Q&A Kaspersky browser extension versus KIS web-protection

dabluez98

Level 3
Oct 2, 2018
140
288
Thank you for the wealthy answer @ExecutiveOrder

1) Secure Data Input (see Kaspersky settings, Additional) --> i dont even use, the money protection in kaspersky is off. I find the features creates more trouble than it helps, and anyway, the big thing is not having a keylogger hack your system in the first place i thin.

2) Anti-Banner & Privacy Protection --> ublock origin i think is good enough

And as you say with phish attempts will eventually be interrupted by kaspersky itself, and ports are monitored. I wish I knew what apps (other than epic games) would break, is it just a trial and error thing, or do various apps end up breaking? Anyway to predict??

PS: i believe the main valuable thing missing is web-cam protection, but i think i have disabled that to begin with - web-cam protection needs the extension i think (for browsers at least)
 

ExecutiveOrder

Level 1
Verified
Sep 21, 2021
27
140
You're welcome.
And as you say with phish attempts will eventually be interrupted by kaspersky itself, and ports are monitored. I wish I knew what apps (other than epic games) would break, is it just a trial and error thing, or do various apps end up breaking? Anyway to predict??

PS: i believe the main valuable thing missing is web-cam protection, but i think i have disabled that to begin with - web-cam protection needs the extension i think (for browsers at least)
It's for this feature if you change the settings from the default "upon request" to "Always" it will break a number of websites (especially those mentioned in the "website" listing hyperlink on Kaspersky Settings > Network settings).
I'm not exactly sure what app will break other than Epic Games (last time I check it, Steam is fine), both are not listed in the "website" there, perhaps Epic using some necessary services from the website listed there or just a bug. By default (scan only upon request), you'll be fine and will not get much trouble using this feature and Epic Games will work correctly.
1634520991519.png

Not sure about Webcam, afaik it blocks data access to Webcam driver, any app and browser that tried to do that will only get blank black screen or whole box of webcam UI dissapears (happen in Webex, only when I check it in settings, not a problem though). Your webcam LED indicator will still on but apps won't get any data from it (blocked), also Webcam protection only work if it's enabled before app tried access the webcam, it cannot block webcam access from app that's already using and receive recording from your webcam (you need to stop it first, simply toggle webcam if you're using Zoom for example).
 

SpiderWeb

Level 6
Aug 21, 2020
299
2,066
You should never install a man-in-the-middle certificate. Again from my experience, KTS will still block malicious websites even if you don't have the extension and even if you disable encrypted connection scanning. Enabling this feature send a carbon copy of whatever you are looking at to Kaspersky servers which have been hacked multiple times by hackers and state actors:

https://www.washingtonpost.com/worl...8ce774-aa95-11e7-850e-2bdd1236be5d_story.html
 

dabluez98

Level 3
Oct 2, 2018
140
288
Thanks @SpiderWeb I have not installed the extension, but I did install Bitdefender traffic light - but is your suggestion uniform across the board: no kas ext, no bitdefender ext, and no malwarebytes extension?

I guess ublock origin is safest and ok?
 

ExecutiveOrder

Level 1
Verified
Sep 21, 2021
27
140
Thanks @SpiderWeb I have not installed the extension, but I did install Bitdefender traffic light - but is your suggestion uniform across the board: no kas ext, no bitdefender ext, and no malwarebytes extension?

I guess ublock origin is safest and ok?
AV extensions have nothing to do with certificates for the encrypted connections, you have to disable encrypted connection scan right from the main UI of every AV but you should know that most malware is distributed from encrypted connections. It's still highly possible to block the threat after it gets downloaded, but it will be difficult in some cases like in supply chain attacks (because the update data are encrypted, it also could be used to run a script to execute file-less attack directly into memory), post-infection is also possible to remediate but should take not that it already bypassed some of the protection layers.

uBlock Origin is safe but it can't be compared to this topic because the extension isn't just about Ad-Block as you can see from previous explanations, well because you can't use AV extension, then use uBlock it's safe and quite good for blocking ads and some other stuff.
A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive.
Malware Alert - Encrypted & Fileless Malware Sees Big Growth
That news from Washington was from a 2017 issue about Kaspersky that ends up banning the software of Kaspersky on US government computers. If you look at every news and other things regarding the issue, it's more like "caught in the geopolitical fight". Also, the news suggests that it was from the mechanism of AV product (a lot of vendors did this) specifically KSN (Kaspersky Security Network, other vendor has their own name for cloud infrastructure) and they just speculate that vendor A could be forced to cooperate for dirty work of their country and etc. So, if they did do the dirty job, you should disable KSN and secure the connection, this made the product far worse than the others (with full functionality, including 2 of these similar method). Even if "silent signatures" is complete, true, they can steal your data anyway, and you shouldn't trust their transparency report, two valid major business audits, and other things = just don't use Kaspersky.

As a regular user (not a US govt employee), you shouldn't get distracted by this issue.
There's a forum thread specifically talking about this with tons of opinions from multiple members:
Q&A - Is Kaspersky trustable?
 

SpiderWeb

Level 6
Aug 21, 2020
299
2,066
Again, Kaspersky will block https without encrypted scanning. The domain name of a site is not encrypted and Kaspersky will block based on what domains your browser connects to including embedded content. You shouldn't send a carbon copy of everything on the web to some random unmonitored server for analysis. It's 1 step forward and 2 steps back.

 

dabluez98

Level 3
Oct 2, 2018
140
288
@SpiderWeb I agree with you in spirit and regarding the security issues. But also, my own thoughts were similar to what @ExecutiveOrder confirmed - that this was a case of geopolitics, and if I am involved inn anyway in it - then for sure it would be dumb NOT to turn off KSN.

But there is still a point that at the end of the day a man-in-the-middle certificate is not optimal for privacy and security, as you suggest so I will keep this mind. However, this does also bring under question then the whole thing about cloud-based securities, and I would love to see a test comparing effectiveness without KSN and with KSN, even if at the end of the day a middle-man-certificate does not make sense.

I Wonder if it is about what @ExecutiveOrder said, it helps to protect you by also preventing that malware from landing on your territory even if once it lands remedial measures are still possible, but in case they fail. And @SpiderWeb you mentioned " Kaspersky will block https without encrypted scanning", but doesn't KSN also help with files on the computer, etc?

I also have more heaps to go through before completely learning what either of you have eventually said, so please take everything I have said based on what you said with a grain of salt. Thanks @ExecutiveOrder and @SpiderWeb for helping me learn.
 

ExecutiveOrder

Level 1
Verified
Sep 21, 2021
27
140
Yes, it (and other security products) still can block HTTPS because they don't necessarily encrypt the domain of the web (or maybe other stuff as an indicator, like port or IP, or connection to other servers/C2 perhaps?), but if the issue is the transmitted data (content like https://malwaretips.com/threads.html for example) is encrypted, it needed to leave the network cryptographic protocol (like TLS) during the communication process between server and client so the data is readable, made it to disk or browser temporary memory before written into the disk (and most of the cases, it can be blocked easily even without intercepting the data transmitted inside encrypted connection).
I've read a lot of Palant's bug hunting discoveries some time ago and it basically discusses vulnerabilities that could be discovered on an everyday basis of software no matter what vendor and what component it is. In the particular reports, this was a problem from 2018, you can check Hackerone bug bounty program from Kaspersky in this report (links below), this was already addressed and fixed in 2019. Palant is one of the helpful bounty hunters or ethical hackers who report vulnerabilities to Kaspersky the most there and have been rewarded at least $9300, most of the reports were approved (8 out of 10) except those two in his blog.
From that two specifc reports:
[Certificate warning pages susceptible to clickjacking]
This alert will be improved in the future product releases, that's why I wrote we take this issue into account. - Kaspersky Staff (Apr 29th 2019)
I can confirm btw. that the clickjacking issue is resolved, even though the links are still predictable. - Palant (Apr 29th 2019)
Just making sure you know: as discussed in #470547, I plan to publish a blog article on this issue next Monday (2019-08-19). - Palant (Aug 12th 2019)

[Universal XSS in Microsoft Edge]
The vulnerability was patched. To check the fix, install KIS 19 and update it to the latest release (Patch E). - Kaspersky Staff (Apr 29th 2019)
I can confirm that the URL from the message is being ignored now. Otherwise no relevant changes. - Palant (Apr 29th 2019)
Just making sure you know: as discussed in #470547, I plan to publish a blog article on this issue next Monday (2019-08-19). - Palant (Aug 12th 2019)
And most likely, the particular components mentioned here have already undergone a lot of changes and have been improved since then (it's been 2 years since the reports were closed/solved).
 
Last edited:
Top