Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Kaspersky and Cloud Privacy
Message
<blockquote data-quote="MacDefender" data-source="post: 878437" data-attributes="member: 83059"><p>Here's a real world example. I was testing a home-coded ransomware simulator. I executed the sample in a VM running Kaspersky. System Watcher kicked in after 5 files got encrypted, killed the executable.</p><p></p><p>Little did I know, it also uploaded at least something about it to KSN.</p><p></p><p>Next up, on my host machine, when I tried to copy the file to another VM, Kaspersky on my host machine detected a "UDS: MSIL/something" trojan on that executable. 5 minutes ago, it was considered clean. But now, suddenly, it's considered malicious and detected via signatures, all because one VM running Kaspersky became victim of an attack caused by that executable.</p><p></p><p>This is the value of KSN as a security feature. For zero day circulating threats, it transforms a dynamic (behavior blocker) detection into a static detection for all other users.</p><p></p><p>In practice, any time you see a signature from Kaspersky that starts with "UDS", that means that someone opting into KSN encountered this, and reported it to the cloud automatically. If everyone stopped contributing, there would be no UDS cloud detections.</p><p></p><p>That's basically the fundamental value of a crowdsourced cloud like this. I do think it's quite valuable and the future of effective AVs. However, the feature needs to be a lot more transparent and communicative about what it's reporting back to the cloud.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 878437, member: 83059"] Here's a real world example. I was testing a home-coded ransomware simulator. I executed the sample in a VM running Kaspersky. System Watcher kicked in after 5 files got encrypted, killed the executable. Little did I know, it also uploaded at least something about it to KSN. Next up, on my host machine, when I tried to copy the file to another VM, Kaspersky on my host machine detected a "UDS: MSIL/something" trojan on that executable. 5 minutes ago, it was considered clean. But now, suddenly, it's considered malicious and detected via signatures, all because one VM running Kaspersky became victim of an attack caused by that executable. This is the value of KSN as a security feature. For zero day circulating threats, it transforms a dynamic (behavior blocker) detection into a static detection for all other users. In practice, any time you see a signature from Kaspersky that starts with "UDS", that means that someone opting into KSN encountered this, and reported it to the cloud automatically. If everyone stopped contributing, there would be no UDS cloud detections. That's basically the fundamental value of a crowdsourced cloud like this. I do think it's quite valuable and the future of effective AVs. However, the feature needs to be a lot more transparent and communicative about what it's reporting back to the cloud. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
