Kaspersky Antivirus and Internet Security 2011 Final

Discussion in 'other anti-virus software' started by osip, Jun 7, 2010.

Thread Status:
Not open for further replies.
  1. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    What do you mean by "does not work"? It scans for incorrect/malware-related OS settings (disabled task manager, modified explorer/IE settings etc.), based on AVZTools, nothing more. It's not a magic wand which makes everything go away. ;)
     
  2. Matthijs5nl

    Matthijs5nl Guest

    Languy is more of more turning into a **** with absolutely not even a little knowledge about malware. He doesn't pay any special attention to the TDSS rootkit Kaspersky finds and cannot remove (although a special Kaspersky removal tool can). And he blatently doesn't see any relationship between the TDL3 found by Hitman Pro and the TDSS found by Kaspersky. Actually in all his recent video's the pc is infected with the TDSS/TDL3/Alureon rootkit but never pays attention to it.

    Also, why languy dude never uses the Hitman Pro clean/removal capabilities to try and disinfect his system. He uses that Rkill tool which completely sucks, and when Malwarebytes would have worked he would certainly have used its removal. By using Hitman Pro's cleaning he would have got his pc working fine again. After which he could use Kaspersky and Malwarebytes again to search for leftovers.
     
  3. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Actually Kaspersky can clean many (most?) TDSS infections. I see most of Languy's videos as Comodo advertisements made with no knowledge of other products' (KIS' in this case) features. Usually Languy just installs a software and runs a couple of malware samples, answering all possible HIPS prompts correct (which would not be the case with most home users) and without using more advanced features (such as KIS' Interactive Mode and Sandbox), which many users will use.

    He also doesn't seem to care about products' removal capabilities.

    Nevertheless I'm waiting for the next AV-test.org and AV-comparatives' dynamic tests, I don't really care about "youtube tests", no matter who has made them.
     
    Last edited: Jul 23, 2010
  4. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    LanGuy (the one on YouTube) has absolutely no knowledge of malware/antimalware thing or at least he doesn't know what he's doing .
    He just installs a product , grabs a few links from MDL and starts the malware (if it is not blocked by a certain product). Then , he checks the machine with MBAM , Hitman Pro or similar utilities . This is wrong , very wrong and proves nothing . Neither MBAM , nor HitMan detects everything . Additionally , they are not a judge nor a mirror for being perfect. Languy doesn't care what is happening with a file after being executed , he just starts them all . All he does it wrong , very wrong . Mrizos tests were much better compared to Languy's.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I will second this.:thumb:
     
  6. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Thank you :thumb:
     
  7. MisterMooth

    MisterMooth Registered Member

    Joined:
    Nov 23, 2009
    Posts:
    39
    The fact of the matter is that it let the rootkit through in the first place. It should have prevented it but it didn't, so it failed. Simple as that.
     
  8. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    I disagree. I've seen both their videos and they do basically the same thing. Leave default settings and test a few links to see how the product does at prevention. That's all he's doing and has said it. He is aware that he's not thoroughly reviewing all the products capabilities. It's just something he does as a hobby and for people to get an idea of how the product responds to those few malicious links, that's all. He never claims it to be a professional in depth review. Matt does the same thing except he explains things more and has longer videos.
     
  9. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Isn't he a Mod at the Comodo forumso_O?
     
  10. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Have no idea . I have never visited COMODO's forum(s) .
    But , actually , this doesn't matter because the way he reviews is not professional - he doesn't even try to be professional
     
  11. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    This, however, gives the one looking the video a false opinion of the software; If one would use Kaspersky's sandbox and/or Interactive Mode, many malware samples would fail to install. He's simply testing the basic protection, but many security software have much more features which could be used to block the installation of the malware. And many users use them.

    Also, if Languy receives a pop-up from a software's HIPS which can block the rootkit's installation, it passes the test. However normal home users usually just click allow on all prompts.

    I like Kaspersky's approach to HIPS; With KIS the user can decide whether to have HIPS prompts (Interactive Mode) or let KIS decide automatically what to allow and what to block (Automatic Mode). Languy performs these tests in Automatic Mode, while he could run Interactive Mode since he's experienced enough to answer HIPS prompts correctly.

    To me it seems that with these videos Languy is just trying to show that all other security applications than Comodo fail, but he doesn't know at all how to use these other security applications.
     
  12. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    My feeling is most KIS tests I have seen on youtube the user changes the application setting to only run files on the white list which is unfair test. Most other applications are just set up and run on default settings.

    What Languy did was just set up the KIS and use the default settings which is what a lot of users will do. The result was KIS letting through a rootkit.

    I agree that if you run the system under safe run or change a couple of setting then KIS is almost 100% perfect. It is a brilliant product but at default settings it does not appear to be quite so perfect.

    Cheers

    Jlo
     
  13. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    378
    Ok I had not tried the system restore feature of KIS before and the way it was presented on on the video I thought it was something like rollback.

    But anyway KIS should improve its PDM module and application filtering as it failed to keep the PC safe with its default settings.

    Of course KIS will do well in professional tests so KIS users need not worry too much.
     
    Last edited: Jul 23, 2010
  14. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Letting one or a few samples through? Something pretty much EVERY AV does - so, what's the significance of this?
    IMO, considering the number of malware in the wild, no significance what-so-ever, so there's no point blasting about one or a few sample getting through.

    (BTW, I have not watched the Youtube videos and don't bother doing so - as they're usually a waist of time IMO).


    Seems like this thread is heading to the cliché downhill Wilders fanboy/hater threads list since the first quote :cautious:
     
  15. MisterMooth

    MisterMooth Registered Member

    Joined:
    Nov 23, 2009
    Posts:
    39
    Because its HIPS should not have let it through. The whole point of Kaspersky's HIPS module is to limit unknown applications from having full reign on your system.
     
  16. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    And how is a security application supposed to effectively differentiate between unknown good programs and unknown bad programs via its own decision making system? Automatic mode is meant to be as least intrusive as possible, not to annoy the user in his daily work by braking unknown but legitimate applications. Based on the above, its expected it lets certain malware pass.
     
  17. chris1341

    chris1341 Guest

    How do we know it didn't? I don't recall languy checking Application Control. The presence of the malware exe or subsequent dropped files means a missing sig but does not mean KIS was not controlling the applications. He spent about 20 seconds looking at the settings so probably could not have found it anyway.

    Certainly seems from the behaviour of the guys VM it was badly infected but because the test was so half-assed we will never know what the core issues were. Did all the missed samples infect or only one, who knows. Was the malware controlled but HIPS auto selection placed the malware into a low level control group (eg low restricted) or did it sail straight through KIS HIPS, again who knows. Not very helpful at all.

    As has been said default settings are for those who would not know what to do with a HIPS prompt. If you can't handle HIPS prompts of course your zero day protection is reduced. Regardless of how good you heuristics are (and KL's is very good) you can't detect them all. Simply selecting move unknown automatically to low restricted with all set to 'ask' would have blocked all of these. Move unknown to untrusted would have blitzed them. Why is that not the default? Well because ordinary Joe does not want it, simple.

    So what have we learned from this. Mass marketed security products default settings are too low to catch new threats? KIS with some tweaking catches most?

    No s*&t, Sherlock!
     
  18. flik

    flik Registered Member

    Joined:
    May 21, 2006
    Posts:
    49
    Could someone explain why scan takes so long:
     

    Attached Files:

    • scan.png
      scan.png
      File size:
      28.7 KB
      Views:
      645
  19. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Don't know, for me it usually takes about 3-4 hours to scan 150 GB (quite slow though, but not a problem considering a full scan is needed just to make the iSwift/iChecker data).
     
  20. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Good post :thumb:
     
  21. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812

    Kaspersky has always been slow . Initial update process is slow and initial scan is "fast". Here's a funny story
    Users (clients I have visited just once) running recent versions of Kaspersky who got mad - really mad . The situation was sb recommended them Kaspersky as the very best and told them to update the program and run a scan . So they did. And the fun starts here - they were scared to turn off the computer because of the Kaspersky scan . They haven't done anything with the computer because the initial Kaspersky scan took 4 days . The first night especially he and his girlfriend didn't even go to sleep just to look after Kaspersky's program :D At first I was shocked , then it was all fun for me but I think that there are many end users who might do the same because they simply didn't know what to do.
     
  22. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    It's time to ditch it when such happen. Too many good applications to put up with flaky AVs. Similar things caused me to ditch it after probably 5 years.
    Jerry
     
  23. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    I'm kind of torn regarding KAV. I want to run the AV because there's a lot to like, but the list of incompatible apps contains so many firewalls that I was a little stunned when I found it. The funny thing is that Jetico 2 is not on the list, but I have found a definite conflict. I'm still toying with changing my firewall setup, but my second contender, Look 'n' Stop is on the list. I'm still testing and hope to find a combination that suites me.

    I wonder if there's a deliberate marketing strategy to break everyone's firewall so that users will be more apt to just use KIS instead of KAV. :p

    Other than that, I found both KAV2010 and KAV2011 to be excellent AVs in the weeks I ran them before stumbling into the firewall incompatibilities.
     
  24. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Does anyone know what information is sent to Kaspersky backend servers from my machine. I'd like to get a complete list. Just the thought of certain sensitive information going to some random location in Russia with no real privacy laws gives me the jeebies.
     
  25. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Yeah he is the global Mod of comodo forums:)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.