Advice Request Kaspersky KSN - enable or disable?

Please provide comments and solutions that are helpful to the author of this topic.

Should Kaspersky Security Network be enabled or disabled?

  • Enabled. The increased protection outweighs any privacy concerns.

    Votes: 61 92.4%
  • Disabled. Privacy concerns outweigh any protection gains.

    Votes: 3 4.5%
  • I am unable to decide either way.

    Votes: 2 3.0%

  • Total voters
    66
Status
Not open for further replies.

jetman

Level 10
Verified
Well-known
Jun 6, 2017
470
I don’t think anyone can say for sure if Kaspersky is a tool for the Russian state (unless of course you work for the Russian secret services). I work on the basis that all information I type into my computer is potentially hackable. All we can do is try and minimise our risks. One school of thought is that if there are equally good security options available then when use Kaspersky. But I still use them at present due to the technical quality of their software.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
If you got Kaspersky, use KSN. Cloud features are available as a bonus for opting to chose their software. Don't believe the fake politic news from [censored] media companies. Make your own judgement, don't be a sheep.

If you don't "trust" KSN, uninstall Kapsersky.
 

jetman

Level 10
Verified
Well-known
Jun 6, 2017
470
I am finding it difficult to understand why having KSN enabled helps improve the protection of an individual user.

Isn't the purpose of KSN to automatiaclly upload unknown malware samples to Kasperky ? They can then work on making fixes for the malware which they can later release to all other Kaspersky users via definition updates. Although having all their users subscribed to KSN helps Kaspersky respond to new threats quicker, it does not benefit the individual user who got infected in the first place.

So if I turned off KSN it will make absolutely no difference to my own level of protection. However, if everyone turned off KSN then Kaspersky's definitions would be less repsonsive to new threats.

Am I correct ?
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I am finding it difficult to understand why having KSN enabled helps improve the protection of an individual user.

Isn't the purpose of KSN to automatiaclly upload unknown malware samples to Kasperky ? They can then work on making fixes for the malware which they can later release to all other Kaspersky users via definition updates. Although having all their users subscribed to KSN helps Kaspersky respond to new threats quicker, it does not benefit the individual user who got infected in the first place.

So if I turned off KSN it will make absolutely no difference to my own level of protection. However, if everyone turned off KSN then Kaspersky's definitions would be less repsonsive to new threats.

Am I correct ?

You are wrong, KSN actually DOES a difference to your own level of protection.

So how it does that? UDS - Urgent Detection System.

Kaspersky Security Network performs several important tasks: the global monitoring of suspicious activity on users computers, the instant delivery of this data (nothing confidential!) to Kaspersky Lab servers, the analysis of the information gathered and then decision making about either blocking dangerous files or putting them on a whitelist. To use this cloud-based service, users should have Kaspersky Lab products installed, e.g. Kaspersky Internet Security and give consent to participate in KSN. The reward for participation will come almost immediately, as all computers connected to KSN receive information about new threats less than a minute after the first detection of those threats.


  • If file behavior looks malicious, KSN instantly adds it to the database of our Urgent Detection System (UDS), instantly available to all users. Otherwise we whitelist this file.
  • If another user launches this dangerous file, Kaspersky Anti-Virus will check the file using a UDS cloud-based database and instantly block it.
  • Our experts check files listed as malicious. They determine the threat level for each file and add descriptions to the antiviral database. It may take more time, up to several hours, but KSN –connected users are protected during this period because this file is already listed in the UDS database.

Kaspersky's UDS is really powerful, I have seen many many detections from it.

Anyway, I fully agree with @Spawn, if someone doesnt trust Kaspersky (and KSN), just use something else.
 
Last edited:

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
it does not benefit the individual user who got infected in the first place.
Your computer will upload an unknown file and KSN will perform an online analysis, which is like a cloud behaviour scanner, a little more advanced.

Something like Free Automated Malware Analysis Service - powered by Falcon Sandbox

But a chance of a common user intercepting an unknown malware is highly unlikely.

Anyway I fully agree with @Spawn, if someone doesnt trust Kaspersky (and KSN), just use something else.
It is not about trust, using Kaspersky and KSN are two different things. I would never ever enable any cloud feature on any AV. It is just not worth it.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I am interested to know why this is the case ?
Sophisticated malware, like ransomware, mostly targets corporations and special organizations (like Petya targeted Ukrainian government), infecting just one computer in the network helps it to spread to others, but once it is out, it eventually leaks outside. Some are "lucky" to get infected, but thanks to the cloud, signatures to any new threat are released within hours, so common users should be protected, when using some trusted AV.
 

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Enable KSN. Cloud systems are essential for superior protection. Also, System Watcher component (behavior blocker) uses KSN to make better decisions. It's similar with avast! too, their Behavior Shield assesses CommunityIQ (their cloud) to make better decisions when analyzing behavior. And I'm pretty sure others use it in same way.
 
L

Local Host

I am finding it difficult to understand why having KSN enabled helps improve the protection of an individual user.

Isn't the purpose of KSN to automatiaclly upload unknown malware samples to Kasperky ? They can then work on making fixes for the malware which they can later release to all other Kaspersky users via definition updates. Although having all their users subscribed to KSN helps Kaspersky respond to new threats quicker, it does not benefit the individual user who got infected in the first place.

So if I turned off KSN it will make absolutely no difference to my own level of protection. However, if everyone turned off KSN then Kaspersky's definitions would be less repsonsive to new threats.

Am I correct ?
No, KSN doesn't upload all of files, in fact most of your files will get a simple MD5 check and cleared.

KSN will protect you against 0-day and unknown malware, which is the most dangerous form of malware nowadays (even to normal users, this is 2018 not 1999).

The moment a user gets infected, KSN syncs across the information and will prevent the rest of the userbase from getting infected. Assuming you'll always be the first user is the same as assuming you'll win the lottery every week, you're one among millions.

Most AV programs have a form of KSN, as they know 0-day and unknown malware are a danger even for a normal user nowadays.
 
Last edited:

jetman

Level 10
Verified
Well-known
Jun 6, 2017
470
Are people saying that KSN keeps all known malware signatures in the Cloud and can instantly recognise these on an individual users PC in the event of that user encountering an infection ?

If that is the case, then why does the Kaspersky application on my host PC download new malware signatures every day ? I have KSN turned on, so if I am benefiitting from Cloud based protection then why does Kaspersky also need to download signatures onto my host PC ?
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Are people saying that KSN keeps all known malware signatures in the Cloud and can instantly recognise these on an individual users PC in the event of that user encountering an infection ?

If that is the case, then why does the Kaspersky application on my host PC download new malware signatures every day ? I have KSN turned on, so if I am benefiitting from Cloud based protection then why does Kaspersky also need to download signatures onto my host PC ?
it downloads signatures for offline protection
KSN covers cloud signatures, which haven't added to offline signatures yet and they will be analyzed and added to offline signatures later
KSN does not upload any physical file to the internet as many of my tests have shown it hasn't consumed much internet bandwidth while testing new malwares, around 1-2MB per test while the malware package is usually ~10MB
it only uploads:
If you agree to participate in the Kaspersky Security Network service, the application will automatically send the following data to Kaspersky Lab servers:
  • Checksums of processed files;
  • Information concerning URLs to identify their reputation (personal data, for example, registration information, is not sent);
  • Statistics to increase protection against spam (for example, scanned messages IP addresses and checksums, pictures and attachments checksums);
  • Information about your computer hardware and software;
  • The actual time spent checking the object by the Software’s components.
KSN is a crucial component of kaspersky. If KSN is disabled, kaspersky might lose up to 50% of detection rate against new malwares
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top