Kaspersky Provides Robust Anti-Virus Tool

By Andrew Garcia  |  Posted 2007-05-23 Print this article Print

Review: But Kaspersky Anti-Virus 6.0 needs a broader reporting function.

Kaspersky Labs Kaspersky Anti-Virus 6.0 is a robust desktop security solution thats backed by a lightning-fast security response team and a seemingly endless supply of signature updates. However, while the products management platform performs its core duties satisfactorily, wed like to see Kaspersky widen the scope of the softwares reporting capabilities—either through internal development or third-party partnerships. Although the product is called Kaspersky Anti-Virus, this name singles out only one of the several layers of security defense that Kaspersky has bundled into its offering. The product automatically defends against viruses, Trojans and hack tools, plus other spyware and adware.
Kaspersky Anti-Virus 6.0 also includes a desktop firewall as well as intrusion prevention defenses that block an attacking computer for a specified period.
Emerging players offer advances that stagnant anti-virus incumbents lack. Click here to read more. For Web defenses, Version 6.0 includes an HTTP protocol-scanning engine, anti-phishing and anti-banner functions, and a pop-up blocker. The software also offers mail defenses with incoming and outgoing protocol scans and mail-store detection. Rootkit detection, system hook detection and a registry monitor round out the vast array of protection services. Kaspersky Labs offers enterprises four tiers for Anti-Virus 6.0, with versions designed for workstations, file servers, mail servers and Internet gateways. eWEEK Labs tested the Workspace Security tier—which includes workstation protection for the Vista, XP, 2000, ME, 98 SE and NT 4.0 Workstation versions of Windows, plus several Linux and BSD distributions—and the central management platform called the Admin Kit. Pricing for the Workspace Security tier sells for about $12 per protected node. In a centrally managed environment, Kasperskys workstation client has two distinct components. First, theres the anti-virus client, which handles all security detection, cleaning and blocking. Second, theres the network agent, which processes updates, policies and job requests from the Admin Kit and issues alerts and status updates. Combined, the two components are fairly lightweight when it comes to resource utilization, with three processes consuming about 12.5MB of RAM with the software at rest. In our malware tests, Kaspersky Anti-Virus 6.0 did only marginally better than Microsofts FCS (Forefront Client Security), thwarting 21 of our 29 samples—detecting 19 malware strains along the way. Interestingly, Kaspersky Anti-Virus 6.0 and FCS agreed on only 12 of our infected bundles. Click here to read eWEEK Labs review of Microsofts Forefront Client Security. While Kaspersky Anti-Virus 6.0 missed files infected with the Trojan Diamin and Frethog Keylogger, FCS whiffed on the IWon and Doza adware bundles, the Trojan.DNSChanger and Pakes, and the rogue anti-spyware program SpyHeal. Kaspersky Anti-Virus 6.0s detections certainly kicked in at different times depending on the threat. As soon as we plugged a USB drive with our malware samples into our protected computer, the software immediately blocked nine threats. Six additional bundles were detected during a disk sweep we initiated after copying the bundles to the local hard drive. And six more threats were detected during installation, including one threat that attempted to modify the hosts file and another that attempted to inject itself into explorer.exe. We did notice one glaring false positive during our tests, however, as Kasperskys software attempted to isolate the touch-pad driver that came with our test laptop. Management Kaspersky Anti-Virus 6.0 offers centralized management through the free-to-customers Admin Kit, which can be installed on either a Windows-based server or workstation operating system. The Admin Kit offers a one-stop shop for agent, policy and update distribution; policy creation; and alert monitoring. However, the Admin Kit lacks the wider scope of security-posture visibility that we found with Microsofts FCS, as Kaspersky Anti-Virus 6.0 does not yet extend its scope to vulnerability assessment services, such as missing patches, unnecessary services or weak passwords. From the Admin Kit, we could easily automate distribution of security components and policies to clients. Within the Admin Kit console, which has the familiar feel of an MMC (Microsoft Management Console) snap-in, we created managed groups to which we assigned security policies. Kaspersky bases its reputation on its ability to create and deliver threat signatures faster than anyone else. To uphold this pledge, Kaspersky offers frequent updates—practically on an hourly basis. In comparison, Microsofts FCS offered new signatures three to six times a day. As a result, Kaspersky Anti-Virus 6.0 requires an efficient delivery system to get the updates to the Admin Kit, which then pushes them to the managed clients. To help prioritize updates, we created different download policies that checked for threat signature updates every half-hour, and another policy that checked for other signature types and client module updates on a less frequent basis. This helps reduce the amount of network bandwidth depending on the type of update. We could configure the system to check Kasperskys servers for threat signatures every half-hour, while creating another policy to update other components less frequently. eEye Digital Securitys Blink Professional 3.0 provides strong vulnerability assessment tools. Click here to read eWEEK Labs review. With its recent Open Space initiative, Kaspersky Labs now allows customers to assign several different policies to computers, thereby enabling administrators to adjust a protected clients threat policy. For instance, we could deploy one policy for use inside the corporate network, along with a second policy that ratcheted up the firewall and intrusion prevention settings when the computer travels outside the network. Via policy, we could configure several different automated actions. The Admin Kit separates events into four distinct classes based on severity, allowing administrators to create differential action sequences based on the type and severity of an alert. To each individual alert type within a category, we could append additional actions (aside from simple logging within the Admin Kit), including e-mailing an administrator, issuing a NET SEND command or running an executable. Senior Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel