Amazon AWS and F-Secure
Hello,
A member on Malwaretips brought this to our attention, that if you run a DNS leaktest, it also shows Amazon AWS servers. The only way to totally stop their inclusion in the searches is to uninstall F-Secure, which I did on 5 of my devices. Until I know more about Amazon's AWS privacy policy, I may not be reinstalling F-Secure unless someone here can give me better peace of mind regarding that and of the number of AWS servers being used by F-Secure. I had anywhere between 2-8 AWS servers connected depending on if I enabled NextDNS in the browser settings.
I get the idea of what F-Secure is trying to accomplish, but still…
"Cybersecurity firm F-Secure speeds installation process and boosts customer experience using AWS. The company, which has tens of millions of consumer customers and more than 100,000 corporate clients, has been providing online security services for nearly 30 years. It uses Amazon Kinesis and AWS Lambda to react to events in real time."
Kind regards
Accepted Answer
-
Hello @siramic @rickV @MJO @Alper ,
We have recently released a client update which started using our latest version of F-Secure URL reputation cloud, hosted on Amazon. When a client encounters a new URL, the URL reputation cloud is queried for verdict, to decide if the URL request should be allowed or blocked. Because it is an unknown domain name, the URL reputation cloud responds to client with an “unknown” verdict while at the same time starting a backend analysis of it - which makes the DNS queries.
The client never uses any extra DNS server, and the leak test interprets these results incorrectly. For real DNS addresses, they would most likely be known to URL reputation cloud and not trigger a DNS lookup. For new unknown domains, only the first client accessing it would trigger the query from Amazon, but it is not trackable back to client. The Amazon cloud is shared for all our clients.
We are investigating options to reduce these DNS lookups from cloud side. Rest assured, F-Secure takes privacy of all our clients seriously and our privacy notice can be found at https://www.f-secure.com/en/legal/privacy/total
Separately, there is currently a bug in the client that when Browsing Protection features are turned off, the client still does reputation lookups for every URL - it just does not act on the information. We were currently working on the fix for this bug before this DNS issue was brought up, but now it’s even more important to get it fixed and released.
Best regards.
Answers
-
At 250 views so far for this post, it doesn't look like I'm alone in wondering about this.
Here is this mornings example of running DNS leaktest extended version using Chrome with Use Secure DNS set on OS Default, in Security settings, with F-Secure Internet Security. In running it twice, I got anywhere between 8 Amazonaws servers to 16. It also listed my ISP servers at around 8. On my other PCs without F-Secure installed, I just have my ISP servers listed.
-
Did you have anything install on your computer that using DNS encryption??? Like DNS over Https, or DOT, Dnscryptproxy??? Or Did you check your wifi router settings. Did you configure DNS TLS enable on your wifi router??? What brand of wifi router you are using???
If you are using Netgear Wifi Router it has a DOH enable.
Have you ipconfig/flushdns on your terminal screen. Have you check your Windows Hosts files. c:\Windows\System32\Drivers\etc\hosts. Network ip address changes???
https://www.nublue.co.uk/guides/edit-hosts-file/#:~:text=In%20Windows%2010%20the%20hosts,%5CDrivers%5Cetc%5Chosts.
Have you try other tools such as ccleaner to clear your browser cache, cookies, etc, superantispyware, hitman-pro from sophos. malwarebytes, emsisoft emergency kit, norton power eraser???
-
Dear Siramic,
I have noticed the exact same thing as you did and seems like whenever F-secure is enabled it forces these amazon AWS connections straight away . I contacted support for a solution and explanation without receiving any info . I am using VPN from Mullvad and whever f-secure is anabled it is leaking DNS to amazon which should not happen. These sudden changes resulted in me removing f-secure completely and using another AV for the time being. Hope someone can shed some light on this issue
-
Thank you @rickV for confirming what I have found as well as some others who replied on a Malwaretips thread.
@Rusli thank you for your reply. Just a couple of questions for you.
- Why did this suddenly happen within the last 2-3 weeks? Please review my 1st post, in that on the same router with the same settings when F-Secure was installed, there are the Amazonaws servers, then still with the same router settings and F-Secure uninstalled, no Amazonaws servers? Disabling F-Secure browsing protection in the app and browser extension, doesn't change a thing.
- Below are 2 images using Chrome, cleared cache, cookies, history etc, with its onboard DNS setting turned off, and with no other extension enabled but F-Secure's browsing protection. The first image is without F-Secure installed. The 2nd image is with F-Secure installed. The connection of this PC is directly into the modem, no router or its settings.
@Rusli are you not getting this at all on your end, or is it just a F-Secure, US thing?
Kind regards.
-
Thank you for your confirmation as well, MJO. I'm thinking it has to do with the article below, in which F-Secure is trying to be a lean, mean, efficient AV, and maybe it also has to do with the transition into 64-bit, for the same reason? It's just speculation on my part until an F-Secure employee helps to give us understanding regarding what's going on.
-
-
Hello @siramic @rickV @MJO @Alper ,
I understand that you're experiencing some frustration with this matter. Please know that your concerns are important to us, and we're committed to resolving this matter as swiftly as possible.
I have escalated the issue to our R&D, who are now diligently working on finding a solution. Rest assured, we're taking every necessary step to address this issue and ensure that you have a smooth experience with our services.
We sincerely apologize for any inconvenience this has caused you, and we appreciate your patience and understanding in this matter. We will keep you updated on the progress and notify you as soon as the issue is resolved.
If you have any further questions or concerns, please don't hesitate to reach out to us. Thank you for bringing this to our attention.
Best regards!
-
Hi @CarolinaC
Thank you for your part in helping to investigate this concern, it's appreciated. The link I posted looks like F-Secure is using AmazonAWS infrastructure but did not include a date, so I'm not sure how long ago it was implemented. This quote is from that link:
Bringing value to the business through faster development was a major driver for Ojala’s team. “We’re always eagerly looking for new tools to innovate with,” she says. “That’s why we picked up AWS Lambda so soon after it was launched.”
The service lead says the data pipeline project is a good example of how easy it is to enable new use cases in the cloud. “We have a mixed IT landscape, but many of our teams rely on our on-premises environment. When F-Secure started planning to use AWS for its data pipeline, we calculated the estimated total cost of ownership taking into account hardware and software costs and the personnel required for maintaining the system.
We’ve shown the rest of the company that we can put our ideas into action faster and save 70 percent on infrastructure costs by using AWS compared to running hardware on-premises. And we can drill down into the details of problems and solve them quickly and efficiently. We’re inspiring a shift toward the cloud, and microservices in particular, because of these great benefits.”
So from a users end, how does that apply or help us, in what way?
Even If I turn off Browsing Protection in the app and disable the Chrome extension (just to be sure), it still connects to AmazonAWS servers. So it's more deeply engrained in the app itself, and just not in the searches?
It's just that some of us like our privacy and having to deal with disabling some of Windows Privacy settings, Google and its love in gleaning our surfing information, and now possibly, Amazon was, is just a little bit concerning for me. I will gladly wait for the follow-up reply(s).
Thank you :)
edit:sp
-
I have a support ticket going with F-Secure and included a fsdiag log file, so I don't mean to be jumping the gun as far as what they or CarolinaC may find out, but…
Most of us noticed this about 2 weeks ago, and in reviewing the log file, it appears on March 22nd there was a OneClient update (unless it was just a logging time stamp?), that did include (as new?) Lambda (Amazon). Just thought I'd mention it, in case it helps in figuring this issue out :)
https://docs.aws.amazon.com/lambda/latest/dg/welcome.html
Cheers :)
-
That is an incredibly encouraging, and informative post, that makes me very optimistic about F-Secure's desire to look out for us users, as we trust F-Secure and pay for its products installed on our devices. Not sure if we need to worry about Amazon's privacy policy with how all of this works?
So this partnership sounds like it will be to our advantage to improve the security of our online searches.
Thank you again, as I will now proceed to install the new 19.4 public release version with all its updates, including it being 64-bit.
Continue to keep us informed, please. And again, CarolinaC, I appreciate all you are doing to help give us peace of mind and understanding regarding F-Secure, Amazon and this issue :)
Kind regards.
-
Hello :)
They, support, ended up in sending me back here. They said they didn't know, understand what I was asking about and handed me over to Firmy here on the forum. I had even included a link to one of my post from this thread in my ticket. It wasn't resolved, just acknowledged as with CarolinaC's post, a work in progress.
-
The public statement about this issue is at the top of this thread in "Accepted answer". Right now we are monitoring the situation with no immediate action planned. As a short recap, the product is not leaking DNS addresses but the leak tests interpret our security cloud analysis incorrectly.
Ville
F-Secure R&D, Desktop products
-
Thank you @Ville
It sounds like it's pretty much resolved then, just maybe some monitoring on your end.
If you would like to close this thread, that's fine, as I don't want to beat this topic into the ground, maybe like I already have? ;) and consider we all have the information we need.
Thanks again for all the help and information that was posted, I, we, appreciate it.
Kind regards.
-
Thank you for the feedback @Ville
The fact stays that there are permanent connections to Amazon doing DNS lookups when f-secure is active and while i am on a VPN. And it does not reasure me stating these DNS leak tests all have it wrong. Also i see no answer as to the fact that these connections persist when deactivating browsing protection. I think this should be optional right especially when using VPN. I have been a long time user of F-secure but unfortunately i am using another AV now for the time being as in my opinion i see no message this will be solved soon and it has no priority.
Think i am not the only one having these concerns
Kind Regards
-
Hello, personely I noticed the same problem, DNS LEAK AMAZON. So I'm considering to change this antivirus, because I deem that impose this process is unseemly, especialy as it made unexpectedly, I realised this in the course of VPN checking. What a shame!
I would add that the VPN is not really confidential too, cause there is log and the killswith is not really a kill switch.
BEST REGARDS. Christ, france.
-
@ christ68
The lack of response from F secure while having lots of customers with legit concerns/problems indeed makes me believe it is getting worse . Never seen this before after many years of using f-secure but this new direction they are heading to is not to my liking. It's a shame actually
-
