Kasperky antivirus still agressive ?

I'll soon need a new firewall and a new antivirus.

I was thinking about Zonealarm, but it seems they use Kaspersky's antivirus engine.

A few years ago I tried Kaspersky, but I found it to be too agressive.

How is it these days ? Agressive=many false positives, having a destructive effect on things on your computer, asking difficult questions like 'process X is trying to inject code in .dll file Y, do you want to block it ?'

If configuring the program means making a strong antivirus a weak antivirus, then it defeats the point.

I also have Counterspy, and currently McAfee. Counterspy AND McAfee both had to be manually configured to get them to work together, and Counterspy is at least partly working on kernel level. Would it go with Kaspersky's ?

(I don't have any fancy imaging or virtualization software, this is a 4 year old computer that has its limitations, and testing all sorts of security software by trial and error would trash my system. I have decided not to buy any new hardware till it's time for a new computer.)

 

I think you'll find v8 (2009) very unobtrusive and light. A lot of features and optimizations were implemented, and what's most important in your case, a huge whitelisting of applications was done for v8 (Bit9 DB, Digital signatures) which greatly reduces the popups requiring user input... especially if it's set in automatic mode (decisions taken automatically based upon application risk index (via emulation) and other algorithms)- you won't even know it's there

If you wish, you can wait until it's officially released (still at TR ATM), just to avoid the risk of bumping in some bugs.

A small side note: all those "False positives" most likely came from the PDM component, which was designed to be obtrusive/for advanced users in v7 and thus they can't be called FPs- that's how it works.

 

Hi Fly, reading this will help you a bit on your questions about KAV/KIS.

 

i got tired of KAV already....too much for my notebook....i have mobile broadband, seems i get a new IP with every log-on, so i just scan with SAS from time to time...never find anything though.....

 

I wonder which version is in Zonealarm ?

 

I'm pretty sure it's version 6


Cheers

 

very true!

 

I use version 7 and if you turn on the advanced options it does tend to be a bit aggressive with fp's. Now i just enable the basic settings and it seems to behave itself most of the time.

 

I can't remember the last false+ve I had with Kav and that's with V7 set to its highest setting in every module,but I don't have application integrity control running:-too many pop-ups,drove my wife mental if I wasn't there to ask what she should do!(not false +ves though!):-I personally prefer an "aggresive" av over a "laid back" one anytime!

 

If you're not accustom to advanced settings, don't enable them; simple.
Yes, its not using Kaspersky to its full potential, but disabling ProactiveDefense will simply mean Kaspersky's protection level will be equivalent to most other AVs, so it does not defeat the point; it will still be as good as other products.

You can still use Kaspersky's ProactiveDefense by creating rules/exclusions and trusting applications if you want and the popups will rapidly decrease after a few days.


As for "process X is trying to inject a code in .dll".... yes thats ApplicationIntegrityControl... thats very complicated and is very intrusive and is only for advanced/pro users, which is why it is not enabled by default and only enabled by user-interaction. Once again, if it is beyond one's capability of using; dont use it. I've never used it though; too advanced for me. Other ProactiveDefense feature's I have used with no problems.


Kaspersky v8 is far less intrusive than v6/7 because of its new HIPS and whitelisting, but it will still give a few popups regarding unknown/other software which have not been whitelisted or blacklisted. Install it in Basic mode if you still cant handle them or don't like them (and let Kaspersky take the recommended action), but believe me, the number of popups have reduced dramatically, even in advanced mode.

 

They're not FPs; they're behavior alerts... simply alerts about behavior which is similar to that of a malicious object.
It does not say the object is malicious and should be deleted; hence, are not FPs

 

KIS 8.0 still seems to be on the aggressive side, at least in terms of its heuristic engine, and generated MANY false positives on my PC, which turned out to be all innocuous MS Office updates. I sent the zipped files to Kaspersky Labs and got a confirmation that KIS had detected only false positives...well, in addition to "detecting" them, KIS also made all my MS Office programs unusable...I still have a valid subscription with KIS for another 10 months, but switched back to good ol' NOD32 and Comodo Defense +, as they, at least, do not devastate my entire "Windows Installer" folder, while KIS interpreted every second file in there as a "Heur.Trojan.Generic"...

 

there was a bug with the heristics didnt you read the long kaspersky TR has been released thread? it was reported that there was a temporary issue with the heristics at the time.
it was fixed soon after.

 

Kis8(kis 2009)hasn't been released yet,still in beta/pre release testing:-as with any product at this stage you should really expect a glitch or two,if you were sensible you would not have installed a beta product on a PC which had info on it which you needed,hardly the fault of Kis that you didn't follow usual "beta testing guidlines":-down to user error that one!

 

Hi,

for me it seems that KIS 2009 Beta is faster and much more compatible with my system than KIS 7 ever was.

But KAV 2009 Beta is about the same incompatible with my system like KAV 7.
Like always I have to install KAV 2009 Beta first and then Online Armor and even so it doesn't work.
This constantly growing incompatibility of KAV with other security software is a real disappointment.

I have a license and would like to use KAV, but because I like a smooth system more than KAV I use currently Avira 8 with OA instead.

Cheers

 

I got fed up with its heuristic fp's so i simply disabled it. For my particular needs signature detection is enough.

 

I don't know but i have a feeling that Kaspersky are not as agressive as it was once at the time.
I do remember for some month's or years ago everybody speaked about Kaspersky and how the protection was excellent, but those last few weeks have not heard.
I dont know if Kaspersky will ever be that strong as it used to be before, and that's to bad because i really like Kaspersky.

 

I've always used KIS from 2-3 years and I only had 1 single false positive. It was a sccfg.sys leftover from folder lock that KIS rated as suspicious, (as many other security software did). I have never experienced "aggressiveness" with Kaspersky. Of course, I mean in stable products, because I haven't used betas and TRs a lot.

 

You're probably referring to the Application Integrity Control feature in KIS v6/7 which does fire off more alerts than most other components. I personally left this feature turned off - it is off by default anyway. It does no harm doing this as one is still well protected.

 

In the v7 line of products, I never used the heuristics feature as I felt the PDM module was strong enough as had been shown in tests done by av-comparatives in June 2006.

Since using KIS 2009, I have been running heuristics at the medium setting and have not yet had a single alert from its engine.

 

I've seen 2 today a hour ago (and can confirm they are malicious )... just waiting for the viruslab to add it to detections now.

Haven't had a heuristic FPs yet with v2009.