Cloud detection and KSN for home users

[Anya]

Hello, with the recent results from AV-comparatives showing a big difference between cloud and offline protection, i was wonderinh if Disabling KSN would cause any impact in detection rates. 

According to my reaearch and  understending, disabling KSN would make me not send any samples for kaspersky and be dependent of the regular signatures updates, that always happens after some hours. I would not have the beneffit of instant access to the last AV signatures. But that would only mean a few hours delay between my signatures and KSN signatures. Correct?

So, i have a few questions:

1)Disabling KSN would have any other impact?

2) I would loose access to cloud signatures?

3) Siabling KSN would mean my detection rates would be so bad as those offline detection rates showed by Av-comparatives

 

[Wesly.Zhang]

Hello,

As I think. The detection rate of offline detection is not much lower than that of online detection. So the answer of your qustion is:

Sure.

Yes.

Absolutly Yes.

Regards.

[Anya]

Hello,

As I think. The detection rate of offline detection is not much lower than that of online detection. So the answer of your qustion is:

Sure.

Yes.

Absolutly Yes.

Regards.

 

But according to https://usa.kaspersky.com/about/data-protection

Home users not sharing data with KSN will not lose cloud protection, but if many choose this option, the overall level of security will inevitably be affected in the long run. If a corporate user opts out of KSN, it means that they will not be able to receive cloud protection at all, unless they apply an additional layer of protection – Kaspersky Private Security Network - which provides them with the advantages of cloud protection without any data leaving the company’s facility.

So it seems that disabling KSN would still allow me to have cloud protection, isn’t?

If so, the detection results should not be so bad as AV comparatives showed. Correct?

[Wesly.Zhang]

Hello,

As I think. The detection rate of offline detection is not much lower than that of online detection. So the answer of your qustion is:

Sure.

Yes.

Absolutly Yes.

Regards.

 

But according to https://usa.kaspersky.com/about/data-protection

Home users not sharing data with KSN will not lose cloud protection, but if many choose this option, the overall level of security will inevitably be affected in the long run. If a corporate user opts out of KSN, it means that they will not be able to receive cloud protection at all, unless they apply an additional layer of protection – Kaspersky Private Security Network - which provides them with the advantages of cloud protection without any data leaving the company’s facility.

So it seems that disabling KSN would still allow me to have cloud protection, isn’t?

If so, the detection results should not be so bad as AV comparatives showed. Correct?

Hello, @Anya 

AV comparatives test is based on disabling network, not disable KSN. It is actually a  physical offline test enviroment. So my second and third answer ‘Yes’ is suitable for this situation.

Regards.

[Flood and Flood's wife]

Hello @Anya, 

• Regarding the chart/image in your initial topic, please provide the actual AV-Comparison link? 

Thank you🙏

Flood🐳

[Anya]

However, can you confirm my initial statements about KSN? The only difference would be the delay of hours till have access to the update with the last KSN (in this case kaspersky signatures) database.

 

 

@FLOOD 

source: https://www.av-comparatives.org/tests/malware-protection-test-march-2020/

[Wesly.Zhang]

However, can you confirm my initial statements about KSN? The only difference would be the delay of hours till have access to the update with the last KSN (in this case kaspersky signatures) database.

 

 

@FLOOD

source: https://www.av-comparatives.org/tests/malware-protection-test-march-2020/

Hello, @Anya 

I think some threat information exists in the KSN network, such as UDS and VHO. They are not extracted as feature strings and written into the engine's detection signature. They just match the hash value to be blocked. So in terms of detection rate, it is naturally low.

About the different between disabling and enabling it. Just for your person, It is OK. But it just like a P2P network to download source. You share more, You get more. For individuals, closing KSN is not a problem and has no major impact, but for groups, this may be problematic. KL may not be able to discover new threats and send them to the server for analysis and confirmation.

Regards.

 

[Anya]

Ty @Wesly.Zhang 

 

I got worried about KSN after reading some concerns on malwaretips considering KSN privacy. 

https://malwaretips.com/threads/kaspersky-and-cloud-privacy.100547/

 

Btw,

UDS = Urgent Detection System

and 

VHO= Very Harmful Object

?

[Wesly.Zhang]

Ty @Wesly.Zhang 

 

I got worried about KSN after reading some concerns on malwaretips considering KSN privacy. 

https://malwaretips.com/threads/kaspersky-and-cloud-privacy.100547/

 

Btw,

UDS = Urgent Detection System

and 

VHO= Very Harmful Object

?

Hello @Anya 

About UDS and VHO, Yes, It is.

Acutally, As I think, Only I think, Only I think, Only I think. (The very important things need say three times.) The privacy information is classify as two big direction.

One, Content data directly generated by you and could directly identify your personal direct data. Such as camera photo, Identity information with financial attributes and social relationship ( Bank account, social insurance account, online payment account, SNS account, etc)

Two, Indirectly reflect the data of a specific individual. Such as web browsing history, Online purchase history or Online transaction records, etc.

For me, I am very concerned about the first category, because this can directly mark some of my characteristics. You can follow these information to find me or let me lost somethings. I think these information data sholdn’t be sent to online store. The second type of information data, advertisers will be more interested. I don’t care about it. But now advertising has become a technical job. The ad network uses a variety of technologies to track the user's browser. When the user visits a web page where the ad network is located, the appropriate ads will be pushed to you after the big data analysis of the user's previous online transaction records. They instruct people who have bought this thing to buy the next thing or other things in this category. We call it the Association function. So They don’t know who are you, but they know your favor habbit better than you.

There is a model online, the Kosinski model, Let’s take a look at, Is this a little exciting or shock? :

Based on an average of 68 "likes" on Facebook, you can predict the user's skin color (95% accuracy), sexual orientation (88% accuracy), and political orientation (Democratic or Republican, 85% accuracy). Predictable content goes far beyond this, but also includes intelligence, religious beliefs, and the use of alcohol, cigarettes, and drugs. Based on the data, you can even infer whether someone's parents are divorced. After continuous research and improvement, the model has become more and more perfect, that is, based on only 10 likes, he can evaluate the subject more accurately than the subject ’s colleagues; 70 “likes” are enough for him to The friend of the examiner knows the subject better; 150 likes can make him know the subject better than the parents of the subject; 300 likes can make him know the subject better than the partner of the subject. Based on more likes, the understanding of the subjects even exceeds the subjects themselves.

All right, I said too much my idea about personal privacy. Let’s take about kaspersky. Do they sent

camera photo, Identity information with financial attributes to their servers? If there is such behavior, then this company can push GG to end the game. This is a criminal act and will be punished by law over the world. You may or may not believe some information in the KSN privacy policy. You can participate in KSN or not. But I think and believe that the necessary interactive transmission of threat information is very necessary. Such information does not involve specific individuals. Compared to the uploaded data stored on the server, I am more worried that the data is accidentally leaked.

I am writing so much, it is considered to be practicing English and have a nice weekend.

Best regards.

[Anya]

Ty @Wesly.Zhang 

 

I got worried about KSN after reading some concerns on malwaretips considering KSN privacy. 

https://malwaretips.com/threads/kaspersky-and-cloud-privacy.100547/

 

Btw,

UDS = Urgent Detection System

and 

VHO= Very Harmful Object

?

Hello @Anya 

About UDS and VHO, Yes, It is.

Acutally, As I think, Only I think, Only I think, Only I think. (The very important things need say three times.) The privacy information is classify as two big direction.

One, Content data directly generated by you and could directly identify your personal direct data. Such as camera photo, Identity information with financial attributes and social relationship ( Bank account, social insurance account, online payment account, SNS account, etc)

Two, Indirectly reflect the data of a specific individual. Such as web browsing history, Online purchase history or Online transaction records, etc.

For me, I am very concerned about the first category, because this can directly mark some of my characteristics. You can follow these information to find me or let me lost somethings. I think these information data sholdn’t be sent to online store. The second type of information data, advertisers will be more interested. I don’t care about it. But now advertising has become a technical job. The ad network uses a variety of technologies to track the user's browser. When the user visits a web page where the ad network is located, the appropriate ads will be pushed to you after the big data analysis of the user's previous online transaction records. They instruct people who have bought this thing to buy the next thing or other things in this category. We call it the Association function. So They don’t know who are you, but they know your favor habbit better than you.

There is a model online, the Kosinski model, Let’s take a look at, Is this a little exciting or shock? :

Based on an average of 68 "likes" on Facebook, you can predict the user's skin color (95% accuracy), sexual orientation (88% accuracy), and political orientation (Democratic or Republican, 85% accuracy). Predictable content goes far beyond this, but also includes intelligence, religious beliefs, and the use of alcohol, cigarettes, and drugs. Based on the data, you can even infer whether someone's parents are divorced. After continuous research and improvement, the model has become more and more perfect, that is, based on only 10 likes, he can evaluate the subject more accurately than the subject ’s colleagues; 70 “likes” are enough for him to The friend of the examiner knows the subject better; 150 likes can make him know the subject better than the parents of the subject; 300 likes can make him know the subject better than the partner of the subject. Based on more likes, the understanding of the subjects even exceeds the subjects themselves.

All right, I said too much my idea about personal privacy. Let’s take about kaspersky. Do they sent

camera photo, Identity information with financial attributes to their servers? If there is such behavior, then this company can push GG to end the game. This is a criminal act and will be punished by law over the world. You may or may not believe some information in the KSN privacy policy. You can participate in KSN or not. But I think and believe that the necessary interactive transmission of threat information is very necessary. Such information does not involve specific individuals. Compared to the uploaded data stored on the server, I am more worried that the data is accidentally leaked.

I am writing so much, it is considered to be practicing English and have a nice weekend.

Best regards.

Ty for @Wesly.Zhang for such a complete answer (and for practicing your english)! First of all, i agree that the first part of the information you detailed should never be sent/used by anyone, neither kaspersky.

 

But about the second part, I have some concerns with KSN because it can collect a very wide kind of information. Among that info, it has some that are very (very very very) difficult to understand how they could help to improve Kaspersky signatures (but easy to understand how they could damage user’s privacy). I’ll example some of the (removed from the KSN pp):

3. (...)unique ID of the computer, (...).
4. (...)wireless network name, checksums (MD5 and SHA256) MAC address of the access point, attribute of the computer being powered by a battery or power grid, attribute of DNS availability, (...) unique IDs consisting of the unique ID of the computer, unique ID of software installation on the computer, name of the wireless network, and MAC address of the access point; information about wireless networks available for connection: network name, MAC address of the access point, information about network security and signal quality level; attribute of a VPN connection being used, category of wireless network configured in software, (...) local time of the start and end of computer connection to the wireless network (...) list of available wireless network access points and their parameters

5.(...) URL addresses of the websites visited and time of visits,(...) search queries, (...)

 

And I’m just citing a few problems. Those I marked in red have no obvious reason but can represent a huge invasion of privacy. Why the hell Kaspersky needs to know the name of a wireless network for example? What about mac address? TIme visiting sites? 

 

All that without mentioning the kind information they can collect in case something is found. As far as I know, it could include even temporary ram information - that could have a copied password for example, or even other personal information.

 

THat’s why I need to understand KSN better. I would like to participate in a security network and help the community, but the kind of information Kaspersky requires is very difficult to accept. So at least I need to know what kind of impact it could cause if disabled, in terms of security. 

 

BTw, I’m practicing my English too haha

 

[Wesly.Zhang]

Hello @Anya 

Please allow me to explain your questions via my understanding / knowledge .

About collecting unique ID of the computer. KL has already use it in binding activation code or activation information before involved in KSN so many years ago. When you active your activation license. KL product has already sent this to its activation servers. This is mainly used to determine how many computers are activated by an activation code. So I think KL collects this information in KSN mainly because it needs to confirm the source of the collected lots of information. It need solved where is the data from, is fake or actually true. Each application will figure out the source of the data such as collecting IMEI&IMSI information in smartphone APP. Here is that my smartphone OS (MIUI form MI) security center tell me how many app apply for Getting smartphone formation pivilige. For me, 48 / 65 app need this privige, If you block applying for this privige, You may haven’t use related app. App reject you using it. So what’s your choices?

、

About collecting wireless network name. Do you know a product function → Wifi proection in Firewall function of KIS/KTS? If you have installed KKsec, this function could be taken over by KKsec.

Now, I quote two support articles: https://support.kaspersky.com/13697 , https://support.kaspersky.com/common/windows/12779#ssid

Do you have a question about how do they know what’s the popular SSID, which SSID related to public network or common network?

WI-FI protection collected and sent ssid nanme to KSN to query the name whether listed in popular ssid list, Using this to decide whether you need to remind users to pay attention to related issues. In KTS, As I think there is a solo function to manger family wifi, This also need to use wireless network card MAC address to identify access devices.

About collecting URL addresses of the websites visited and time of visits,(...) search queries, (...), this function “URL Adviser” in KIS/KTS need this information. As mentioned before, the relevant data needs to be sent to the KSN server to query the status of the relevant website.

I write so much. If you have new question, Please let me know.

Regards.