Kaspersky monitors you for your money

---

Detective story happened to me recently. Updated windows 10, then decided to update the internet security from Kaspersky. In principle, everything worked well, if not for one thing ...

By the nature of my business, I often have to poke around in the layout and js. Having opened the initial page of the customer’s site, I noticed an unidentified script on it: ff.kis.scr.kaspersky-labs.com/USER_ID/main.js (hid my user id, there is a long string of characters). Script source code uploaded there: pastebin.com/rkY42pkf

This script redefines some elements of the page, constantly refreshes in the background and does a bunch of unknown things, as well as there is no guarantee in adding modules to track the user later. Foreign buyers were the first to notice the problem, and created a forum thread (http://forum.kaspersky.com/index.php?showtopic=328326), then the code injection was noticed by users from the CIS: forum.kaspersky.com/index.php? showtopic = 328544 and webmasters - forum.kaspersky.com/index.php?showtopic=316482&st=40&p=2445346&#entry2445346
')
The most interesting thing about this story is that this injection cannot be turned off. Neither through the KIS settings, nor through the removal of plug-ins. I didn’t have any plugins installed, but the script was successfully inserted into both firefox and chrome. Technical support declares this ill-conceived decision as a feature and is not going to fix it. “Good afternoon, this script provides the functionality implemented earlier in classic plugins. This behavior should not lead to disruption of websites. If there are any problems, please describe the specific inconvenience, provide screenshots. "

This is how Kaspersky got access to all my actions on the Internet for my money. This issue affects the latest versions of KIS 2015 and 2016.