detection rate of kaspersky

Discussion in 'other anti-virus software' started by steve1955, Sep 26, 2009.

Thread Status:
Not open for further replies.
  1. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I don't normally pay much attention to AV test results but the latest from AV comparatives has caused me a little concern because the results for Kaspersky were a fair bit lower than is the norm for them and was wondering about a few things
    1) Is detection rate for 2009 same as for 2010?
    2)Is this just a "glitch" in Kaspersky's normally excellent performance
    3)More worrying:-could this be related to the "hacking" Of Kaspersky earlier in the year,where hackers made claims about the info taken regarding Kaspersky engine(which kaspersky seemed to deny)and if this info was stolen has it fallen into the hands of malware writers who can now write malware which is specifically targeted to be able to by-pass kaspersky products
     
  2. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    There is no way to know.

    KIS 2010 has some things 2009 didn't have, like a 'sandbox' and probably a few other things as well that were not measured in av-comparatives' test.
    Of course, you could ask Kaspersky but don't expect a meaningful answer.

    3) Unlikely. If cybercriminals have obtained some of Kaspersky's source code it will take some time for them to fully take advantage of that. But it's a valid concern for the future. Also, cybercriminals ('hackers') use several antivirus products to test their malware in order to avoid detection. Kaspersky is popular.
     
  3. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    1. Yes - although I'm not sure if KSN and Kaspersky's UrgentDetectionSystem works in v2009 though.

    2. Dont know, nobody else knows either - I've recognised Kaspersky blocking more malware sites, (and of course, with its additional protection components such as its HIPS, PDM and Sandbox), it may be aiming to have all-round protection with the additional features rather than only working to add signatures.
    As for an example of Kaspersky blocking malware sites, if you've got a website spewing out thousands of downloaders and you dont block the downloader, instead block the website and/or IP address they are downloading from, your detection rate is thousands less (on an on-demand test), but upon execution, you're preventing all the downloaders from doing anything, rendering them useless.
    And of course, if you use the sandbox, nothing will happen anyway.
    Of course, I dont have a clue about what Kaspersky is really doing or planning. Also, I, or any users here say cannot truthfully comment on this without using massive assumptions or lieing and pretending to know.

    3. Dont have a clue and have no substantial evidence of this - any comments on it are simply speculation :)
     
    Last edited: Sep 26, 2009
  4. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Graphic Detection 2004 and 2009



    best regards
     

    Attached Files:

  5. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    It doesn't really matter which addittional features are employed,if things aren't being detected they are not being detected so all the features aren't doing what they should
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    But surely pro-active protection such as sandboxing makes detection irrelevant to some degree.
     
  7. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    The detection rate is showing nothing about any feature, apart from the the on-demand scanner.

    Other features are doing what they should, Web-AV's blacklists are blocking connections to websites/IP addresses (be it via a web-browser or a downloader), sandbox is preventing any changes made within the sandbox influencing the computer outside the sandbox, AppFilter is filtering applications according to the rules or asking what you want to do with it, PDM doing what the PDM does, none of which an on-demand test looks at or utilizes. That's the difference between the real world and an on-demand test.

    I'm not saying they're going to intercept every single piece of malware, just saying, if you account for the above in the real world, its not all about simply the detection rate of an on-demand scan and in the real-world, you're protected from more than the 95% of malware detected in the test.
     
    Last edited: Sep 26, 2009
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    How does Kaspersky's sandbox work? If it works how would malware get to the system unless the user made an effort to load it?

    Regards,
    Jerry
     
  9. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Like Sandboxie, anything executed within it can not influence anything outside the sandbox.

    Malware can get in if the user does not use the sandbox via any of the normal methods, such as browsing the internet etc.
    Simply getting Kaspersky to always run the web-browser sandboxed will do the job of making it easier to run sandboxed and preventing additional clicks.
     
  10. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    its in a virtual environment,but don't forget everything on your PC is!to assume nothing executed within it cannot affect other parts of your system is being a bit naive:-it won't be long before this defence and any like it is bypassed
     
  11. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    I am also a bit concerned with this. Although KIS has many features to boost the protection, this is not an excuse to have a lower detection rate for the AV. Security suites like NIS have SONAR etc but they also have a good detection rate for the AV component. Besides many claim that KIS HIPS is easily bypassed with its default settings.
     
  12. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    I'm not being naieve and didn't say you will be always be 100% protected.

    Read the bottom of my post #7 again.
     
  13. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Yes, I'm not saying it is a good excuse, but just replying to the first post of the thread about the "concern" of the low detection rates in the on-demand scan.

    All I'm simply saying is that, in the real-world, more than 95% of the malware in the test-set will be blocked, or if you choose to utilise the additional security features, even more.
     
  14. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    Yes I agree with you, but for them to perform better next time, they must first realise that there is something wrong somewhere. I wonder whether AV Comparatives will do any Dynamic test this year, then we would be able to have a better picture of the real detection capabilities of KIS.
     
    Last edited: Sep 26, 2009
  15. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Of course, yes, there is room for improvement and it wasn't the best of results they achieved as we all know, some things may change internally, but we cant really comment on that as we dont know.

    AVC mentioned dynamic tests in the On-Demand report, no mention of date though, only "soon" (or something along those lines).
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    I would expect detection rates to be similar if not the same. The AV-C on-demand test is testing against signature bases which should be the same whichever version is used; the retrospective test using proactive technologies against the same sample set will be interesting to see when it's released in December.
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    doesn't the heuristcs play a part in on demand results?does 2009 and 2010 use the same engine for this part of detection
     
  18. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks, dawgg.
    I don't have KIS on my computer now, but I don't recall anything about a sandbox when I was running it (2010). I used the default settings.
    Does the sandbox run by default?

    I have to admit to some disappointment in Kaspersky's performance. I realize that it would give protection, but everything else being equal I opt for a better detection rate. There seems to be no test that really indicated the degree of prevention of malware of the various AV's.
    Thanks.

    Regards,
    Jerry
     
  19. TrojanHunter

    TrojanHunter Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    151
    Location:
    United Kingdom
    The aim is to stop a PC from being infected in the first place, which Kaspersky can do very well. Kaspersky Internet securitys application control, SandBox, Proactive defence amongst some other things are great features.

    Don't write Kaspersky off because of an ondemand test. Prevention is much better than cure.
     
  20. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I'm also concerned about the steepness of the decline. I don't remember Kaspersky ever being this low. The HIPS also should be more intelligent instead of assigning so many "low restricteds." That said, Kaspersky in my testing experience has stopped new malware more than some other big names.
     
  21. TrojanHunter

    TrojanHunter Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    151
    Location:
    United Kingdom
    It doesn't run by default, but it can be accessed through 'My security zone' within Kaspersky. It would be good if Kaspersky could place a saferun web browser shortcut by default, like Sandboxie.
     
  22. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    No, the user needs to click it to use it the first time, and only after realising it exists can/would the user create shortcuts for it or make Kaspersky always run the program sandboxed (see screenshot).
    sr.PNG
    (Also looks like there's some confusion in its name - SafeRun, Sandbox or "safe mode"?)!

    I can understand people have different wants and needs from products, nobody's the same - if we all were, it'll be a pretty boring world.

    Edit: sorry about the huge screenshot!
     
  23. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    #4:

    I presume that graph came from av-comparatives.

    The steady decline of Kaspersky from 100 % to much less is definitely not good.

    Of course, one could wonder what malware av-comparatives detected in the early years. If that was just viruses and trojans it would explain a lot.
     
  24. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks dawgg, and TrojanHunter.

    If you are using it, does the sandbox slow the browsing or system? Thanks.
    Maybe I removed it too soon.

    Regards,
    Jerry
     
  25. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,052
    well,i think a 94% detection rate should hold you good in 99.99% cases......if you are a safe camper then it shouldn't matter much.....
    also "prevention is better than cure..."
     
Loading...
Thread Status:
Not open for further replies.