Kaspersky AV injected unique ID that allowed sites to track users, even in incognito mode

[Space Lynx]

Kaspersky AV injected unique ID that allowed sites to track users, even in incognito mode

Feature Kaspersky added in 2015 also made it possible to be ID'd across different browsers.

arstechnica.com

A less-experienced user surfing porn sites on a Windows machine, on the other hand, would arguably be better off using AV, since as Kaspersky's statement notes, the identifier isn't something profit-seeking hackers are likely to target. One thing is for certain, whatever decision you make, there will be someone on Twitter to tell you you're wrong, and your choice is reckless.

lol, this made me laugh. don't worry we won't use our spy powers on you if you just a loser.

 

[Zareek]

Kaspersky continues to get caught doing unsavory things, can that really be a coincidence? It's too bad, they made a decent product.

 

[Bill_Bright]

Kaspersky continues to get caught doing unsavory things, can that really be a coincidence? It's too bad, they made a decent product.

They sure do have a history of malicious activity - and sadly, with the founder trained by the KGB and being buddies with Putin oligarchs, I personally believe their products should be avoided altogether.

Like you said, they do indeed make a decent product in terms of protecting systems from malware (well, other malware ) - that's the bait. I have no doubts the majority of the employees are very sincere, honest people. Even if the execs can claim "plausible deniability", there is just too great a risk Putin has operatives planted in the workforce, just to inject malicious code like this without the honest employees knowledge.

 

[Space Lynx]

They sure do have a history of malicious activity - and sadly, with the founder trained by the KGB and being buddies with Putin oligarchs, I personally believe their products should be avoided altogether.

Like you said, they do indeed make a decent product in terms of protecting systems from malware (well, other malware ) - that's the bait. I have no doubts the majority of the employees are very sincere, honest people. Even if the execs can claim "plausible deniability", there is just too great a risk Putin has operatives planted in the workforce, just to inject malicious code like this without the honest employees knowledge.

but recent tests show Windows Defender and Bitdefender being better than kaspersky in several tests, so really there is no reason to use kaspersky at all... dead product as far as I am concerned.

only other company that can company with Bitdefender is ESET, but there UI is a bit annoying at time. I just use Windows Defender personally

 

[eidairaman1]

They sure do have a history of malicious activity - and sadly, with the founder trained by the KGB and being buddies with Putin oligarchs, I personally believe their products should be avoided altogether.

Like you said, they do indeed make a decent product in terms of protecting systems from malware (well, other malware ) - that's the bait. I have no doubts the majority of the employees are very sincere, honest people. Even if the execs can claim "plausible deniability", there is just too great a risk Putin has operatives planted in the workforce, just to inject malicious code like this without the honest employees knowledge.

I never liked their AV to begin with.

 

[Vayra86]

Kaspersky continues to get caught doing unsavory things, can that really be a coincidence? It's too bad, they made a decent product.

Google makes great software too, and guess what they do with your consent. Or Facebook. Or Apple. I hear Amazon has a great home speaker too...

I think its about time the penny drops here for the masses...

So I guess this is yet another reason to insta delete your free or paid AV and just use Win Defender. Can recommend. No hassle, and still no proof of any funny business. MS track record is pretty amazing when it comes to privacy issues, if you care to take an unbiased look at it (general comment not aimed at you)

 

[Bill_Bright]

I never liked their AV to begin with.

I didn't either - but that was strictly for personal preference reasons - not because I thought it an inferior or incapable product.

Google makes great software too, and guess what they do with your consent. Or Facebook. Or Apple. I hear Amazon has a great home speaker too...

"With your consent" is the key phrase there. But the problem with them is that consent is granted in the very fine print most users will never see or look at - and the bigger problem with that, IMO, is what's enabled by default. That said, not sure Facebook should be in your list - as they've gotten in trouble lately for what they do with your information without your consent. But that's for a different discussion.

 

[John Naylor]

Oh jeez, the Bloomberg spin doctors are at it again. There is no hint of a suggestion at all in the article that Kaspersky had any nefarious intent

"The JavaScript, presented below this paragraph, was designed to, among other things, present a green icon that corresponded to safe links returned in search results. "

"Kaspersky stopped sending the identifier in June, after Eikenberg privately reported the behavior to the AV company. "

So in short, a) the company had a feature that, unbeknownst to them, could be manipulated for nefarious means and b) as soon as they became aware, they removed it. MS has been caught the same way 100s of time. To suggest that this is a Russian plot, is akin to Hillary's white slavery sex ring being run in pizzeria basements throughout America.

The article goes on to say ...

"Before readers get worked up into too much of a lather, let's review a few things. Even without a unique tracking number, there are plenty of ways for websites to uniquely identify their visitors. IP addresses and cookies are the most obvious ways, but often the specific combination of installed fonts, extensions, and configuration settings are all that's needed to fingerprint a specific user", ,,,The upshot of all this: adding a unique identifier to a security feature seems unnecessary and less than ideal for privacy, ***but it's not something to make a federal case out of. Last, it wouldn't be surprising if other AV products do, or have done in the past, similar things.***"

So Kaspersky, which provides tracking protection that blocks most tracking attempts had a feature that could be manipulated mby a single pathway. Windows Defender provides no tracking protection whatsoever. With Bloomberg as the source of the allegations, it belongs in the same can with the pizza basement stuff. As usual they got it wrong.

There was an incident where a senstive file was uploaded to kaspersky servers. The software has an **option** that, if enabled, you can autosend infected files to kaspersky for analysis. If you have sensitive information on your drives, enabling such an option should be a huge no no. So the user had a zip file, which contained sensitive info and who knows what else ... the software detected an infection and ***because this option was enabled*** and as a result of that user's choice a file was uploaded to kaspersky servers. These servers are now located in Switzerland

 

[Space Lynx]

Oh jeez, the Bloomberg spin doctors are at it again. There is no hint of a suggestion at all in the article that Kaspersky had any nefarious intent

"The JavaScript, presented below this paragraph, was designed to, among other things, present a green icon that corresponded to safe links returned in search results. "

"Kaspersky stopped sending the identifier in June, after Eikenberg privately reported the behavior to the AV company. "

So in short, a) the company had a feature that, unbeknownst to them, could be manipulated for nefarious means and b) as soon as they became aware, they removed it. MS has been caught the same way 100s of time. To suggest that this is a Russian plot, is akin to Hillary's white slavery sex ring being run in pizzeria basements throughout America.

The article goes on to say ...

"Before readers get worked up into too much of a lather, let's review a few things. Even without a unique tracking number, there are plenty of ways for websites to uniquely identify their visitors. IP addresses and cookies are the most obvious ways, but often the specific combination of installed fonts, extensions, and configuration settings are all that's needed to fingerprint a specific user", ,,,The upshot of all this: adding a unique identifier to a security feature seems unnecessary and less than ideal for privacy, ***but it's not something to make a federal case out of. Last, it wouldn't be surprising if other AV products do, or have done in the past, similar things.***"

So Kaspersky, which provides tracking protection that blocks most tracking attempts had a feature that could be manipulated mby a single pathway. Windows Defender provides no tracking protection whatsoever. With Bloomberg as the source of the allegations, it belongs in the same can with the pizza basement stuff. As usual they got it wrong.

There was an incident where a senstive file was uploaded to kaspersky servers. The software has an **option** that, if enabled, you can autosend infected files to kaspersky for analysis. If you have sensitive information on your drives, enabling such an option should be a huge no no. So the user had a zip file, which contained sensitive info and who knows what else ... the software detected an infection and ***because this option was enabled*** and as a result of that user's choice a file was uploaded to kaspersky servers. These servers are now located in Switzerland

who cares? why use something that is inferior than free windows defender in detecting the latest malware/virus's according to most recent independent tests? even the slight risk that this article imposes makes it a pretty clear choice.

 

[Bill_Bright]

There is no hint of a suggestion at all in the article that Kaspersky had any nefarious intent

who cares?

Yeah! Who cares? No doubt if that flaw had been found in a Microsoft product, you would have been all over MS for their incompetence. In fact, you even go to extremes to defend Kaspersky by blatantly demonstrating your biases against Microsoft and Windows Defender by criticizing Windows Defender when they have absolutely nothing to do with this topic.

Hillary? Gee whiz. It's funny, but actually really sad when you and some of our leaders attempt to justify their actions by pointing fingers at others and claiming, "well she did it too!" Even if true, since when do two wrongs make a right? It reminds me of my 5 year old grandson trying to avoid getting in to trouble by pointing fingers at his 6 year old cousin. That's just puerile thinking.

Nobody suggested this was a Russian plot either. But there is enough proven history of past Russian government involvement (multiple times - not some isolated incident - resulting in multiple governments banning their products) in this company and their product to indicate it is not unlikely.

Edit comment: Fixed typo.

 

[TheoneandonlyMrK]

Oh jeez, the Bloomberg spin doctors are at it again. There is no hint of a suggestion at all in the article that Kaspersky had any nefarious intent

"The JavaScript, presented below this paragraph, was designed to, among other things, present a green icon that corresponded to safe links returned in search results. "

"Kaspersky stopped sending the identifier in June, after Eikenberg privately reported the behavior to the AV company. "

So in short, a) the company had a feature that, unbeknownst to them, could be manipulated for nefarious means and b) as soon as they became aware, they removed it. MS has been caught the same way 100s of time. To suggest that this is a Russian plot, is akin to Hillary's white slavery sex ring being run in pizzeria basements throughout America.

The article goes on to say ...

"Before readers get worked up into too much of a lather, let's review a few things. Even without a unique tracking number, there are plenty of ways for websites to uniquely identify their visitors. IP addresses and cookies are the most obvious ways, but often the specific combination of installed fonts, extensions, and configuration settings are all that's needed to fingerprint a specific user", ,,,The upshot of all this: adding a unique identifier to a security feature seems unnecessary and less than ideal for privacy, ***but it's not something to make a federal case out of. Last, it wouldn't be surprising if other AV products do, or have done in the past, similar things.***"

So Kaspersky, which provides tracking protection that blocks most tracking attempts had a feature that could be manipulated mby a single pathway. Windows Defender provides no tracking protection whatsoever. With Bloomberg as the source of the allegations, it belongs in the same can with the pizza basement stuff. As usual they got it wrong.

There was an incident where a senstive file was uploaded to kaspersky servers. The software has an **option** that, if enabled, you can autosend infected files to kaspersky for analysis. If you have sensitive information on your drives, enabling such an option should be a huge no no. So the user had a zip file, which contained sensitive info and who knows what else ... the software detected an infection and ***because this option was enabled*** and as a result of that user's choice a file was uploaded to kaspersky servers. These servers are now located in Switzerland

Yes but it's not their first dance with incompetence either, glad I never used it personally.

 

[Space Lynx]

Yeah! Who cares? No doubt if that flaw had been found in a Microsoft product, you would have been all over MS for their incompetence. In fact, you even go to extremes to defend Kaspersky by blatantly demonstrating your biases against Microsoft and Windows Defender by criticizing Windows Defender when they have absolutely nothing to do with this topic.

Hillary? Gee whiz. It's funny, but actually really sad when you and some of our leaders attempt to justify their actions by claiming, "well she did it too!" Even if true, since when do two wrongs make a right? It reminds me of my 5 year old grandson trying to avoid getting out of trouble by pointing fingers at his 6 year old cousin. That's just puerile thinking.

Nobody suggested this was a Russian plot either. But there is enough proven history of past Russian government involvement (multiple times - not some isolated incident - resulting in multiple governments banning their products) in this company and their product to indicate it is not unlikely.

I defended kaspersky? that's news to me...

 

[Bill_Bright]

I defended kaspersky? that's news to me...

Not you. Sorry. I was agreeing with you.