Why did KIS 2020 stop using SSL for updates?

[Esoteric_Moniker]

I thought Kaspersky was supposed to start using SSL for all updates starting with version 2020? It did initially work that way, but now it has gone back to plain HTTP.

 

If you take a look below, 195.122.177.145 does belong to Kaspersky and the connection is via SSL (port 443) but most of the data for this patch (version J) seems to have been downloaded from the other IPs connected via port 80.

KIS 2020 not updating via SSL

 

[Igor Kurzin]

Hi, you can configure the product to update only via https, by adding below urls as update source and disabling Kaspersky Lab update servers in Settings → Additional → Update → Select update sources:

 

• https://s00.upd.kaspersky.com
• https://s01.upd.kaspersky.com
• https://s02.upd.kaspersky.com
• https://s03.upd.kaspersky.com
• https://s04.upd.kaspersky.com
• https://s05.upd.kaspersky.com
• https://s06.upd.kaspersky.com
• https://s07.upd.kaspersky.com
• https://s08.upd.kaspersky.com
• https://s09.upd.kaspersky.com
• https://s10.upd.kaspersky.com
• https://s11.upd.kaspersky.com
• https://s12.upd.kaspersky.com
• https://s13.upd.kaspersky.com
• https://s14.upd.kaspersky.com
• https://s15.upd.kaspersky.com
• https://s16.upd.kaspersky.com
• https://s17.upd.kaspersky.com
• https://s18.upd.kaspersky.com
• https://s19.upd.kaspersky.com

[Esoteric_Moniker]

Thank you, I will give it a try.

 

Any idea why they initially implemented SSL-only updates and then silently removed the feature entirely without any mention of this in release notes?

[Wesly.Zhang]

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL or using self-signed certificate SSL in the world. This may require a transition period.

Regards.

[Esoteric_Moniker]

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.

[Wesly.Zhang]

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.

Hello,

Yes, You are right. I agree with you.