Kaspersky Security Network Statement

A. INTRODUCTION
Please read this document thoroughly. It provides important information that you
should be acquainted with before continuing to use our services or software. We
reserve the right to modify this Statement at any time by making changes to thi
s page.
Kaspersky Lab ZAO (further Kaspersky Lab) has created this Statement in order to
inform and disclose its data gathering and dissemination practices for Kaspersk
y Endpoint Security 10 for Windows.
Kaspersky Lab has a strong commitment to providing superior service to all of ou
r customers and particularly respecting your concerns about Data Processing.
This Statement contains numerous general and technical details describing the st
eps we take to respect your Data Processing concerns. Meeting your needs and exp
ectations forms the foundation of everything we do - including protecting your D
ata.
The Kaspersky Security Network service allows users of Kaspersky Lab security pr
oducts from around the world to help facilitate identification and reduce the ti
me it takes to provide protection against new ("in the wild") and complex securi
ty threats and their sources, intrusion threats, as well as increasing the prote
ction level of information stored and processed by the computer's user. This inf
ormation contains no personally identifiable information about the user and is u
tilized by Kaspersky Lab for no other purposes but to enhance its security produ
cts and to further advance solutions against malicious threats and viruses.
By participating in Kaspersky Security Network, you and the other users of Kaspe
rsky Lab security products from around the world contribute significantly to a s
afer Internet environment.
Legal Issues (if applicable)
Kaspersky Security Network may be subject to the laws of several jurisdictions b
ecause its services may be used in different jurisdictions, including the United
States of America. Kaspersky Lab shall disclose information without your permis
sion when required by law, or in good-faith belief that such action is necessary
to investigate or protect against harmful activities to Kaspersky Lab guests, v
isitors, associates, property or to others. As mentioned above, laws related to
data and information processed by Kaspersky Security Network may vary by country
.
Kaspersky Security Network shall duly inform the users concerned when initially
processing the above-mentioned information of any sharing of such information an
d shall allow these Internet users to opt in (in the EU Member States and other
countries requiring opt-in procedures) or opt out (for all other countries) onli
ne from the commercial use of this data and/or the transmission of this data to
third parties.
Kaspersky Lab may be required by law enforcement or judicial authorities to prov
ide some information to appropriate governmental authorities. If requested by la
w enforcement or judicial authorities, we shall provide this information upon re
ceipt of the appropriate documentation. Kaspersky Lab may also provide informati
on to law enforcement to protect its property and the health and safety of indiv
iduals as permitted by statute.
B. RECEIVED INFORMATION
* Date of installation and activation of the software, the full version of the s
oftware, including the information about the installed updates, software localiz
ation;
* Information about your computer software, including operating system and servi
ce packs installed, kernel objects, drivers, services, Internet Explorer extensi
ons, printing extensions, Windows Explorer extensions, downloaded program files,
active setup elements, control panel applets, host and registry records, browse
r types and e-mail clients that are generally not personally identifiable;
* Information about your computer hardware, including the hash sum of the HDD se
rial number;
* Data related to the software updates that are used to fix errors in or to chan
ge the functionality of the software installed on the users computers, in addition
to the data about the return codes received after installing the software update
s.
* Information about the status of your computer's antivirus protection including
information about the Anti-virus database used by the Software, the statistical
data about updates and connections with Rightholders services; task ID and ID of t
he software components that perform the scans;
* Information about files downloaded by the user (URL and IP address, attributes
, file size, information about process that initiated download, digital signatur
e of a file, URL, where the detection occurred, the number of scripts on the pag
e in which the load was detected, information about completed http-requests and
responses to them );
* Information about applications and their modules run by the user including MD5
hash sums, size, attributes, date created, information about PE headers, compre
ssion utilities used information, code of the account that is running the proces
s, command line options, information about files names and their modules
* Information about all of the potentially harmful objects and actions, includin
g the name of the detected object and the full path to the object on the compute
r checksum processed files (MD5), the date and time of detection, URL-address an
d IP-address from where it was downloaded, the name and size of infected files a
nd their paths, the packer, file type code, the ID file format, a list of the ma
lware activities and decisions of the Software and the User on them, the ID of a
ntivirus database used for detection, the name of the threat detected by the cla
ssification system of Kaspersky Lab, a checksum (MD5), the name and attributes o
f the executable file of the application, which has used an infected message or
a link, impersonated host IP-address (IPv4 and IPv6) blocked object, the entropy
of the file, startup attribute, timestamp of the first detection in the system,
information about the file and its associated operating system objects before a
nd after the action on the file (moving, copying, restoration), the number of la
unches of the file since the last sending of statistics;
* Information about scanned objects, including the assigned trust group, and / o
r from which the file is moved, the reason for which the file is placed in this
category;
* Information about vulnerabilities, including the ID of the vulnerability in th
e database of vulnerabilities, vulnerability danger level and detection status;
* information on the implementation of emulation of an executable file, includin
g the version of the emulator component, the depth of emulation, the statistics
and the characteristics vectors acquired during emulation of the scanned object,
the real and the virtual size of the scanned section of the object and the numb
er of sections, the number of unique logical blocks in the file and the frequenc
y of repeat of such blocks;
* IP-address of the attacking computer, the port number on which the attack was
directed, IP protocol identifier, target of attack (the name of the organization
, web-site), the ID type of transmitted and received packets, the flag of the re
action to the attack;
* service information of the software, including the compiler version, silent de
tect flag (a special verdict on the scanned object), the version of the statisti
cs data set, the identifier of the conditions for the statistics gathered, and a
n indication whether the software works in interactive mode.
* The Kaspersky Security Network service may process and submit whole files, whi
ch might be used by criminals to harm your computer and/or their parts, to Kaspe
rsky Lab for additional examination;
Additionally, for the purposes of the prevention and investigation of incidents
occurred, executable and non-executable trusted files can be sent, as well as re
ports on the activities of the application, memory pages and boot sectors of the
operating system
In order to increase the level of support and monitoring of the defined level of
software protection, the User agrees to provide the following information about
the results of testing software operability after applying of updates:
- The result of the update installation, including any error codes that occurred
during the installation process;
- Information about any currently installed anti-virus databases;
- Duration since the installation of last update;
- Identifier of the executed self-test script and the completion status of the t
est;
- CPU usage data;
- The number of active streams and streams in standby state;
- Memory usage data (Private Bytes, Non-Paged Pool);
- The number of product dumps and system dumps (BSOD) since installing the softw
are and since the last update, including the identifier of the product module wh
erein the crash occurred, as well as the production process crash stack;
- The version of the installed software, including the version of the Nagent com
ponent;
- The set of installed software components, including the version of the install
ed encryption module and the status of each component;
- The operating system version, including the installed system updates.
Securing the Transmission and Storage of Data
Kaspersky Lab is committed to protecting the security of the information it proc
esses. The information processed is stored on computer servers with limited and
controlled access. Kaspersky Lab operates secure data networks protected by indu
stry-standard firewall and password protection systems. Kaspersky Lab uses a wid
e range of security technologies and procedures to protect information from thre
ats such as unauthorized access, use, or disclosure. Our security policies are p
eriodically reviewed and enhanced as necessary, and only authorized individuals
have access to the data that we process. Kaspersky Lab takes steps to ensure tha
t your information is treated securely and in accordance with this Statement. Un
fortunately, no data transmission can be guaranteed secure. As a result, while w
e strive to protect your data, we cannot guarantee the security of any data you
transmit to us or from our products or services, including without limitation Ka
spersky Security Network, and you use all these services at your own risk.
We treat the data we process as confidential information; it is, accordingly, su
bject to our security procedures and corporate policies regarding protection and
use of confidential information. All Kaspersky Lab employees are aware of our s
ecurity policies. Your data is only accessible to those employees who need it in
order to perform their jobs. Any stored data will not be associated with any pe
rsonally identifiable information. Kaspersky Lab does not combine the data store
d by Kaspersky Security Network with any data, contact lists, or subscription in
formation that is processed by Kaspersky Lab for promotional or other purposes.
C. USE OF THE PROCESSED DATA
Kaspersky Lab processes the data in order to analyze and identify the source of
potential security risks, and to improve the ability of Kaspersky Lab's products
to detect malicious behavior, fraudulent websites, crimeware, and other types o
f Internet security threats to provide the best possible level of protection to
Kaspersky Lab customers in the future.
Disclosure of Information to Third Parties
Kaspersky Lab may disclose any of the information processed if asked to do so by
a law enforcement official as required or permitted by law, in response to a su
bpoena or other legal process or if we believe in good faith that we are require
d to do so in order to comply with applicable law, regulation, subpoena, or othe
r legal process or enforceable government request. Kaspersky Lab may also disclo
se information when we have reason to believe that disclosing this information i
s necessary to identify, contact or bring legal action against someone who may b
e violating this Statement, the terms of your agreements with the Kaspersky Lab
or to protect the safety of our users and the public or under confidentiality an
d licensing agreements with certain third parties which assist us in developing,
operating and maintaining the Kaspersky Security Network. In order to promote a
wareness, detection and prevention of Internet security risks, Kaspersky Lab may
share certain information with research organizations and other security softwa
re vendors. Kaspersky Lab may also make use of statistics derived from the infor
mation processed to track and publish reports on security risk trends.
D. DATA PROCESSING - RELATED INQUIRIES AND COMPLAINTS
Kaspersky Lab takes and addresses its users' Data Processing concerns with utmos
t respect and attention. If you believe that there was an instance of non-compli
ance with this Statement with regard to your information or data, or you have ot
her related inquiries or concerns, you may write or contact Kaspersky Lab by ema
il: support@kaspersky.com.
In your message, please describe in as much detail as possible the nature of you
r inquiry. We will investigate your inquiry or complaint promptly.
CHOICES AVAILABLE TO YOU
In case of refusal to participate in KSN the above data is not transmitted. The
data is processed and stored in a restricted and protected partition on the user
's computer. This data cannot be restored after uninstallation. If you agree to
participate in KSN, the data is transferred to Kaspersky Lab for the above purpo
ses.
The resulting information is protected by Kaspersky Lab in accordance with statu
tory requirements and applicable rules of Kaspersky Lab.
Kaspersky Lab uses the information only in anonymous form and in the form of agg
regate statistics data. These general statistics are generated automatically fro
m the source of the information and do not contain personal data and other confi
dential information. Initial information received is stored in an encrypted form
and is destroyed upon accumulation (twice a year). General statistics are kept
indefinitely.
Participation in Kaspersky Security Network is optional. You can activate and de
activate the Kaspersky Security Network service at any time by altering the Feed
back settings on your Kaspersky Lab product's option's tab. Please note, however
, if you choose to deactivate the Kaspersky Security Network service, we may not
be able to provide you with some of the services dependent upon the processing
of this data.
We also reserve the right to send infrequent alert messages to users to inform t
hem of specific changes that may impact their ability to use our services that t
hey have previously signed up for. We also reserve the right to contact you if c
ompelled to do so as part of a legal proceeding or if there has been a violation
of any applicable licensing, warranty or purchase agreements.
Kaspersky Lab is retaining these rights because in limited cases we feel that we
may need the right to contact you as a matter of law or regarding matters that
may be important to you. These rights do not allow us to contact you to market n
ew or existing services if you have asked us not to do so, and issuance of these
types of communications is rare.
(c) 2013 Kaspersky Lab ZAO. All Rights Reserved.