1. Watch foreign sports or TV shows

A familiar situation for many sports fans: having moved abroad or simply gone on vacation, you find to your annoyance that your beloved football/soccer/baseball/cricket/rugby… team’s games aren’t broadcast on TV there. The same catastrophe befalls fans of domestic TV shows that aren’t popular abroad. This issue may be solved if you can subscribe to digital broadcasts of whatever matches or shows you like in your hometown, but in other regions that service is likely to be blocked. However, the good news is that Kaspersky VPN Secure Connection lets you watch what you paid for — wherever you are. To do this, when away, you need to select a VPN server in your home country and connect to it. That way you’ll be assigned a “native” IP address that will virtually teleport you home. You just need to make sure that both your local internet connection and VPN are up to it speed-wise. For fast VPN secrets, see the end of this post.

2. Bypass bandwidth throttling

In mobile networks, public places, and sometimes even home connections, ISPs limit communication speed, which is known as bandwidth throttling. You may notice this when visiting sites with videos or downloading large files: your internet runs much slower. This allows ISPs to save bandwidth and reduce the load on the network, but it also restricts your rights. Thanks to Kaspersky VPN Secure Connection, which encrypts your traffic, providers and other third parties can’t see exactly what you do online or what sites you visit, and so they cannot throttle your bandwidth – however, if your ISP slows down all activities for all subscribers (blanket throttling), there’s no escape.

3. Play in the region of preference

Servers of many multiplayer games are distributed all over the world. Connecting from a certain region, you will play on the nearest server. This is done to minimize lag for all players, unite players from the same time zone, and lessen the language barrier in game chats. But this approach can cause issues too: for example, you might play at an “unsociable” hour, which means few suitable gaming partners on the nearest servers, or your team has settled on a very specific game server. Going online through Kaspersky VPN Secure Connection in the desired region guarantees a connection to the best server for your needs. Of course, VPN speed is critical here to ensure low lag and fast data exchange, so slow VPNs and VPN protocols are a big no-no for gamers — which is why we especially recommend that gamers use our VPN, recognized for high speeds in independent tests.

On game consoles, setting up a VPN can be tricky, so console owners find it easier to set up VPN directly on the router — more on this at the end of the post.

4. Sidestep price policies

In many stores and service organizations, the price for the same goods and services differs significantly from country to country due to variances in pricing policies or simply different sales schedules. At the time of posting, Black Friday and Singles’ Day (11.11) are on the horizon, to name just a couple of shop fests. You can cash in on seasonal offers and save money by connecting to a VPN server in the desired country and thus changing your IP address. That done, logging into the regional versions of online stores, you’ll see local promotions and enjoy the best discounts.

To take full advantage of this, your VPN service should offer a wide variety of servers in different countries. For example, our VPN has more than a hundred of these, including in such exotic locations as Bangladesh, Liechtenstein, and Malaysia. With such a wide selection, finding the right server in the list can be tough, which is why the latest version of Kaspersky VPN Secure Connection lets you add servers to a Favorites tab and quickly select the one you need.

5. Shop with peace of mind

Public networks — be it Wi-Fi at an airport, hotel, cafe, train, or bus — pose a number of risks to your devices. Among them are: third-party ads on websites; data harvesting of your online activities; the already mentioned slowdown when watching videos; and potential interception of payment information and passwords. It’s a real stinger to pay for extra baggage or window seats on your phone, only to see unexpected debits from your account after landing, right?

Over an encrypted VPN channel, none of that can happen. Nearby cybercriminals, cafe owners, and unscrupulous Wi-Fi providers can neither see nor intercept your online activity.

What’s more, our VPN can be configured to automatically turn the VPN on when connecting to unprotected Wi-Fi networks, plus you can customize the VPN settings for each Wi-Fi access point saved on your device individually. This makes it easy to configure which Wi-Fi networks need VPN protection, keeping you safe at all times.

And one other thing: if the VPN connection drops, Kaspersky VPN can automatically block all your network traffic until reconnection, ensuring your data doesn’t leak to an unsecured network.

6. Open geo-blocked websites

For both legal and security reasons, some sites choose to shut out connections from other countries. For example, many online stores aren’t accessible in countries they don’t ship goods to. The same goes for many municipal or government services provided online — access from abroad isn’t possible. If you need to use such sites, you need to point your VPN to a server in the respective country.

7. Open websites despite blocking

The opposite scenario to geo-blocking is when you arrive in a country where, say, Google or Instagram is blocked. By connecting to a VPN server in another country, you can continue to use your usual accounts and services.

Geo-blocking often creates the nuisance of having to constantly turn your VPN on and off to access certain sites or use certain apps. Kaspersky VPN Secure Connection comes in handy here, too. By configuring rules for Smart Protection (on Android only) and Split Tunneling (on Android, Windows and macOS), you can forget about the need to keep toggling the VPN: it will activate automatically for selected apps, sites, or site categories (such as payment systems, banking sites, or online stores) or bypass VPN for apps added to the exceptions list.

What makes Kaspersky VPN the fastest?

Gaming, watching videos, downloading large files, and even conference calling all require a lightning-quick VPN connection with minimal latency and high data-transfer rates. Besides a fast enough internet connection, this requires three other jigsaw pieces: a high-performance VPN server with a strong communication channel; a sufficiently powerful client (your phone, computer, or router); and an optimized communication protocol between these two pieces.

To make our VPN the undisputed speed champion (it outperformed all six of the other VPNs in an independent test), we use the fastest servers (10 Gbps) and connect to them over the most powerful protocols: Catapult Hydra and WireGuard. According to our internal tests, Catapult Hydra is five to seven times faster than the common OpenVPN protocol in terms of connection speed and ensures exceptional privacy protection without data leaks.

Where and how to use VPN?

You can install a VPN on your smartphone, computer, tablet, and sometimes even your TV or game console. Most routers also support a VPN connection, giving you the benefits of a VPN across your entire home network all at once. Which of these scenarios is better?

For travel and business trips, setting up a VPN on your phone and laptop is a priority. If gaming or online bargain hunting is your thing, it’s best to install a VPN on your Windows or Mac computer.

For TVs, game consoles, and simultaneous VPN use on multiple devices, the encrypted channel is best deployed directly on the router. Our VPN supports the ability to connect routers using the WireGuard and OpenVPN protocols: the former delivers maximum speed even on relatively weak router models; the latter provides maximum compatibility even with older models. Simply go to the VPN section on the My Kaspersky portal, and under VPN for routers, create a configuration file by selecting the protocol and server in the desired country. Then upload it to your router’s control panel — and every device in your home network will automatically enjoy all the benefits of VPN.

Where to find the best VPN deal?

You can get Kaspersky VPN Secure Connection either as a standalone product or as part of a Kaspersky Plus or Kaspersky Premium subscription. Besides super-fast VPN, your subscription comes with full protection for all devices — both computers and smartphones.

Fine print

Some countries prohibit the use of VPN as a technology, while others ban specific VPN usage. In addition, the license agreements of various online services explicitly prohibit the use of VPNs to bypass their regional restrictions. You should research the legal position in your specific case before opting for a VPN.

How TunnelCrack works

If you connect to a malicious Wi-Fi hotspot or a malign ISP, it can send your computer or phone instructions that will allow some application traffic to bypass the VPN tunnel, making it open to analysis and modification. The attack works regardless of what specific VPN protocol the connection uses. But redirecting all traffic in this way is impractical, so the attackers have to limit themselves to a set list of websites and servers they want to spy on.

The attack exploits the exclusions list that can be set in all VPN clients. Each exclusion directs some traffic past the encrypted VPN tunnel. This feature is needed in at least two cases. First, to keep traffic between local devices out of the VPN tunnel. If your computer is streaming an image to your own TV over a local network, it does not need to be encrypted. Second, traffic already encrypted by the VPN client and destined for the VPN server should be routed past the VPN tunnel. Again, this is logical — if it is directed to the tunnel, it will go through another round of encryption.

The name given by the researchers to an attack on the first case is LocalNet (CVE-2023-36672 and CVE-2023-35838). A rogue router (for example, a Wi-Fi hotspot) feeds the victim incorrect network settings (routing tables) that represent public IP addresses of interest to the attackers as part of the local network. As a result, data exchanged between the victim and these addresses falls under the exclusions and bypasses the VPN tunnel.

An attack on the second case goes by the name of ServerIP (CVE-2023-36673 and CVE-2023-36671). Clients typically access a legitimate VPN server using a domain name. Manipulating the DNS server that the victim connects to, the attackers return an incorrect VPN server IP that matches the IP of the target resources they are interested in. Meanwhile, the cybercriminals retranslate VPN traffic to a real VPN server, and can modify or analyze incoming unencrypted traffic to the target IPs.

What to do as a VPN user

• Check your VPN service for updates. Peruse the official website and contact technical support. It’s possible that your provider has already updated its applications and settings, so it may be enough to install an update to fix the problem. Note that there may not be an update for iOS due to VPN configuration restrictions on Apple’s side.
• For services based on pure OpenVPN (of which there are plenty) you can use any OpenVPN client in which the vulnerabilities are fixed. The researchers recommend Windscribe.
• Check the exclusions in the VPN service settings. If there is an option to “route local traffic without VPN” or “allow access to local network,” disable it. In other words, all traffic must go through the VPN. The obvious downside of this setting is that you won’t be able to log in from the computer to a local NAS or manage smart devices via Wi-Fi over a local network — the only way to do this will be through cloud services. Ideally, the setting to block local traffic should be applied only to public networks, outside the home. But such a nuanced configuration that allows different settings for different networks is not always possible in VPN clients.
• Set up a secure DNS if you haven’t done so already. This will not only complicate ServerIP attacks, but generally improve network security. A secure DNS dovetails nicely with a VPN, the two should be used in tandem.

What to do as a corporate VPN administrator

• Check if your VPN clients are exposed to this vulnerability. A manual testing method is described by the researchers on GitHub. Test all versions of VPN clients used in your company for all relevant platforms.
• Request updates of vulnerable client applications from your corporate VPN provider. Updates were promptly released by Cisco, for example. Note that iOS updates may not be available due to Apple’s configuration restrictions.
• Check the standard VPN client configuration on all computers. Often the default option is to block local network access, in which case a TunnelCrack attack will not be possible.
• If you need to keep some local VPN-free traffic, say, to provide access to a printer over a local network at an employee’s home, create restrictive rules on each computer’s local firewall to allow only certain activities from a fixed list.
• Use DNS security tools. These often form part of all-in-one corporate network security systems, but can also be purchased separately.

VPN requirements

To protect your entire home network with a VPN, both your VPN and your router need to support this option. The first thing to note is that most free VPNs don’t offer network protection at the router level. Nor will your VPN run on the router if the VPN exists only in the form of a browser add-on or mobile app. If you’re not sure whether your VPN supports router-based operation, read the manual or contact tech-support.

It’s important to find out the details from tech support, not just a “yes/no” answer. What specific VPN protocol can be used for the router (and the whole network)? Are all the VPN servers you need available using this protocol? Armed with this knowledge, next go to the technical support site for your particular router.

Router requirements

First of all, the router must support sending all home traffic through the VPN channel. These days even cheap models have this feature, but there are still cases when a router can’t work with a VPN, especially if it’s leased out by the internet service provider (ISP). What can also happen is that the VPN is already being used to create a channel from the router to the ISP and is a part of the standard home internet setup. This kind of “VPN service” usually doesn’t provide the core benefits that most users want.

You can check your router in three ways:

1. Go to the web control panel (the address and password are usually shown on the underside of the router) and study the available settings
2. Read the documentation on the router vendor’s website
3. Contact the vendor’s technical support or — if you got the router from your provider — get in touch with its tech-support

If your ISP doesn’t offer VPN support, consider switching provider. If the problem lies with the router itself, check for an alternative firmware that has the functionality you need. The best known are DD-WRT and OpenWRT — the links point straight to a page where you can check your router’s compatibility. Replacing the router firmware can be technically challenging, so make sure you fully understand both the procedure and risks before starting.

After making sure that the router offers VPN support in the first place, next check which specific VPN protocols it can use. The most common are OpenVPN and WireGuard, with each having its own pros and cons.

OpenVPN has been around for a very long time and is widely supported by routers, but doesn’t usually provide maximum VPN speed, and also puts a heavy load on the router’s processor. For cheap routers with a weak processor, this can affect their performance and overall Wi-Fi speed in the home.

The newer WireGuard protocol is very fast and secure. If you have a really fast Internet connection, WireGuard will outperform OpenVPN in terms of speed and a lower load on the router’s processor. Among the disadvantages are the more involved initial setup (the user has to generate a pair of client keys) and fewer connection options: WireGuard binds the user to a specific server, OpenVPN — to a location, so the latter lets you switch to another server in the same location if the one previously used is down. Besides, not all routers recognize WireGuard.

And almost all routers support legacy L2TP/IPsec and PPTP protocols. We do not recommend them, because they fall short of the latest security standards and don’t encrypt traffic by default. However, if the two more modern options are not available, and a VPN is still needed, better to use L2TP/IPsec or PPTP with traffic encryption enabled than no VPN at all.

How to activate VPN on a router

The specifics differ from provider to provider and from router to router, so we can only describe the setup in general terms.

The first step is to download the right VPN profile from the VPN website. The profile is usually individual, so you need to go to your personal account on the website and find the page with VPN profiles. This might be a list of protected devices where you can add a router, or a special Add Router section, or a section for managing specific VPN protocols (OpenVPN, WireGuard) where you can generate the desired connection profile.

For example, for Kaspersky VPN Secure Connection, you can create a router profile on the My Kaspersky site in the Secure Connection section in three simple steps. Currently, only an OpenVPN profile is offered for routers, but by end of 2023 we plan to provide WireGuard support as well (note that WireGuard is now available in our VPN for Windows).

Creating an OpenVPN profile for a router on the My Kaspersky site.

When adding a new profile in your personal account, you need to answer certain questions. These include the profile name, your choice of server, and so on. The same window often provides space for technical details — such as private keys, names and passwords — but most providers support automatic generation of all this, in which case they can be left blank. Next, a link appears to download the .ovpn file for OpenVPN or .conf file for WireGuard.

For L2TP and PPTP, you don’t need to download anything. Instead, you need to write down some information from your personal account:

• server address for connection
• username and password
• an additional encryption key (pre-shared key, PSK, secret key)
• authentication type (PAP, CHAP)

Having gotten hold of this information, go to the web control panel of the router. Depending on the vendor’s… imagination, you may have to wander through a maze of subsections to get to the VPN properties:

• Asus routers usually have a VPN → VPN client section
• Keenetic routers hide VPN connections under Internet → Other Connections
• in Netgear routers, go to Advanced Setup → VPN service
• in TP-Link routers, open the Network → WAN tab

Take care, because routers can show VPN connections in two forms: as an external VPN connection to your home network (here the router acts as a VPN server and provides secure external access to your local network) and as a secure connection to a remote VPN server (here the router becomes a VPN client that connects securely to the VPN service). You need the second option.

Having found the right section, create a new connection and name it (say, for the VPN service and/or the location of the server), then enter the information retrieved from your personal account with the VPN provider.

For PPTP and L2TP/IPSEC, all information is required, including server addresses. For OpenVPN and WireGuard, attaching the OVPN/CONF profile file is usually enough, but sometimes you might also need to specify a username and password.

For some router models (for example, Keenetic), instead of a profile upload button, there’s a window for entering the VPN configuration; in this case, open the OVPN/CONF file in a text editor (yes, it’s a plain text file, and you can change its extension to .txt if you like), copy all the information from it, and paste it into this window. If you have any doubts about the correct settings, take a look at the router’s setup help pages — they’re usually found right in the Settings window.

Setting up a VPN connection via OpenVPN in Keenetic routers.

Then click the Save button and look for the Activate button or On/Off switch for the VPN connection. That done, the VPN should in theory be on all the time and even activate itself automatically after a router restart. It’s a good idea to check this by going to a site like whatismyipaddress.com or iplocation.net on any home device: they’ll show you which region of the online world you’ve tunneled through to. That’s the VPN setup basically done — all devices connected to the router will now access the internet through an encrypted connection. And some routers even allow you to choose which home devices will connect directly to the internet and which will go through a VPN.

If for some reason a VPN can’t be set up on your router, you can protect your internet access by setting up secure DNS on your router. This won’t give you all the benefits of a secure VPN connection, but it can give you some — such as protecting kids from inappropriate content and blocking ads on all devices.

For maximum protection on up to 10 of your family’s devices, we recommend a Kaspersky Premium subscription, which, alongside protection against viruses, hacking, phishing, and data leaks, includes a fast and unlimited Kaspersky VPN Secure Connection, secure password manager and vault, a one-year free Kaspersky Safe Kids subscription, and many other benefits.

Premium protection for Android devices

This product has long been more than just antivirus; it protects against a host of other threats as well. But fighting malware, of course, remains a core task for us at Kaspersky.

We never tire of saying that you need to protect not only desktop computers and laptops, but all other devices too, since they also store important data. Protecting smartphones and tablets is, if anything, even more critical — we take them everywhere, they contain all our correspondence, business and financial affairs and banking apps, plus heaps of private information from photos to geo-tracking.

We care about the security of all mobile device owners, which is why our updated Android app offers the most important security features to everyone for free, while the range of subscription options makes it even easier to use the app and add security tools.

Kaspersky Antivirus & VPN protects against more than just viruses and malware.

Always at your fingertips is a quick, full or selective scan of your smartphone for viruses, adware and apps that attackers might use against you. And with all our subscriptions, the Anti-Virus automatically scans all new files and apps, and can also be scheduled to be run whenever you want.

Secure internet…

With Kaspersky Antivirus & VPN, your internet surfing is safe and secure.

• Safe Browsing checks websites before opening them and blocks malicious and phishing websites, protecting your online payments and private data.
• Social Privacy checks your privacy settings in popular online services, lets you see what data is being collected, and can stop sharing it whenever you want.
• Safe Messaging checks texts and instant messages, and blocks dangerous and phishing links.
• Data Leak Checker looks for your private data on both the internet and the dark web (from credit card numbers to social security info). If your data becomes publicly accessible, Data Leak Checker alerts you.

A new scam is becoming popular of late. It uses special malicious QR codes to lead you to, say, a phishing website. Secure QR Scanner lets you scan QR codes and barcodes safely by accessing the information encrypted in the codes to check for any links they may contain.

Far safer online with Kaspersky Antivirus & VPN.

…Plus VPN…

As the name suggests, this product includes not only anti-virus and security features, but also a VPN, which makes your digital life both easier and more secure.
We’ve already explained why a VPN is essential, and our VPN is the clear winner in performance, privacy and transparency tests.

Even the free version of Kaspersky Antivirus & VPN grants you 300MB of traffic per day (without the ability to choose a server), while with the Plus or Premium subscriptions you get unlimited traffic and a choice of 99 locations in 80 countries (with more than 2000 servers deployed). And with a few tricks you can turbocharge your VPN to the max.

Use our free VPN — or turbocharge it to the max with Plus or Premium subscriptions.

…Plus device management

On top of all that, our deep understanding of how Android works lets us protect your device through fixing vulnerable spots in the default settings using Weak Setting Scan.

My Apps is a feature that lets you see what apps are installed on your smartphone, when you last used them, how much space they take up and, most importantly, what permissions they have to access your data.

You can also enhance the security of apps individually: App Lock controls access to certain apps by a code or fingerprint. That way, even if a snoopy person gets access to your unlocked phone, they still won’t be able to open apps that hold sensitive information — for example, messengers, banking apps or e-mail clients.

All apps under your full control.

Hang on! Where’s my device?!

Any smartphone owner lives in fear of one day losing it. Kaspersky Antivirus & VPN cannot, of course, prevent loss or theft, but it can minimize the consequences and make finding your device much easier. After turning on the Where Is My Device feature on My Kaspersky, you can remotely:

• Get the location of the missing device, lock it, and display an on-screen message on the locked device.
• Turn on a (very) loud alarm on the device.
• Perform a factory reset of the device, including wiping the memory.
• Take a mugshot of the person currently using the device.

Set up Where Is My Device and manage it through My Kaspersky in the event of loss or theft.

Additionally, SIM Watch blocks the device when someone inserts a new SIM card into it, while Uninstallation Protection safeguards against the Kaspersky app being uninstalled, and also against changes being made to the system settings intended to reduce the level of protection; any such attempt will block the device instantly. And yes, it’s all free!

Smart Home Monitor, or “don’t mess with my Wi-Fi”

Another important feature is home network protection. It works very simply: after installing Kaspersky, the app scans your network, finds all devices connected to it (by both Wi-Fi and cable), collects information about them, and generates a network map that a regular user can understand. This map lets you view at any time what devices are on your home network and whether they’re Kaspersky-protected. This is especially useful if there are many computers, smartphones and/or tablets in your home, in which case it’s easy to forget to install protection on some of them.

Our security solution will then monitor all devices that connect to your home network and issue an alert when something new appears. This gives you a heads-up of uninvited guests or anything suspicious, allowing you to take care of protection.

Kaspersky Antivirus & VPN guards your home network.

Most of the above-mentioned features you can start using for free right away. And if you prefer to get access to all Kaspersky Antivirus & VPN capabilities via subscription, you can choose and activate the one you want directly in the app. You can now protect up to five devices on Android, iOS, Windows or macOS: it’s never been easier to cover all your family’s devices.

PS: A subscription also includes our password manager, which securely protects and automatically syncs all your passwords across all your devices.

New protocols

When you turn on a VPN connection you establish an encrypted connection to one of the VPN provider’s servers. This is done to change your public IP address and to protect your connection from prying eyes on the local network. For many years, all VPN services offered a choice between the old and not very secure PPTP and L2TP communication protocols, and the newer yet slower OpenVPN protocol — which is more secure in terms of encryption.

But recently some new VPN protocols have appeared. For example, there’s the Catapult Hydra protocol used in Kaspersky VPN Secure Connection. It’s the record holder for speed, and thanks to this protocol our VPN recently won a comparative test of leading VPN solutions. Due to the proprietary nature of the Catapult Hydra protocol, security researchers have raised questions about its security and privacy. However, a recent independent audit of the Catapult Hydra source code found no critical vulnerabilities.

Another popular protocol to look out for is WireGuard. It’s also faster (much more so than OpenVPN) at transferring data, has minimal latency, and provides an instant connection. At the same time, its source codes are open, so it can be found in many VPN services, including Kaspersky VPN Secure Connection.

What to do: update the application and  select the correct protocol in the VPN client settings on each device. Speeds in descending order go like this: Catapult Hydra, WireGuard, OpenVPN. Other protocols don’t provide sufficient security — especially for financial transactions.

Optimal servers

The key thing to look out for when choosing a VPN service is the number of servers it has and their location. The more servers — the greater the chance of a good connection.

It’s logical to choose a server based on your needs: either as close as possible to your actual geographical location, or located in the region whose websites you plan to visit.

So, if you’re using a VPN for safe gaming, you should choose a VPN server in the same country where the game servers are located — this will ensure a faster, more stable connection.

When watching foreign media content, servers located in the country where the content is streamed also tend to provide a more stable connection.

Sometimes municipal or government services aren’t available from abroad for various reasons. In this case, the right VPN server helps residents of the city, or citizens of the country, get the information they need while away from home.

What can happen is the nearest server being overloaded and its connection speed drops as a consequence. In this case it’s worth trying other servers in the same region. By the way, Kaspersky VPN outperforms most competitors not only in terms of speed, but also in terms of the number of available servers: 99 locations in 80 countries, with more than 2000 servers deployed.

What to do: update the application regularly and check for an updated list of servers. Choose the best VPN server for your tasks, taking into account the geographical proximity to the required online services.

Fully up-to-date, Kaspersky VPN Secure Connection has just under a hundred server locations around the world, and also features a convenient dark theme.

Protecting all devices and the entire network

Every VPN service has clients for Windows, iOS and Android, but software manufacturers sometimes ignore Mac computers. However, there is an effective solution not only for Macs, but also for Smart TVs, game consoles, and smart-home devices that don’t support VPNs themselves. This is a VPN security setting on your router that allows you to route all traffic from any device on your home network through the VPN.

Of course, our VPN can work on a router — and it has a “native” Mac version as well.

What to do: Make sure that all your devices are running through a VPN, especially those which you use to conduct financial transactions.

Advanced settings

At first, almost all VPN applications worked on the principle of a simple switch: turn on/turn off. But in real life this isn’t always convenient. For example, a smartphone owner wants to always protect a crypto wallet application with a VPN, and doesn’t want to work with finances through an unencrypted connection; meanwhile, some online stores require that the VPN be turned off. Some people may also need to ensure that not a single byte goes into the network without encryption.

Therefore, modern VPN applications offer settings such as Split Tunneling and a Kill Switch.

Split Tunneling lets you choose applications that always work through the VPN, or, conversely, without it. It’s convenient, for example, to use two different browsers: one that provides access to sites through the VPN, and the other directly.

The Kill Switch, on the other hand, prevents any data from being sent if the VPN connection is unexpectedly interrupted — say, when the device connects to another network. This can happen, for example, when your smartphone automatically switches from cellular data to known Wi-Fi networks. Kaspersky VPN Secure Connection supports both features.

Kaspersky VPN Secure Connection settings for Android.

What to do: configure the VPN individually for those applications that need it, or, conversely, disable the VPN for certain applications. Use different browsers to simultaneously access sites with and without a VPN protocol. If protecting your traffic is essential, enable the Kill Switch.

So what is a VPN?

A VPN, or Virtual Private Network, is one of those rare cases when the abbreviation helpfully captures the essence:

• Virtual — to transfer data, a VPN establishes a connection over existing channels and communication protocols (no new physical channel is necessary);
• Private — data is transferred securely thanks to encryption. It’s impossible to intercept the transfer somewhere down the line and access the data;
• Network — a VPN ensures reliable communication between its nodes, and the outside world is accessed through gateways.

To sum up, a VPN is a private network that is set up on top of an existing network — primarily, the internet itself.

Previously, setting up a VPN required a hardware/software complex providing branch offices and employees on work trips with secure access to the company’s local network. With the rise of cloud services, VPNs have also become cloud-based, somewhat losing the “N” from their name in the process. Nowadays, a VPN is usually understood to mean a virtual tunnel for the secure transfer of encrypted requests and data between a subscriber endpoint and the server of the VPN provider, which in turn delivers these requests and data to the recipient. That is, VPNs serve most of all to neutralize threats in the last mile.

What does a modern VPN do?

In today’s world, VPNs provide two functions to subscribers:

• Security: a VPN protects against the theft of data while it’s being transferred from a device to the network;
• Anonymity: in theory, a VPN makes it impossible to pinpoint the user’s geolocation unless they’re willing to reveal it.

This second function has become very relevant recently, with the increase in internet segmentation and the number of entertainment services tied to specific regions. As a result, many VPN services focusing on the needs of end users offer features such as the obfuscation of encrypted traffic. But for businesses such tricks are not really necessary and only complicate the data transfer.

Why small businesses need a VPN

Small companies these days don’t even bother to try and build their own IT infrastructure: it’s expensive, difficult and, most importantly, completely pointless, because there are plenty of ready-made cloud solutions. These solutions provide a level of convenience, effectiveness and safety that can’t be achieved any other way. But all these delights are up there in the cloud — and it’s the “stairway to heaven” that’s the weak link. Attackers are increasingly using man-in-the-middle attacks on the communication channel between an employee’s work device and the trusted work servers or services. Most often, this happens when the employee is working through an uncontrolled intermediary, for example when connecting from home, a cafe or hotel.

This is precisely the stage where the VPN steps in to protect you. If you have to work on an unknown network (a public Wi-Fi connection in a cafe, for example), you should always use a VPN — simply because you can never know for sure who’s controlling the router. In theory, an attacker can interfere with the data flow by spoofing requests and responses to them, or just trying to intercept sent logins and passwords.

How to choose the right kind of VPN

First of all, you need to decide what you need a VPN for. For businesses, security is most likely the top priority. There are three ways to achieve it:

• Set up your own VPN. This old-school solution may be suitable for a business that already has its own cloud-based work server with confidential data, which employees require constant access to. Remotely accessing such a server via a VPN will help to completely close it from the outside world, and at the same time ensure security and (relative) anonymity on the internet. The downside is that this is quite an expensive approach that requires a dedicated specialist to deploy and maintain it;
• Buy a VPN service subscription. The advantage of this approach is the huge range of options, allowing you to choose the right solution for your specific needs and budget. Make sure you do your research on the service provider: read reviews and look at tests in professional publications, because you’re going to be trusting them with your data security. We recommend choosing a service that’s specifically focused on business clients rather than users trying to hide their location;
• Buy a complete security solution that includes a VPN. The main advantage of this approach is the additional security, since companies offering such packages are specialists in the field. In addition, you’ll avoid any potential conflicts between your security software and your VPN. In particular, our Kaspersky Small Office Security solution now includes a license for our VPN solution, Kaspersky VPN Secure Connection.

A VPN is a must-have tool for any modern business. It’s been a long time since we worked in closed local networks, and today even the very concept of a “network perimeter” is becoming irrelevant. Employees often work on laptops, carrying them around everywhere. A small business can hardly afford to deploy a full-fledged hardware/software solution, which means that the best option is to use a third-party cloud service to ensure the security of work-related connections.

A who-on-the-where attack?!

So, how does a man-on-the-side attack work? Basically, a client sends a request to a server via a compromised data-transfer channel. This channel isn’t controlled by the cybercriminals, but it is “listened to” by them. In most cases such an attack requires access to the Internet provider’s hardware, and this is a very rare thing – and that’s why man-on-the-side attacks are in turn rare. These types of attacks monitor the client’s requests and generate their own malicious responses.

A man-in-the-middle attack works in a similar way. The attackers also tap into the data-transfer process between the client and the server. The main difference between these two types of attacks is that the man-on-the-side client’s request reaches the recipient (the server). Therefore, the goal of the attackers is to respond to the client’s request faster.

As for man-in-the-middle, the attackers has a greater level of control over the data transfer channel. They intercept the request, and can modify or delete data sent by other users on the network. Thus, they have no need to outrun the server’s response.

However, a man-in-the-middle is a much more invasive attack than a man-on-the-side one. And that means it’s easier to spot. We described in more detail how a man-in-the-middle attack works, based on an example with… Little Red Riding Hood in this post!

OK, but how does a man-on-the-side attack work?

A successful man-on-the-side attack makes it possible to send fake responses to various types of requests to the victim’s computer, and in this way to:

• Replace a file the user wanted to download. In 2022, for example, APT group LuoYu delivered WinDealer malware to devices of victims most of whom were diplomats, scientists, or entrepreneurs in China. A request was sent to the server to update legitimate software, but the attackers managed to send their own patch version, complete with malware;
• Run a malicious script on the device. According to the Electronic Frontier Foundation this is exactly how in 2015 the Chinese government tried to censor well-known open source community GitHub. The attackers used a man-on-the-side to deliver malicious JavaScript to browsers of unsuspecting users. As a result, these browsers refreshed GitHub pages over and over again. This DDoS attack lasted more than five days and significantly hampered the service;
• Redirect the victim to the website.

On a side note, intelligence agencies in various countries are also suspected of using this type of attack.

Means of protection

We’ll repeat once again that man-on-the-side attacks are quite rare. Attackers need to have access to the provider’s hardware in order to carry them out. Therefore, business trips, work conferences or any other occasions when your employees connect to questionable Wi-Fi are high-risk situations. To stay safe, we recommend always working via a VPN, and using a strong security solution on all employee work devices.

Curiously, there has been a constant fall in the number of participants whose solutions reached the end of the tests and were certified. Specifically: in 2020 there were six VPN packages, in 2021 – three, and finally, this year there were only two left: Kaspersky VPN Secure Connection and Norton Secure VPN (bringing to mind the “Highlander” movie tagline: “There can only be one”). The reason is that participants in a public certification test may choose not to have their results published if either they’re not satisfied with them or their products don’t meet the certification requirements.

This certification test evaluates many factors that affect usage of a VPN: usability, OS compatibility, server locations, upload and download speeds, security, transparency, etc. We were confident in both the stability and security level provided by our VPN solution, so were most interested in the additional performance comparisons with the other VPN products available on the market. Having that in mind, and before the public certification test was started, we asked AV-TEST to test an additional six VPN solutions fully in parallel with the public certification performance test and in full accordance with its methodology. As a result, an extended performance comparative report was published.

The participating VPNs were tested for both their download and upload performance, torrent download performance, YouTube streaming, and measured latency at three geographic locations – the U.S. West Coast, the Netherlands, and Japan. All tests were conducted for the “best” local connection as well as two geographic overseas connections. With the public certification test, there was only one difference: the results achieved by any of the tested products were not excluded.

The Magnificent Seven were: Avast SecureLine VPN, ExpressVPN, Kaspersky VPN Secure Connection, Mullvad VPN, NordVPN, Norton Secure VPN, and Private Internet Access.

AV-TEST performed this test in parallel for all products several times a day for a week, which allowed them to average the results of the performance test. So, let’s dive deep into the numbers and see how modern VPN solutions outperform good old dial-up access or ADSL.

The Speedtest, or There and Back Again

For most VPN use cases in everyday life, download speed is more important than upload speed, but for a full-fledged test, one needs to analyze both. The performance test used virtual machines configurations hosted in the Microsoft Azure cloud, and all products were run with their default, out-of-the-box configurations. And trust me, those VMs were pretty good and had a stable and very, very fast internet connection, with reference unencrypted download and upload speeds of up to 9Gbps. Yes, gigabits per second!

The first set of tests – download, upload and latency performances – were conducted using the “industry standard” Ookla LLC speedtest.net command-line application and compared to an unencrypted reference speed benchmark. They show how fast you can surf the web anonymously all around the globe, since all these tests were run for both local and overseas locations, as pictured below.

The comparative test local and overseas connections map

Due to the nature of the technology, using a VPN connection almost always reduces performance, and in the graph below we do see a significant drop in speed compared to an unsecured connection. Such is the price of anonymity. But let’s be honest: compare these values with the bandwidth provided by your ISP, and you’ll realize that in most cases you’ll never notice a drop in speed since your connection is still slower.

The comparative local and overseas results for the unencrypted download and upload performances, and the industry averages for all three tested locations (the more the better)

However, “average performance” is good for statistics and comparisons, but in everyday life you’re unlikely to prefer an “average car”. So let’s compare how fast all the test participants are, and we’ll see a noticeable difference in performance between the winners and the rest:

The combined averages for download and upload performances for local and overseas connected VPN servers (the more the better)

Kaspersky wins almost every race, with the exception of overseas upload average performance due to an unpatched server issue that had not been fixed at the time of testing.

The Latency of Clouds

– What do we want?
– When do we want it?
– Lag-free gaming!
– Now!

Ping time is vital for gamers. If the ping is too slow, players can react as fast as they want, but their reaction in the games they play doesn’t get through due to latency. In the public certification test, Kaspersky VPN showed an average local latency of 5.3 milliseconds across all locations compared to Norton Secure VPN’s average latency of 13 milliseconds (Boom! You lose). In the extended comparative test it shared second place in the local latency test with NordVPN – just behind Mullvad VPN – thus beating the industry average for VPNs. The overseas latency test showed no differences worth mentioning when comparing VPN products, as well as when comparing them to an unencrypted reference.

Leechers in the dark

Where do we value privacy the most? With good old torrents, for sure. Therefore, the speed of leeching through a VPN tunnel is critical for all torrent lovers. The test measured the time between the start of downloading a torrent and the end of writing the torrent file to the hard drive through a third-party torrent client.

The combined averages for the torrent download speeds (the more the better). * Norton Secure VPN doesn’t support torrents on tested servers

And here Kaspersky VPN Secure Connection wins again for both local and overseas torrent leeching.

The Tubes Burst

We all love Netflix. Video streaming services are booming and now they generate most internet traffic. And it is these video streaming services that like to annoy the user with geo-blocking the most – but which can be bypassed with a VPN! Therefore, a stable video stream without frame loss and delays through VPN plays such an important role. And here’s some good news for you movie buffs: Kaspersky VPN Secure Connection, as well as all other tested solutions, successfully passed the 4K streaming test with minor issues that users won’t notice (such as a few dropped frames and millisecond range lags).

Over Hill and Under Hill

However, in addition to the performance, it’s worth comparing other parameters of the tested solutions in the public certification test. Compared to Norton Secure VPN, Kaspersky VPN Secure Connection – using the OpenVPN protocol – supports more operating systems (including Linux, ChromeOS, AndroidTV and FireTV), has three times more server locations (90 vs. 29), and successfully passed all transparency tests. But what’s crucial is that Kaspersky VPN Secure Connection showed impeccable leak resistance in all security tests, while Norton Secure VPN allowed a DNS leak on reconnect, briefly exposing the device’s DNS queries.

Transparency is a precious thing

In terms of transparency and confidentiality, Kaspersky takes the privacy of its customers very seriously: the solution doesn’t collect more data than necessary, uses the highest industry standards to secure collected data, and the company regularly gets audited and publishes transparency reports.

Product security is ensured by Kaspersky’s vulnerability management and disclosure program, including its Bug Bounty Program. Kaspersky is also known as a pioneer in the creation of Transparency Centers all over the world to allow independent assessments of the company’s solutions’ security and safety.

The Last Stage

With unmatched performance in most of the speed tests conducted, Kaspersky VPN Secure Connection is the overall fastest VPN product tested in the performance test, and ranked #1 in most of the categories tested. It showed outstanding download and torrent speed in both local and overseas scenarios. In particular, the solution outperforms other participants at least two-fold in terms of overseas data transmission. Kaspersky VPN Secure Connection is the leading product for the local upload test, with results that are twice the industry average.

The measured latency is in the top three among all tested products. Like all other products, Kaspersky VPN Secure Connection had no problems playing 4K video from a local or overseas connection. It’s expected that once the problem with unpatched overseas servers is fixed, the performance of overseas uploads, which is currently below average, will improve significantly. Kaspersky VPN Secure Connection successfully passed all security tests and was awarded the “Approved Virtual Private Network Solution” badge.

And finally, if you’re a number-cruncher, you should definitely check out both reports’ PDFs here and here, where you’ll find plenty of crisp numbers to crunch.

Fake sites and apps

In the runup to all major sporting feasts in recent years, our experts have observed upticks in registrations of domains based on the names of the respective events. Most of these sites were used for fraud, such as offering fake tickets or free live broadcasts.

A phishing page offers a chance to win 2 FIFA tickets

This year’s World Cup has been no exception. By the time it kicked off, experts had uncovered multiple fraudulent pages on social networks, and more than 170 domains posing as official World Cup resources.

Most are phishing sites looking to steal user data, but alongside the traditional scams (ticket giveaways, souvenir sales), some new cryptocurrency-based scams have been added. Soccer fans are invited to invest in new tokens created specially for the tournament, or to bet on the results with payouts in crypto or as NFT art. Of course, to receive your “winnings”, you have to share your cryptowallet details.

An example of a World Cup-related crypto scam

Mobile apps are another classic mode of attack, especially on Android users: by the start of the World Cup, more than 50 instances of mobile malware had been detected that either plant malicious software on your device, ask you to pay for a bogus ticket or broadcast, or steal your personal data — passwords, mail accounts, card numbers, and the like.

A study of past championships indicates that the victims of sports-related scams are typically casual fans: folks looking for streaming sites or installing sports apps for the first time. Therefore, in addition to our standard advice (never visit suspicious sites or download suspicious applications), we would add another useful tip: if you’re a novice, ask a friend who’s long been into sports. They’ll be able to suggest the best places for live streaming or placing bets, which will help you avoid fly-by-night sites and fraudulent apps.

Privacy issues

But even official apps don’t guarantee protection against personal data leaks. On the eve of the current World Cup, warnings were already sounding about privacy issues in apps that visitors to Qatar have to install. Similar vulnerabilities making it possible to spy on users were found in Chinese apps that guests of this year’s Winter Olympics were required to install.

But if you think such problems affect only certain countries, alas, personal data leaks happen everywhere. At the 2020 Summer Olympics in Tokyo (which ran in 2021 due to  covid disruption), the usernames and passwords of those who’d bought tickets were leaked, giving cybercriminals access to masses of personal data in fans’ accounts: names, addresses, bank details. And in 2018, the official app of the Spanish soccer league, La Liga, was caught red-handed using microphone and GPS access on user devices to track down those watching pirated broadcasts. La Liga, of course, denied eavesdropping on users, since the audio clips it recorded were encrypted. But how could this be checked, and who then did listen to these recordings?

As such, a general security rule that applies even to official apps is to minimize their access to your personal data and to other apps and systems on your smartphone. If installing an app with extended privileges is mandatory in the host country, use a burner phone instead of your main device.

Beware of free Wi-Fi

During the 2016 Summer Olympics in Brazil, Kaspersky researchers found that around a quarter of Wi-Fi hotspots at competition venues had little or no security at all. Similar studies during the 2018 FIFA World Cup in Russia uncovered even more unprotected Wi-Fi networks.

So, if you’re off to Qatar, take every precaution when using public Wi-Fi:

1. Turn off automatic connection to Wi-Fi networks

Also turn off Wi-Fi itself when not using it, and remove public Wi-Fi networks from the list of connections after using them. This will safeguard against connecting to poorly protected access points where your data could be intercepted by cybercriminals.

2. Carefully check the names of networks you connect to

Fake hotspots might have similar names to the Wi-Fi network of your hotel or the cafe you’re in. If you fail to spot a fake Wi-Fi network and connect to it, the data you transmit will end up in cybercriminal hands.

3. Don’t use public Wi-Fi for critical tasks

For the same reasons, be doubly sure not to connect to dubious hotspots if you have to use a service where a data leak could be very costly, such as online banking. Better to access it through a well-protected home or corporate network. Although more expensive, even using mobile data to get online is safer than free public Wi-Fi.

4. Use a VPN

If there’s simply no other option but to connect to an unknown Wi-Fi network, use a security solution with VPN technology to create an encrypted communication channel. For example, Kaspersky Secure Connection. KSC encrypts your data before forwarding it to the Wi-Fi router, so other users — not even the hotspot owner — can see what you’re sending or where. And it’s a good idea to configure your VPN to start up automatically on connecting to any public network.

If for some reason you don’t have a reliable VPN yet, it’s time to consider getting one. This post looks at the latest improvements in Kaspersky VPN Secure Connection that make it even more convenient, more functional, and faster.

Accelerating time and expanding space

One of the key issues for VPN users is connection speed. Accordingly, we’ve paid special attention to it: Kaspersky VPN Secure Connection is now three times faster than ever before.

Independent researchers have also noted our improvements on speed. For example, AV-TEST reports that Kaspersky VPN Secure Connection offers speed above industry standard.

The proximity of the server that provides your connection often determines VPN speed. The closer the server is, the faster the VPN works. For this reason, we continue to increase the number of server locations offered in Kaspersky VPN Secure Connection. Now users can choose from 90 locations in 72 territories. That is, the user can select not only a country, but also a specific city.

Kaspersky VPN Secure Connection: more server locations than ever before

Easier access to content anywhere

Many people use a VPN app to access content that’s not available in their region. The updated version of Kaspersky VPN Secure Connection supports access to global streaming services: Netflix, Hulu, Amazon Prime Video, HBO Max, Disney+, BBC iPlayer and others. In addition, there’s now a special For streaming mode, optimized for watching movies and TV shows.

This means no more wondering which of the dozens of servers available in Kaspersky VPN Secure Connection to connect to. With this mode on, you can simply choose the content of whichever service and region you want to watch (for example, Netflix in the US). The application will then offer a list of optimal servers: it remains only to click Connect and enjoy your favorite TV show.

Selecting a server to watch streaming content

There’s also one more new mode For torrenting, which lets you quickly find the fastest server for downloading even large files from BitTorrent.

Selecting a server for the best torrenting experience

Easy to use

We’ve covered changing one’s virtual location. But sometimes the opposite is needed: some services block access from foreign IP addresses. In this case a VPN can get in the way, meaning you have to keep turning it on and off. This is inconvenient (and annoying), but, perhaps more importantly, you might not always remember to switch it back on — leaving your internet traffic exposed.

Kaspersky VPN Secure Connection handles this problem with split tunneling. This feature allows Windows users to create two groups of applications: one group’s traffic is sent through a secure connection using the IP address of your chosen VPN server, while the second group’s traffic uses your actual IP address bypassing the VPN tunnel.

Split tunneling allows you to select which apps use VPN connection and which bypass it

This does away with the need to constantly turn the secure connection on and off. You just need to configure everything correctly once, and that’s it. For example, you can set up a VPN for one browser, allowing you to open websites from behind a foreign IP. And you can use another browser without a VPN for opening websites that work only with local addresses. Current versions of popular browsers have been tested and are all compatible with this feature of Kaspersky VPN Secure Connection.

Another handy feature: Kaspersky VPN Secure Connection can now establish a secure connection directly from your Wi-Fi router using the built-in OpenVPN client. This lets you protect all internet traffic from all devices in your home network in one go.

Transparency means trust

If you have a VPN, most of your internet traffic goes through it. This logically gives rise to several questions: what data do developers have about you? How do they collect it? Where is it stored, and who do they share it with? In the case of Kaspersky VPN Secure Connection, everything is clear and transparent.

Kaspersky VPN neither stores nor shares with third parties data on users’ online activity, names, e-mail addresses, or out-of-session IP address information. Detailed information on how the service responds to data requests from governments and law enforcement agencies can be found here.

There are still both Free and Unlimited versions

There’s a lot that’s new in Kaspersky VPN Secure Connection, but the availability of both our free and paid versions remains unchanged. Users of the paid version get access to a whole variety of features, including unlimited VPN traffic, the choice of any location in the list, the Kill Switch feature, and much more.

The free version provides a slightly more modest feature set, a limited amount of encrypted traffic (200 MB per day per device), and only one location available for connection by default.

Nevertheless, whether you use the paid or free version, your data won’t be recorded anywhere or shared with third parties, and the connection will be protected by the trusty AES-256 encryption algorithm.