Kaspersky is watching you, for your money
A detective story happened to me recently. Updated windows 10, then decided to update internet security from Kaspersky. In principle, everything worked well, if not one but ...
By occupation I have often picked in the layout and js. Opening somehow the source page of the customer’s site, I noticed an uninstalled script on it: ff.kis.scr.kaspersky-labs.com/USER_ID/main.js (hid his user id, there is a long string of characters). The source code of the script was uploaded there: pastebin.com/rkY42pkf
This script redefines some elements of the page, constantly refreshes in the background and does a bunch of unknown things, as there is no guarantee in adding modules for tracking the user later. Foreign buyers were the first to notice the problem, and created a topic on the forum (http://forum.kaspersky.com/index.php?showtopic=328326), then the code injection was noticed by users from the CIS: forum.kaspersky.com/index.php? showtopic = 328544 and webmasters - forum.kaspersky.com/index.php?showtopic=316482&st=40&p=2445346&#entry2445346
The most interesting thing in this story is that this injection cannot be turned off. Neither through KIS settings, nor through removing plugins. I didn’t have any plugins installed, but the script is successfully inserted in both firefox and chrome. Technical support declares this ill-conceived decision as a feature and is not going to fix it. “Good afternoon, this script provides the functionality implemented earlier in the classic plug-ins. This behavior should not lead to disruption of websites. If there are any problems, then please describe the specific inconvenience, provide screenshots. ”
This is how Kaspersky got access to all my actions on the Internet for my own money. The latest versions of KIS 2015 and 2016 are affected by this issue.