Our Kaspersky Standard security solution was named Product of the Year 2023 after in-depth testing by AV-Comparatives

What does “Product of the Year” actually mean?

The tests were carried out on our basic security solution for home users — Kaspersky Standard — but its outstanding results apply equally to all our endpoint products. The reason is simple: all our solutions use the same detection and protection technologies stack that was thoroughly tested by AV-Comparatives.

Thus, this top award, Product of the Year 2023, applies equally to our more advanced home protection solutions — Kaspersky Plus and Kaspersky Premium — and also our business products, such as Kaspersky Endpoint Security for Business and Kaspersky Small Office Security.

So what does it take to earn the coveted Product of the Year title?

A security solution needs to take part in seven tests throughout the year and consistently achieve the highest Advanced+ score in each of them. These tests examine the quality of protection against common threats and targeted attacks, resistance to false positives, and the impact on overall system performance. This golden triad of metrics forms the basis of a comprehensive evaluation of security solution performance.

That the testing is continuous over the course of a year is important since malware developers hardly sit around twiddling their thumbs — new threats emerge all the time, and existing ones evolve with breathtaking speed. Consequently, security solution developers must keep moving forward at the same pace. That’s why assessing performance at a single point in time is misleading — to get a true picture of a solution’s effectiveness requires extensive and repeated testing all year long. Which is precisely what AV-Comparatives does.

AV-Comparatives examined 16 security solutions from the largest vendors in its tests. Winning such a significant contest clearly demonstrates the highest level of protection provided by our products.

The seven rounds of tests — some of which individually lasted several months — that our protection took part in to eventually win the Product of the Year award were the following:

1. March 2023: Malware Protection Test spring series
2. April 2023: Performance Test spring series
3. February–May 2023: Real-World Protection Test first series
4. September 2023: Malware Protection Test autumn series
5. September–October 2023: Advanced Threat Protection Test
6. October 2023: Performance Test autumn series
7. July–October 2023: Real-World Protection Test second series

To earn AV-Comparatives’ Product of the Year title, a security solution needs to get the highest score in each stage of testing. And our product rose to the challenge: in each of the tests listed above, Kaspersky Standard scooped the top score — Advanced+.

The Product of the Year award went to Kaspersky Standard based on top marks in all seven of a series of AV-Comparatives’ tests in 2023

How AV-Comparatives tests security solutions

Now for a closer look at AV-Comparatives’ testing methodology. The different tests evaluate the different capabilities of the security solutions taking part.

Malware Protection Test

This test examines the solution’s ability to detect prevalent malware. In the first phase of the test, malicious files (AV-Comparatives uses just over 10,000 malware samples) are written to the drive of the test computer, after which they’re scanned by the tested security solution — at first offline, without internet access, and then online. Any malicious files that were missed by the protective solution during static scanning are then run. If the product fails to prevent or reverse all the malware’s actions within a certain time, the threat is considered to have been missed. Based on the number of threats missed, AV-Comparatives assigns a protection score to the solution.

Also during this test, the security solutions are evaluated for false positives. High-quality protection shouldn’t mistakenly flag clean applications or safe activities. After all, if one cries wolf too often, the user will begin to ignore the warnings, and sooner or later malware will strike. Not to mention that false alarms are extremely annoying.

The final score is based on these two metrics. An Advanced+ score means reliable protection with a minimum of false positives.

Real-World Protection Test

This test focuses on protection against the most current web-hosted threats at the time of testing. Malware (both malicious files and web exploits) is out there on the internet, and the solutions being tested can deploy their whole arsenals of built-in security technologies to detect the threats. Detection and blocking of a threat with subsequent rollback of all changes can occur at any stage: when opening a dangerous link, when downloading and saving a malicious file, or when the malware is already running. In any of these cases, the solution is marked a success.

As before, both the number of missed threats and also the number of false positives are taken into account for the final score. Advanced+ is awarded to products that minimize both these metrics.

Advanced Threat Protection Test

This test assesses the ability of the solution to withstand targeted attacks. To this end, AV-Comparatives designs and launches 15 attacks to simulate real-world ones, using diverse tools, tactics and techniques, with various initial conditions and along different vectors.

A test for false positives is also carried out. This checks whether the solution blocks any potentially risky, but not necessarily dangerous, activity (such as opening email attachments), which increases the level of protection at the expense of user convenience and productivity.

Performance Test

Another critical aspect of a security solution’s evaluation is its impact on system performance. Here, the lab engineers emulate a number of typical user scenarios to evaluate how the solution under test affects their run time. The list of scenarios includes:

• Copying and recopying files
• Archiving and unpacking files
• Installing and uninstalling programs
• Starting and restarting programs
• Downloading files from the internet
• Web browsing

Additionally, system-performance drops are measured against the PCMark 10 benchmark.

Based on these measurements, AV-Comparatives calculates the total impact of each solution on system performance (the lower this metric, the better), then applies a statistical model to assign a final score to the products: Advanced+, Advanced, Standard, Tested, Not passed. Naturally, Advanced+ means minimal impact on computer performance.

What other AV-Comparatives awards did Kaspersky pick up in 2023?

Besides Kaspersky Standard being named Product of the Year, our products received several other important awards based on AV-Comparatives’ tests in 2023:

• Real World Protection 2023 Silver
• Malware Protection 2023 Silver
• Advanced Threat Protection Consumer 2023 Silver
• Best Overall Speed 2023 Bronze
• Lowest False Positives 2023 Bronze
• Certified Advanced Threat Protection 2023
• Strategic Leader 2023 for Endpoint Prevention and Response Test 2023
• Approved Enterprise Business Security 2023

We have a long-standing commitment to using independent research by recognized test labs to impartially assess the quality of our solutions and address identified weaknesses when upgrading our technologies. For 20 years now, the independent test lab AV-Comparatives has been putting our solutions through their paces, confirming time and again our quality of protection and conferring a multitude of awards.

Throughout the whole two decades, we’ve received the highest Product of the Year award seven times; no other vendor of security solutions has had such a number of victories. And if we add to this all the Outstanding Product and Top Rated awards we’ve also received over the years, it turns out that Kaspersky security solutions have received top recognitions from AV-Comparatives’ experts a full 16 times in 20 years!

Besides this, AV-Comparatives has also awarded us:

• 57 Gold, Silver, and Bronze awards in a variety of specialized tests
• Two consecutive Strategic Leader awards in 2022 and 2023, for high results in protection against targeted attacks by the Kaspersky EDR Expert solution
• Confirmation of 100% anti-tampering protection (Anti-Tampering Test 2023)
• Confirmation of 100% protection against LSASS attacks (LSASS Credential Dumping Test 2022)
• Confirmation of top-quality Network Array Storage protection (Test of AV solution for Storage)
• and numerous other awards

Learn more about the awards we’ve received, and check out our performance dynamics in independent tests from year to year by visiting our TOP 3 Metrics page.

1. Delete unnecessary files

Let’s start with the basics: deleting files you no longer need. This stage might seem easy, but it can actually take a while — simply because we all have an awful lot of files. So, it’s important not to get overwhelmed by the task. Try breaking it down into small steps, for example, deleting 10, 20 or 50 files each day — or even several times a day.

The main places to look for junk files are:

• The desktop. An obvious candidate for where to begin your digital cleanup. Once you’ve cleared your desktop of ancient shortcuts and files, you’ll not only have more storage space, but should also gain a sense of order, which may boost your productivity, lift your spirits, and help you tackle the next steps of your digital cleanup!
• The “Old Desktop” folder. Most likely, you have such a folder somewhere on your computer’s SSD (or something similar, like “Old Disk Drive” or “Old Computer Files”). And inside it, there’s often another “Old Desktop”, and within that, another, and so on. It may seem daunting, but time has come to finally deal with this abyss of nested directories.

Get rid of the Old Desktop nested folders

• The downloads folder. Ancient documents, installation files from long-deleted programs, saved images dating back a decade, and other digital relics — chances are you no longer need them and can simply delete them all. And, don’t forget to clean the downloads folder not only on your computer but also on your smartphone (and on your tablet if you have one).
• Your smartphone’s photo gallery. If you delete all duplicate photos, screenshots taken for unclear reasons, and videos your pocket decided to take all on its own, you might find you can postpone buying a new smartphone with more memory for another year or two. Special apps come to the rescue here, seeking either exact duplicates or similar files — for example, a series of identical shots, of which you only need to keep one or two. Look for them in app stores using the keyword “duplicate”.
• Your cloud storage. This similar to the Old Desktop folder, but in the cloud. Sure, you can pay for extra disk space and accumulate files for a few more years. But might it be better to just get rid of them?
• Large files and duplicates on your computer. If you need to quickly free up space on your hard drive/SSD, the easiest way is to either delete a few large-sized files or get rid of identical files, thoughtfully scattered across different folders. To automatically search for large files, you can use the Large Files feature on the Performance tab of the Kaspersky app. By specifying the minimum size and search area — the entire computer or selected folders — in a few minutes you’ll receive a complete list of files whose size exceeds the limit. Then, you can choose to delete them either in bulk or individually.

Also on the Performance tab, you can find and remove duplicate files. Used together, these features (available in Kaspersky Standard, Kaspersky Plus and Kaspersky Premium subscriptions) might save you from having to buy a new hard drive or SSD.

Once you’ve finished removing unnecessary files, don’t forget to empty the Recycle Bin — or the “Deleted photos” folder, if it’s your smartphone’s photo gallery.

2. Clean up your email and messengers

The next important stage in your digital cleanup is to sort out your email and messaging apps. This will reduce the amount of space your correspondence takes up and, most importantly, improve your experience of using your email and messengers. What to do first?

• Get rid of unread messages. Those scary numbers in red circles hovering above your messenger app icons can really get on your nerves and prevent you from dealing with new incoming messages on time. This could cause you to overlook something important, get your priorities wrong, miss a deadline or meeting, and so on. Like cleaning up files, sorting through unread emails and messages can take some time. That’s why a steady, systematic approach works best here: try to break the process up into small steps. And aim to always have fewer unread items at the end of each day — sooner or later, you’ll hit zero.

Looks familiar? Help yourself: try to gradually sort out all your unreads

• Unsubscribe from unnecessary email newsletters and messenger channels. This step can help you with the previous task, too. Weeding out unneeded information feeds will reduce the number of new unread items, so you can reach that golden zero even faster. You need to be decisive here: instead of simply ignoring another uninteresting message or email, unsubscribe immediately.
• Delete old messenger chats. Correspondence with a realtor about the apartment you moved out of three years ago, communication with couriers, and other similar priceless messages will some day form the basis of your memoirs. Just kidding, of course: delete all of it without hesitation.
• Delete emails with large attachments. Is your email provider sending you annoying messages telling you you’re about to run out of storage space? The easiest way to quickly clean up your inbox is to delete old emails with large attachments. Most providers and email programs allow you to find them without much difficulty. It’s easiest with Gmail — to find all emails bigger than 10 megabytes, just enter “size:10000000” in the search bar.

The easiest way to quickly clean up your inbox: find and delete all large emails

• Clear out the spam folder. Individual spam emails typically don’t take up much space. But if you haven’t checked your spam folder in a while, you might have accumulated a ton of messages. Deleting them will push you away from your mailbox limit even further.

3. Close old tabs

Now it’s time to deal with the program we all use the most: your browser. Old tabs left open for months, if not years, not only eat through your device’s memory, but also make it difficult to find the relevant information you actually need. Moreover, an abundance of tabs can pose a serious obstacle to updating the browser — which, by the way, is one of the most important digital hygiene procedures there is.

So try to get rid of unnecessary tabs in all the browsers you use — including on your smartphone. There are two approaches here: either act quickly and decisively, ruthlessly closing all tabs without concern for what they contain; or do it gradually and cautiously, closing tabs in batches of 10–20 at a time and checking along the way if there’s anything important among them. You can add the ones you actually need to bookmarks or tab groups.

Close all unnecessary tabs in your browser — it’ll be easier to find important ones

And while we’re still on about the browser, also clear its cache. If you haven’t done this before, you’ll be surprised at how much space it takes up. Also, it’s a good idea to review all the extensions installed in your browser: if you’re not using something, now’s the perfect time to remove it.

4. Cancel unnecessary subscriptions

Almost every online service nowadays offers some type of paid subscription — if not several. And these subscriptions can start to pile up beyond all reasonable limits. How much does it all cost? Who knows?! Seriously, people often have no idea about how much they pay for all their digital subscriptions, typically underestimating the total expenses several times compared to reality.

So not only does canceling unnecessary subscriptions bring immediate financial benefit — but this benefit is probably greater than you imagine. On the other hand, the task isn’t that simple: you need to remember all your subscriptions, gather and organize information about them, sort out what’s what — and only then will you understand what you should unsubscribe from. There also might be family subscriptions, with duplicates on the various devices of your family members.

The good news is that there’s a special app for managing subscriptions: SubsCrab. It can organize information about all your subscriptions, calculate monthly expenses, show you a handy schedule and warn you about payment days in advance, tell you what needs to be done to cancel a particular subscription, and even propose alternative subscription options or promo codes and discounts for renewals.

The SubsСrab app will help sort out paid subscriptions and cancel unnecessary ones

5. Remove unused applications

You probably have apps on your smartphone that you haven’t used in over a year. Or maybe even ones you’ve never opened at all. Not only do they take up your device’s memory, but they can also slowly consume internet traffic and battery power and, most importantly, they clog up your interface and may continue to collect data about your smartphone — and you.

It’s time to finally get rid of them! If you delete at least one unused app a day, within a month or so they’ll all be gone, and order will be restored on your smartphone’s home screen.

However, there is a way to immediately detect all unnecessary apps — both on Windows computers and Android smartphones — with the help of the Unused Apps feature included in Kaspersky Standard, Kaspersky Plus and Kaspersky Premium subscriptions. It will show you the apps you rarely use and allow you to delete them all in one fell swoop.

There are some protected Android apps which are impossible to uninstall, even if you don’t need them at all — all due to the whim of the smartphone manufacturer. These may include a proprietary browser or an unused social network client. However, there are special methods to uninstall such apps, which we’ve covered in detail in this comprehensive guide.

6. Turn off unnecessary notifications

One of the main obstacles to digital peace of mind can be the endless stream of notifications flowing from almost every app these days — whether it’s a fitness tracker or a calculator. But, fortunately, we’re not at the mercy of our phones in this case. So go through the list of apps that are allowed to send notifications and thin it out.

Notification settings and Focus mode in Android

There are two possible solutions here. The first one is radical: disable notifications for all apps except the most essential ones — banking apps, work tools, and messengers. The second is moderate: identify apps that blatantly abuse notifications — firing them out for no good reason — and disable these pests.

It’s also helpful to disable notifications in messengers for less important contacts, channels, and chats. Also, take a closer look at the focus mode settings. They’re available in all modern operating systems — such as Android, iOS/iPadOS, Windows and macOS — and allow you to limit the number of notifications and other digital noise for a set period.

Notification settings and Focus mode in iOS

Also, don’t forget that these days it’s not just apps sending notifications; many websites use browser-integrated notification systems for this purpose, too. So make sure to disable all unnecessary notifications there as well. By the way, we have a separate guide on how to stop browsers from bothering you with trivial stuff.

7. Delete unused accounts

Accounts with online services — even the less important ones — always pose a potential risk. If an account gets hacked, it could be used for fraud, laundering stolen goods, attacks on other users, and more — and all in your name. And if a bank card is linked to such an account, there could be damaging consequences.

It’s therefore best not to leave your accounts to fate: if you no longer need a particular account, it’s wise to delete it. This part of the cleanup might be especially challenging: first, you’ll need to recall which accounts you’ve created, then remember your login credentials, and only then can you delete them. But it’s really worth doing!

To avoid getting overwhelmed, try deleting at least one unnecessary account per week. And while we’re at it, I recommend adding all your accounts to a password manager. That way, they’ll all be in one place, their passwords will be securely stored, and you’ll be able to log in with just a few clicks — so the next time you’re cleaning up, it won’t be such a hassle.

Plus, if any of the services you use is compromised, you’ll receive a notification from the password manager and can promptly take action — either by changing the password or by deleting the account.

8. Change unsafe passwords

If you enter your account details into Kaspersky Password Manager, the application shows you any passwords that might be unsafe, either due to data breaches, or because you use these passwords across multiple accounts at once.

Kaspersky Password Manager tells you which passwords are unsafe and need to be changed

The danger of the first scenario — when a password has already been compromised — goes without saying: if malicious actors know your password, the security of the corresponding account is directly threatened.

As for using the same password for different platforms, the risk here is that if one of these services is breached and attackers find out the password, they’ll certainly try to use it to access other accounts — a technique known as credential stuffing. Thus, using the same password everywhere puts you at risk of having multiple accounts hijacked at once — most unpleasant.

Unsafe passwords need to be changed, and the sooner the better. Passwords that have already been compromised should be replaced immediately. When changing passwords that you’re using in multiple places, you can afford to take the process step-by-step, editing a couple of accounts at a time.

By the way, Kaspersky Password Manager helps you create truly secure and unique character combinations using a random password generator (so you don’t have to come up with new complex passwords yourself), and stores them safely in encrypted form — synchronizing passwords across all your devices. The only password you’ll need to remember in this case is the main password for Kaspersky Password Manager: it encrypts the entire password database and isn’t stored anywhere except in your head.

And to streamline all these digital cleanup processes, we recommend using Kaspersky Premium, which includes comprehensive protection, productivity enhancement tools, a password manager, and many other features necessary for effective digital housekeeping across all your family’s devices.

Can’t spare the time for this seasonal ritual? Digital gifts could be the solution. This post talks about the benefits of doing so — with tips on the best options.

Six reasons to go digital

Let’s take a look at six good reasons why digital gifts are increasingly popular, and why they could be a great choice for you this Christmas and New Year.

1. You can give remotely. You won’t have time to see everyone in the flesh, but you still want to give something special and/or useful. Some folks you might not even especially want to see in person, but for whatever reason they still need a present. No problem: you can send them a digital gift even if they live at the South Pole.
2. No need to wait in line. An obvious advantage of digital gifts is that they are, by definition, sold online. So you don’t have to brave the endless traffic jams and waiting lines with the other pre-holiday masochists. You can sit at home in a comfy armchair, sip hot tea, and order everything in a few clicks.
3. Always in stock. Sure, you can try to order something physical from an online store, but the closer you are to Christmas and New Year, the more likely it is that all the good stuff has sold out. This isn’t an issue with digital gifts: the supply is endless, so there’s something for everyone.
4. Instant (and free!) delivery. Another problem with pre-holiday online shopping for physical purchases is delivery. If you don’t sort out gifts in advance, chances are they won’t arrive in time. No such hassle with digital gifts: they get delivered in milliseconds. Beat that, Santa.
5. Environmentally friendly. Let’s be honest: the Christmas and New Year tradition of gift-giving is not all that great for the environment. Millions of Christmas reindeer sweaters to be worn a couple of times (if at all) — and squillions of pairs of “funny” socks that go straight in the trash — do not help save the planet. Again, no such problem with digital gifts. Even if the gift wasn’t a hit, it’s okay: no need to recycle it.
6. Can be very last-minute. Christmas is tomorrow (yikes!), and you’ve forgotten to buy someone a present or couldn’t get to the store before closing time? A digital gift will save the day! As mentioned, it’s ready in milliseconds after clicking or tapping that Pay button. So you can buy and give in real time.

Top-5 digital gifts for Christmas and New Year

Now that we’ve established why digital presents are good, let’s talk about what those digital presents can be.

1. Movies. Blockbusters, documentaries, sporting events, TV shows, educational videos, cartoons, yoga classes — these days just about everyone, young and old, eats a slice of digital video content on a daily basis. So a subscription to an online movie theater or streaming service is an excellent gift that can’t fail to raise a smile.
2. Music. Digital music is another gift you can’t go wrong with. Sure, you might not know exactly which album or artist to pick, but there’s no need! Just gift a subscription to a digital music service, and the lucky recipient can listen to whatever they want.
3. Games. Although not everyone would describe themselves as a gamer, that same everyone likely plays games. It’s just that some do it on a souped-up computer brimming with all the bells and whistles, while others opt for a regular laptop, tablet, or smartphone. Therefore, a subscription or gift card to a gaming platform or app store could be just the ticket. By the way, gaming stores often have wishlists where you can see what someone wants to play and make that a gift.
4. E-books. In the 20^th century, it was often said that books make the best gifts. But in the 21^st , you can give not just one book, but an entire library — and there’s no need to break the bank in doing so. So the best gift for an e-bookworm is a subscription to an online library.
5. Digital life protection. All our devices, and especially the valuable data they hold, need to be protected. There a several gift options here: for example, a subscription to a quick and reliable VPN, or to a secure password manager. Or you can give all this (and more) in one — with a subscription to our Kaspersky Premium.

But this convenience has a downside: our digital finances are vulnerable to digital crimes. Then again, that’s only true if you neglect protecting your online finances from cybercriminals. This post takes a look at how Kaspersky technologies and products secure your digital money, and thus your financial well-being.

1. Password Manager

The backbone of all account security — and financial services are no exception — is, of course, your password. The weaker it is, the greater the chances of a successful hack on your account in some online store or payment system where you enter card details.

It’s just as dangerous to use the same password for different online services. If you do, then if there’s a password leak on one of them (all too common, sadly), your accounts with other services will be compromised as well. Hackers are well aware that many people use the same character combinations on multiple sites, so they often use leaked passwords to try to log in to other resources, a technique known as credential stuffing. And naturally, their focus tends to be on money-related services.

Using Kaspersky Password Manager radically improves password security and to keep your financial accounts safe. Our app generates unique, maximum-security passwords for every service you use, stores them safely so there’s no need to remember them, and even warns you about leaks. Incidentally, the latest update of Kaspersky Password Manager has added the ability to generate one-time codes for two-factor authentication. And you get it for free with Kaspersky Plus and Kaspersky Premium subscriptions.

2. Safe Money

Safe Money was designed specifically for enabling secure financial transactions and online purchases. To protect important payment data entered on the websites of banks, payment systems, and online stores — including bank card numbers and passwords — our solution prompts you to open such sites in our Protected Browser.

In this special mode, your confidential data is protected to the max. And if a site seems fishy in any way at all, Protected Browser warns you with a notification and a change of the frame color from safe green to yellow.

With Safe Money, you can do online shopping and banking safely in the knowledge that both your money and personal data are fully protected. This feature is included in all our paid subscriptions:Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium.

3. File Anti-Virus

Of course, one of the central components of our multi-layered financial protection is good old Anti-Virus. This is what protects your money from the most dangerous threat: malware, in particular, so-called stealers, which, after infecting the target device, look for passwords and private keys to cryptocurrency wallets stored on it, then send them straight to the cyberthieves.

Another common threat directly related to finances that File Anti-Virus guards against is banking Trojans. These are viruses that overlay a banking app’s interface with its own and can’t only steal passwords but also intercept one-time confirmation codes, as well as substitute details and amounts of transfers and payments, allowing the cybercriminals to siphon off money.

These two threats alone are reason enough for you to install reliable protection on all devices you use for financial transactions. There are plenty of other dangers that Anti-Virus also protects against, such as ransomware Trojans and spyware to name just a couple.

4. Safe Browsing

Note that it might not be your computer or smartphone that’s infected with malware, but the server you’re interacting with. The first threat to worry about in this scenario would be online skimmers — malware that scammers install on hacked online stores in order to harvest customers’ bank card details.

Web skimmers have become very popular with cybercriminals of late — every year, tens of thousands of online stores are found to be infected with malware of this kind. Often, the owners of compromised stores are either unaware of the infection or take no action to neutralize a threat, so a web skimmer might remain active on an infected site for months. In practical terms, this means that even if you personally have been careful and your devices are all clean, you can still fall victim to cybercriminals simply by interacting with an infected website.

Fortunately, we also have a solution to protect you from web skimmers and other threats: Safe Browsing scans the pages loaded by your browser for malicious code and, if detected, warns you that the site is unsafe.

5. Anti-Phishing and Fraud Prevention

There’s no way we can skip over fake and fraudulent websites, which affect a huge number of internet users every year. These can be cloned sites mimicking banks, payment systems, crypto exchanges, or other financial services that trick visitors out of their credentials and then hijack their accounts.

They can also be online scams promising large payouts in exchange for a small commission, fake online stores with tempting prices that never deliver your purchase, or other types of online fraud.

The problem is that sites of this kind usually don’t directly contain any malicious code. To effectively protect against such threats, our experts work day and night to keep our database of phishing and fraudulent sites up to date. As a result, our solutions give you a heads-up in good time whenever danger is near.

1. Watch foreign sports or TV shows

A familiar situation for many sports fans: having moved abroad or simply gone on vacation, you find to your annoyance that your beloved football/soccer/baseball/cricket/rugby… team’s games aren’t broadcast on TV there. The same catastrophe befalls fans of domestic TV shows that aren’t popular abroad. This issue may be solved if you can subscribe to digital broadcasts of whatever matches or shows you like in your hometown, but in other regions that service is likely to be blocked. However, the good news is that Kaspersky VPN Secure Connection lets you watch what you paid for — wherever you are. To do this, when away, you need to select a VPN server in your home country and connect to it. That way you’ll be assigned a “native” IP address that will virtually teleport you home. You just need to make sure that both your local internet connection and VPN are up to it speed-wise. For fast VPN secrets, see the end of this post.

2. Bypass bandwidth throttling

In mobile networks, public places, and sometimes even home connections, ISPs limit communication speed, which is known as bandwidth throttling. You may notice this when visiting sites with videos or downloading large files: your internet runs much slower. This allows ISPs to save bandwidth and reduce the load on the network, but it also restricts your rights. Thanks to Kaspersky VPN Secure Connection, which encrypts your traffic, providers and other third parties can’t see exactly what you do online or what sites you visit, and so they cannot throttle your bandwidth – however, if your ISP slows down all activities for all subscribers (blanket throttling), there’s no escape.

3. Play in the region of preference

Servers of many multiplayer games are distributed all over the world. Connecting from a certain region, you will play on the nearest server. This is done to minimize lag for all players, unite players from the same time zone, and lessen the language barrier in game chats. But this approach can cause issues too: for example, you might play at an “unsociable” hour, which means few suitable gaming partners on the nearest servers, or your team has settled on a very specific game server. Going online through Kaspersky VPN Secure Connection in the desired region guarantees a connection to the best server for your needs. Of course, VPN speed is critical here to ensure low lag and fast data exchange, so slow VPNs and VPN protocols are a big no-no for gamers — which is why we especially recommend that gamers use our VPN, recognized for high speeds in independent tests.

On game consoles, setting up a VPN can be tricky, so console owners find it easier to set up VPN directly on the router — more on this at the end of the post.

4. Sidestep price policies

In many stores and service organizations, the price for the same goods and services differs significantly from country to country due to variances in pricing policies or simply different sales schedules. At the time of posting, Black Friday and Singles’ Day (11.11) are on the horizon, to name just a couple of shop fests. You can cash in on seasonal offers and save money by connecting to a VPN server in the desired country and thus changing your IP address. That done, logging into the regional versions of online stores, you’ll see local promotions and enjoy the best discounts.

To take full advantage of this, your VPN service should offer a wide variety of servers in different countries. For example, our VPN has more than a hundred of these, including in such exotic locations as Bangladesh, Liechtenstein, and Malaysia. With such a wide selection, finding the right server in the list can be tough, which is why the latest version of Kaspersky VPN Secure Connection lets you add servers to a Favorites tab and quickly select the one you need.

5. Shop with peace of mind

Public networks — be it Wi-Fi at an airport, hotel, cafe, train, or bus — pose a number of risks to your devices. Among them are: third-party ads on websites; data harvesting of your online activities; the already mentioned slowdown when watching videos; and potential interception of payment information and passwords. It’s a real stinger to pay for extra baggage or window seats on your phone, only to see unexpected debits from your account after landing, right?

Over an encrypted VPN channel, none of that can happen. Nearby cybercriminals, cafe owners, and unscrupulous Wi-Fi providers can neither see nor intercept your online activity.

What’s more, our VPN can be configured to automatically turn the VPN on when connecting to unprotected Wi-Fi networks, plus you can customize the VPN settings for each Wi-Fi access point saved on your device individually. This makes it easy to configure which Wi-Fi networks need VPN protection, keeping you safe at all times.

And one other thing: if the VPN connection drops, Kaspersky VPN can automatically block all your network traffic until reconnection, ensuring your data doesn’t leak to an unsecured network.

6. Open geo-blocked websites

For both legal and security reasons, some sites choose to shut out connections from other countries. For example, many online stores aren’t accessible in countries they don’t ship goods to. The same goes for many municipal or government services provided online — access from abroad isn’t possible. If you need to use such sites, you need to point your VPN to a server in the respective country.

7. Open websites despite blocking

The opposite scenario to geo-blocking is when you arrive in a country where, say, Google or Instagram is blocked. By connecting to a VPN server in another country, you can continue to use your usual accounts and services.

Geo-blocking often creates the nuisance of having to constantly turn your VPN on and off to access certain sites or use certain apps. Kaspersky VPN Secure Connection comes in handy here, too. By configuring rules for Smart Protection (on Android only) and Split Tunneling (on Android, Windows and macOS), you can forget about the need to keep toggling the VPN: it will activate automatically for selected apps, sites, or site categories (such as payment systems, banking sites, or online stores) or bypass VPN for apps added to the exceptions list.

What makes Kaspersky VPN the fastest?

Gaming, watching videos, downloading large files, and even conference calling all require a lightning-quick VPN connection with minimal latency and high data-transfer rates. Besides a fast enough internet connection, this requires three other jigsaw pieces: a high-performance VPN server with a strong communication channel; a sufficiently powerful client (your phone, computer, or router); and an optimized communication protocol between these two pieces.

To make our VPN the undisputed speed champion (it outperformed all six of the other VPNs in an independent test), we use the fastest servers (10 Gbps) and connect to them over the most powerful protocols: Catapult Hydra and WireGuard. According to our internal tests, Catapult Hydra is five to seven times faster than the common OpenVPN protocol in terms of connection speed and ensures exceptional privacy protection without data leaks.

Where and how to use VPN?

You can install a VPN on your smartphone, computer, tablet, and sometimes even your TV or game console. Most routers also support a VPN connection, giving you the benefits of a VPN across your entire home network all at once. Which of these scenarios is better?

For travel and business trips, setting up a VPN on your phone and laptop is a priority. If gaming or online bargain hunting is your thing, it’s best to install a VPN on your Windows or Mac computer.

For TVs, game consoles, and simultaneous VPN use on multiple devices, the encrypted channel is best deployed directly on the router. Our VPN supports the ability to connect routers using the WireGuard and OpenVPN protocols: the former delivers maximum speed even on relatively weak router models; the latter provides maximum compatibility even with older models. Simply go to the VPN section on the My Kaspersky portal, and under VPN for routers, create a configuration file by selecting the protocol and server in the desired country. Then upload it to your router’s control panel — and every device in your home network will automatically enjoy all the benefits of VPN.

Where to find the best VPN deal?

You can get Kaspersky VPN Secure Connection either as a standalone product or as part of a Kaspersky Plus or Kaspersky Premium subscription. Besides super-fast VPN, your subscription comes with full protection for all devices — both computers and smartphones.

Fine print

Some countries prohibit the use of VPN as a technology, while others ban specific VPN usage. In addition, the license agreements of various online services explicitly prohibit the use of VPNs to bypass their regional restrictions. You should research the legal position in your specific case before opting for a VPN.

Almost everyone underestimates their subscription costs. According to this fascinating survey, the average American thinks they spend US$86 per month on subscriptions, when the real figure is a whopping US$219! And besides online, there are other recurring payments: mortgages, loans, utility bills, public transport, gym memberships and the like, all of which need to be budgeted so you don’t suddenly find yourself broke.

Monthly subscription costs: expectation versus reality. (Source)

As trite as it sounds, how to save money couldn’t be simpler: cancel subscriptions you don’t use. No less than 42% of respondents admitted to having stopped using an app or service and then forgetting to stop paying for it. Even active subscriptions, renewed for years without change, become less economical over time: by changing your plan to a newer one, applying a promo code, or looking at competitors, you can save a lot.

But more often there’s another problem: 74% of users forget when payment is due. If the subscription auto-renews, it can burn a large hole in your pocket. If you pay manually, forgetting could result in termination of the service. And that can spell trouble if it’s your phone or something equally important.

Free trial

Another common way to accidentally fork out is by subscribing to apps and services that offer a free trial period. The service takes your card number on sign-up, but doesn’t charge you. After a week, month or whatever length of trial period, the first payment falls due. If during this time you decide the service is not for you, what are the chances you forget to go into the settings and cancel the subscription? As practice shows — very high. Such user forgetfulness is now being exploited by less-than-squeaky-clean developers who sell apps on the App Store and Google Play with exorbitant monthly fees (for example, US$90 per month for a regular calculator!). Such apps are known as fleeceware.

How to manage subscriptions properly

To get the most out of your subscriptions, plan your outlays carefully, never pay for unnecessary services, and follow a few simple rules:

1. Make a general list of subscriptions so you know exactly what, when and how much you’re paying.
2. Update the list as soon as you subscribe to a new service. Bear in mind that renewing a subscription may be cheaper or more expensive than the first payment — check the small print!
3. Check the list on a regular basis (say, monthly) to plan your spending for the coming month.
4. Checking regularly will help you remember to cancel subscriptions you don’t wish to renew. Note that to cancel a subscription it’s usually not enough to simply uninstall the app — you need to go to your personal account or to a special subsection of the App Store/Google Play to cancel it.
5. Keep an eye out for sales and promotions, such as Black Friday. They often give discounts on subscription renewals.

Despite their outward simplicity, all these tips have one major drawback: they require a high level of self-discipline and attentiveness. They involve record-keeping and list-updating, and not everyone will have the time or inclination. But there is an easier, more convenient way — in the shape of a specialized subscription management service. Speaking of which, Kaspersky Product Studio recently released such an app, called SubsCrab.

SubsCrab helps you manage subscriptions and save money

SubsCrab makes it easy to keep a list of subscriptions, remember when and how much to pay, and find ways to economize.

A single glance at the SubsCrab home screen will provide all subscription details for the current month, as well as monthly outlays, due dates, and the cost of each subscription

You can add all your subscriptions to the app in one of two ways:

• Manually. You yourself select subscriptions from a long list of paid services and payment plans. There are already more than 4000 subscription services and 11,000 related plans in the database.
• Mailbox scan. The app searches your mailbox for emails from all known services, and automatically determines the plan and payment date. Email data is not sent anywhere; all processing takes place on your smartphone.

Adding a new subscription to SubsCrab couldn’t be simpler

Future app updates will add two more methods:

• Bank statement scan. This feature will only work in the U.S. and some EU countries using the Open Bank API, which is supported by around 15,000 banks. As with email scanning, subscriptions will be searched for locally, and no transaction data will leave your smartphone.
• Screenshot scan of subscription page in the App Store or Google Play.

Thereby, the app also makes it easy to add new subscriptions as soon as they appear.

When all your subscriptions are in SubsCrab, the app will remind you about upcoming payments, show your total spending for the selected month or year, and help with general budget planning.

Never miss a payment with SubsCrab Push notifications

Click or tap on any subscription and you’ll see its current settings, but it’s the bottom of the card that’s the really interesting part. That’s where discount promo codes get published, plus a list of alternative services that do the same job. If you want to cut costs, you can try switching to one of these competitor services or find out how to unsubscribe.

Cards are a handy source of subscription details, alternatives, and promo codes

It might sound odd, but SubsCrab itself is a subscription service. The free version lets you manually enter subscriptions from the database, choose alternative services, and get reminders and statistics.

The paid version of SubsCrab can automatically find subscriptions in your mailbox, as well as maintain and analyze multiple subscription lists — for different family members or different tasks (entertainment, work, health, etc.); only this version gives you access to promo codes for tasty discounts on your favorite subscriptions.

And if all this helps you cut costs and take control of hundreds, perhaps thousands of dollars you spend annually and unaccountably on subscriptions, the juice is worth the squeeze.

What’s an authenticator?

On this blog, we focus quite a bit on 2FA — app-generated one-time codes in particular. Over the past couple of years, we’ve posted a whole series of materials on this topic, the most important of which make for highly recommended reading:

• What is multi-factor authentication?
• Types of two-factor authentication: pros and cons
• Is Google Authenticator irreplaceable?
• Authentication with one-time codes: pros and cons
• The best authenticator apps for Android, iOS, Windows, and macOS

In a nutshell, you need 2FA to better protect your accounts, so we recommend enabling it on all services that support it. In our view, one-off codes generated in special authenticator apps strike the best balance between security and usability. Such a code must be entered after the regular password, and because it’s valid for a limited time (usually no more than 30 seconds), it’s extremely difficult to intercept.

The 2FA method is both quick and smooth, provides a high level of protection, and requires no additional input or time investment on the part of the user. Before, 2FA meant having an authenticator app on your device — either Google Authenticator or any other that suits you. Now, however, there’s no need to install an additional app: you can generate codes right inside Kaspersky Password Manager, where your passwords are already stored securely. Let’s take a look at the advantages of our built-in authenticator.

1. Familiar interface with cross-platform convenience

Kaspersky Password Manager generates one-time codes in a familiar user-friendly way: in the special Authenticator section is a list of tokens with names and short descriptions, next to which one-time codes appear and a time counter ticks away until the next update of these codes. That’s similar to how it works in other apps, so you’ll have no trouble switching to Kaspersky Password Manager if you already use another authenticator. That’s an obvious advantage, but far from the only one.

A massive plus compared to other authenticators is that Kaspersky Password Manager gives you a universal, cross-platform, all-in-one solution — the app stores your passwords and generates one-time codes on whichever platform you prefer: computer or phone. Kaspersky Password Manager is available not only for Android and iOS, but also for macOS and Windows (support for 2FA code generation in Windows will be added in an upcoming update). The Windows version is especially important: if you’ve read our post about the best authenticator apps, you’ll have noticed that Windows is rather poorly served.

2. Synchronization and security

Next advantage: all Kaspersky Password Manager entries (passwords, notes, authenticator tokens, etc.) are automatically synchronized between all your devices. This allows you to generate an authentication code on any device you’re currently using.

Synchronization uses the cloud, of course, but with maximum security and convenience. For one thing, you don’t have to create an extra account — a My Kaspersky account is all that’s needed, which you already have if you use any of our products. And for another, all authentication tokens are securely protected by the main password, without which no intruder can use your passwords or authenticator — even if they do somehow get inside your My Kaspersky account.

3. Don’t have your smartphone to hand? No problem!

Users of other authenticator apps face the eternal nightmare of leaving behind or, worse, losing their smartphone: recovering authentication tokens is so difficult that we even wrote a special step-by-step guide for that. Now, because Kaspersky Password Manager securely stores your tokens (and with them all passwords) in encrypted form in the cloud, you can use the authenticator at any time on the device you’re using, as well as restore all data on a new device; all you have to remember is your main password.

4. Easy migration

Lastly, one other advantage of the built-in authenticator in Kaspersky Password Manager is quick and easy migration of all data from Google Authenticator. All you need to do is export all tokens from Google Authenticator to one large QR code in the usual way, then scan it in Kaspersky Password Manager — everything will work right away.

As far as we know, no other authenticator app makes it so easy to migrate data from Google Authenticator; the process usually involves lots of sweat and tears as you painstakingly recreate all your tokens one by one. But with Kaspersky Password Manager, four taps on the screen are literally all it takes.

What else can Kaspersky Password Manager do?

Let’s wrap up with a few words about some other useful features in Kaspersky Password Manager besides unbeatable password protection and the new built-in authenticator. This handy app can also:

• Autofill data in online forms — and not only usernames and passwords, but other information such as addresses and bank card details.
• Warn you if your password is too weak, was used before, or has been compromised in a known leak.
• Generate the strongest passwords possible based on customizable random character combinations.
• Securely store important documents, bank card details, and any other highly valuable information (for example, cryptowallet seed phrases).
• Encrypt all stored data with the robust AES-256 algorithm. The encryption key is created from the main password and is not stored anywhere, so without the main password it’s simply impossible to decrypt the contents of Kaspersky Password Manager.

Incidentally, the recent update of Kaspersky Password Manager added not only a built-in authenticator, but also support for Opera and Opera GX browsers. So now you can autofill passwords and other data in all the most popular browsers out there: Chrome (and others based on Chromium), Safari, Firefox, Edge, and now Opera.

And remember, the full version of Kaspersky Password Manager comes included in the Kaspersky Plus and Kaspersky Premium subscriptions, along with the most reliable protection possible, unlimited VPN, and a host of other useful features.

1. Password stealers

The core problem with storing passwords in browsers is that they sacrifice security for usability. This holds true for at least the three most popular browsers: Google Chrome, Mozilla Firefox, and Microsoft Edge, all of which store user passwords in a highly insecure way.

The reason is that all browsers store passwords in a very predictable place, in a folder whose path is no secret to anyone. And although the passwords themselves are encrypted, the encryption key is stored close by and readily accessible. Armed with this key, an attacker can decrypt and steal passwords. A farcical situation: the door appears to be securely locked, but the key is under the doormat, and the whole world knows it.

In fact, browsers use this state of affairs to compete with each other: to make it easier for users to switch, they often offer to import all saved data from the old browser, including stored passwords.

Any guesses who else is using this feature? That’s right. There is an entire class of malware (appropriately called password stealers) dedicated to credential theft. This malware sifts through folders known to contain browser-stored passwords, finds the key under the doormat, then decrypts the passwords and uploads the loot to the cybercriminals’ server. Later, these passwords are usually databased and sold in bulk on the dark web to other crooks who use them to hijack accounts (narrow specialization has long been the norm in the cybercriminal world).

To understand how easy it is to steal passwords stored in a browser, we recommend watching a demo video that clearly shows how to quickly extract passwords from Chrome, Firefox, and Edge using nothing more than a Python script.

Demonstration of how to extract passwords stored in Google Chrome, Mozilla Firefox, and Microsoft Edge. (Source)

2. Physical access to the computer

It’s not just specially trained malware that can get up to this sort of mischief, but anyone with physical access to your computer. And no sophisticated hacking skills are required – scripts for exfiltrating browser-stored passwords are readily available online. All that is required is to run them.

Even an overly curious relative or work colleague could do this if you leave your computer unlocked. Or a hacker visiting your office on a scouting mission. Basically, anyone. The important point is that all your passwords stored in the browser will end up in potentially hostile hands.

And even if the intruder doesn’t have the right script to extract passwords from the browser-saved file, they can scour the settings for the list of sites for which passwords are stored, and then log in to one of them to read your correspondence, for example, or find out other secrets about you.

The world’s most popular browser (Google Chrome, in case you didn’t know) doesn’t even have a basic mechanism to prevent such actions. And while the Firefox developers were good enough to let users protect saved passwords with a primary password, they left this option disabled by default. The primary password must be explicitly enabled and configured, and it is unlikely that many Firefox users even know about it.

3. Browser account hijacking

The following problem is common to all browsers that allow users, for their convenience, to create an account to synchronize browsers on different devices. This means that bookmarks, browser sessions, extensions, settings, as well as saved passwords are all synchronized and stored in the cloud. And if a hacker gets inside your browser account, all they have to do is log in on another computer using the same account. Then all your accounts whose passwords are stored in the browser – from social networks to online banks – are there for the taking.

Why a password manager beats a browser

Like browsers, Kaspersky Password Manager remembers your credentials and lets you auto-populate them when logging in to websites. But unlike browser developers, we don’t compromise on security. In our password manager, the primary password is used by default and cannot be disabled – all your saved passwords are protected at all times. So even if someone gains physical access to your computer, they will not be able to simply log in to sites using the credentials stored in the manager. To do that, they would need the primary password, which no one but you knows (unless you stuck it to your screen on a sticky note).

Another advantage of Kaspersky Password Manager is, of course, that all passwords are stored only in encrypted form. And, crucially, we don’t keep the decryption key “under a doormat”. The encryption key is generated on the fly using the AES-256 algorithm on the basis of the primary password, which allows us not to store it at all. Anywhere. Ever. So even if a stealer manages to get onto your computer, it won’t be able to steal anything – all your passwords are securely encrypted. Incidentally, if you use Kaspersky Password Manager as part of Kaspersky Premium, we won’t even let the malware in.

One last thing. Naturally, we use the cloud to synchronize passwords between devices – all your passwords are linked to your My Kaspersky account. But even if an intruder were to somehow gain access to this account, your passwords stored in Kaspersky Password Manager would still be perfectly safe. That’s because in the cloud they are stored exclusively in encrypted form, and the decryption key is generated on the basis of the primary password, which only you know and without which attackers are toothless.

We’ve also recently updated Kaspersky Password Manager to support the Opera and Opera GX browsers, which continue to win over new users. That means we now support all the most popular browsers: Chrome (and Chromium-based browsers), Safari, Firefox, Edge, and Opera.

VPN requirements

To protect your entire home network with a VPN, both your VPN and your router need to support this option. The first thing to note is that most free VPNs don’t offer network protection at the router level. Nor will your VPN run on the router if the VPN exists only in the form of a browser add-on or mobile app. If you’re not sure whether your VPN supports router-based operation, read the manual or contact tech-support.

It’s important to find out the details from tech support, not just a “yes/no” answer. What specific VPN protocol can be used for the router (and the whole network)? Are all the VPN servers you need available using this protocol? Armed with this knowledge, next go to the technical support site for your particular router.

Router requirements

First of all, the router must support sending all home traffic through the VPN channel. These days even cheap models have this feature, but there are still cases when a router can’t work with a VPN, especially if it’s leased out by the internet service provider (ISP). What can also happen is that the VPN is already being used to create a channel from the router to the ISP and is a part of the standard home internet setup. This kind of “VPN service” usually doesn’t provide the core benefits that most users want.

You can check your router in three ways:

1. Go to the web control panel (the address and password are usually shown on the underside of the router) and study the available settings
2. Read the documentation on the router vendor’s website
3. Contact the vendor’s technical support or — if you got the router from your provider — get in touch with its tech-support

If your ISP doesn’t offer VPN support, consider switching provider. If the problem lies with the router itself, check for an alternative firmware that has the functionality you need. The best known are DD-WRT and OpenWRT — the links point straight to a page where you can check your router’s compatibility. Replacing the router firmware can be technically challenging, so make sure you fully understand both the procedure and risks before starting.

After making sure that the router offers VPN support in the first place, next check which specific VPN protocols it can use. The most common are OpenVPN and WireGuard, with each having its own pros and cons.

OpenVPN has been around for a very long time and is widely supported by routers, but doesn’t usually provide maximum VPN speed, and also puts a heavy load on the router’s processor. For cheap routers with a weak processor, this can affect their performance and overall Wi-Fi speed in the home.

The newer WireGuard protocol is very fast and secure. If you have a really fast Internet connection, WireGuard will outperform OpenVPN in terms of speed and a lower load on the router’s processor. Among the disadvantages are the more involved initial setup (the user has to generate a pair of client keys) and fewer connection options: WireGuard binds the user to a specific server, OpenVPN — to a location, so the latter lets you switch to another server in the same location if the one previously used is down. Besides, not all routers recognize WireGuard.

And almost all routers support legacy L2TP/IPsec and PPTP protocols. We do not recommend them, because they fall short of the latest security standards and don’t encrypt traffic by default. However, if the two more modern options are not available, and a VPN is still needed, better to use L2TP/IPsec or PPTP with traffic encryption enabled than no VPN at all.

How to activate VPN on a router

The specifics differ from provider to provider and from router to router, so we can only describe the setup in general terms.

The first step is to download the right VPN profile from the VPN website. The profile is usually individual, so you need to go to your personal account on the website and find the page with VPN profiles. This might be a list of protected devices where you can add a router, or a special Add Router section, or a section for managing specific VPN protocols (OpenVPN, WireGuard) where you can generate the desired connection profile.

For example, for Kaspersky VPN Secure Connection, you can create a router profile on the My Kaspersky site in the Secure Connection section in three simple steps. Currently, only an OpenVPN profile is offered for routers, but by end of 2023 we plan to provide WireGuard support as well (note that WireGuard is now available in our VPN for Windows).

Creating an OpenVPN profile for a router on the My Kaspersky site.

When adding a new profile in your personal account, you need to answer certain questions. These include the profile name, your choice of server, and so on. The same window often provides space for technical details — such as private keys, names and passwords — but most providers support automatic generation of all this, in which case they can be left blank. Next, a link appears to download the .ovpn file for OpenVPN or .conf file for WireGuard.

For L2TP and PPTP, you don’t need to download anything. Instead, you need to write down some information from your personal account:

• server address for connection
• username and password
• an additional encryption key (pre-shared key, PSK, secret key)
• authentication type (PAP, CHAP)

Having gotten hold of this information, go to the web control panel of the router. Depending on the vendor’s… imagination, you may have to wander through a maze of subsections to get to the VPN properties:

• Asus routers usually have a VPN → VPN client section
• Keenetic routers hide VPN connections under Internet → Other Connections
• in Netgear routers, go to Advanced Setup → VPN service
• in TP-Link routers, open the Network → WAN tab

Take care, because routers can show VPN connections in two forms: as an external VPN connection to your home network (here the router acts as a VPN server and provides secure external access to your local network) and as a secure connection to a remote VPN server (here the router becomes a VPN client that connects securely to the VPN service). You need the second option.

Having found the right section, create a new connection and name it (say, for the VPN service and/or the location of the server), then enter the information retrieved from your personal account with the VPN provider.

For PPTP and L2TP/IPSEC, all information is required, including server addresses. For OpenVPN and WireGuard, attaching the OVPN/CONF profile file is usually enough, but sometimes you might also need to specify a username and password.

For some router models (for example, Keenetic), instead of a profile upload button, there’s a window for entering the VPN configuration; in this case, open the OVPN/CONF file in a text editor (yes, it’s a plain text file, and you can change its extension to .txt if you like), copy all the information from it, and paste it into this window. If you have any doubts about the correct settings, take a look at the router’s setup help pages — they’re usually found right in the Settings window.

Setting up a VPN connection via OpenVPN in Keenetic routers.

Then click the Save button and look for the Activate button or On/Off switch for the VPN connection. That done, the VPN should in theory be on all the time and even activate itself automatically after a router restart. It’s a good idea to check this by going to a site like whatismyipaddress.com or iplocation.net on any home device: they’ll show you which region of the online world you’ve tunneled through to. That’s the VPN setup basically done — all devices connected to the router will now access the internet through an encrypted connection. And some routers even allow you to choose which home devices will connect directly to the internet and which will go through a VPN.

If for some reason a VPN can’t be set up on your router, you can protect your internet access by setting up secure DNS on your router. This won’t give you all the benefits of a secure VPN connection, but it can give you some — such as protecting kids from inappropriate content and blocking ads on all devices.

For maximum protection on up to 10 of your family’s devices, we recommend a Kaspersky Premium subscription, which, alongside protection against viruses, hacking, phishing, and data leaks, includes a fast and unlimited Kaspersky VPN Secure Connection, secure password manager and vault, a one-year free Kaspersky Safe Kids subscription, and many other benefits.

What is a sandbox and how does it work

A sandbox is a tool that creates an isolated environment in which the behavior of suspicious processes can be analyzed. This usually takes place in a virtual machine or container, which allows the analyst to examine potentially malicious objects without the risk of infecting or damaging a real working environment or leaking important corporate data.

For example, the sandbox in the Kaspersky Anti Targeted Attack (KATA) Platform works as follows: if some component in the security solution detects a dangerous or suspicious object (for example, a file or URL), it’s sent to the sandbox for scanning, along with the details of the working environment (OS version, list of installed programs, system settings, etc.). The sandbox runs the object or navigates to the URL, recording all artifacts:

• Execution logs, including system API calls, file operations, network activity, URLs and processes accessed by the object
• System and memory snapshots (dumps)
• Created (unpacked or downloaded) objects
• Network traffic

After the testing scenario completes, the collected artifacts are analyzed and scanned for traces of malicious activity. If those are found, the object is flagged as malicious, and the techniques, tactics and procedures identified are mapped to the MITRE ATT&CK matrix. All data retrieved is stored for further analysis.

Sandbox challenges

The main problem with sandboxes is that cybercriminals know about them and constantly refine their evasion methods. To circumvent sandbox protection, attackers focus on developing technologies to detect specific features of virtual environments. They do this by looking for characteristic artifacts or states of the sandbox, or unnatural behavior of the virtual user. Having detected (or even just suspected) such signs, the malicious program alters its behavior or self-destructs.

In the case of malware used for targeted attacks, cybercriminals meticulously analyze the configuration of the operating system and the set of programs used on the target machine. Malicious activity is triggered only if the software and system fully comply with the attackers’ expectations. The malware can work at strictly defined time intervals or activate after a certain sequence of user actions.

How to make an artificial environment more real

To fool a potential threat into running in a secure environment, combinations of different approaches are deployed:

• Variable and randomized virtual environments: creation of multiple sandboxes with different combinations of settings and installed software
• Realistic simulation of user behavior, including the speed of typing passwords, viewing text, moving the cursor, clicking the mouse
• Use of a separate physical (non-virtual) machine isolated from the working environment to analyze suspicious objects related to hardware attacks and device drivers
• A combination of static and dynamic analysis; monitoring of system behavior at certain time intervals; use of time-acceleration technologies on virtual machines
• Use of images of real workstations from the target environment, including operating system and configuration of programs, plug-ins and security settings

Our sandbox implements all of these techniques: it can emulate the behavior of a real user, deploy randomized environments, and operate in manual or automatic mode. And we’ve recently updated our extended detection and response solution – Kaspersky Anti Targeted Attack Platform. The integrated sandbox now lets you use custom system images with a choice of OS (from the list of compatible ones) and install third-party programs. More information about the platform is available on the dedicated KATA page.