flipside though, is a good point -- in practice, there's very little if any repercussions for violating your own privacy policy. I would say 50-75% of my phishing emails today are because a popular virtualization software got compromised and lost most of my personal info (including credit card and billing address). This was "allowed" because of very vague language around being able to share this with the third party that was compromised, but even after working with the Attorney General's office I was unable to build much more of a case other than getting offered a few years of their software for free (lol thanks I guess?)

Either way, long story short, apart from the GDPR in the EU, there's almost no punishment for violating your privacy policy. It simply boils down to the amount of trust you have in your vendor, and how much they have to lose if their privacy reputation is tarnished.
Interesting comment
But don"t even think u r protected with GDPR. I asked in the past to some vendors to give me my data and delete it and never got reply back...
GDPR may help a bit, but it is another fakery in my experience...
For me, GDPR means problems for you if you wanna do something bcs you can't, but bug companies will search the way to get what they want...
All in all, as always, taking care of what u share and with who u share. It is the only way to be "private". I don't trust any policy at all, because even u read it, most times after an update they r getting more and more data from u...
I really hope there will be a real regulation in future, but I don't think so...
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784
Interesting comment
But don"t even think u r protected with GDPR. I asked in the past to some vendors to give me my data and delete it and never got reply back...
GDPR may help a bit, but it is another fakery in my experience...
For me, GDPR means problems for you if you wanna do something bcs you can't, but bug companies will search the way to get what they want...
All in all, as always, taking care of what u share and with who u share. It is the only way to be "private". I don't trust any policy at all, because even u read it, most times after an update they r getting more and more data from u...
I really hope there will be a real regulation in future, but I don't think so...
Good to know — I don’t live in the EU, I just found the GDPR is very explicit about the requirements and punishments.
Meanwhile traditional privacy policies basically are just the company defining their terms and as a customer you have to just deal with that. And even if they don’t uphold their end they simply just say “sorry I didn’t mean to” and have no accountability.

it’s not perfect but it is a step in the right direction.
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
569
About data storaged by system watcher:

When a ransomware application attempts to encrypt a file, the Kaspersky product automatically creates a backup copy of it. If the file gets encrypted, the product restores it from the backup copy.

Please note:

  • Backup copies are stored in the system Temp folder (temporary files storage). Make sure you have at least 10–15% of free space on a drive with the Temp folder.
  • Backup copies are removed after you exit Kaspersky Endpoint Security 10 for Windows or disable System Watcher. (backup copies are not removed if the application is stopped unexpectedly). If necessary, you can remove backup copies manually by deleting the contents of the Temp folder. For instructions, see this article.

I checked:
system-watcher.jpg


Source
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
569
Norton Privacy policy, something scares me:

Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

And Subscriber, administrative and Provisioning information they can share too to third parties like governments and "service providers".

Hi, NSA/CIA.
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
569
Kaspersky System Watcher scans the most relevant system event data. The monitor tracks information about the creation and modification of files, the work of system services, any changes made to the system registry, system calls and data transfers over the network. System Watcher also processes information about operations with symbolic links containing references to files or directories, modifications of the master boot record where the loader for the installed operating system is stored and interception of OS reboots. Moreover, it analyses the contents of the packets transmitted via TCP, the main Internet transport layer protocol, in search of any evidence of criminal activity. The data collection process is automated and does not require user interaction. Using the BSS (Behavior Stream Signatures) module, System Watcher can independently make decisions as to whether a program is malicious based on the data it analyzes.

It's a big data collector, basically. It tracks almost all the system. 🤣😅

 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top