Amazon AWS and F-Secure

[Deleted User]
[Deleted User] Posts: 0
edited April 9 in Web Browsing

Hello,

A member on Malwaretips brought this to our attention, that if you run a DNS leaktest, it also shows Amazon AWS servers. The only way to totally stop their inclusion in the searches is to uninstall F-Secure, which I did on 5 of my devices. Until I know more about Amazon's AWS privacy policy, I may not be reinstalling F-Secure unless someone here can give me better peace of mind regarding that and of the number of AWS servers being used by F-Secure. I had anywhere between 2-8 AWS servers connected depending on if I enabled NextDNS in the browser settings.

I get the idea of what F-Secure is trying to accomplish, but still…

"Cybersecurity firm F-Secure speeds installation process and boosts customer experience using AWS. The company, which has tens of millions of consumer customers and more than 100,000 corporate clients, has been providing online security services for nearly 30 years. It uses Amazon Kinesis and AWS Lambda to react to events in real time."

https://aws.amazon.com/solutions/case-studies/f-secure/

Kind regards

Accepted Answer

  • CarolinaC
    CarolinaC Posts: 138 Moderator
    Answer ✓

    Hello @siramic @rickV @MJO @Alper ,

    We have recently released a client update which started using our latest version of F-Secure URL reputation cloud, hosted on Amazon. When a client encounters a new URL, the URL reputation cloud is queried for verdict, to decide if the URL request should be allowed or blocked. Because it is an unknown domain name, the URL reputation cloud responds to client with an “unknown” verdict while at the same time starting a backend analysis of it - which makes the DNS queries.

    The client never uses any extra DNS server, and the leak test interprets these results incorrectly. For real DNS addresses, they would most likely be known to URL reputation cloud and not trigger a DNS lookup. For new unknown domains, only the first client accessing it would trigger the query from Amazon, but it is not trackable back to client. The Amazon cloud is shared for all our clients.

    We are investigating options to reduce these DNS lookups from cloud side. Rest assured, F-Secure takes privacy of all our clients seriously and our privacy notice can be found at https://www.f-secure.com/en/legal/privacy/total

    Separately, there is currently a bug in the client that when Browsing Protection features are turned off, the client still does reputation lookups for every URL - it just does not act on the information. We were currently working on the fix for this bug before this DNS issue was brought up, but now it’s even more important to get it fixed and released.

    Best regards.

«1

Answers

  • [Deleted User]
    [Deleted User] Posts: 0
    edited April 13

    At 250 views so far for this post, it doesn't look like I'm alone in wondering about this.

    Here is this mornings example of running DNS leaktest extended version using Chrome with Use Secure DNS set on OS Default, in Security settings, with F-Secure Internet Security. In running it twice, I got anywhere between 8 Amazonaws servers to 16. It also listed my ISP servers at around 8. On my other PCs without F-Secure installed, I just have my ISP servers listed.

  • Rusli
    Rusli Posts: 1,022 Influencer
    edited April 14

    Did you have anything install on your computer that using DNS encryption??? Like DNS over Https, or DOT, Dnscryptproxy??? Or Did you check your wifi router settings. Did you configure DNS TLS enable on your wifi router??? What brand of wifi router you are using???

    If you are using Netgear Wifi Router it has a DOH enable.

    Have you ipconfig/flushdns on your terminal screen. Have you check your Windows Hosts files. c:\Windows\System32\Drivers\etc\hosts. Network ip address changes???

    https://www.nublue.co.uk/guides/edit-hosts-file/#:~:text=In%20Windows%2010%20the%20hosts,%5CDrivers%5Cetc%5Chosts.

    Have you try other tools such as ccleaner to clear your browser cache, cookies, etc, superantispyware, hitman-pro from sophos. malwarebytes, emsisoft emergency kit, norton power eraser???

    https://www.safetydetectives.com/blog/how-to-remove-the-amazonaws-virus/

  • rickV
    rickV Posts: 4 Observer

    Dear Siramic,

    I have noticed the exact same thing as you did and seems like whenever F-secure is enabled it forces these amazon AWS connections straight away . I contacted support for a solution and explanation without receiving any info . I am using VPN from Mullvad and whever f-secure is anabled it is leaking DNS to amazon which should not happen. These sudden changes resulted in me removing f-secure completely and using another AV for the time being. Hope someone can shed some light on this issue

  • [Deleted User]
    [Deleted User] Posts: 0
    edited April 14

    Thank you @rickV for confirming what I have found as well as some others who replied on a Malwaretips thread.

    @Rusli thank you for your reply. Just a couple of questions for you.

    1. Why did this suddenly happen within the last 2-3 weeks? Please review my 1st post, in that on the same router with the same settings when F-Secure was installed, there are the Amazonaws servers, then still with the same router settings and F-Secure uninstalled, no Amazonaws servers? Disabling F-Secure browsing protection in the app and browser extension, doesn't change a thing.
    2. Below are 2 images using Chrome, cleared cache, cookies, history etc, with its onboard DNS setting turned off, and with no other extension enabled but F-Secure's browsing protection. The first image is without F-Secure installed. The 2nd image is with F-Secure installed. The connection of this PC is directly into the modem, no router or its settings.

    @Rusli are you not getting this at all on your end, or is it just a F-Secure, US thing?

    Kind regards.

  • MJO
    MJO Posts: 52 Active Engager
    edited April 14

    @siramic I´m having same issue with Amazon dns servers appearing and i live in Finland. I installed F-Secure Total last week and there was no Amazon servers appearing before that.

  • [Deleted User]
    [Deleted User] Posts: 0
    edited April 14

    Thank you for your confirmation as well, MJO. I'm thinking it has to do with the article below, in which F-Secure is trying to be a lean, mean, efficient AV, and maybe it also has to do with the transition into 64-bit, for the same reason? It's just speculation on my part until an F-Secure employee helps to give us understanding regarding what's going on.

    https://aws.amazon.com/solutions/case-studies/f-secure/

  • Alper
    Alper Posts: 3 Observer

    Hello everyone,

    is there no statement from F-Secure? It can't be that F-Secure simply imposes an Amazon DNS server? If nothing changes in the next few days, I will uninstall F-Secure.

    What a pity, everyone has it
    Highly recommended and now something like this is happening 😣

  • MJO
    MJO Posts: 52 Active Engager

    I posted this on the Finnish forum also. Let´s hope that customer support is faster on that side and would give us some explanation on this issue 🤞

  • [Deleted User]
    [Deleted User] Posts: 0
    edited April 16

    Hi @CarolinaC

    Thank you for your part in helping to investigate this concern, it's appreciated. The link I posted looks like F-Secure is using AmazonAWS infrastructure but did not include a date, so I'm not sure how long ago it was implemented. This quote is from that link:

    Bringing value to the business through faster development was a major driver for Ojala’s team. “We’re always eagerly looking for new tools to innovate with,” she says. “That’s why we picked up AWS Lambda so soon after it was launched.”

    The service lead says the data pipeline project is a good example of how easy it is to enable new use cases in the cloud. “We have a mixed IT landscape, but many of our teams rely on our on-premises environment. When F-Secure started planning to use AWS for its data pipeline, we calculated the estimated total cost of ownership taking into account hardware and software costs and the personnel required for maintaining the system. 

    We’ve shown the rest of the company that we can put our ideas into action faster and save 70 percent on infrastructure costs by using AWS compared to running hardware on-premises. And we can drill down into the details of problems and solve them quickly and efficiently. We’re inspiring a shift toward the cloud, and microservices in particular, because of these great benefits.”

    So from a users end, how does that apply or help us, in what way?

    Even If I turn off Browsing Protection in the app and disable the Chrome extension (just to be sure), it still connects to AmazonAWS servers. So it's more deeply engrained in the app itself, and just not in the searches?

    It's just that some of us like our privacy and having to deal with disabling some of Windows Privacy settings, Google and its love in gleaning our surfing information, and now possibly, Amazon was, is just a little bit concerning for me. I will gladly wait for the follow-up reply(s).

    Thank you :)

    edit:sp

  • [Deleted User]
    [Deleted User] Posts: 0
    edited April 18

    I have a support ticket going with F-Secure and included a fsdiag log file, so I don't mean to be jumping the gun as far as what they or CarolinaC may find out, but…

    Most of us noticed this about 2 weeks ago, and in reviewing the log file, it appears on March 22nd there was a OneClient update (unless it was just a logging time stamp?), that did include (as new?) Lambda (Amazon). Just thought I'd mention it, in case it helps in figuring this issue out :)

    https://docs.aws.amazon.com/lambda/latest/dg/welcome.html

    Cheers :)

  • [Deleted User]
    [Deleted User] Posts: 0
    edited April 19

    @CarolinaC

    That is an incredibly encouraging, and informative post, that makes me very optimistic about F-Secure's desire to look out for us users, as we trust F-Secure and pay for its products installed on our devices. Not sure if we need to worry about Amazon's privacy policy with how all of this works?

    So this partnership sounds like it will be to our advantage to improve the security of our online searches.

    Thank you again, as I will now proceed to install the new 19.4 public release version with all its updates, including it being 64-bit.

    Continue to keep us informed, please. And again, CarolinaC, I appreciate all you are doing to help give us peace of mind and understanding regarding F-Secure, Amazon and this issue :)

    Kind regards.

  • kp4cyx
    kp4cyx Posts: 1 Observer

    Hi @siramic,

    any further updates on your support ticket? As far as I am concerned, the issue still persists. Similar to what @rickV wrote, I too get DNS leaks with a running VPN connection.

    I hope this issue gets resolved soon.

  • [Deleted User]
    [Deleted User] Posts: 0
    edited May 3

    Hello :)

    They, support, ended up in sending me back here. They said they didn't know, understand what I was asking about and handed me over to Firmy here on the forum. I had even included a link to one of my post from this thread in my ticket. It wasn't resolved, just acknowledged as with CarolinaC's post, a work in progress.

  • fs-seppo
    fs-seppo Posts: 25 F-Secure Employee

    Hi,

    Just to alleviate some concern here, lambda in this context refers to https://en.cppreference.com/w/cpp/language/lambda , not AWS Lambda. It's local C++ programming concept and has nothing to do with remote computing.

    Seppo

    F-Secure R&D, Desktop products

  • [Deleted User]
    [Deleted User] Posts: 0
    edited May 4
  • Ville
    Ville Posts: 741 F-Secure Product Expert

    The public statement about this issue is at the top of this thread in "Accepted answer". Right now we are monitoring the situation with no immediate action planned. As a short recap, the product is not leaking DNS addresses but the leak tests interpret our security cloud analysis incorrectly.

    Ville

    F-Secure R&D, Desktop products

  • [Deleted User]
    [Deleted User] Posts: 0
    edited May 8

    Thank you @Ville

    It sounds like it's pretty much resolved then, just maybe some monitoring on your end.

    If you would like to close this thread, that's fine, as I don't want to beat this topic into the ground, maybe like I already have? ;) and consider we all have the information we need.

    Thanks again for all the help and information that was posted, I, we, appreciate it.

    Kind regards.

  • rickV
    rickV Posts: 4 Observer

    Thank you for the feedback @Ville

    The fact stays that there are permanent connections to Amazon doing DNS lookups when f-secure is active and while i am on a VPN. And it does not reasure me stating these DNS leak tests all have it wrong. Also i see no answer as to the fact that these connections persist when deactivating browsing protection. I think this should be optional right especially when using VPN. I have been a long time user of F-secure but unfortunately i am using another AV now for the time being as in my opinion i see no message this will be solved soon and it has no priority.

    Think i am not the only one having these concerns

    Kind Regards

  • CHRIST68
    CHRIST68 Posts: 10 Explorer

    Hello, personely I noticed the same problem, DNS LEAK AMAZON. So I'm considering to change this antivirus, because I deem that impose this process is unseemly, especialy as it made unexpectedly, I realised this in the course of VPN checking. What a shame!

    I would add that the VPN is not really confidential too, cause there is log and the killswith is not really a kill switch.

    BEST REGARDS. Christ, france.

  • [Deleted User]
    [Deleted User] Posts: 0
    edited May 13

    Edited my post. The above two posts stand on their own, without my adding to them.

  • CHRIST68
    CHRIST68 Posts: 10 Explorer

    Actually this process is an infringement of our confidentiality and I deem that all users have to know this ussue. Personelly I uninstalled the software. It' all the more suprising than that this process was hidden, without notification.

  • Alper
    Alper Posts: 3 Observer

    F-Secure, please reverse the problem. You will lose many members including me and many of my loyal f-Secure friends.

  • CHRIST68
    CHRIST68 Posts: 10 Explorer

    There is another bug here, when I'm connecting to ma bank, the Fsecure Bank protect block the connection!!???:

    Incredible!!

    Congratulations.

  • CHRIST68
    CHRIST68 Posts: 10 Explorer

    I'm under the impression that the situation is getting worse here…

  • rickV
    rickV Posts: 4 Observer

    @ christ68

    The lack of response from F secure while having lots of customers with legit concerns/problems indeed makes me believe it is getting worse . Never seen this before after many years of using f-secure but this new direction they are heading to is not to my liking. It's a shame actually

  • CHRIST68
    CHRIST68 Posts: 10 Explorer

    Yes, I'm really disappointed, et unfortunately I decided to stop using FSECURE, and after somes researching, I'm going to an another solution, like "surfshark", VPN + ANTI VIRUS. Very regrettable.

  • Vanishedvision
    Vanishedvision Posts: 1 New Member

    Seems to be an issue for Spectrum customers as well with the included security suite.

  • rickV
    rickV Posts: 4 Observer

    Wow no replies from F-secure at all so obviously we are not been taken serious at all.

    Obviously they don't care losing long time customers since they probably have enough already.

    Strange new policy here.

Feedback on New Design