cancel
Showing results for 
Search instead for 
Did you mean: 

General Discussions

Kaspersky Products Leak Everything You Do Online

Kaspersky Labs does not enjoy the best reputation. The company has been linked to Russian intelligence, the Department of Homeland Security has banned its use in government computers, and Best Buy will not sell its products. In 2017, news broke that the Israelis had observed Russian intelligence operatives using Kaspersky software to spy on the United States. Now, an investigation of the company’s antivirus software has uncovered a major data leak that goes back to 2015.

According to German publication C’t, Kaspersky antivirus injects a Universally Unique Identifier (UUID) into the source code of every single website that you visit. This UUID value is unique to the computer and the installation of the software. The value injected into each and every website never changes, even if you use a different browser or access the internet using a browser’s Incognito Mode.

C’t found the injection because one of their antivirus software evaluators came across the same line of source code in multiple websites. Installing the application on different systems resulted in the creation of different UUID values. Assigned UUIDs didn’t change over time, indicating that they were static. And because these values are injected into the source code of every single website that you visit, it means that the sites you track can track you back. As C’t writes:

Other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID.

In other words, any website can read the user’s Kaspersky ID and use it for tracking. If the same Universally Unique Identifier comes back, or appears on another website of the same operator, they can see that the same computer is being used.

After building a proof-of-concept and testing that users with Kaspersky antivirus installed could indeed be tracked straight through incognito mode, C’t contacted Kaspersky. The flaw now has a formal name: CVE-2019-8286. Kaspersky has argued that it’s a fairly minimal problem that would require advanced techniques to exploit. Kaspersky has patched its software so that it now only injects information about which version of a Kaspersky product you use into each and every website you visit, not a unique identifier specific to your personal machine. C’t is not happy with this fix and believes it still constitutes a security risk.

C’t’s proof of concept. Image by C’t.

A bug that identifies a computer to a website that knows how to listen for that information is potentially quite valuable. Even if Kaspersky has no external database associating UUIDs with specific installations, broadcasting a UUID straight through incognito mode means that a webserver logs a visit from a specific computer. If that machine is associated with a specific individual, you’ve established a link.

Is it possible that Kaspersky simply made a terrible security decision when it implemented its antivirus software? Absolutely. The fact that a bug exists doesn’t automatically mean that someone nefarious was using it. But these types of coincidences are interesting, to say the least. Broadcasting a UUID as part of antivirus software operation is not the kind of attack avenue most of us would expect. It’s the type of fingerprinting method that an intelligence agency might be very interested in using to track who was accessing very specific websites, but not the kind of thing that a regular malware operation would have much interest in. Of course, one could also argue that this is why the bug snuck in to start with. Kaspersky’s flaw, in this reading, isn’t deliberate nefariousness; it’s an accident that reflects the company’s chief focus on stopping ordinary malware, not state actors.

I don’t know which perception is right. But I would at least suggest investigating an antivirus provider with fewer allegations of foreign intelligence cooperation if this sort of issue is a concern to you.

Kaspersky Products Leak Everything You Do Online, Straight Through Incognito Mode - ExtremeTech 

14 Replies

Windows Defender (Windows 10) Top Ranked By AV Test‌ (2018) and https://www.tomshardware.com/news/windows-defender-perfect-scores-av-test,40139.html (2019) show that you really don't need to use a third party AV program anymore. The only real problem with it is that it's as slow as molasses in wintertime when doing a scan, taking several hours to perform a full scan even on a modern system with 6 or more processor cores and solid state drives. Third party AV tools usually also include a firewall which is far more intuitive than Windows Firewall as well.

Still given the issues which have cropped up in the last few years about some third party AV tools, be they issues like with Kaspersky or compatibility issues between them and Windows, and the "We're going to remove programs we don't think you should be using" stance of Microsoft especially when it comes to new versions, not to mention the additional cost of a third party AV program and the scareware tactics some of them have a history of using (NORTON, for example), just don't use them.

there has to be more regulation so that this sort of abuse does not happen

corporations hate being regulated

0 Likes

I absolutely agree!

I run Windows Defender and then load the beta versions of Malware Bytes Anti-Ransomeware and Anti-Exploit. These are the modules you pay to run in the paid version but can run them free in the ongoing betas. Major geeks or bleeping computer host safe download versions of any of your security needs. I have done this for many years now along Ublock Orgin in my browser to block malicious sites. I have almost no issues with malware as long as I keep it all up to date. A nice entry level business class router is a great addition to home security if you can swing the price. 

I would be very careful loading any software that does not originate in USA and Canada or Western Europe. I would caution to do your homework there too. I have been removing malware as a professional since it's inception in the XP days and can tell you that much of the so called ANTI malware products by the very definition of malware are malware. 

" much of the so called ANTI malware products by the very definition of malware are malware"

I have thought the same thing for years now. I do not use defender. I use the least intrusive, most accurate, and fastest one I can find. Currently, I am using bitdefender.

The best malware defense is to have good practices for downloads, browsing, emails, phishing, etc...

It would be nice to see how Windows Defender non-virus malware protection is since realistically most people are more at risk for cryptominers, keyloggers, and other such programs, especially since the vast majority of people do not use an adblocker or script blocker, or even use common sense about which websites they visit or programs they install.

0 Likes

Well it does defend against non-virus malware fine. Defender began it's life as just Malware detection it was called Giant Anti-Spyware I believe if memory serves and MS bought out the company to be able to offer it as a free add-on to XP. At the time malware was crippling pc's left and right and nobody knew what to do. With a registry change you can also have defender, defend against PUP's. Winaero tweaker is just a great utility for unlocking Windows full potential. You should check it out sometime. But you are right most malware that affects people is not Virus, in fact the most dangerous thing we do on our computer is answer phishing questions or click on any check box or prompt of any kind, like yes or no or open or close. If you start getting random popups browsing don't click anything it alt-f4 or turn off the computer if you don't know how to handle it is what I teach our staff. Cautions web browsing, email reading and document opening is to me still the best defense. But it takes many layers of protection to be safe these days. Most of the pay stuff doesn't add a thing you can't get for free and in many cases the free stuff is way better and less bloated IMHO. 

0 Likes
tomplatz
Journeyman III

Hi everyone. I am new here. Despite I usually use Avast it is an interesting thread for me.

0 Likes

I use a coin miner blocker in my browser

0 Likes

There are several of those and if you use the blockers in Ublock it will block the known mining sites. I had tried a few of those mine blocking plug ins and they redirects that were not there without so I quickly uninstalled them.

0 Likes

pokester wrote:

There are several of those and if you use the blockers in Ublock it will block the known mining sites. I had tried a few of those mine blocking plug ins and they redirects that were not there without so I quickly uninstalled them.

I use minerblock to stamp out coinhive etc

0 Likes

I used avast for years and was a fan. That all changed when Avast and AVG became one company. The bloat that AVG had is now in Avast and both softwares try to do IMHO much more that what they should and that is malware and virus protection. Also neither gets as good of scores as they used too. Results however do vary every time they test. I don't think they are bad I just don't think they are necessary when defender works well. We used to use Avast in our enterprise but it started getting to many false positives with our custom software something defender does not do and we have not noticed an increase in malware issues since going to defender. In fact it is a bit less.

0 Likes

Something I thought I'd throw in here too is that you shouldn't forget to install an AV program on your Android phone. Personally I use Sophos Mobile Security, as it's fast, lightweight, has no ads, doesn't try to sell you anything, and is made by one of the most reputable security companies there is.

Yes, Samsung has one built into their software at least on their devices I have had. I do forget what engine it uses. The app store is loaded with supposed virus protection software. Most off them range from doing nothing to being malware. Google Play does a horrendous job of keeping malware laden apps off their store. The list you published about is good as most of those are reputable. I should check out the Sophos one. Is that one free initially too?

0 Likes

Sophos is totally free and includes other useful features such as a link checker (useful if you have parents or friends who love to bitly or tinyurl garbage), QR scanner, password vault, and Wifi security scans. Aside from the Play Store being far from secure, you do have to worry about official apps getting compromised and drive by downloads especially from ads which aren't easily closed.

0 Likes