In your opinion is KIS 2009 a good product?

Hello

After been a NOD32 AV user for several years I got tired that it kept missing on some nasties. I bought it because it was light and it supposed to have good heuristics, but it was missing things, specially trojans.

Kaspersky had a very good reputation when I was shopping for my new security package last year and after trying KIS2009 I liked the HIPS component and the firewall was friendly. Additionally it provided many anti-spam and other features I liked like its firewall.

Now it has passed a year and I have started to read again the posts here on Wilders. I was really enthusiastic about Sandboxie and almost bought it until I read that Vista64 was not suported.

I have found some posts here where it says that KIS2009 misses keyloggers. That is a horrible fail IMO if it is true. I have seen that on Vista64 is not possible to activate the "Operating System kernel modification" under Proactive Defence. The system becomes unstable with this on. In their forums they say that I was not missing much but I did not like this answer.

I surf a lot but are careful with the things I download, but sometimes there are some downloaded applications that I like to be tested by the best scanner for viruses, trojans, malware and other nasties.

I have been looking at Prevx but I still see that people combines it with an AV program. I have not yet fully understand the Prevx concept to see if it can be what I need plus a good AV.

Can someone with experience with KIS2009 could confirm that it is not effective against keyloggers (Vista64)?.

What is your opinion about Kaspersky Internet Security 2009 in general? Can you recommend me a better approach to my security?

Thanks a lot for your comments.

 

Hi,
I can't comment on the keyloggers aspect as I have never played with them. However, its easily the lightest suite on my main set up ( vista 64 ) and have found it lighter than NOD. I have all the heuristic settings maxed out and it runs like a dream. I managed to get a good deal on a 3 computer licence and am considering putting it on the other 2 computers too.
Don't get me wrong, NOD is still really good and I still hold a valid licence, but for my own personal use/needs I find KIS the best. Try it and see on your own machine.

 

Kaspersky is very good product i had used it for a while.
Its very light on Resources just takes around ~15-20 MB of memory the scanning speed is also fast and their new version KIS 2010 is in beta testing and have improved many features.
And regarding keyloggers it detects many of them.
I would suggest you to buy Kaspersky
or try their Beta Product(v2010) if you want license for free.
All The Best

 

KIS 2009 is a very good security suite, KIS 2010 will be released in a few days,
which will have improved hips, firewall. It will have improved keylogger detection along with a sandbox also. So it is very good security suite. Prevx is a behaviour based technology and it will be very well complement KIS but it requires u to be online.

 

What you want to know about it? Kaspersky Labs is releasing a superb product in form of KIS 2010.

check out the beta version of KIS 2010 latest build 446 to know yourself
link.
http://devbuilds.kaspersky-labs.com/devbuilds/9.0.0.446/kis2010.0.0.446en.exe

 

Not really...

It is rather similar to sandboxie (or any other sandbox). It redirects filesystem and registry operations of sandboxed applications (which you can choose), denies communication and tampering with non-sandboxed processes etc. etc. It's not as configurable as sandboxie, but it does its job well. All tasks, Real-time protection (OAS), PDM, HIPS, WebAV etc. still work for apps which are sandboxed, as an indicator of their (potentially malicious) behavior. So if some application which is unknown tries to create a startup entry (of course, not on the real system registry but a redirected one) the HIPS will warn you.
And just a warning, 2010 is still not a released product, don't try it on production machines...

 

Yes, it's native/marketing name is "Safe try" which explains the purpose well. You can right-click any executable and select "Run in safe mode", like sandboxie. And this is still unconfirmed, but the release version could have a sandbox for Vista64 (things can change ). It will be limited somewhat tho.

 

Probably Dunno if ZA sandbox is released/incorporated in their Security Suite.

Here's what I meant:

 

You got wrong, may I say, Kaspersky have HIPS and sandbox, difference is when you try app in sandbox, HIPS will react like app working on real machine, so even above startup reg key change is in sandbox (not actually happens), HIPS will tell you its real intetions like it works in real machine, look closer in picture

 

Sounds interesting that KIS 2010 has Sandbox

 

That and the fact that any dropped files/etc made by the sandboxed application are also contained in the sandbox....so those people so inclined to run strange/unknown executable files (keygens, email attachments) can escape serious damage as the infection will not be resident on the computer once the "safe try" application is terminated.

 

hmmm... I doubt you created copy of protected registry entries in Comodo for sandboxie registry entries, for instance
HKEY_USERS\Sandbox_*_DefaultBox\*
even if you do, Comodo will see changes made by sandboxie not by real sandboxed app... I guess

 

It's not as configurable as Sandboxie, but you have options to force applications to run in Vurtual mode from wherever you star it from, crating a shortcut to it (Sandboxed IE for ex.), setting up a "Clean up after application exit".
There are, however, some hidden options not visible by default which have a bit more options regarding sandbox

 

ok, then
cheers
I am too weak in english to proceed with this conversation, sorry

edit: ok, I will try...
here are hidden settings for sandbox (see pic.)


and there is whole set of HIPS rules for sandboxed application...
when you analyze potential malicious application you should do that in sandbox if you want to not infect main machine, because you will click many times on allow button, to see whats happen next, if you have exact same response from HIPS like on real machine while you in a sandbox, analysis is almost perfect, new KIS can do that, sandboxie have too cryptic log and 3rd party HIPS do not have exact mimic response while app is sandboxed...

 

This looks very interesting...any idea when it will be released?

Previous discussions on Wilders indicated that KIS 2009 HIPS had limited functionality with Vista. Do you know if that is still the case with the version now in beta? Also, is there any way to make anything downloaded from a web facing app default to untrusted and require the user to change it to trusted manually? This would be more the way DefenseWall operates.

 

The date is unknown, but it isn't far away.

Vista64 users reported better proactive protection (HIPS & PDM) compared to KIS 2009, although there are still some limitations from what I can gather (not a Vista user, sorry)

The operating ideology is different to DW, everything unknown won't be trusted. Making something untrusted in HIPS will deny everything, even application startup. Web browsers are trusted if their integrity is intact. When they download something (malicious payload from an exploit) it will be scanned by Traffic monitoring components (WebAV, or an appropriate component for a specific application- Instant messenger, E-mail etc.), if nothing is detected by WebAV (via sigs or Heuristics), the (unknown) executable is treated as an unknown application and treated accordingly based on a threat rating (it will never end up as trusted). There are some more configuration options in the HIPS settings, compared to v2009 as well.

 

Thanks 3x0gR13N! I'll head over to the beta forum and read up on it...maybe give it a whirl.

 

Thanks you for the info about the sandbox component on KIS2010 beta. If it works in Vista64 and has the same or better level of security than sandboxie for running nasties in a controlled environment, it will be the killer application for me!

Thorz --> entering standby mode to see if Kaspersky can produce what has been impossible until now!

 

Don't be (negatively) surprised if the final product doesn't support Vista64. In the beginning of beta-testing it has been said that there will be no Vista64 support, but it was added at a later stage. The application itself warns you of potential incompatibilities and crashes when running applications in the sandbox.
We'll just have to see...

 

Oh bummer... darn! Is it not going to be possible for any developer to come with a descent implementation of a sandbox in Vista64 - W7-64?

I don''t know if I am more disappointed in Microsoft for coming with the flawed idea of patchguard that can be bypassed illegally by malware authors, making the life impossible just for the security developers, or in the developers themselves that have not yet figured out how to legally circumvent this darn MS limitation

 

Don't take the sentence out of context We're talking 'bout 64bit OSes and (in)compatibility with them, not some applications.
This is the warning you'll get when running IE on 64bit Vista:

Officially only 32bit OSes are supported, Safe run/Sandbox may or may not work with 64bit so there's no guarantee that it'll work well.

 

I just installed KIS 2010. How do you get to the hidden sandbox settings and HIPS rules for sandboxed apps?

 

I am also a Nod32 user & tried both KIS 2009 & KAV 2009. I found both KIS & KAV to slow the computer to an unacceptable level & in fact my wife asked me to remove it from her computer. KIS in my opinion is only of slight use for the parental control options, otherwise KAV is the better option if you must use Kaspersky. You will get good protection, but at the expense of a slower pc. I however dislike the Kaspersky upgrade popups & reboots.

Despite trying to replace Nod32, I still use the product & also have added Prevx3 as a 2nd level defence. After using Prevx for sometime both on my own & customer computers, I now believe Prevx to be an excellent product.

In conclusion, I'd suggest Nod32 AV + Prevx3. In addition consider MBAM as an occasional scanner.

 

Check out v2010, its lot faster and even takes lesser memory compared to v2009