Kaspersky & ActiveX Vulnerabilities

Discussion in 'other anti-virus software' started by AlamoCity, Apr 29, 2007.

Thread Status:
Not open for further replies.
  1. coolbluewater

    coolbluewater Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    268
    Location:
    next door to Redmond
    Well, it's either this or an open-source fruit basket ;)
     

    Attached Files:

  2. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN

    No offense, but I can understand why your email was ignored. As articulate as you are in your jihad on these boards, I am surprised that you did not flesh out your contact email to Kaspersky to include a more approachable stance. Try this:

    If that doesn't get a response, then maybe it is because your previous email caused you to be blacklisted. Tact and approachability are important steps to receiving any type of response from a business such as Kaspersky.

    If a mod wishes to remove this next portion, so be it...

    Having read this thread numerous times, I cannot help but feel as if it has outlived its usefulnss. Paranoia and baseless accusations are running rampant among some posters. The OP has made it clear that he doesn't wish to go to the resource provided by Kaspersky. I believe it may be time for this horse to be taken from life support and for the senseless beating of said equine to end.
     
  3. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Jihad? That's very amusing. I complain about my security being compromised by Kaspersky, and KAV fans respond to my thread with questions and comments. Then I'm labeled a troll, and even accused of conducting a "jihad", merely for posting honest answers to their inquiries. What should I do, ignore people who have legitimate questions about the issues? Or should I lie about the way I feel? As articulate as you are, I will be very interested in hearing your response on this.

    Done. I sent the following email to info@kaspersky.com on May 7, 2007, 3:55 PM:

    "Dear Sir or Madam,

    I am writing to request information concerning the KAV program. Specifically, I am concerned about Kaspersky's previous use of ActiveX controls in KAV.

    I am very conscious of my security setup, and minimizing the presence of ActiveX controls on my system is an important part of the precautions I take. As such, I am wondering if Kaspersky still utilizes ActiveX as part of the program and, if so, what steps Kaspersky has taken to minimize the security risk that ActiveX controls pose.

    Thank you for your help as I consider whether or not to use your product as part of my security setup.

    Sincerely,
    Ron
    "

    The email I sent them on April 30th was intentionally kept as short as possible due to the large volume of email a company of their size receives. As overworked employees will sometimes delete 'wordy' emails (like the above) so they can go home on time. But I've tried it your way, and we'll see what happens.

    LOL, yeah right, this could really get me blacklisted: "Does your Kaspersky® Anti-Virus 6.0 program currently use any ActiveX controls? If so, could you please tell me what they're used for, as far as the functions they provide."

    I can just hear the Kaspersky employees now: "Wow, the nerve of this guy to send us such an "un-fleshed" email! He must think we're dummies who can't comprehend more than a few sentences at a time! Either that or he thinks we're unscrupulous enough to ignore/delete wordy emails! Let's ignore/blacklist him for having the nerve to offend our sensibilities in this manner!"

    Actually, the most important thing in an email is the subject title. And the best way to get a company like Kaspersky to answer a question is to use "Pre-Sale Question" on the subject title line. Which is what I did. But they didn't respond.
     
  4. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN
    Thank you for clarifying the intent behind your original email. I am sure that brevity is appreciated by support personnel. What left me uncomfortable with it was in the wording. While it was succinct and to the point, putting myself in the shoes of the recipient left me feeling as if you were asking for trade secrets. While I understand that it was not your intent to do so, I believe your second email did a far better job of providing intent to the recipient.

    As far as the jihad comment - I do agree that it may have been over the top. However, I stand by my comments that I believe this thread has outlived its usefulness. If an answer was to come in this format I believe that it would have already. I hope that you do receive an answer from your email and that the answer assuages your concerns.
     
  5. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    If you're really "sure KL is NOT AT ALL informed about it", why not not inform them yourself, as it's apparent that you want them to know about it. Simply post the following in the Kaspersky forum:

    Is the Kaspersky Team aware of this thread about KAV exploits: https://www.wilderssecurity.com/showthread.php?t=173156&page=1

    Then you'll learn that yes, they're aware of it. :D
     
  6. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    I don't use other anti-virus programs, I just use KAV right now. And my objective is to make KAV safer by:

    Giving the company a reason why they shouldn't use unsafe ActiveX controls in the future, and why they should remove them from their current version if they're still in use.

    I don't have time to educate other AV companies. But here's a thought... why don't you "start a thread that highlights all the top AV supplier CURRENT vulnerabilities"? As you're obviously a Kaspersky fan, and you think they're getting a raw deal. So show your loyalty and take some of the heat off them by starting that thread. I'll be watching for it today. :D
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    If they are aware of it they should black list your license :D :D :D
    I always thought that the "Snow White and the Seven Dwarfs" was a nice tale.... I should re-assess it now :gack:

    Fax
    Sorry for the jokes, but this thread is really a JOKE. Ignore Mode: ON
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Seems that during course of this thread you think you've become an authority on it!
     
  9. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Fax, this thread is for people who want to discuss "Kaspersky & ActiveX Vulnerabilities". When you hijack a thread to post off topic nonsense about fairy tales, you're just destroying your own credibility. I think people are intelligent enough to decide the merits of a thread for themselves, and they don't need any assistance from backseat critics.

    It's obvious you're a Kaspersky fan, and that you object to the constructive criticism that I've leveled at the KAV program. Well, a lot of other people also object to it, but 99% of them have been mature enough to control themselves. So please respect the rules of the forum and follow their example.

    Rather than establishing a reputation for yourself as an off-topic poster, why not show your loyalty to Kaspersky by starting a thread pertaining to the benefits of using KAV. As that would counter the negative things I've said about the program to a certain degree, thus giving prospective buyers a more balanced perspective of the program. :thumb:
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    :thumbd:
    Ignore Mode: ON :thumbd:

    Fax
     
  11. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Umm, no, I don't think I'm an authority on ActiveX software. I just have common sense, and I know that countless millions of people consider it to be extremely unsafe. I also know that it has a long history of being exploited by hackers. Which is why I find it extremely odd that I seem to be the only person who objects to it being used in a program that's designed to prevent exploits.
     
  12. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Problem is by the tone of your replies:-
    1)you seem to be trolling
    2)You come across as you seem to think you're the only one who "knows anything"
    3)If you're half as smart as you think you are why don't you spend 10 Min's(shouldn't take someone as clever as you any longer!)go and sit at a PC and write your own AV program,which of course would be perfect!
    Why are you going on and on about something that has been fixed?have you got some other axe to grind with Kaspersky?or is it just a bee thats got in to your bonnet?
    If I didn't trust an AV company the way you don't appear to trust Kaspersky,I simply would avoid using their products not just keep bleating on about the same thing over and over and over and over and over(got bored typing "and over" lol)
     
  13. Hangetsu

    Hangetsu Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    259
    I guess I'm just trying to understand the purpose here.

    Is it to report a problem on Kaspersky's use of ActiveX? Is an independent forum the best place to do that? Also, the issue that was identified and reported to Secunia has been resolved. ActiveX is not a defective technology in and of itself; Countless apps use it every day. Are you saying that ActiveX cannot function within security apps? If so, can you present the proof showing how it can never work?

    Is it to inform people of the initial problem? I'd say that was taken care of page one. Are you looking for everyone to agree with you before the issue is closed?

    Or is it to badmouth Kaspersky? You state you have no issues with them, yet you have had nothing but negative to say regarding their products. ActiveX or not, they have repeatedly been among the best security software producers out there, with a proven track record against known (i.e. not theoretical) viruses, malware, and other baddies. A number of other suites license their engine to handle AV matters - Including ZoneAlarm, not a small name themselves.

    I guess I just don't understand the continued barrage. You've informed everyone - Its their choice whether to use Kaspersky's products or not. If you don't like their answers, then don't use their products yourself.

    And since you've asked others, no I don't work for Kaspersky. I've used a number of products, including KIS 6, NOD32, Norton 360, and Norton Internet Security.
     
  14. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    With all of the bickering and repetitive statements I'm surprised that this thread hasn't been locked. :ouch:
     
  15. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    should have been ages ago!would have been if he'd been bashing Nod!
     
  16. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Steve, it's extremely obvious that all you've done is scan a few posts in this thread, because the issues you've raised have already been responded to repeatedly. It's amazing to me that people are willing to make a fool out of themselves by bashing someone when they don't have a clue what they're talking about. If you'll bother to read the thread, you can answer your own questions.

    This is unbelievable. I could respond to everything you've said, and four posts later, on the same page, another critic will come along and say the exact same things you did. Unbelievable. It's sad that people can't express their honest opinion about an issue without being attacked by people who don't even bother to familiarize themselves with the thread before lashing out.

    This is the last time I'm going to respond to someone who is parroting other critics. Because this is not a 'bash the OP" thread. It's to discuss Kaspersky's use of vulnerable ActiveX controls. If you want to discuss something else, start your own thread.

    I'm not taking any more bait from immature instigators who have delusions of grandeur about being the hero who beats up "the mean troll maliciously attacking Kaspersky". The critics should realize they are not unique, in that anything they can come up with to criticize this thread has already been covered. All they have to do is open their eyes and read.

    Again, show some respect for this forum by limiting posts to discussions about the vulnerabilities of ActiveX controls. How I seem to you, or how I come across is totally irrelevant to this thread. I'm sure I could find many things that I don't like about the way you present yourself, but that's not what this forum is for.

    So again, please keep the posts on topic, or just don't bother to post. In other words, if you lack the intellectual skill to engage in an intelligent discussion about the subject matter, just allow this thread to die a slow, natural death on it's own. No one needs you to hasten it's departure by turning it into a slugfest.
     
  17. Hangetsu

    Hangetsu Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    259
    Again, can you please show which research or study concluded all ActiveX controls are "vulnerable".
     
  18. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,530
    Location:
    St. Louis, MO
    This thread seems to be going nowhere fast... All I'm seeing now is name calling, finger pointing, and ifs and buts. :blink:
     
  19. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Can you please explain to all of unintellectuals why you are complaining so much about an issue that has been fixed?even before the disclosure of this problem that initially referred to,if it hadn't been fixed I and the other people not on your intellectual plane could probably understand why your making such a big deal out of it,or is it the fact you have made such a big deal out of it you now feel you cannot back down and perhaps(just perhaps!)admit that you have tried to make a mountain out of a molehill,we can all see demons where there are none if we look hard enough and you seem to be looking very very hard!
     
  20. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    I could, but I won't. Because I've already explained it repeatability in this thread. And I'm not going to keep repeating the same things over and over.

    Because when I do, people like you (who don't read the thread before forming an opinion) come along and think I'm being a troll. Simply because I didn't ignore people who asked questions that had already been answered. In other words, I get vilified for being a nice guy.

    If you have any questions about my motives, etc., just read this thread, as everything has already been covered, repeatedly.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    I agree and this thread is now closed.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.