News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Kaspersky antivirus places a unique identifier on every website you visit

    Home Forums AskWoody blog Kaspersky antivirus places a unique identifier on every website you visit

    This topic contains 10 replies, has 5 voices, and was last updated by  Alex5723 1 month ago.

    • Author
      Posts
    • #1908933 Reply

      woody
      Da Boss

      I still swear by Microsoft Defender. Dan Goodin at Ars Technica has the story: For almost four years, AV products from Kaspersky Lab injected a unique
      [See the full post at: Kaspersky antivirus places a unique identifier on every website you visit]

      2 users thanked author for this post.
    • #1908967 Reply

      anonymous

      Guesswork from a user and no I.T. expert, Kaspersky only runs a java script on certain sites. Using Firefox and Noscript, I’ve never run the Kaspersky script and have not noticed lack of function. Of course, Kaspersky uses its own certificates for everything. I’m assuming all my traffic is going through their servers in Massachusetts and/or Mother Russia. As such, I’m assuming bad stuff is blocked on their servers and never reaches me. Just guessing. However, I never get adds based on sites I’ve visited unless I’ve enabled a script for that site, e.g. Youtube, in which case I get recommendations based on previous views. Of course, I’m unsophisticated.

    • #1908998 Reply

      anonymous

      I don’t enable kaspersky on one laptop in NoScript also and most of my computers than run Windows use defender or MSE .

      I use Linux and Windows 7 and if I totally get rid of kaspersky what can I use for Windows 7 after EOL next year? I still intend to run Windows 7 in the future but I realise most AVs are spyware.

      As a side note kaspersky takes minutes to update while Defender, MSE and Malwarebytes ver 2.2.0.1024 takes seconds.

    • #1909119 Reply

      anonymous

      Good luck trying to switch Kaspersky off in your browser😒

      I use uMatrix and don’t give Kaspersky permission… except when in a hurry on a site I don’t plan to revisit and simply approve everything.

    • #1909315 Reply

      Alex5723
      AskWoody Plus

      This is old news and abot a year ago there was an uproar when Google Chrome recommended uninstalling Kaspersky due to its web injection.

      Attachments:
      1 user thanked author for this post.
    • #1910071 Reply

      John
      AskWoody Lounger

      Defender works for me, before that I used Security Essentials with Malwarebytes. Can’t remember last time I used a paid suite. I do know it was a awful experience.

      • #1910847 Reply

        anonymous

        Defender does not protect from viruses in Windows 7. You are obviously using W 10

        1 user thanked author for this post.
    • #1910314 Reply

      anonymous

      I am using a older ver of kaspersky its not affected by this. leak was introduced with Kaspersky’s “2016” editions, released in the Autumn of 2015.To be on the safe side, you can disable the relevant function in Kaspersky’s software: Click the cogwheel icon in the bottom left corner of the main window, then click Additional/Network. Finally, uncheck the “Inject script into web traffic to interact with web pages” option under “Traffic processing.more info on this can be found at this website.https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

      also I been using Kaspersky for years and saved my butt many times but I did not like the newer version’s of the software. Look’s like I  was lucky.

      1 user thanked author for this post.
    • #1911157 Reply

      Alex5723
      AskWoody Plus

      Kaspersky has changed the process of checking web pages for malicious activity by removing the usage of unique identifiers for the GET requests. This change was made after Ronald Eikenberg reported to us that using unique identifiers for the GET requests can potentially lead to the disclosure of a user’s personal information.
      After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process. We’d like to thank Ronald Eikenberg for reporting this to us.” I can’t vouch for the authenticity, I didn’t find a KL source for it.

      https://community.kaspersky.com/kaspersky-internet-security-13/kaspersky-has-fixed-a-security-issue-cve-2019-8286-in-its-products-that-could-potentially-compromise-user-privacy-by-using-unique-product-id-which-was-accessible-to-third-parties-merged-2871#post15261

      • #1911200 Reply

        Kirsty
        Da Boss

        It would have been helpful to have added that that was a Moderator’s comment on community.kaspersky.com, which you didn’t link to (you linked to a different reply).

         
        Further information on Security Week:

        Kaspersky Makes Changes After Products Raise Privacy Concerns
        By Eduard Kovacs | August 15, 2019

        …According to Eikenberg, Kaspersky still injects a script with an ID into every visited website, but the identifier is now the same for all users of a specific Kaspersky product and version.

        “A website can no longer recognize individual users. However, that means it is still possible to find out if a visitor has installed Kaspersky software on their system and how old that software is,” Eikenberg said.

        “That is actually valuable information to an attacker. They may use that information to distribute malware tailored to the protection software, or to redirect the browser to a suitable scamming page. Imagine something along the lines of ‘Your Kaspersky license has expired. Please enter your credit card number to renew your subscription’,” the researcher added.

         
        Read the full article here

        1 user thanked author for this post.
        • #1912850 Reply

          Alex5723
          AskWoody Plus

          It would have been helpful to have added that that was a Moderator’s comment on community.kaspersky.com, which you didn’t link to (you linked to a different reply).

          Formal Kaspersky blog :

          I heard a bug in Kaspersky products could be used for spying. Is that true?

          You may have heard that Kaspersky spies on its clients or helps other spy on them. Some such allegations we have already addressed, but recently a new case emerged, saying that Kaspersky exposed users to cross-site tracking. We address the flap in this short post.

          I heard a bug in Kaspersky products could be used for spying. Is that true?

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Kaspersky antivirus places a unique identifier on every website you visit

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.