Cyber-security providers should be able to guarantee you one thing: security. However, it appears that Kaspersky isn’t as secure as you would imagine.
It’s fair to say that, with revenue hitting $726 million in 2018, Kaspersky is a major player in the cyber-security world. And it’s this success that has cultivated the high levels of trust placed in their products. Many would say that going without Kaspersky products in the 21st century is a foolhardy move. And they certainly are effective at preventing security breaches when it comes to PCs. But stories are now emerging that your data isn’t necessarily safe when it’s in their hands.
We live in an age where it’s important to stay safe online and, accordingly, many people reading this will be using Kaspersky products. It’s crucial to be aware of any potential data risks, so we’re going to examine this story a little closer.
What’s happening with Kaspersky?
Malicious websites can be a nightmare when it comes to protecting your data. Kaspersky understands this threat and has designed software which can identify whether a website is malicious or not. It achieves this by injecting your internet browser with a Javascript code that evaluates the safety of every website you visit. If the evaluation flags a website as unsafe then Kaspersky will prevent you from visiting it. This is all well and good, but the Javascript code employed has a major flaw.
The code injected into your browser is unique. And it can be read by any website. This means that your online activity can be tracked. For example, if your unique code shows up on ophtek.com and avg.com then online marketers would be able to identify a specific interest of yours: internet security. It’s known as cross site tracking and is a method used to tailor online advertisements that are likely to appeal to those viewing them. While this is nothing new, especially when you consider how cookies are used online, it’s unheard of to hear of a cyber-security provider facilitating this.
Avoiding the Security Risks of Kaspersky
Kaspersky has been keen to reduce the concerns of worried consumers and has advised that any data breaches are highly unlikely. Naturally, this is very easy for a multi-million pound corporation to say and has all the hallmarks of a damage limitation exercises.
What has been more useful is the patch released which removes the unique ID associated with the Javascript code. The cross-site tracking issue should, therefore, be remedied with this patch. However, this updated version will still identify users as using Kaspersky – a valuable piece of information that can easily provide a hacker with an insight into your defenses. The only way to truly protect yourself while working with Kaspersky is to go into the settings and untick the ‘Inject script into web traffic to interact with web pages’
For more ways to secure and optimize your business technology, contact your local IT professionals.
