The New Version of Kaspersky Security Cloud Strengthens Privacy Control for Apps and Websites

Kaspersky has updated Kaspersky Security Cloud – its account-based … Thus, consumers who already use some of Kaspersky’s software do not have …

Kaspersky has updated Kaspersky Security Cloud – its account-based service with access to the company’s best consumer technologies and tools – with new ways to protect user privacy across multiple devices. Kaspersky Security Cloud now reduces the risk of users’ privacy being violated by warning them about the risks of dangerous and special permissions requested by apps on Android devices. In addition, it notifies users about phishing attempts hidden behind shortened links to websites. Kaspersky’s traditional consumer product line, with Essential-to-Premium solutions, has been further enhanced to offer a better user experience through performance improvements and optimizing the number of notifications.

According to Kaspersky’s report – The true value of digital privacy: are consumers selling themselves short? – it is increasingly common for consumers to protect their digital privacy by checking the settings on their devices and the apps that they use. In fact, more than a third (35%) of consumers regularly follow this practice.

However, as apps today often make suspicious permission requests that could endanger user privacy, confusion reigns. In order to simplify consumers’ control over privacy and save time in managing settings, Kaspersky Security Cloud’s new feature for Android devices enables users to view and manage app permissions in one place, at a glance. This helps identify potentially dangerous or questionable requests made by an app, and explains the risks associated with different types of common permissions.

In addition to suspicious app permissions, there’s another privacy risk that consumers need to be aware of and this has been accounted for in the new version of Kaspersky Security Cloud. In recent years, short URLs have seen widespread adoption due to the limited amount of characters they take up in instant messages or tweets. In fact, many legitimate services now use short URLs to link to desired webpages for sales and marketing purposes. However, while there are benefits, they can be dangerous as users don’t neccessarily know where they lead. This can have serious privacy consequences and has resulted in the increased popularity of short URLs among cybercriminals in recent years. To combat this, users of Kaspersky Security Cloud can take advantage of an improved Anti-Phishing feature to better protect personal information. The service analyzes short URLs and warns if a phishing link is hidden behind them. As part of this process, Kaspersky Security Cloud sends an anti-phishing alert to the user and ensures that the links and websites they access are safe.

“For modern users, it is not enough to just secure their device. Cybercriminals are becoming more interested in obtaining personal information about a specific person – whether it is a piece of financial information or their search history. If this sort of information is exposed, it can bring potential harm to its owner making the issue of digital privacy extremely important. In order to provide more control over personal information regardless of which type of device they use, we have updated Kaspersky Security Cloud. We are helping consumers keep their personal data safe and sound across multiple devices,” comments Marina Titova, Head of Consumer Product Marketing at Kaspersky.

There are three editions of Kaspersky Security Cloud: Free (extended version of Kaspersky Free that now, apart from Windows, supports mobile devices and delivers personalized protection), Personal and Family. Each edition offers a different number of applications, tools and technologies. All Kaspersky Security Cloud subscribers can install its applications and technologies on a PC, Mac and mobile devices. What is more, all customers will receive the new features and updates for free within the subscription period.

To learn more about the new version of Kaspersky Security Cloud, visit https://me.kaspersky.com/security-cloud.

Kaspersky Anti-Virus, Kaspersky Internet Security and Kaspersky Total Security: performance improvements and better user experience

As well as updating Kaspersky Security Cloud, Kaspersky has also refined the interface and key capabilities within Kaspersky Anti-Virus, Kaspersky Internet Security and Kaspersky Total Security. This has improved performance, how consumers receive notifications, and the overall user experience.

Kaspersky has worked on improving its traditional security solutions’ performance for Windows. For example, in order to speed up lengthy file system scans for malware, the restriction on the PC’s resources consumed has been lifted. Furthermore, the latest version can be installed in just half the time and is 15% ‘lighter’ – so there’s less load on the user’s PC.

In addition, security solutions now only alert users about significant events and ensure a frictionless experience. For instance, when a user visits a banking website, they receive a notification from the Safe Money feature, informing them that their session is protected.

Kaspersky has also simplified how credentials and account information is exchanged between the company’s products. Thus, consumers who already use some of Kaspersky’s software do not have to re-enter their credentials whenever they install a new product. Rather, they can manage them all under one My Kaspersky account.

To learn more about the new generation of Kaspersky’s consumer traditional product line, visit https://me.kaspersky.com/home-security#all

Related Posts:

  • No Related Posts

Kaspersky antivirus exposed users to online tracking

Earlier this week, German magazine c’t published a report in which it detailed an experiment involving Kaspersky software installed on a test laptop.

For years, websites all over the internet were able to track visitors who are using Kaspersky’s antivirus solution, but both the security firm and the media are describing this as a minor flaw and nothing more than an incident.

Earlier this week, German magazine c’t published a report in which it detailed an experiment involving Kaspersky software installed on a test laptop. As it turns out, the software injects JavaScript code onto every rendered website, regardless of the browser used.

The script has an ID number that seems to be unique for every PC.

“That’s a remarkably bad idea,” the report states. “Other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID. In other words, any website can read the user’s Kaspersky ID and use it for tracking.”

The journalist who wrote the piece, Ronald Eikenberg, notified Kaspersky, who fixed the flaw this June. It confirmed that the flaw was found in all versions of Kaspersky antivirus software that was released after late 2015.

“Several million users must have been exposed” overall, Eikenberg reasoned.

Despite fixing the flaw relatively fast, Kaspersky downplayed the importance of this tracking ID.

“After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process. We’d like to thank Ronald Eikenberg for reporting this to us,” Kaspersky said.

Check out our choice of the best antivirus software in 2019

Related Posts:

  • No Related Posts

Cyber Security Today – Cash for gas, a voicemail scam, patch your printers and more

Users of Kaspersky Antivirus products should note the software does something that can help hackers track you. When you go to a web page …

Paying for gasoline in cash isn’t as fast as using a credit or debit card, but in the U.S. it may be the right thing to do. That’s because criminals are still able to compromise the card readers on gas pumps and skim the data off of the back of cards. According to a column this week by security reporter Brian Krebs, the latest pump skimmers use Bluetooth to wirelessly relay stolen card data and PIN numbers to the thieves in a nearby car. So the U.S. secret service has been working with university researchers to develop a Bluetooth scanner that will identify compromised gas pumps. In a test of the solution, 64 skimmers were found at 1,185 gas stations across six states. One problem is that in the U.S. gas companies are slow to adopt readers that accept credit and debit cards with a special chip that can’t be copied. So instead they read the data on the back of the card from the black stripe, which can be copied. One way to avoid being a victim is to use pumps with the latest security technology. The card readers on these pumps are horizontal, and the keypads are metal and not plastic.

There’s no shortage of tricks criminals use to get you to open a malicious email. Here’s the latest from a security firm called Avanan: Users of Microsoft Office 365 get emailed a notification they have a new voicemail message. To hear it, click on an attachment which has a file name with an HTML or .htm extension. If you do, you’re infected. Yout get sent to a new page asking for your username and password login, which the criminal captures. To avoid being victimized, be suspicious of any email with an HTML or .htm attachment.

Users of Kaspersky Antivirus products should note the software does something that can help hackers track you. When you go to a web page Kaspersky adds a unique identifying number to the page to see if it’s on a list of suspicious and phishing web addresses. However, a security researcher says that could allow you to be tracked. Notified of the problem, last month Kaspersky updated it software so the number it adds is the same for everyone and not unique to each subscriber. However, that could still identify you as a Kaspersky user, which might be useful to a hacker. There’s a way to turn this feature off. Go to settings→ additional→ network→ and then un-check traffic processing box.However, that may interfere with some Kaspersky safeguard capabilities.

Attention IT administrators: If your organization has Internet-connected printers, make sure they have the latest security patches. Researchers at the security firm NCC Group tested a wide range of printers and found a number had vulnerabilities including machines from Xerox, Lexmark. Brother and Kyocera and Ricoh. These have been fixed, so update the software now. And those of you with home printers are reminded to periodically look for updated printer software as well.

In Wednesday’s podcast I reminded you to make sure to install the latest security updates for Windows. This is another reminder, because the patches fix some serious vulnerabilities.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.


Related Download

Sponsor: CanadianCIO

Cybersecurity Conversations with your Board – A Survival Guide

A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA

Download Now
Privacy & Security
Hashtag Trending – Apple responds to iPhone fiasco; urgent Windows 10 security patch; Send Google reminders to other people
About Howard Solomon

Currently a freelance writer, I’m the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I’ve written for several of ITWC’s sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomedia [@] gmail.com

FollowFollow @HowardITWC on TwitterJoin Howard Solomon on LinkedInHoward Solomon on Gooogle+

Related Content

Sponsored By:

Myth busting: Seven reasons not to submit a Digital Transformation Award nomination

Sponsored By:AMC

Convergence of the titans: Today’s top technologies meet in Toronto

Cyber Security Today – Cash for gas, a voicemail scam, patch your printers and more

Hashtag Trending – Apple responds to iPhone fiasco; urgent Windows 10 security patch; Send Google reminders to other people

Samsung Space monitor review: a gorgeous and space-conscious display

FedDev Ontario invests into Everest Clinical Research through Women Entrepreneurship Strategy

Tweets by itworldca

Follow

Subscribe
ResourcesCanadianCIODigital SecurityCMO DigitalCDN MagazineIT Salary CalculatorLightningPRWebinars and EventsTech ResearchPartner Content
IT World Canada CommunityAbout UsContact UsTechnology VideosIT NewsIT BlogsMobility NewsCloud ComputingTechnology TopicsITWC Talks
ITWC WebsitesITWC.caChannel Daily News.comIT World Canada.comIT Business.caDirection Informatique.com
© 2019 IT World Canada

Related Posts:

  • No Related Posts

Busted: Kaspersky AV Tracked Your Every Click

Kaspersky Lab’s endpoint security products track your web activity. … The AV software inserts a JavaScript bug in every webpage you load. Incredibly …

Kaspersky Lab’s endpoint security products track your web activity. All of it—the Russian company even monitors visits to https-secured websites.

The AV software inserts a JavaScript bug in every webpage you load. Incredibly, Kaspersky included a unique identifier that allows any other website to track you, too. The company has patched that latter behavior, but the Russian tracking remains in place.

Yevgeny Valentinovich “Eugene” Kaspersky (pictured) is probably right to look red-faced. In today’s SB Blogwatch, we click Uninstall.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: humorless 74’ driver.


KAV is Spyware

What’s the craic? Ronald Eikenberg puns it up—“Kasper-Spy: Kaspersky Anti-Virus puts users at risk”:

A data leak allowed third parties to spy on users while they were surfing the web. For years.



An external JavaScript script named main.js was being loaded from a Kaspersky domain. … When I checked the HTML source of other websites … I found the strange code on each and every page. Without exception, even on the website of my bank, a script from Kaspersky was introduced.



The simple conclusion was that Kaspersky’s virus protection was manipulating my traffic. Without my permission, it was injecting that code. [And] the address from which the Kaspersky script was loaded contained a … permanently assigned ID … (UUID).



That’s a remarkably bad idea. Other scripts … can read the Kaspersky ID [so] any website can read the user’s Kaspersky ID and use it for tracking. … Kaspersky has created a dangerous tracking mechanism that makes tracking cookies look old [and] can even overcome the browser’s incognito mode.



At this point, it was clear that this was a serious security issue.

Um, no ****, Sherlock. A well-read Shaun Nichols asks, “Quis custodiet ipsos custodes?”:

Kaspersky’s fix addresses a privacy hole … on the heels of the monthly security patch dumps from Microsoft, Adobe, Apple, and SAP, giving admins one more update to test and install. … Kaspersky, for its part, downplayed the risk posed by the behavior but did acknowledge it had been in contact with Eikenberg and had agreed to stop including unique identifiers as part of its web antivirus tool.



A spokesperson said … “After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals.”

Wait, what?revenant gives that PR guff a big thumbs-down:

Embedding unique IDs in pages was dumb, but these words from Kaspersky … seem particularly naive. The continuing need for products like theirs is a testament to the dedication of miscreants to the task of exploiting even the tiniest of vulnerabilities.



1/10, Must do better.

Ouch. But what was Kaspersky trying to achieve, and how can I switch it off? christose answers both:

It’s for their URL Advisor feature. It annotates pages like Google search results with a color indicator next to each link, to show if the link is “safe” or not.



You can disable it from Options => Additional => Networking.

Wait. Pause. That doesn’t explain the UUID, as scdeimos points out:

Stop and think about that.



Now explain why Kaspersky needs a UUID for the URL Advisor to function. Dangerous URLs are equally dangerous to all users – you don’t need to call them out for some users and not others.

Butbelthize wonders if we’re over-reacting a little bit:

Karpersky is guilty … of what exactly?



Sloppy thinking but not maliciousness. … They weren’t tracking you. But because they injected your id into the page a remote site could … if the site knew about the vulnerability.



Sub-optimal? Sure. Horrifyingly terrible breach of trust? Not even a little bit.

Another worry is raised by Garach Jedao Shkan—@ClipperChip:

Kaspersky Anti-Virus lets … servers in Russia … read all your typed URLs and URL parameters. For years.



That includes SSL because conveniently such Snake-Oil software bypasses it. … Your SSL is compromised with such software.

And S. Hossein Darvari—@xhdix—agrees:

Kaspersky sends requests to his server every two seconds. These queries included the full URL of each browser tab.



By doing so, they logged all user activity. (What part of each site was used for how long.)



I no longer use [the] software. Because privacy is as important as security.

So what does this do to Kaspersky’s already-tarnished reputation? Nathaniel Mott muses on “UUID Injection”:

[I] said earlier this week that improvements to Windows Defender made it hard to recommend third-party antivirus solutions for Windows 10. Knowing that Kaspersky gave website operators an easy way to track its users without their knowledge or consent makes that recommendation even harder.



People bought a tool so they could defend their systems, but instead, they got one that intentionally broadcast a unique identifier to the world.

And Finally:

Po-faced 747 pilot “exposes” Hollywood lies


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Евгений Валентинович Касперский (cc:by-sa)

Related Posts:

  • No Related Posts

Kaspersky Antivirus left millions of customers open to online tracking

Millions of users of Kaspersky Antivirus may have had their online activity tracked without their permission due to a software security flaw.

Customers using Kaspersky Antivirus to protect their devices may have had their online activity tracked without their permission, experts have warned.

Millions of Kaspersky users may have had their browsing monitored for several years, a new report has said, with individual machines identified and every page visited recorded.

Related Posts:

  • No Related Posts