Kaspersky Safe Browsing: Fake “Virtualization” & Exposed Data

[noone]

 

I just uncovered something that completely undermines the entire purpose of Kaspersky’s Safe Browsing feature.

Kaspersky claims Safe Browsing runs in a virtualized, isolated environment to keep user data secure. In reality? It dumps everything in plain sight at:

 

C:\ProgramData\Kaspersky Lab\SafeBrowser\Common\

And here’s the worst part:

• That folder is wide open. Any third-party program (file managers, cleaners, erasers, even malware with standard privileges) can access it.

• There’s no encryption, no sandbox, no ACL protection. It’s just sitting there.

• On SSDs, once this data is written, you can’t even guarantee complete destruction.

For someone like me, who always stores browsing profiles and user data inside VeraCrypt vaults with maximum security, this is beyond unacceptable. I used Safe Browsing for months, thinking it isolated data properly. Instead, all of it was on my C drive like nothing mattered.

So much for “virtualization.” What’s the point of a so-called isolated environment if the data ends up exposed on disk? It’s basically just a Chromium shell with poor storage policies dressed up as security.

SO If you think you’re safe using Kaspersky Safe Browsing — you’re not. It’s a false sense of security that actually makes you more vulnerable.

This is not a minor oversight. It’s a fundamental design flaw that destroys trust in the product. Until Kaspersky fixes this, assume your browsing data is not secure and take your own precautions.

Edited 23 hours ago by noone
add more details

[AlexeyK]

8 часов назад, noone сказал:

That folder is wide open. Any third-party program (file managers, cleaners, erasers, even malware with standard privileges) can access it.

Really?) There's double protection - for root SB folder and for each browsers folder. After all permissions are granted, other programs can get access. Otherwise, each program will request an increase in access rights.

Screenshots translation:

• Explorer: "You don't currently have permission to access this folder. Click Continue to permanently get access to this folder."
• Total Commander: "Access denied on file, run as Administrator."

Спойлер

[noone]

Look, saying “it’s safe because you need admin rights” is a joke. Admin rights don’t mean anything for security — any malware worth its salt escalates to admin in seconds, and on a shared PC another user can just click Continue and boom, all my data is wide open. That’s not protection, that’s a speed bump.

Kaspersky markets Safe Browsing as some kind of virtualized, isolated environment. If that was true, my data wouldn’t be sitting in plaintext on C:\ waiting for anyone with admin to poke through. Real security means encryption or sandboxing, not some NTFS permissions prompt.

And once that unencrypted data is written to an SSD, good luck wiping it — wear-leveling means traces will stick around forever. So this whole “double protection” thing? Total BS. It’s literally just a locked door in Windows that anyone can open.

Safe Browsing gives a false sense of security. That’s the real danger here.

[AlexeyK]

52 минуты назад, noone сказал:

Kaspersky markets Safe Browsing as some kind of virtualized, isolated environment.

Isolated - yes: protected browser mode runs in an isolated environment. Runs - not saves data. Understand the difference?

Virtualized - no, there's no talk about this. Virtualization is used only for some features, such as clipboard data protection. Safe Money works fine whithout it.

Study Kaspersky Online Help to avoid writing here your total BS.

52 минуты назад, noone сказал:

Safe Browsing gives a false sense of security. That’s the real danger here.

Ok, I see: again "an expert on how it should be".

Then it is better not to use this dangerous function. And even better to remove the dangerous antivirus, since even the FF plugin cannot be activated. 

If you want to teach what and how should work, contact support, they will listen to you carefully. And maybe will explain why this should not be done.

I say goodbye, don't want to read more all these teachings.

[noone]

17 minutes ago, AlexeyK said:

Isolated - yes: protected browser mode runs in an isolated environment. Runs - not saves data. Understand the difference?

Virtualized - no, there's no talk about this. Virtualization is used only for some features, such as clipboard data protection. Safe Money works fine whithout it.

Study Kaspersky Online Help to avoid writing here your total BS.

Ok, I see: again "an expert on how it should be".

Then it is better not to use this dangerous function. And even better to remove the dangerous antivirus, since even the FF plugin cannot be activated. 

If you want to teach what and how should work, contact support, they will listen to you carefully. And maybe will explain why this should not be done.

I say goodbye, don't want to read more all these teachings.

 

You've made my point for me.

If a "protected" browser runs in an isolated environment but saves its data completely exposed on the hard drive, then the isolation is pointless. That's the security flaw I've been highlighting from the beginning. A secure process that writes insecure data is a broken process.

You say to "understand the difference," but you seem to be the one missing the bigger picture. The entire purpose of running a process in isolation is to protect the data it handles, both during and after the session. If the data ends up unencrypted on the Cdrive, the feature has failed in its primary goal.

This isn't about being an "expert"; it's about basic security principles. True protection means encryption at rest and genuine sandboxing, not just a permissions prompt that gives a false sense of security.

I've said my piece and the design flaw speaks for itself. I'll take your advice and direct this to support, as this conversation is clearly no longer productive.

Edited 2 hours ago by noone
mistake