Kaspersky's KSN - is it safe?

Tony Cole

Level 27
Thread author
Verified
May 11, 2014
1,639
Hi Everyone:

I have been using Kaspersky for 3-4yrs now and have always enabled the optional membership of Kaspersky's KSN. I wonder what kind of information Kaspersky collects about you/me and if it's safe to carry on with it enabled? I ask, in light of recent events, where identity protection is a huge must and people fear giving away too much info about themselves.
 
  • Like
Reactions: Surtur

Cch123

Level 7
Verified
May 6, 2014
335
I think this may help: http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf

However, the list above is not complete as to what is collected by Kaspersky. The full list is below in the spoiler (to save people from scrolling through the wall of text :D)

In order to detect new data security threats and increase the protection of the data stored and processed by the user with a computer, the User agrees to provide the following information:

1. Information about hardware installed on the computer, including information about the manufacturer and product number of the RAM (including the amount of RAM), motherboard, processor (CPU), video card (including the amount of video memory), disks (HHD), and network adapters,
2. Information about the BIOS, including the version and the vendor's name
3. Information about the operating system (OS) installed on the computer and installed updates, including the digit capacity of the operating system, kernel objects, drivers, services, Microsoft Internet Explorer extensions, printer extensions, Windows Explorer extensions, infected objects, Active Setup components, control panel applets, hosts file entries, and the system registry. The name of the computer in the network (local and domain names), the operating system's regional settings (including information about the time zone, default keyboard layouts, and interface language), UAC settings, the operating system's firewall settings, the operating system's parental control settings, and settings and data for the operating system services.
4. Information about all installed applications, including the name and version of the installed application, the versions of installed updates, the publisher's name, the installation date, and the full installation path on the computer,
5. Information about the Right Holder's installed software and the anti-virus protection status, including the version of the Software, information about downloaded modules files, their names, sizes, paths, checksums (MD5), vendors, signatures, and files integrity, processes identifiers, which downloaded modules, the order in which modules were downloaded, the version of the anti-virus databases being used, statistics about updates and connections with the right holder's servers, the unique software identifiers on the computer, the computer's unique identifier, and information about the software's run mode.
6. Information about the TPM (Trusted Platform Module), if the computer is equipped with such a module, including information about the module's manufacturer and version, as well as the presence/absence of a certificate and key,
7. Information about the computer's wireless network connection, including checksums (MD5) of the client's IP address, the MAC address of the access point, and the name of the wireless network, the user's identifier, information about network's type and security, the type of the connected device, a counter for the duration of the device's connection to the wireless network, DNS flag, flag indicating whether the device is running on battery power or a stationary power supply,
8. Information about the activity of the User's computer, including information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, an indication whether the process's file has autorun status, a description of the product that the process belongs to (including the name of the product and information about the publisher), as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), URLs of visited websites and the time of visits, search queries, HTTP request parameters and cookie files, the time passed since the last user action on the computer, and information about the modules loaded into the processes, including their names, size, type, checksum (MD5), and the paths to them,
9. Information about all scanned objects and actions, including the name of the scanned object, the date and time of the scan, the URL from which it was downloaded, the names and size of scanned files and the paths to them, the date and time of file creation, the name of the packer (if the file was packed), the file's entropy, the file's type identifier and format, the URL from which the object is downloaded, the object's checksum (MD5 and/or SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate) (including the signature's date and time, the name of the certificate owner, the certificate's serial number, and the checksum algorithm, information about the certificate's public key, the certificate's database identifier, the name of the certificate issuer, and the result of certificate validation), the task identifier of the software that performed the scan, the date and time of the scan, the result of the scan, and the user's and the product's decision relative to the scan result, information about changes to trust groups, the result and parameters of emulating the object's behavior, for executable files: the amount of RAM used by the file, information from its PE header, the entropy and static data from the file's sections, values of hash functions (Minwise and Cosin) computed based on the results of the emulation, the number of file launches,
10. If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Right Holder's classification, the checksum (MD5 or SHA2-256) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the identifier of the type of traffic on which the threat was detected, the vulnerability identifier and its threat level, the URL of the web page where the vulnerability was detected, the number of the script on the page, the identifier of the danger, type, and status of the detected vulnerability, the intermediate results of object analysis,
11. Information about network attacks, including the IP address of the attacking computer and the user's computer's port number at which the network attack is directed, the identifier of the protocol used to carry out the attack, and the name and type of attack,
12. the URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier and weight of the rule used to reach a verdict, the objective of the attack,
13. Information about links blocked by Parental Control, including the reason for the blocking, the version of the Parental Control component, and the URL and IP address of the blocked link,
14. Information about WebToolBar, including user-made decisions about the quality/danger of domains, the checksums (MD5) of the scanned domain's URL and Referrer, the WebToolBar component's identifier,
15. Results of Anti-Spam's scan of emails, including the version of the Anti-Spam component, the identifiers and weights of active scan rules, the sender's IP address, the most likely IP address for a source of spam, the status of an email after scanning,
16. Information about changes made by the user in the list of web sites protected by the SafeMoney component, including the URL of the web site, a flag indicating a web site has been added, modified, or deleted, the mode in which SafeMoney runs for the web site,
17. Information about the DefaultDeny component, including its settings version identifier, a flag indicating its mode, the result of checking a file's status, and the source of the trust status, aggregated data about the number of trusted, untrusted, and unknown objects,
18. Aggregated data from the results of scanning using the local KSN databases, including the number of unknown objects, the number of trusted objects, the number untrusted objects; the number of objects trusted based on validation of a certificate, designated as trusted based on a trusted URL, recognized as trusted based on the transfer of trust from a trusted process; the number of unknown objects for which no decision regarding trust has been made, the number of objects that the user has designated as trusted. Version of the local KSN database on the computer at the time the statistics are sent, the software's database settings identifier, information about successful/unsuccessful requests to KSN, the duration of sessions with KSN, the amount of data sent and received, the times at which the collection of information to be sent to KSN was started and stopped,

Files (parts of files and file checksums) that may be used by attackers to harm the User's computer, including objects detected at harmful links, may be sent to Kaspersky Lab for scanning.
These objects may be stored temporarily on the user's computer up until the time they are sent.
Additionally, to prevent incidents and investigate those that do occur, trusted executable and non-executable files, application activity reports, portions of the computer's RAM, and the operating system's boot sector may be sent.

To improve the quality of the product, the User agrees to provide Kaspersky Lab with the following information:
* Information about the version of the operating system (OS) installed on the computer and installed updates, as well as the name of the computer in the network (local and domain names), the operating system's regional settings (including information about the time zone, default keyboard layouts, and the interface language), UAC settings, the operating system's firewall settings, the operating system's parental control settings, Windows Update settings, information about environment variables and user account variables,
* Information about the hardware installed on the computer, including information about the model, number of cores, and operating frequency of the processor (CPU), the manufacturer, model, and size of the hard disk (HDD), the amount of physical, virtual, and available memory, the manufacturer of the motherboard, the vendor and name of the BIOS, the manufacturer of the video card and the amount of video memory, the manufacturer and type of the network adapter, its data transmission speed, and the name and manufacturer of the monitor,
* Information about all of the installed applications, including the name and version of the installed application, the version and versions of installed updates, the publisher's name, date, and the full installation path on the computer,
* Names and paths of files with the following extensions: pdf, djvu, fb2, tex, rtf, ps, doc(x), ppt(x), xls(x), tif, jpg, jpeg, iso, m3u, mp3, ogg, wma, aac, flac, alac, m4a, m4p, flv, vob, avi, mov, mp4, mpg, mkv, wmv, 3gp, swf, m2ts, divx,
* Information about the activity of the User's computer, including the current date and time and the time that has passed since the last user action, as well as information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the product the process belongs to (name, description, vendor), and the name of the active window and the time it was activated,
* Information about visited web sites, including a web site's address (URL), the time of the visit, the parameters of the HTTP request (may contain cookies), the web site's address type (user-entered address; address of a search query; address from search results),
* Information about the Right Holder's software installed on the computer, including the installation date and time, the name and version of the software, versions of installed updates, data about the installed license (including its identifier and type), the unique software installation identifier, and a unique computer identifier, the interface's locale, the date and time set on the computer when the data is sent to KSN,
* Information about the use of the product's user interface, including information about the opening of the interface's windows (including identifiers and names of windows and used control elements) and switching between windows, information that determines the reason for opening a window, the date and time the interface was started and the stages of interface's startup, the time and type of the user's interaction with the interface, information about changes to settings and product parameters (including the name of the setting or parameter, and the old and new values),
* Information about errors that have occurred in the operation of the product, including the type and time of the error, as well as the identifier of the product component and task in which the error occurred,
* Information about scanning of protected connections, including the certificate used when making the connection and its checksum (MD5 and SHA), the DNS- and IP address (IPv4 or IPv6) of the network resource, the remote port number, the name and version of the running application that established the protected connection, as well as the path to this application, the error code from scanning the protected connection (if an error occurred),
* Information about incompatible third-party software detected during installation of the product, including the time and method of detecting the incompatible software, its name and type, the locale of the product being installed, the release date of the component responsible for detecting the incompatible third-party software, information about the user's decision regarding the detected third-party software,
* Information about updates of the installed product and anti-virus databases, including the IP address (IPv4 or IPv6) of the update source being used, the type of the update task, the number and total size of files downloaded during an update, the average download speed for the update files, the average speed for network operations during the update, the completion status of the update task, the type of an error that may occur during an update, the number of unsuccessful updates, the identifier of the product component that performs updates,
* Information about the resources used by the product components when scanning objects, including actual and average scan times by various product components; the total, minimum, and maximum scan time; the name and version of third-party software running at the time of the scan, the delay time when starting the software, loading its libraries, using it to open files, and capture network traffic, the number of requests for scanning, the identifier of the scan operation, the start time and stop time of the service process and KL product interface, the duration of the receipt of data about the third-party software, and the number of events that occurred during this time,
* Information about the interaction of the product and KPC services, including the identifier and domain name of the service to which a request has been made, the number of requests and successful/unsuccessful connections with each service, the number of reports from each service, the number of errors and timeouts during requests, the times at which the collection of information about the number of requests and connections was started and stopped.

Kaspersky Lab protects the information received in accordance with the law and Kaspersky Lab's rules.
Kaspersky Lab uses the information received only in an anonymized form as part of aggregated statistics. These aggregated statistics are generated automatically from the original information received and do not contain personal information or any other confidential information. The original information received is stored in encrypted form and is destroyed according to the amount collected (twice a year). Aggregated statistics are stored indefinitely.
 
  • Like
Reactions: Surtur and Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
"Is it safe?" o_O Kaspersky is a well known and trusted. KSN is it's Cloud Protection counterpart, you probably should have reviewed the Privacy Policy before installing Kaspersky.

From their Support pages for KIS2015.
http://support.kaspersky.co.uk/11212#block0

"Your participating in KSN allows Kaspersky Lab to quickly collect data concerning new threats and to develop methods of protecting your computer against them. The more users participate in KSN, the better your computer is protected.

Kaspersky Lab does not collect, process and store any personal user information. Participating in Kaspersky Security Network is optional. You are offered to participate in KSN when installing Kaspersky Anti-Virus 2015, but you can change your decision later (you can opt in or opt out in the application's settings).

If you agree to participate in KSN, the application will automatically send the following data to Kaspersky Lab servers:​
    • Checksums of processed files
    • Information that helps to identify URLs' reputation (no personal data is transferred; sensitive information is excluded from URL strings)
    • Statistics concerning spam (for example, checksums of scanned messages, pictures and attachments; senders' IP addresses)
    • Depersonalized information about your hardware and software
    • Time spent on various objects' scan
Kaspersky Lab protects all information received in accordance with law. Kaspersky Lab uses all received information as aggregate statistics only. Aggregate statistics are automatically generated from the source information that is received, and do not contain any personal data or other confidential information. Source information is stored in encrypted form and is destroyed as it is accumulated (twice per year). Aggregate statistics are stored indefinitely.
If you refuse to participate in KSN, the data listed above will be only saved locally on the computer without being transferred to Kaspersky Lab servers. As soon as you opt into the KSN service, all previously collected data will be sent to Kaspersky Lab servers."​

How KSN work, see video: http://ksn.kaspersky.com/

Found via Google Search: Kaspersky KSN
Time taken: Less than 30 seconds
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
This Statement defines the manner of receiving and processing the data listed below. This Statement applies to proprietary Kaspersky Lab ZAO (Kaspersky Lab) corporate products.

The User agrees to using KSN services and providing the data listed below in order to contribute to raising the security level of User data storing and processing techniques:

  • Information about version and type of the installed Kaspersky Lab software;
  • Information about version of the installed operating system;
  • Information on any objects being checked: file digests (md5), URLs and their referrers with removed confidential information (login, password, parameters) and product decisions about checked objects;
  • Information on any objects suspected of being malware: size and creation time of files; information about digital signatures of files; internal ID of the folder containing the object suspected of being malware; information about the triggered signature; ID of the triggered protection subsystem of Kaspersky Lab software; and reasons for classifying the object as suspected of being malware.

Kaspersky Lab performs no collection, processing or storage of your personal data. We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. Using theKSN service is optional. You can activate and deactivate the Kaspersky Security Network service at any time in the application settings window after you have installed the product on your computer.

link: http://support.kaspersky.com/7270

Reference just ignore the version since that agreement will be same at all through current version: http://support.kaspersky.com/6628
 
Last edited:

Tony Cole

Level 27
Thread author
Verified
May 11, 2014
1,639
Thank you Huracan and jamescv7 I would never stop using KSN as I think it offers another layer of protection. Considering Kaspersky has over 300 million customers at present there are only 2,928,914 KSN participants. I think after Edward Snowden people are very dubious about giving info to others.
 

ChoiceVoice

Level 6
Verified
Oct 10, 2014
280
old thread but correct topic :) does anyone know if ksn is enabled, will that immediately increase protection on my computer, or is it just to better their product (which would later lead to better protection)? are they just gathering metrics to focus development? or does this in some way increase detection? or is it akin to signatures in the cloud, so you receive up to date sigs faster? i'll stop pondering outloud :p anyone know what it actually does? (their video on it at their site says nothing).
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
old thread but correct topic :) does anyone know if ksn is enabled, will that immediately increase protection on my computer, or is it just to better their product (which would later lead to better protection)? are they just gathering metrics to focus development? or does this in some way increase detection? or is it akin to signatures in the cloud, so you receive up to date sigs faster? i'll stop pondering outloud :p anyone know what it actually does? (their video on it at their site says nothing).

Kaspersky KSN is a must, it serves to protect you and others more efficiently. If you think that the problem could be the collection of data just download the European version, which thanks to the GDPR, allows to disable the data collection (telemetry).
P.S. KSN does not collect sensitive data.
PPS: When you see UDS : dangerousObject (UDS means urgent detection system) it means that the malicious file has been blocked thanks to KSN.

You can learn more here: https://www.kaspersky.com/about/data-protection or Protection From A Cloud — What Is Kaspersky Security Network (old guide)
 

ChoiceVoice

Level 6
Verified
Oct 10, 2014
280
Kaspersky KSN is a must, it serves to protect you and others more efficiently. If you think that the problem could be the collection of data just download the European version, which thanks to the GDPR, allows to disable the data collection (telemetry).
P.S. KSN does not collect sensitive data.
PPS: When you see UDS : dangerousObject (UDS means urgent detection system) it means that the malicious file has been blocked thanks to KSN.

You can learn more here: https://www.kaspersky.com/about/data-protection or Protection From A Cloud — What Is Kaspersky Security Network (old guide)
data collection doesn't concern me. i just wanted to know if ksn increases my detection in real time when it it turned on. sounds like it's like immunet's community protection or panda's cloudbased sigs,, so you don't have to wait for updates. i wonder if it goes deeper in analysis, like webroot does in the cloud? they don't seem to say much though.
 

jogs

Level 22
Verified
Top Poster
Well-known
Nov 19, 2012
1,112
One of the best thing about KSN is that its totally optional, if don't want it you can disable it.
 
  • Like
Reactions: Nestor

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top