detection rate of kaspersky

I don't normally pay much attention to AV test results but the latest from AV comparatives has caused me a little concern because the results for Kaspersky were a fair bit lower than is the norm for them and was wondering about a few things
1) Is detection rate for 2009 same as for 2010?
2)Is this just a "glitch" in Kaspersky's normally excellent performance
3)More worrying:-could this be related to the "hacking" Of Kaspersky earlier in the year,where hackers made claims about the info taken regarding Kaspersky engine(which kaspersky seemed to deny)and if this info was stolen has it fallen into the hands of malware writers who can now write malware which is specifically targeted to be able to by-pass kaspersky products

 

There is no way to know.

KIS 2010 has some things 2009 didn't have, like a 'sandbox' and probably a few other things as well that were not measured in av-comparatives' test.
Of course, you could ask Kaspersky but don't expect a meaningful answer.

3) Unlikely. If cybercriminals have obtained some of Kaspersky's source code it will take some time for them to fully take advantage of that. But it's a valid concern for the future. Also, cybercriminals ('hackers') use several antivirus products to test their malware in order to avoid detection. Kaspersky is popular.

 

1. Yes - although I'm not sure if KSN and Kaspersky's UrgentDetectionSystem works in v2009 though.

2. Dont know, nobody else knows either - I've recognised Kaspersky blocking more malware sites, (and of course, with its additional protection components such as its HIPS, PDM and Sandbox), it may be aiming to have all-round protection with the additional features rather than only working to add signatures.
As for an example of Kaspersky blocking malware sites, if you've got a website spewing out thousands of downloaders and you dont block the downloader, instead block the website and/or IP address they are downloading from, your detection rate is thousands less (on an on-demand test), but upon execution, you're preventing all the downloaders from doing anything, rendering them useless.
And of course, if you use the sandbox, nothing will happen anyway.
Of course, I dont have a clue about what Kaspersky is really doing or planning. Also, I, or any users here say cannot truthfully comment on this without using massive assumptions or lieing and pretending to know.

3. Dont have a clue and have no substantial evidence of this - any comments on it are simply speculation

 

Graphic Detection 2004 and 2009



best regards

 

It doesn't really matter which addittional features are employed,if things aren't being detected they are not being detected so all the features aren't doing what they should

 

But surely pro-active protection such as sandboxing makes detection irrelevant to some degree.

 

The detection rate is showing nothing about any feature, apart from the the on-demand scanner.

Other features are doing what they should, Web-AV's blacklists are blocking connections to websites/IP addresses (be it via a web-browser or a downloader), sandbox is preventing any changes made within the sandbox influencing the computer outside the sandbox, AppFilter is filtering applications according to the rules or asking what you want to do with it, PDM doing what the PDM does, none of which an on-demand test looks at or utilizes. That's the difference between the real world and an on-demand test.

I'm not saying they're going to intercept every single piece of malware, just saying, if you account for the above in the real world, its not all about simply the detection rate of an on-demand scan and in the real-world, you're protected from more than the 95% of malware detected in the test.

 

How does Kaspersky's sandbox work? If it works how would malware get to the system unless the user made an effort to load it?

Regards,
Jerry

 

Like Sandboxie, anything executed within it can not influence anything outside the sandbox.

Malware can get in if the user does not use the sandbox via any of the normal methods, such as browsing the internet etc.
Simply getting Kaspersky to always run the web-browser sandboxed will do the job of making it easier to run sandboxed and preventing additional clicks.

 

its in a virtual environment,but don't forget everything on your PC is!to assume nothing executed within it cannot affect other parts of your system is being a bit naive:-it won't be long before this defence and any like it is bypassed

 

I am also a bit concerned with this. Although KIS has many features to boost the protection, this is not an excuse to have a lower detection rate for the AV. Security suites like NIS have SONAR etc but they also have a good detection rate for the AV component. Besides many claim that KIS HIPS is easily bypassed with its default settings.

 

I'm not being naieve and didn't say you will be always be 100% protected.

Read the bottom of my post #7 again.

 

Yes, I'm not saying it is a good excuse, but just replying to the first post of the thread about the "concern" of the low detection rates in the on-demand scan.

All I'm simply saying is that, in the real-world, more than 95% of the malware in the test-set will be blocked, or if you choose to utilise the additional security features, even more.

 

Yes I agree with you, but for them to perform better next time, they must first realise that there is something wrong somewhere. I wonder whether AV Comparatives will do any Dynamic test this year, then we would be able to have a better picture of the real detection capabilities of KIS.

 

Of course, yes, there is room for improvement and it wasn't the best of results they achieved as we all know, some things may change internally, but we cant really comment on that as we dont know.

AVC mentioned dynamic tests in the On-Demand report, no mention of date though, only "soon" (or something along those lines).

 

I would expect detection rates to be similar if not the same. The AV-C on-demand test is testing against signature bases which should be the same whichever version is used; the retrospective test using proactive technologies against the same sample set will be interesting to see when it's released in December.

 

doesn't the heuristcs play a part in on demand results?does 2009 and 2010 use the same engine for this part of detection

 

Thanks, dawgg.
I don't have KIS on my computer now, but I don't recall anything about a sandbox when I was running it (2010). I used the default settings.
Does the sandbox run by default?

I have to admit to some disappointment in Kaspersky's performance. I realize that it would give protection, but everything else being equal I opt for a better detection rate. There seems to be no test that really indicated the degree of prevention of malware of the various AV's.
Thanks.

Regards,
Jerry

 

The aim is to stop a PC from being infected in the first place, which Kaspersky can do very well. Kaspersky Internet securitys application control, SandBox, Proactive defence amongst some other things are great features.

Don't write Kaspersky off because of an ondemand test. Prevention is much better than cure.

 

I'm also concerned about the steepness of the decline. I don't remember Kaspersky ever being this low. The HIPS also should be more intelligent instead of assigning so many "low restricteds." That said, Kaspersky in my testing experience has stopped new malware more than some other big names.

 

It doesn't run by default, but it can be accessed through 'My security zone' within Kaspersky. It would be good if Kaspersky could place a saferun web browser shortcut by default, like Sandboxie.

 

No, the user needs to click it to use it the first time, and only after realising it exists can/would the user create shortcuts for it or make Kaspersky always run the program sandboxed (see screenshot).

(Also looks like there's some confusion in its name - SafeRun, Sandbox or "safe mode"?)!

I can understand people have different wants and needs from products, nobody's the same - if we all were, it'll be a pretty boring world.

Edit: sorry about the huge screenshot!

 

#4:

I presume that graph came from av-comparatives.

The steady decline of Kaspersky from 100 % to much less is definitely not good.

Of course, one could wonder what malware av-comparatives detected in the early years. If that was just viruses and trojans it would explain a lot.

 

Thanks dawgg, and TrojanHunter.

If you are using it, does the sandbox slow the browsing or system? Thanks.
Maybe I removed it too soon.

Regards,
Jerry

 

well,i think a 94% detection rate should hold you good in 99.99% cases......if you are a safe camper then it shouldn't matter much.....
also "prevention is better than cure..."