• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
[Fed-Talk] Kaspersky and their network
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] Kaspersky and their network

  • Subject: [Fed-Talk] Kaspersky and their network
  • From: Todd Heberlein <email@hidden>
  • Date: Mon, 23 Jul 2012 14:29:02 -0700
Interesting, and lengthy, article on Eugene Kaspersky and Kaspersky Labs.

I have a couple of questions on it though.

(1) The article is unclear as to *what* types of data are sent to Moscow. It talks about scanning every application, file, and email, but then it only talks about sending *application* back to Kaspersky Labs. Does it also send suspicious files and emails (both vectors of viruses)?

Some documents seem to imply only statistics are sent, not the file itself. Others refer to "analysis of the file" in the lab, which seems to imply the file is sent.


(2) Does the Cisco or Microsoft embedded software provide this "Kaspersky Security Network" capability too?

Some documents I've read implied "no", but others seem to say "yes".


(3) Does the US Government have any policies against using the Kaspersky Security Network to send data to Russia?

Todd



Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals
http://www.wired.com/dangerroom/2012/07/ff_kaspersky/

Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products— effectively giving the company 300 million users.

When a user installs Kaspersky software, it scans every application, file, and email on the computer for signs of malicious activity. If it finds a piece of known malware, it deletes it. If it encounters a suspicious program or a message it doesn’t recognize—and the user has opted to be part of the Kaspersky Security Network—it sends an encrypted sample of the virus to the company’s servers.



Related information:

Kaspersky Security Network whitepaper
http://www.kaspersky.com/images/KES8_Whitepaper_4_KSN.pdf

1. Information on the newly launched or downloaded applications and visited web pages (URLs) is sent by users of the most recent Kaspersky Lab‟s consumer and corporate products.

2. The files and URLs are checked and added to the Urgent Detection System database if they turn up to be malicious. Legitimate files are added to the “Whitelisting” database.

3. Kaspersky Lab‟s experts finish the analysis of suspicious files, determine their degree of risk and add the description to signature database.



Kaspersky Security Network in Kaspersky Lab 2011 products
http://support.kaspersky.com/faq/?qid=208282046

The technology also allows sending unknown files or their parts to Kaspersky Lab servers.


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Kaspersky and their network
      • From: Todd Heberlein <email@hidden>
  • Prev by Date: Re: [Fed-Talk] Eligible Apple products back on EPEAT
  • Next by Date: Re: [Fed-Talk] Kaspersky and their network
  • Previous by thread: Re: [Fed-Talk] Fed-talk Digest, Vol 9, Issue 125
  • Next by thread: Re: [Fed-Talk] Kaspersky and their network
  • Index(es):
    • Date
    • Thread