detection rate of kaspersky

There must be some heuristic detections. At least, I'd like to think so. I didn't see any heur. FP descriptions in the FP list.

I must admit I've never come across heuristic detections on any on-demand scanning I've done other than seeing very occasional alerts from the script emulator on some websites. I don't think the on-demand test takes those into account.

Generally speaking though, I think heuristics and other proactive measures tend to be looked at in more detail in the second test.

 

Look at this test to understand the meaning og kaspersky`s safe run and detection rate.

http://www.youtube.com/watch?v=Z_Ba8S2iQQI&feature=channel_page

I dont think kaskersky detection rate stands back for any other product. There is a major different in av-comparatives test of kaspersky antivirus 2010 and kaspersky INTERNET security 2010.

Firewall, hips, safe run etc.

 

I've seen that, and putting Application Control into a mode I don't want to put it in is part of why it did well in the video. They still need to look into why they are about 5% below the #1 AV..

 

I've been using it without any slowdowns.

 

Yeah, that is good review and showcases the power of Kaspersky Internet security 2010 prevention abilities.

 

Not that I've realised.

 

With safe run turned on I noticed a small drag while using IE8. But that was only when the startside loads. After the startside is finish loading the rest of the session went well. But no performance issue on chrome, opera or firefox.

But this is on my machine. Maybe it could be different on another machine.

 

I wonder why there is no mention of the sandbox and to activate it during installation. It would seem that it would add appreciably to the penetration prevention.

Thanks for the responses.

Regards,
Jerry

 

I haven't noticed a difference with sandbox on, either - it's Web AV that gives me some delay.

 

Thats a very good point. It would be good if Kaspersky asks upon installation if the user wants to always run the web-browser sandboxed, but cause confusion to the user and possible breaking of functionality the user was previously used-to... It may be because it can cause complications when installing things over the browser such as windows updates (via a sandboxed browser) or clicking "run/install" when downloading an installation file - of course, doing this straight from the browser will mean changes are only made within the sandbox, so the software/downloads will all be installed in the sandbox, rather than on the main system.

 

I don't understand the ramifications of that. Would that make downloading and installing updates to the browsers or anything else more complicated to the average user? Thanks.

Regards,
Jerry

 

If the browser is made to run by default sandboxed, it may interfere if you want to update a component which is outside the sandbox, eg, if I am running firefox sandboxed and want to update my Winamp music player, if I download it from Winamp's website and just click run (while its within the sandboxed), it will remain in the sandbox and install winamp within the sandbox, rather than installing it on my actual system, which is what I wanted it to be - as by definintion of course, everything which is ran in sandbox stays in the sandbox.

This will only be a major problem if Kaspersky asks to always run the web-browser sandboxed in the installation.

I guess a workaround for this is for Kaspersky to ask if it should drop a shortcut to run the web-browser sandboxed onto the desktop and taskbar, so the user does not accidental force the program to always be ran in sandbox

 

I like Kaspersky and even with the drop in detection in the latest tests, with the Sandbox you are still safer then with some that rated higher. Bad thing for me is the 64 bit issue and not being able to use it or it would be a sure winner.

 

its not kasperskys detection rate per se that concerns me as much as the quite significant drop in detection rate,and was wondering "why"Like others have said other products have also introduced extra layers of protection without losing out on on-demand detection

 

Thanks again, dawgg,
Is there a place where I can read about a sandbox, and hopefully understand it?

I did do a search and learned some, but I am confused about how the sandbox identifies malware. Does it have signatures as an AV, or does the AV help out? Then how does the sandbox determine what should be permitted on the system?

Thanks.

Regards,
Jerry

 

http://en.wikipedia.org/wiki/Sandbox_(computer_security)

Regards.

 

Thanks, harlan. I had seen that, but am still having difficulty in understanding. Could you give me an example of browsing and the site has malware. What does Kaspersky do to get rid of it in the sandbox, and does the operator have to make the decision as to what action to take?

I think I know that the sandbox prevents entry to the computer, but I don't know what the AV does and what the operator does.

Thanks, and sorry that I am so dense.

Regards,
Jerry

 

Assuming all components are enabled, the AV should detect the malware as before; for example, if there is signature detection, the AV should still alert. All the sandbox does is to contain everything away from your main system, and if set correctly, closing the sandboxed area should delete all traces.

Personally I rarely use sandboxing. The times I have used it have been to test so-called rogue software. Some people like the idea of sandboxing every browsing session, but I don't because I don't think every surfing session needs it. This session on Wilders isn't sandboxed for example.

It really boils down to what you do online and what you intend to use it for. This is probably the reason why KL haven't offered the activation of the sandbox feature during installation; it's a nice available extra feature, but it's unlikely it's needed by default for most users.

 

Hi Tony,
Thanks, I understand now. I was trying to determine if a sandbox in Kaspersky really added to the prevention of penetration. It seems to boil down to the fact that detection rates still are the major factor in malware detection.
I can see that a site might be infected, and if nothing were downloaded there the sandbox would keep it isolated until the browser closed.

Regards,
Jerry

 

It's possible to download something into the sandbox and run that application sandboxed. If it contains malware, KL should detect it upon execution through signatures or any of its other components. The point is that application and everything else associated with it should be contained because it's sandboxed; that sandbox can be deleted afterwards.

For some people, this is fun because it means they can test software or malware even knowing their main system isn't affected.

 

Thanks again, Tony. You have been a great help.

I can understand software testers/developers. I am not sure it is such a big advantage to me, and the detection of KL is still an important factor.
If I get smart enough it might be fun to play with.

Regards,
Jerry