My personal experience with Kaspersky Internet Security 2011

Please remember this is a personal review, reflecting my opinion. You should take this with a grain of your own salt.

Been using Kaspersky Internet Security 2011 for about a week. I tried it because:

1. I remember in the past, it used to be one of the best AVs out there.
2. AV-Test Q4 2010 showed it having 100%/100%/100% in it's test for protection against 0-day malware attacks. That's very recent, and a very good score. It generally rates very high on most tests.
3. I like the idea of a built-in HIPS. Kaspersky is one of the few well known AVs with one.
4. There was once an issue with iSwift years ago, figured it should be fixed by now.

I am using Windows 7 x64, fresh install. My findings are:

1. The firewall slows down your internet browsing speed significantly!

At first I thought it was the web-filter, but it was only until I disable the firewall for the speeds to improve. Of all the firewalls I've used, this has got to be the worst.

2. A virus managed to sneak right past it!

I gave myself a false sense of security, with how high it was rated, started to download and run things without care. I mean with a good HIPS, and a good detection rate, how infected can I get in a week? Anyway, it went by Kaspersky completely undetected. On the otherhand, I installed Panda Cloud and PrevX, and running a scan picked it up right away on both.

3. It does look great.

The interface has great eye candy, with a status indication gadget on your desktop. I was impressed with it at first, but eventually the lack of functionality wins.

4. Ran a key logger test program, KIS does absolutely nothing about it.

Yes, it's not actually a virus, but I'd at least hope Kaspersky goes, "hey, this program wants to log your keys, let it?" Nope. Most likely this means a new unrecognized key logger would go right by unnoticed.

Overall, I'm very disappointed. It failed (for me) as an AV, as a firewall, and as key logging prevention.

You may have better luck with another version of Windows (XP/Vista/7 32-bit). Remember your mileage may vary.

 

In case anyone is curious, this was the file sitting in my windows system directory, completely undetected and undetectable by KAV, but considered a virus by Panda (definitely not my favorite AV) and PrevX:

xttp://dl.dropbox.com/u/1770391/BASSMOD.dll

Also sent it to virustotal/jotti, it's picked up by at least 10 AVs so I doubt it's a false positive. Apparently there is a legit bassmod.dll out there, but I doubt this is it.

 

I'm sorry for your bad experiences with Kaspersky.

What can I say, my opinion of it.. It's been the only security software that has protected me very well. I've tried avira, avast etc. in the past and kaspersky's detection rate is far better, firewall is very good and.. Yeah, nothing else.

Does not slow anything down.. And hey, I'm using windows 7 x64

 

It straight away get quarantined by immunet/norton

 

Calling the firewall one of the worst you have used because you perceive it to be slow may be overly general (not trying to argue with your impression, just want to verify that speed is the complaint). They make a decent firewall. As for keyloggers, many vendors are asked to intentionally ignore some of them. As for missing a virus, I have a hard time forgiving any vendor for that and promptly uninstall any product that does that, even if I reinstall it later. I hate the cop out of saying "they all miss something" because it excuses them from trying. That's not what I am paying them to do. Nobody is perfect, but they should be trying.

 

Did you use the 'automatic' setting where KIS makes it's decision on it's own or was it set to manual ?

KIS set on manual with other settings is one of the best pro-active security suites.

Can you pm/link the keylogger test.

NIS '11 download insight detected it as a trojan.

 

I completely agree with the topic starter. It does slow down your internet speed considerably. Even, AVC confirmed it. That was my biggest complaint from it back in the days.

Performance wise, it's also heavier on the system as compared to other top suites.

And protection isn't the same as it used to be in the past.

 

I think the responsible thing in that case would be to send it to the Kaspersky Virus Lab so they can analyse the file and confirm if it is/isn't malicious. If it is, I am sure they would add it to a future update.

http://support.kaspersky.com/virlab/helpdesk.html

Your logic puzzles me, how do you know they aren't trying?

The security companies business depends on their ability to detect malicious software, so I think it is a certainty that companies who release security software are "trying" their best to detect everything they can.

Saying a missed file is a cop out is akin to saying "if you are not the winner of a race, you did not try to win that race"....

 

I don't think I was effective at expressing what I meant. Missing a file is ok to some point, they all will. But when something is missed blowing it off by saying "Oh well, everybody misses something" is the wrong answer when the vendor should be saying, "We'll take a look at that, send us a sample." If there were more of those kind of efforts made some of us would feel a lot better about the products we use. And I will say there are vendors much worse than Kaspersky about this, so it is not meant to be an attack on them specifically.

 

I used KIS 2011(in precedence I used KIS 2010) and they agree with the tests of av. The firewall is better but it needs to know how to shape it because is effective to 100%. Disarming the interactive module in the settings and to plan only the applications microsoft as reliable. My navigation web is not slow down: excellent the function antibanner. Excellent the defense from the rootkits. In comparison to other antiviruses, excellent the elimination of the viruses.
Personally I conduct some tests with the viruses signalled in this site:

~Link removed. No links to malware are to be posted here.~


,and Kaspersky detection rate it's better compared with that of other antiviruses.

 

I had it on whatever was default (possibly automatic). I will run another test just to see.

This was the keylogger test I used: http://www.zemana.com/anti-keylogger.aspx

 

Haven't seen that. Might be because the browsing speed is greatly limited by my bandwidth though.

With default settings it works quite different to most HIPSes, and doesn't throw popups (because basic users are annoyed by them). In Interactive Mode it's hard to get infected with KIS.

In Automatic Mode only "most likely malicious" (deemed so by heuristics) keyloggers get blocked. Also, keyloggers with a valid digital signature will never get intercepted with default settings.

EDIT: Yeah, that Zemana keylogger test is digitally signed so it's automatically trusted by PDM. I wonder why do they digitally sign their leaktests.. With the whitelists disabled the keylogger is detected.

 

Nevermind, I see Rampastein has already tested it himself He does makea good point though, considering it's a 'test' it shouldn't be signed?

 

You need to uncheck Automatic mode in settings to enable prompts for keyoggers and other stuff (as already mentioned).
Regardless of settings, when it comes to keyloggers, using the Virtual keyboard is recommended because it defeats pretty much every keylogger that I've seen.

About the Firewall slowdown, make sure that you have the latest drivers for your NIC.

 

Well none of the AV vendors can guarantee you 100% protection. You still have to backup your AV/suite with good practises, like only downloading/using software from trusted places, etc. That's just common sense!

Source

If you're serious about keeping malware off your pc then you have to take extra steps yourself ... in conjunction with your AV you may need, OS hardening, Limited Rights account usage, a form of virtualization ... You can no longer rely soley on the traditional AV/suites as your #1 protection, the malware makers are just ahead of the game. Mix your protection strategy, rather than throwing everything into one basket.

You will need all of the protection strategies I named if you're going to go around just willy-nilly using stuff on the internet.

 

It was more of an experiment than anything else.

That said, I believe a decent HIPS program was built, properly configured, in theory, should be able to block close to 99% of malware/virus/trojans from causing undesired harm to your computer. And fairly easily.

I've yet to see a decent HIPS that can do something like, every time you execute a new program:

Press [space] then the letter:
A - full access
B - internet access only
C - internet + disk access
D - internet + restricted disk access
E - internet + sandbox mode
F - sandbox mode w/o internet
F - no internet + no disk access
G - custom

The space is to prevent accidental keypresses, and the letters is to make it 'easy' to assign groups (thus preventing the repetitive 'trust everything' syndrome).

Now assuming a program is a keylogger, if you put it in "F" (or your own custom defined group), it can log all it wants, but it can't hurt you because it can't write to your disk or communicate to a host.

Assuming a program is malware, if it has restricted disk access, the damage it can cause is very limited. Also, most malware do not adapt. If it was designed to write in C:\windows, and it can't write in that directory, it automatically fails.

Yet I've been waiting for a program like this for years. Comodo would be nice, only it, like every HIPS I've seen (maybe except online armor to some extent) makes you jump through hoops to do this. No one is going to spend 10 minutes to configure every new application. 95% of the people are just going to click 'trust everything,' if not immediately, eventually.

 

For it HIPS to work like a TRUE HIPS, you have to disable using the whitelist, which will bring quite some pop ups

 

Pop up galore
I think just disabling automatically trusting signed programs is enough, then you'll stop malware with a fake or stolen certificate. I think disabling the Kaspersky whitelist adds no security, just more user control on legit but possibly unwanted apps for the end user. I have no idea on everything that's on the whitelist. Is it for example as large as Comodo or do they keep a stricter and shorter list? Would generally unwanted apps like Ask toolbar be on it?

 

Kaspersky is a good company. But they blew it with the latest version. They need to really take their time and rethink the entire process of where they are going for the next version. They have the ability to do this and I am sure they will. I really think the next version will be very special.

 

I liked Kaspersky years ago, but I think they have been eclipsed by some of their competitors recently.

 

That's the question!
I wish CIS would limit their whitelist to a COMPACT, REAL, TRUSTED sources.
They are whitelisting every single damn thing on the internet that isn't malware and that's NOT GOOD.

 

The purpose is to cut down on pop-ups. If they reduce the whitelist, the programs becomes un-user friendly.

 

2012 beta will probably start somewhere in March, so stick around and find out.

 

Yeah i know it's to reduce pop ups, but give me an option to delete the list and make one myself (I currently do it manually)

 

They don't whitelist if it isn't malware. They have criteria. I've seen them deny some programs even though they weren't malware.