The New Version of Kaspersky Security Cloud Strengthens Privacy Control for Apps and Websites

Kaspersky has updated Kaspersky Security Cloud – its account-based … Thus, consumers who already use some of Kaspersky’s software do not have …

Kaspersky has updated Kaspersky Security Cloud – its account-based service with access to the company’s best consumer technologies and tools – with new ways to protect user privacy across multiple devices. Kaspersky Security Cloud now reduces the risk of users’ privacy being violated by warning them about the risks of dangerous and special permissions requested by apps on Android devices. In addition, it notifies users about phishing attempts hidden behind shortened links to websites. Kaspersky’s traditional consumer product line, with Essential-to-Premium solutions, has been further enhanced to offer a better user experience through performance improvements and optimizing the number of notifications.

According to Kaspersky’s report – The true value of digital privacy: are consumers selling themselves short? – it is increasingly common for consumers to protect their digital privacy by checking the settings on their devices and the apps that they use. In fact, more than a third (35%) of consumers regularly follow this practice.

However, as apps today often make suspicious permission requests that could endanger user privacy, confusion reigns. In order to simplify consumers’ control over privacy and save time in managing settings, Kaspersky Security Cloud’s new feature for Android devices enables users to view and manage app permissions in one place, at a glance. This helps identify potentially dangerous or questionable requests made by an app, and explains the risks associated with different types of common permissions.

In addition to suspicious app permissions, there’s another privacy risk that consumers need to be aware of and this has been accounted for in the new version of Kaspersky Security Cloud. In recent years, short URLs have seen widespread adoption due to the limited amount of characters they take up in instant messages or tweets. In fact, many legitimate services now use short URLs to link to desired webpages for sales and marketing purposes. However, while there are benefits, they can be dangerous as users don’t neccessarily know where they lead. This can have serious privacy consequences and has resulted in the increased popularity of short URLs among cybercriminals in recent years. To combat this, users of Kaspersky Security Cloud can take advantage of an improved Anti-Phishing feature to better protect personal information. The service analyzes short URLs and warns if a phishing link is hidden behind them. As part of this process, Kaspersky Security Cloud sends an anti-phishing alert to the user and ensures that the links and websites they access are safe.

“For modern users, it is not enough to just secure their device. Cybercriminals are becoming more interested in obtaining personal information about a specific person – whether it is a piece of financial information or their search history. If this sort of information is exposed, it can bring potential harm to its owner making the issue of digital privacy extremely important. In order to provide more control over personal information regardless of which type of device they use, we have updated Kaspersky Security Cloud. We are helping consumers keep their personal data safe and sound across multiple devices,” comments Marina Titova, Head of Consumer Product Marketing at Kaspersky.

There are three editions of Kaspersky Security Cloud: Free (extended version of Kaspersky Free that now, apart from Windows, supports mobile devices and delivers personalized protection), Personal and Family. Each edition offers a different number of applications, tools and technologies. All Kaspersky Security Cloud subscribers can install its applications and technologies on a PC, Mac and mobile devices. What is more, all customers will receive the new features and updates for free within the subscription period.

To learn more about the new version of Kaspersky Security Cloud, visit https://me.kaspersky.com/security-cloud.

Kaspersky Anti-Virus, Kaspersky Internet Security and Kaspersky Total Security: performance improvements and better user experience

As well as updating Kaspersky Security Cloud, Kaspersky has also refined the interface and key capabilities within Kaspersky Anti-Virus, Kaspersky Internet Security and Kaspersky Total Security. This has improved performance, how consumers receive notifications, and the overall user experience.

Kaspersky has worked on improving its traditional security solutions’ performance for Windows. For example, in order to speed up lengthy file system scans for malware, the restriction on the PC’s resources consumed has been lifted. Furthermore, the latest version can be installed in just half the time and is 15% ‘lighter’ – so there’s less load on the user’s PC.

In addition, security solutions now only alert users about significant events and ensure a frictionless experience. For instance, when a user visits a banking website, they receive a notification from the Safe Money feature, informing them that their session is protected.

Kaspersky has also simplified how credentials and account information is exchanged between the company’s products. Thus, consumers who already use some of Kaspersky’s software do not have to re-enter their credentials whenever they install a new product. Rather, they can manage them all under one My Kaspersky account.

To learn more about the new generation of Kaspersky’s consumer traditional product line, visit https://me.kaspersky.com/home-security#all

Related Posts:

  • No Related Posts

Android app with 100 million users spread malware

However, a recent influx of negative reviews pointed to problems with the app’s user experience which prompted Kaspersky to investigate the software …

Google has pulled the popular CamScanner app from its Play Store after it was discovered that it was spreading malware.

Kaspersky discovered that the app – which was installed more than 100 million times – contained an advertising library with a malicious dropper component.

The component was detected as “Trojan-Dropper.AndroidOS.Necro.n” and was designed to download and launch a payload from malicious servers.

CamScanner was a popular app among Android users which allowed them to scan documents with their smartphone camera and save the content to a PDF document.

The app had 1.8 million reviews, most of which were positive. However, a recent influx of negative reviews pointed to problems with the app’s user experience which prompted Kaspersky to investigate the software.

Now read: Apple patches flaw that allowed iPhone jailbreak

Related Posts:

  • No Related Posts

Kaspersky warns of the dangers of 5G tech and AI

EUGENE Kaspersky, the CEO of the Russian software security company named after him, has warned of the dangers of the 5G technology and said …

EUGENE Kaspersky, the CEO of the Russian software security company named after him, has warned of the dangers of the 5G technology and said more personal data will be collected from the enabled devices that people use everyday.

Kasperski said 5G, or the fifth generation of wireless technology,will push people towards the use of the artificial intelligence (AI) to maketheir lives easier.

“Artificial intelligence is a marketing bulls–t,” theRussian billionaire said. He said, for instance, people have relied somuch on online maps when driving, when previously these were not being used andmaps were just in the heads of the people themselves.

Kaspersky said AI has relied more on cloud computing andmuch less on people like software engineers to do the task.

“If we don’t take care of our immunity, one day it [AI]will kill us,” he said.

5G offers faster delivery of information allowingautonomous cars and smart communities, and several devices called IOT (Internetof things), which work on many everyday appliances, such as refrigerators andair-condition units, and even vacuum cleaners.

Kaspersky, however, said the company has not yet developedsecurity products for the IOT.

Kaspersky’s security products, however, were banned by theUS government in 2017.

Officials said thecompany has to do something to bring back the trust in its products. It thendecided to move out its customer data storage and infrastructure for itsEuropean customers from Russia to Zurich, Switzerland. It called the facilityTransparency Center.

In June, it opened another center in Madrid, Spain, toalso serve as its briefing center for key company stakeholders.

The billionaire was in Cyberjaya in Malaysia late lastweek for the opening of Kasperky’s third Transparency Center, which will reviewits source code that it sells to its customers in Asia Pacific, including thePhilippines.

Stakeholders can reviewall versions of Kaspersky’s builds and database updates, as well as informationon the company’s processes such as how it collects data and dumps these in itscloud-based network, the company said.

The latest facility will be operated in partnership withCyberSecurity Malaysia, a government agency that focuses on national security.

Image Credits: TATIANA BELOVA | DREAMSTIME.COM

Related Posts:

  • No Related Posts

Kaspersky antivirus exposed users to online tracking

Earlier this week, German magazine c’t published a report in which it detailed an experiment involving Kaspersky software installed on a test laptop.

For years, websites all over the internet were able to track visitors who are using Kaspersky’s antivirus solution, but both the security firm and the media are describing this as a minor flaw and nothing more than an incident.

Earlier this week, German magazine c’t published a report in which it detailed an experiment involving Kaspersky software installed on a test laptop. As it turns out, the software injects JavaScript code onto every rendered website, regardless of the browser used.

The script has an ID number that seems to be unique for every PC.

“That’s a remarkably bad idea,” the report states. “Other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID. In other words, any website can read the user’s Kaspersky ID and use it for tracking.”

The journalist who wrote the piece, Ronald Eikenberg, notified Kaspersky, who fixed the flaw this June. It confirmed that the flaw was found in all versions of Kaspersky antivirus software that was released after late 2015.

“Several million users must have been exposed” overall, Eikenberg reasoned.

Despite fixing the flaw relatively fast, Kaspersky downplayed the importance of this tracking ID.

“After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process. We’d like to thank Ronald Eikenberg for reporting this to us,” Kaspersky said.

Check out our choice of the best antivirus software in 2019

Related Posts:

  • No Related Posts

Busted: Kaspersky AV Tracked Your Every Click

Kaspersky Lab’s endpoint security products track your web activity. … The AV software inserts a JavaScript bug in every webpage you load. Incredibly …

Kaspersky Lab’s endpoint security products track your web activity. All of it—the Russian company even monitors visits to https-secured websites.

The AV software inserts a JavaScript bug in every webpage you load. Incredibly, Kaspersky included a unique identifier that allows any other website to track you, too. The company has patched that latter behavior, but the Russian tracking remains in place.

Yevgeny Valentinovich “Eugene” Kaspersky (pictured) is probably right to look red-faced. In today’s SB Blogwatch, we click Uninstall.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: humorless 74’ driver.


KAV is Spyware

What’s the craic? Ronald Eikenberg puns it up—“Kasper-Spy: Kaspersky Anti-Virus puts users at risk”:

A data leak allowed third parties to spy on users while they were surfing the web. For years.



An external JavaScript script named main.js was being loaded from a Kaspersky domain. … When I checked the HTML source of other websites … I found the strange code on each and every page. Without exception, even on the website of my bank, a script from Kaspersky was introduced.



The simple conclusion was that Kaspersky’s virus protection was manipulating my traffic. Without my permission, it was injecting that code. [And] the address from which the Kaspersky script was loaded contained a … permanently assigned ID … (UUID).



That’s a remarkably bad idea. Other scripts … can read the Kaspersky ID [so] any website can read the user’s Kaspersky ID and use it for tracking. … Kaspersky has created a dangerous tracking mechanism that makes tracking cookies look old [and] can even overcome the browser’s incognito mode.



At this point, it was clear that this was a serious security issue.

Um, no ****, Sherlock. A well-read Shaun Nichols asks, “Quis custodiet ipsos custodes?”:

Kaspersky’s fix addresses a privacy hole … on the heels of the monthly security patch dumps from Microsoft, Adobe, Apple, and SAP, giving admins one more update to test and install. … Kaspersky, for its part, downplayed the risk posed by the behavior but did acknowledge it had been in contact with Eikenberg and had agreed to stop including unique identifiers as part of its web antivirus tool.



A spokesperson said … “After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals.”

Wait, what?revenant gives that PR guff a big thumbs-down:

Embedding unique IDs in pages was dumb, but these words from Kaspersky … seem particularly naive. The continuing need for products like theirs is a testament to the dedication of miscreants to the task of exploiting even the tiniest of vulnerabilities.



1/10, Must do better.

Ouch. But what was Kaspersky trying to achieve, and how can I switch it off? christose answers both:

It’s for their URL Advisor feature. It annotates pages like Google search results with a color indicator next to each link, to show if the link is “safe” or not.



You can disable it from Options => Additional => Networking.

Wait. Pause. That doesn’t explain the UUID, as scdeimos points out:

Stop and think about that.



Now explain why Kaspersky needs a UUID for the URL Advisor to function. Dangerous URLs are equally dangerous to all users – you don’t need to call them out for some users and not others.

Butbelthize wonders if we’re over-reacting a little bit:

Karpersky is guilty … of what exactly?



Sloppy thinking but not maliciousness. … They weren’t tracking you. But because they injected your id into the page a remote site could … if the site knew about the vulnerability.



Sub-optimal? Sure. Horrifyingly terrible breach of trust? Not even a little bit.

Another worry is raised by Garach Jedao Shkan—@ClipperChip:

Kaspersky Anti-Virus lets … servers in Russia … read all your typed URLs and URL parameters. For years.



That includes SSL because conveniently such Snake-Oil software bypasses it. … Your SSL is compromised with such software.

And S. Hossein Darvari—@xhdix—agrees:

Kaspersky sends requests to his server every two seconds. These queries included the full URL of each browser tab.



By doing so, they logged all user activity. (What part of each site was used for how long.)



I no longer use [the] software. Because privacy is as important as security.

So what does this do to Kaspersky’s already-tarnished reputation? Nathaniel Mott muses on “UUID Injection”:

[I] said earlier this week that improvements to Windows Defender made it hard to recommend third-party antivirus solutions for Windows 10. Knowing that Kaspersky gave website operators an easy way to track its users without their knowledge or consent makes that recommendation even harder.



People bought a tool so they could defend their systems, but instead, they got one that intentionally broadcast a unique identifier to the world.

And Finally:

Po-faced 747 pilot “exposes” Hollywood lies


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Евгений Валентинович Касперский (cc:by-sa)

Related Posts:

  • No Related Posts