Kaspersky 7.0: No Need for Zero Day Apps?

Hello.

I'm thinking of purchasing Kaspersky 7.0. Kaspersky states,

1. "Intelligent Proactive Heuristics--Zero-day exploits can attack and destroy in seconds. Kaspersky Anti-Virus runs all files that don't match our signature database in a safe, isolated section to check for malicious behavior. This failsafe method checks the code without endangering your computer; and
2. "Real-Time Behavior Analysis--Kaspersky prevents infections by monitoring your computer for any malicious behavior. If detected, Kaspersky immediately alerts you and rolls back any malicious changes, including restoring files encrypted by ransomware

My question is, would this obviate the need for applications such as ThreatFire, Dynamic Security Agent, System Safety Monitor, etcetera? If not, can anyone say if such applications would be a useful addition to Kaspersky 7.0?

Thank you again.

 

Kaspersky is all you need, IMHO.

 

Personally, I think KIS covers things. However, for the paranoid among us, there's always a risk with using a single provider.

Having said that, if I didn't have the issues with objectIDs I'd be using KIS myself and KIS alone; My wife does that presently (although I threw on AntiBot since I had the license).

 

I have it installed presently & run just it only , I'm happy with it & feel secure, I do a spyware scan but that's it...

 

Its kind of tough to answer your question about whether other stuff is needed. Kaspersky is top draw in detection although some users run into a problem with chkdisk and the extended file attributes.

 

I don't know about 'failsafe', according to AVComparatives KAV's Heuristics finds about 40% of new stuff - so what about the other 60%?

KAV's PDM does overlap with the behaviour blocking of Threatfire, but it lacks the true execution control of SSM. Since execution control can prevent malware files from ever running, I would say it is well worth having in addition to KAV. There are several progs that provide this.

 

I agree with TopperID on this point and run KIS 7.0 with ProSecurity 1.40 to cover that angle. It is an equivalent to SSM and as TopperID says there are a number of such applications, each with its own following, and each broadly as good as the others.

BTW, a periodic on-demand scan with an anit malware application also helps makre as sure as possible that you are safe. I personally use Spyware Terminator (which is free) but there are also a lot of other equally good (or some would say better) such applications that one could chose from.

 

Look at keylogger protection as well .... not very complete compared to PS ... etc

 

For the majority of (non-paranoid) users, Kaspersky with ProactiveDefense enabled (with everything checked) is sufficient protection because its armored with its signatures, ProactiveDefense (and heuristics).

In my experience, verryyyy few malware get through all of them. Also, with a kaspersky's integrated firewall, if on the odd chance something does get through, you'll most likely notice it eg, downloaders, keyloggers, spyware etc because of Kaspersky's strength as shown in leaktests.

There's also a large overlap with what Kaspersky's ProactiveDefense and other HIPS do and personally, I dont use any protection other than Kaspersky (KIS) because its sufficient for me.

 

Thank you for all of your responses.


(mrm1233)

 

Um, Err, you can still be much more secure than using KIS with heaps less resource usage and much faster browsing as there's no need to scan all web pages visited.

See my siggy which has a coupla entries, unlike a coupla billion siggys like an AV needs these days!

And you won't have to worry about getting explorer quarantined like Kav happened to do through a false positive.

 

I for one do not worry about "...getting explorer quarantined like Kav happened to do through a false positive" as KIS seems to have extraodinarily few FPs and eben when they do have the occassional one the Lab sorts it out in usually no more than a couple of hours...which is neither here nor there. But the point that Franklin makes is IMHO a good one and what he is promoting is a valid alternative. In the end it is a case of 'you pay your money and make your choice' but I for one will be sticking with KIS as my principal line of defense.

 

Kaspersky is not excellent at detecting unknown malware, see it for yourseft at AV-Comparatives. I recommend you to install another security app which can coexist with Kaspersky.....

 

AV-Comparatives only checks detection... Kaspersky's also got a behavior-blocker (Proactive Defense) which AV-Comparatives's test results do not take into account because it comes into play only when the malware is executed.

Most the undetected malware with still get caught via Kaspersky's ProactiveDefense (an additional layer of security, similar to HIPS... BehaviourBlocker).

Have a read at AV-Comparatives "Kaspersky Anti-Virus 6.0 test" press release (June 2006)

 

Is there a possibility of conflict between Kasperky's PDM and singular HIPS applications?

Thank you.

 

Generally not, but you need to try them on your system and see.

Some of the progs mentioned, such as ProSecurity and SSM tend to be complex and have a, probably, unnecessary layer of additional coverage if you are running the KAV PDM. But pure HIPS such as these do not have the behaviour blocking feature that might (I say might) conflict with KAV's Application Activity Analyzer.

If all you want is simple execution protection, and are not on Vista, Process Guard free is still valid and easy to operate (if you can still get a copy that is). Otherwise, if you preferred running an AS program instead, CounterSpy offers good basic execution protection - though it is not enabled by default in case pop-ups scare the user! (Although a white list plus remembering user response reduce this to a minimum). Actually, adding a few potentially dangerous progs to KAV's Application Integrity Control, and setting them to 'Prompt' when they execute, together with CounterSpy's blocking of all unknown files, would give complete execution control comparable to HIPS progs. The two apps would complement each other.

You only need to look at the malware section of the KAV forum to see that things do get through and KAV users do get infected (OK maybe it is their own fault to some extent).

It's too late by the time you receive leaktest type pop-ups, you are already infected. If you had execution control you could stop many of these infections before they even start.

 

well if you look at that section you can also see that most are users who gave up their previous av when they became infected and moved to kav which didn't manage to remove everything.
The proactive defense is a means for prevention, not for removal.

 

that might be true, but kaspersky is one of the better removal AV's available.

 

The big advantage of KIS is its custom installation option.
Currently I have only Virus Scan and File Anti-Virus installed and Online Armor as HIPS + Firewall.

If you install everything from KIS but without Proactive Defense, there is nearly no limitation in using seperate HIPS apps.
I have been running (one after another ) ThreatFire, ProSecurity, WinPatrol, EQSecure, a-squared Anti-Malware without any conflicts with KIS.

My favourite setting is KIS (without Proactive Defense) and EQSecure.
KIS offers prodection and EQSecure offers control.

Cheers

 

Hi,

I have installed KIS 7 on my business laptop and it is working excellent.

I have tried many suite like NIS, BIS, TMIS, but KIS is more safer and good enough with speed and performance too.

 

i prefer the simple days, which some people have forgotten.

new pc, pre-installed antivirus = happy

used pc, recommended antivirus = happy

when i read about all these different kinds of security applications, it just baffles me that A. people believe they need all this B. people have the money to waste on all these applications.

only lately ive added prevx to my antivirus setup, but in all honestly i could delete either one and still live a happy existence, as in all the years ive been a PC-user, ive only had ONE truly bad infection that was missed, the rest have been caught.

so, if your using kaspersky, be happy and enjoy it, but dont bore me with constant threads of different solutions/addons to already great products. there are already many threads to read about the different solutions, tomorrow will be nod32: any need for sandboxie? or whatever, this is not a argument against the OP, just a generalization.

end of rant

 

Kaspersky is really all you need.
I have been running it for a very long time now. Once in a while I do a second opinion scan. Only cookies are found

 

Maybe it would be smarter, if you don't read such threads
Because as long as I don't like Proactive Defense, I feel free to use whatever HIPS/IDS I like and post my experience.
This is what forums are made for.

For slogans like "Kaspersky is really all you need." we don't need a forum, a banner would be enough.

Cheers

 

Actually i can only agree with it. People brag about layered defences too much.
Especially those having 5 firewalls, 6 antiviruses, bunch of HIPS programs and 10 anti-spyware tools. C'mon!?

 

Yeah, you might not be able to do anything with your computer without umpteen pop-ups and a syrupy feeling of slowness... but at least you're protected!