News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Kaspersky antivirus places a unique identifier on every website you visit

    Home Forums AskWoody blog Kaspersky antivirus places a unique identifier on every website you visit

    Viewing 7 reply threads
    • Author
      Posts
      • #1908933 Reply
        woody
        Da Boss

        I still swear by Microsoft Defender. Dan Goodin at Ars Technica has the story: For almost four years, AV products from Kaspersky Lab injected a unique
        [See the full post at: Kaspersky antivirus places a unique identifier on every website you visit]

        2 users thanked author for this post.
      • #1908967 Reply
        anonymous
        Guest

        Guesswork from a user and no I.T. expert, Kaspersky only runs a java script on certain sites. Using Firefox and Noscript, I’ve never run the Kaspersky script and have not noticed lack of function. Of course, Kaspersky uses its own certificates for everything. I’m assuming all my traffic is going through their servers in Massachusetts and/or Mother Russia. As such, I’m assuming bad stuff is blocked on their servers and never reaches me. Just guessing. However, I never get adds based on sites I’ve visited unless I’ve enabled a script for that site, e.g. Youtube, in which case I get recommendations based on previous views. Of course, I’m unsophisticated.

      • #1908998 Reply
        anonymous
        Guest

        I don’t enable kaspersky on one laptop in NoScript also and most of my computers than run Windows use defender or MSE .

        I use Linux and Windows 7 and if I totally get rid of kaspersky what can I use for Windows 7 after EOL next year? I still intend to run Windows 7 in the future but I realise most AVs are spyware.

        As a side note kaspersky takes minutes to update while Defender, MSE and Malwarebytes ver 2.2.0.1024 takes seconds.

      • #1909119 Reply
        anonymous
        Guest

        Good luck trying to switch Kaspersky off in your browser😒

        I use uMatrix and don’t give Kaspersky permission… except when in a hurry on a site I don’t plan to revisit and simply approve everything.

      • #1909315 Reply
        Alex5723
        AskWoody Plus

        This is old news and abot a year ago there was an uproar when Google Chrome recommended uninstalling Kaspersky due to its web injection.

        Attachments:
        1 user thanked author for this post.
      • #1910071 Reply
        John
        AskWoody Lounger

        Defender works for me, before that I used Security Essentials with Malwarebytes. Can’t remember last time I used a paid suite. I do know it was a awful experience.

        • #1910847 Reply
          anonymous
          Guest

          Defender does not protect from viruses in Windows 7. You are obviously using W 10

          1 user thanked author for this post.
      • #1910314 Reply
        anonymous
        Guest

        I am using a older ver of kaspersky its not affected by this. leak was introduced with Kaspersky’s “2016” editions, released in the Autumn of 2015.To be on the safe side, you can disable the relevant function in Kaspersky’s software: Click the cogwheel icon in the bottom left corner of the main window, then click Additional/Network. Finally, uncheck the “Inject script into web traffic to interact with web pages” option under “Traffic processing.more info on this can be found at this website.https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

        also I been using Kaspersky for years and saved my butt many times but I did not like the newer version’s of the software. Look’s like I  was lucky.

        1 user thanked author for this post.
      • #1911157 Reply
        Alex5723
        AskWoody Plus

        Kaspersky has changed the process of checking web pages for malicious activity by removing the usage of unique identifiers for the GET requests. This change was made after Ronald Eikenberg reported to us that using unique identifiers for the GET requests can potentially lead to the disclosure of a user’s personal information.
        After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process. We’d like to thank Ronald Eikenberg for reporting this to us.” I can’t vouch for the authenticity, I didn’t find a KL source for it.

        https://community.kaspersky.com/kaspersky-internet-security-13/kaspersky-has-fixed-a-security-issue-cve-2019-8286-in-its-products-that-could-potentially-compromise-user-privacy-by-using-unique-product-id-which-was-accessible-to-third-parties-merged-2871#post15261

        • #1911200 Reply
          Kirsty
          Da Boss

          It would have been helpful to have added that that was a Moderator’s comment on community.kaspersky.com, which you didn’t link to (you linked to a different reply).

           
          Further information on Security Week:

          Kaspersky Makes Changes After Products Raise Privacy Concerns
          By Eduard Kovacs | August 15, 2019

          …According to Eikenberg, Kaspersky still injects a script with an ID into every visited website, but the identifier is now the same for all users of a specific Kaspersky product and version.

          “A website can no longer recognize individual users. However, that means it is still possible to find out if a visitor has installed Kaspersky software on their system and how old that software is,” Eikenberg said.

          “That is actually valuable information to an attacker. They may use that information to distribute malware tailored to the protection software, or to redirect the browser to a suitable scamming page. Imagine something along the lines of ‘Your Kaspersky license has expired. Please enter your credit card number to renew your subscription’,” the researcher added.

           
          Read the full article here

          1 user thanked author for this post.
          • #1912850 Reply
            Alex5723
            AskWoody Plus

            It would have been helpful to have added that that was a Moderator’s comment on community.kaspersky.com, which you didn’t link to (you linked to a different reply).

            Formal Kaspersky blog :

            I heard a bug in Kaspersky products could be used for spying. Is that true?

            You may have heard that Kaspersky spies on its clients or helps other spy on them. Some such allegations we have already addressed, but recently a new case emerged, saying that Kaspersky exposed users to cross-site tracking. We address the flap in this short post.

            I heard a bug in Kaspersky products could be used for spying. Is that true?

    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Kaspersky antivirus places a unique identifier on every website you visit

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.