Avast WEBforum
Other => Non-Avast security products => Topic started by: Asyn on August 15, 2019, 07:57:37 AM
-
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
-
Hi Asyn,
Thanks for the heads-up on this.
Also see the results here on Kaspersky support's privacy status:
https://privacyscore.org/site/143446/ with 11 3rdparty trackers involved.
All servers reside in Russia and for Google Analytics the Anonymize IP Privacy Extension is not enabled.
Also consider: https://urlscan.io/result/b208be71-152f-4744-9e68-a643d37e6f86
Retirable code:
jquery 1.4.3.min Found in -https://support.kaspersky.com/resources/js/jquery-1.4.3.min.js?v=12
Vulnerability info:
Medium CVE-2011-4969 XSS with location.hash
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
blocked in my avast secure browser going to -https://kaspersky.d3.sc.omtrdc.net/b/ss/kasperskysupportall,kasperskysupporten/1/JS-2.6.0/s07192949918585?AQB=1&ndh=1&pf=1&t=15%2F7%2F2019%2020%3A15%3A38%204%20-120&mid=81671562226317276696572861505869332936&ce=UTF-8&ns=kaspersky&cdp=2&pageName=Homepage&g=-https%3A%2F%2Fsupport.kaspersky.com%2F&cc=USD&ch=Homepage&server=support.kaspersky.com&h1=Homepage&v2=D%3Dc12&v3=D%3Dc13&v11=D%3Dc22&v12=D%3Dc23&v13=D%3Dc24&v24=global&c25=Homepage&v25=Homepage&v26=Homepage&c31=
-https%3A%2F%2Fsupport.kaspersky.com%2F&c39=-https%3A%2F%2Fsupport.kaspersky.com%2F&c49=D%3Dc50%2B%22%20%3A%20%22%2BpageName&c50=New&v50=New&c63=Homepage&c69=global&s=1366x768&c=24&j=1.6&v=N&k=Y&bw=1366&bh=625&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
They let others now do the job: -https://dpm.demdex.net/id? - //cm.everesttech.net/cm/dd?d_uuid=91551022538304052316155746798801252242"]}],"subdomain":"kaspersky","tid":"251hRlTxSgE="}
Easily found up using a WebSniffer extension in the browser.
polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)
-
Tried KIS a few years back and uninstalled after a year for Security/Political reasons.
Won't use it again.
-
I am using KIS. OMG :(
-
I am not using it anymore as well since it decreased the lifetime of my SSD when it started to extract clonezilla backups to scan the compressed .xz archives for malware.
Several TB of host controller writes.. smdh :(
-
Kaspersky: The art of keeping your keys under the door mat
https://palant.de/2019/11/25/kaspersky-the-art-of-keeping-your-keys-under-the-door-mat/
-
Assorted Kaspersky vulnerabilities
https://palant.de/2019/11/27/assorted-kaspersky-vulnerabilities/
-
Kaspersky Password Manager: All your passwords are belong to us
https://donjon.ledger.com/kaspersky-password-manager/
-
Russian Cybersecurity Giant Kaspersky Tries to Maintain Neutrality During Ukraine War
Eugene Kaspersky said he hoped for "a compromise" as Russia fired a massive rocket into a square in Ukraine's second largest city.
https://www.vice.com/en/article/dyp5qj/eugene-kaspersky-neutral-ukraine-war-russia
-
Russian Cybersecurity Giant Kaspersky Tries to Maintain Neutrality During Ukraine War
Eugene Kaspersky said he hoped for "a compromise" as Russia fired a massive rocket into a square in Ukraine's second largest city.
https://www.vice.com/en/article/dyp5qj/eugene-kaspersky-neutral-ukraine-war-russia
Neutrality....Umm... Yeh Right ::)
-
CCleaner detected a serious error.
Not everyone advises to use CCleaner:
https://www.makeuseof.com/tag/stop-using-ccleaner-windows/ (not my personal point of view).
Always make a restore point when making changes to the registry.
MS official point of view on this matter: https://support.microsoft.com/en-us/topic/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities-0485f4df-9520-3691-2461-7b0fd54e8b3a
polonus
-
CCleaner detected a serious error.
Not everyone advises to use CCleaner:
https://www.makeuseof.com/tag/stop-using-ccleaner-windows/ (not my personal point of view).
<snip>
polonus
Not sure how this relates to Kaspersky, the subject of this topic ?
It is now in the Avast fold now and the article is very old (Published Nov 26, 2019).
-
CCleaner detected a serious error.
Not everyone advises to use CCleaner:
https://www.makeuseof.com/tag/stop-using-ccleaner-windows/ (not my personal point of view).
<snip>
polonus
Not sure how this relates to Kaspersky, the subject of this topic ?
It is now in the Avast fold now and the article is very old (Published Nov 26, 2019).
I was wondering that myself!??
-
BSI warnt vor dem Einsatz von Kaspersky-Virenschutzprodukten
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
BSI warns against the use of Kaspersky antivirus products
Location: Bonn
Date: 15.03.2022
The Federal Office for Information Security (BSI) warns according to §7 BSI law against the use of antivirus software from the Russian manufacturer Kaspersky. The BSI recommends replacing applications from Kaspersky's portfolio of antivirus software with alternative products.
Antivirus software, including the associated real-time cloud services, has extensive system permissions and must maintain a permanent, encrypted and unauditable connection to the manufacturer's servers for system-related reasons (at least for updates). Therefore, trust in a manufacturer's reliability and self-protection, as well as its authentic ability to act, is critical to the secure use of such systems. If there are doubts about the manufacturer's reliability, antivirus software poses a particular risk to an IT infrastructure that is to be protected.
The actions of military and/or intelligence forces in Russia, as well as the threats made by the Russian side against the EU, NATO and the Federal Republic of Germany in the course of the current armed conflict, are associated with a considerable risk of a successful IT attack. A Russian IT manufacturer may itself carry out offensive operations, be forced to attack target systems against its will, or itself be spied upon as a victim of a cyber operation without its knowledge, or be misused as a tool for attacks against its own customers.
All users of antivirus software can be affected by such operations. Companies and public authorities with special security interests and operators of critical infrastructures are particularly at risk. They have the option of seeking advice from the BSI or the relevant constitutional protection authorities.
Companies and other organizations should carefully plan and implement the replacement of essential components of their IT security infrastructure. If IT security products and, in particular, antivirus software were to be switched off without preparation, they might be left defenseless against attacks from the Internet. Switching to other products involves temporary losses in convenience, functionality and security. The BSI recommends that an individual evaluation and consideration of the current situation be carried out and, if necessary, that BSI-certified IT security service providers be consulted.
Translated with www.DeepL.com/Translator (free version)
-
Do svidaniya, Kaspersky — goodbye
Can you trust a Russian company with your technology? Your security? No — not with Vladimir Putin calling the shots when push comes to shove.
https://www.computerworld.com/article/3654149/do-svidaniya-kaspersky-goodbye.html
-
Also your privacy may be threatened, Italy investigates Kaspersky's :
https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9754469
But I haven't heard anything about Dr Web's from St. Petersburg (patron = R.F. president Putin). You know something on that matter, Asyn? Users may use their extension.
polonus
-
Do svidaniya, Kaspersky — goodbye
Can you trust a Russian company with your technology? Your security? No — not with Vladimir Putin calling the shots when push comes to shove.
https://www.computerworld.com/article/3654149/do-svidaniya-kaspersky-goodbye.html (https://www.computerworld.com/article/3654149/do-svidaniya-kaspersky-goodbye.html)
If we're talking about ethics, shouldn't that same warning also be given about TikTok?
Approximately 850 Million users happily share their information with the Chinese Communist party and they are also guilty of committing atrocities on an ongoing basis. Again, money talks and all other things seem not to matter. (Enough of my soap box.)
-
But I haven't heard anything about Dr Web's from St. Petersburg (patron = R.F. president Putin). You know something on that matter, Asyn? Users may use their extension.
Hi Damian, let's put it this way - I (currently) wouldn't use any software from Russia.
-
US says Kaspersky poses unacceptable risk to national security
https://www.bleepingcomputer.com/news/security/us-says-kaspersky-poses-unacceptable-risk-to-national-security/
-
US says Kaspersky poses unacceptable risk to national security
https://www.bleepingcomputer.com/news/security/us-says-kaspersky-poses-unacceptable-risk-to-national-security/
Interesting and also considering what else was in the article.
FCC's national security ban list was also expanded to include Chinese state-owned mobile service providers China Mobile International USA and China Telecom Americas.
I'm wondering about all these Chinese Mobile Phones, there are also phones for other companies made in China, where does it end ?
-
When politic becomes a part of reasoning, you loos all sight of reasoning.
Where can we truly find an American Cellphone?
Or anything else that's a manufactured product made in the US or free world for that matter?
Even our medication isn't produced in-house.
In the US the only thing we have plenty of is fossil fuel which is
currently frowned upon.
-
Hi bob3160,
Here you find it listed with all the equipment and services that may mean a threat to national security:
https://www.fcc.gov/supplychain/coveredlist
Re Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates. March 25, 2022
According to section two by the Secure Networks Act of the U.S. of A.
You cannot reason or argue against a government decision being taken.
Only future developments will tell who is right and who is wrong.
Damian a.k.a. polonus
-
Hi bob3160,
Here you find it listed with all the equipment and services that may mean a threat to national security:
https://www.fcc.gov/supplychain/coveredlist
Re Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates. March 25, 2022
According to section two by the Secure Networks Act of the U.S. of A.
You cannot reason or argue against a government decision being taken.
Only future developments will tell who is right and who is wrong.
Damian a.k.a. polonus
I'm surprised there aren't more Mobile Phone makes/companies on that list.
I was even expecting to see iPhone on the list, aren't most of them made in China ?
But I guess including phones manufactured in China would made the list unbelievably long.
-
Is Kaspersky Safe to Use in 2022?
https://www.avast.com/c-is-kaspersky-safe
-
Is Kaspersky Safe to Use in 2022?
https://www.avast.com/c-is-kaspersky-safe
Not in my opinion