What is Security Cloud?
Security Cloud is an analytics engine and information repository for malware and a variety of other digital threats. It is operated by F-Secure Corporation and provides analysis, classification of digital threats, malware scanning, threat archiving and other related services to all of our cloud-based security products. In doing this, we protect the user's privacy through a variety of means.
Security Cloud benefits
Security Cloud empowers our security products and services in the following ways:
- Security Cloud's reputation services provide a fast way to identify known safe and malicious objects.
- Security Cloud can perform both automated and manual analysis of suspicious objects.
- Security Cloud aggregates information on a global scale about objects in order to increase protection accuracy.
Brief privacy summary
Security Cloud is designed, from the ground up, to protect the privacy of users. It does not need to know the identity of its users and, as such, identity-related information is completely omitted from uploaded data. Private data, such as documents and messages, are not uploaded. Security Cloud knows what happens on a connected computer, such as what programs are run, but does not know whom the computer belongs to.
A service like Security Cloud cannot be provided without collecting some data from users' devices. We apply a set of strict privacy principles to avoid collecting sensitive personal data and ensure that only essential technical data arrives on our servers. We apply the following principles:
- Minimize upstream of technical data. Technical data about the device itself is not collected unless the data is essential for providing the protection service.
- Do not upstream personal data. Security Cloud will never send information that can be used to identify the person using or owning the device.
- Anonymize all collected data. Devices use anonymized unique IDs, which can't be tied to the user's or device owner's identity, when communicating with Security Cloud.
- Do not store IP addresses. The device's IP address is never stored. A city-level geo-mapping may be done and the result stored, if it is beneficial for providing the service.
- Do not trust the network. All network transfers are encrypted using strong cryptography.
Security Cloud may collect this data from protected devices.
Hashes and metadata of executable files
Protected devices may perform queries to Security Cloud with the hash of a program file that is to be executed. The device can, on request from Security Cloud, send metadata about the file to support further analysis. The type of metadata sent from a client can vary situationally. Examples of metadata that can be collected include file size, file name, partial file path, name of malware detected and other similar data. As the threat landscape changes, metadata types are expanded.
Hashes of URLs
Malicious URLs, both visited and displayed on web pages, can be identified by querying Security Cloud with a hash of the URL. The device may, on request from Security Cloud, send the information pertaining to the URL in question. This behavior may occur for unknown URLs that require analysis. When URL information is provided to our servers, an algorithm is used to prevent personal information from being sent as part of the URL. For example; parameters are stripped from uploaded URLs. URLs inside local networks are not sent.
This data upstream is active in products providing browsing protection. Some products offer an option to opt out from this upstream by disabling browsing protection.
Device technical data
Configuration information about user device (e.g. OS version) and F-Secure product (e.g. installed program and update versions) is sent to provide user with correct product updates.
Hashes of messaging metadata
Hashes of messaging header fields, such as sender and subject, may be sent to Security Cloud to detect unsolicited messaging (spam). This upstream is only active in products that provide spam protection. Users can opt out from this data upstream by disabling the spam protection functionality.
Unknown executables can be sent to Security Cloud for scanning. These files will be scanned for malware, and discarded immediately if clean. Suspicious files will be kept for a short period in order to perform a deeper analysis. Any files classified as malware will be stored. Files classified as clean software are promptly deleted. Files received from user devices are passed through our automated analysis systems under strict controls and are never shared with third parties. Interpreted code, like Flash, Silverlight and scripts, may also be handled as executable files.
Products relying on locally installed scanning engines may encounter suspicious files that require deeper analysis. The product will typically notify the user and ask for permission to upload when a file of this kind is encountered.
Some products may offer the user an option to participate in clean file archiving. Selected common clean files may be stored permanently by Security Cloud if the user opts in. This functionality helps improve detection accuracy and optimizes bandwidth usage.
Secure storage of information
Security Cloud handles and stores malicious computer code. This handling is subject to strict security measures to avoid malware leaks. Security is enforced by both technical arrangements and policies for access to the data.
We will share some of the uploaded data with our subcontractor partners. We only do so if they need it to help us providing these services. Any such shared data is always anonymous.
To keep Security Cloud responsive against evolving threats, the capabilities of Security Cloud are being constantly extended. We will update the policy accordingly to remain transparent. The latest version of this policy is always available on our web site.
If you have any further questions about Security Cloud, please contact:
© F-Secure Corporation - February 2015