Kaspersky 7 still has major issues

ALL AV's have some minor issues.

I have not seen any chkdsk problems with KAV 6/7 but I stiill think it would be a good idea for Kaspersky to offer a removal tool for the NTFS identifiers.

And interestingly, Don has stated that KAV 8 will not use iSwift technology.

 

no, it *might* not have it enabled by default

 

Just reporting from a post at DSLReports; don't shoot the messenger;

Although I agree that no one knows what may or may not be in KAV 8. But it is interesting that they may be moving away from iSwift.

 

They should develop another method of keep track of already scanned files. NOD, F-Prot and Panda have caching methods as well, but their methods don't ruffle as many feathers as KAV's seems to.

 

yes, but you have to admit that none of those make a scan so fast as kav's (you can do a manual scan even in under a minute)

 

Only because those 3 only use caching for their on access scanners and not their on demand scanners. It is easy to do a scan in less than a minute when you only scan a limited number of files.

 

Who cares how fast you can do a manual scan? I never did one. If I ever had to do one, I would do it while I slept and it wouldn't matter how long it took. I simply am angry that the file scanner uses that crap ISwift junk even though I thought I was telling it not to. KAV 4.5 was extremely fast and there was NO reason for Kaspersky to come up with ADS tagging or ISwift. There was no need. If you have a computer that is old, slow, or new, but with insufficent RAM, or CPU power then you should just stay away from KAV. Instead KAV decided to punish those of us with fast computers, and sufficient RAM, by forcing ADS tagging and then ISwift real time NTFS Indentifiers on our files. Really nice of them. All just so folks with old computers and computers that are newer, but that skimp on the essentials could use their AV. It is all in the name of greed. That will be downfall of a company every time.

 

Thanks Mele, that was where i was going with my next point. A fast manual scan just doesn't seem all that important to me. Not sure I agree with you that greed was a motivator, but I suppose it always is. I thought it was to counterbalance their slow scanner and make KAV not so "heavy", but then that translates into selling more so I guess greed could come into the picture, but I think they just wanted to improve the performance of their product. Removing unpacking support was not the right idea as that was one of things they were known for, so they developed a way to "lighten" the load and keep their great unpacking ability.

The deceptive way they introduced and implemented the technology was what I was refering to as "ruffling feathers".

 

I just wanted to chime in here as a KIS6 user who has just read the related DSLReports thread and several posts here at Wilders. As an aside, I must say that I'm not impressed by posts that deride the concerns of some users who apparently have put a lot of thought and research into expressing themselves and their frustrations. If a user customer has a problem, then it is a problem for the vendor, period. If a vendor and many other users disagree about the severity of the problem, it seems to me a little beside the point - the perceptions of the disgruntled customers are still important.

But back to the issue and my question: It seems to be that some folks acknowledge that chkdisk is affected but are not concerned enough to change their opinion of KAV/KIS or deter them from using it. On the other hand, there are some who say that the chkdsk issue (a slowdown for the most part) is permanent, and may have some long term consequences that haven't yet appeared. This is my biggest concern. I value the chkdsk utility and to my knowledge there isn't a replacement (SpinRite?)

What are your thoughts on this? Might a seemingly minor slowdown (in my case a 20 or 30 second delay in the Stage 2 chkdsk operation) prove at some time in the future to be a royal pain in the neck?

I can revert to an old image and undo the metadata changes that iSwift introduced. Wouldn't this be a case of "better safe than sorry"?

 

4.5 was never to be considered fast, that is simply your memory playing tricks on you, it was very slow and definitely in the slowest bunch of scanners.............it was however also very thorough though.

I, like you two couldn't care less about the scantime, i do a scan when i'm not using the pc (& not very often).............but most users are interested in this, thats why it was developed, because it was a request many users had.

Optigrab:

I have used 6.0 for two years now with experience from 100 builds from the very first prototype and now build 7.0.0.125, i have never seen anything beyond a delay to the start of Stage 2 of chkdsk in those two years with regards to your "some time in the future to be a royal pain in the neck?" question.

 

I hope I am not one the people you refer to as deriding concerns of others, I don't wish to minimize anyone's opinion or experiences.


The problem COULD get worse over time, it may not however. I can not comment on how Kaspersky is using Iswift now, I only trialed KAV5 with it's ADS streams which basically made an image of each file which essentially doubled the space you used on your hdd, and I had the defrag and chkdsk issues.

As for the back up question, it would depend on what type of back up was done. If it was an image and the image is restored, then yes, all data on the hdd would be replaced by the image and the hdd would be exactly the same as it was at the time the image was made. If you used a file copy type back up, it would depend on what options you used during the restore. Some programs allow you to replace files that are backed up and yet leave any new files that are there now but were not when the back up was made. That option would obviously leave some remnants that COULD cause problems.

I am also aware of others like DonPelotas that have not had these problems using KAV and swear by it. Only time will tell.

 

Although not a "deal breaker" for me, I do especially like the short scan times of Kaspersky. I do not leave my computers on at night, but an hour scan time in the daytime would not be a problem.
I sometimes do something, such as changing an application, that makes me want to check my system. With Kaspersky it takes only a few minutes.

Just to check, I ran a chkdsk yesterday, and as always did not experience any problem. I won't argue whether someone else has problems, but on two machines with both V6 and V7 I have not had any problem.

Regards,
Jerry

 

I do not agree that once malware is on the machine it's free to do everything. But.... what's the probability to be hit while protected by KIS7 ?

Latest av-comparatives on demand indicate a 97.89% detection. In numbers we have 487.103 samples detected from a total of 497.608.
10.505 undetected.
The new heuristic engine will have the chance to detect 35% of those = 3.676 detected.
6.829 undetected.
Next in action will be PDM with a score of 99% = 6.760 detected. Unfortunately you will have to answer to block that. ( a white list is under development ).
69 samples remaining totally undetected ...from 497.608.
That means an overall 99.99% detection.
With a little luck KIS firewall will block those undetected samples attempt to connect with outside world.......again with user's interaction....
All this sounds like a good protection to me.

P.S. This is only a game with numbers.......

 

Neither do i particularly...........do you mean my comment about 4.5 being very slow as opposed to Mele's view that it was extremely fast?

 

First of all, let me say I don't have KAV installed on my machine at this time, so I don't think I'm biased in any way.

That being said, what it the big deal if chkdsk takes an extra 20-30 seconds to start Stage 2? Does this guy StraitShoot, who started this whole thing at dslreports, and others that are complaining about this lag, run chkdsk every day, and then sit there and watch it? I think I've run chkdsk twice, once before ever installing any Kaspersky product, and once after. To me both times were long and boring processes. I just left and did something else while chkdsk was running.

Now about NTFS Identifiers. I know next to nothing about this, and never really heard about them until this this subject appeared. What problems do they cause? Are they some kind of security risk? I'm asking because I don't know.

 

Optigrab,

There's unfortunately been a lot more noise than light in that thread.

In very few cases there may be a real issue. I put a clear qualifier on that since objective data on the situation is scarce. I, like a few others, experience a minor delay. It's not bothersome, nor worrisome, and during that period the system is neither standing still nor obviously dealing with a problem - it is crunching away with progressive disk activity.

If you look at the File ID Object identifer structure (see here):

Code:

typedef struct _FILE_OBJECTID_BUFFER {
  BYTE ObjectId[16];
  union {
    struct {
      BYTE BirthVolumeId[16];
      BYTE BirthObjectId[16];
      BYTE DomainId[16];
    };
    BYTE ExtendedInfo[48];
  };
} FILE_OBJECTID_BUFFER, 
 *PFILE_OBJECTID_BUFFER;

one can see where some issues could emerge. The ExtendedInfo identifer should be the one that is used. Given that size associated with that optional identifier compared to the basic ones, I can see an impact in the time to process those entries, particularly if a basic assumption is that their usage is sparse. I don't know if that's the case, but it seems to be a fairly reasonable assumption to me given the context. As a corollary, there should be some rough scaling relation between file count and impact. It might not be linear, it may be strongly nonlinear, but it should be there although one has to recognize that additional factors (say fragmentation, machine speed, working set size relative to RAM, etc.) could be involved as either a secondary or possibly a dominant influence.

Since the issue persists after removal of KAV/KIS, it is unlikely a direct conflict problem, but more of a structural result.

For the most part, readily provided detail information that could help users develop a realistic view of whether this was or was not a real problem is missing. From the quantitative information posted, the delay may be a couple of minutes on a partition with 75,000-100,000 files or so. No details on CPU/RAM provided, although I fall in that range and have a 2.8 GHz P4 with 1 GB of RAM. This is not a bump in processing time to be concerned about.

Will this prove to be a pain in the future? Who knows.... That question would be moot is these entries could be removed by a vendor provided tool.

Of course, but you should have that image on hand anyway, right?

Blue

 

No, not my memory playing tricks on me. On MY machine, I experienced no slowdown with 4.5. I don't recall if I did a full scan with it. Maybe, maybe not. I was referring more to no perceptible slow down from using it...i.e. the real time monitor set to scan ALL files was fast. I had posts here, dslr, and, I think, in the old ICE KAV forum about how fast 4.5 was for me. I couldn't understand how so many said it was slow. That is what I was referring to when I said that IMO Kaspersky had no need to mess with the file scanner and add first the ADS tags and then the NTFS identifiers.

 

No, we don't run chkdsk every day! If any of you would do a search here for my posts on this subject long before Straightshoot started the dslr thread, and/or if you were to take the time to go and read the 19 page thread at Kaspersky forums, you would see that I am not a rabid dog frothing at the mouth about this issue. I read Frode's thread at the Kaspersky forum shortly after he started it...gee, a thread titled "KAV causing Chkdsk errors" would certainly get one's attention. I wondered if I had a problem. I had only had KAV for two months and had installed it on a machine that was only FOUR MONTHS OLD. I had run chkdsk on the new machine a few times and it completed with no delays. I had run it shortly before installing KAV6 also. So, after reading the thread, I was concerned.

I ran chkdsk and no problems. This was two months after I installed KAV6. Read post #126 in the KAV thread. I wasn't particularly worried after running chkdsk and was convinced that I had nothing to worry about in the future either because I never did a full scan and never enabled ISwift and ICheck. Frode said this in reply to my post:

"For those with this issue, it likely won't matter. It will only take longer for the issue to arise (scans will still happen when you access your files, so it'll build up gradually instead). KAV supposedly no longer stores anything in ADS, but it apparently does do something else permanent to the filesystem still. Why or what I can't even begin to guess at."

How prophetic. How I wish now that I had removed KAV as soon as I read his reply. But I really liked KAV and I still TRUSTED Kaspersky fool that I was (especially after being burned by the ADS mess). I didn't know then, of course, that Kaspersky had lied to us when they let us believe that disabling ISwift in the GUI totally disabled the use of that technology. I thought maybe Frode just had a unique problem. So, I continued using KAV6 for two more months.

Then in October 2006, in post #171, I said this:

"Where are we on getting some sort of comment from the developers on this problem? I don't want to be a FUD spreader but I too now have a chkdisk problem which is very much like what Frode reported in his first post. Chkdisk was fine when I made my earlier post in this thread. At that time I had KAV 2006 installed for two months.

Two months have passed since that post. Now chkdsk hangs at 7% in Stage two which is what Frode reported as the FIRST symptom. I uninstalled KAV and ran chkdsk and it still hangs at 7% for several minutes and then completes normally. I have reinstalled KAV for now as I am not sure what to make of this. In the absence though of any comment from the developers, I remain worried that my files are slowly being corrupted."

If you read my posts here and there, I still trusted Kaspersky and I didn't want to badmouth them when I wasn't sure how serious the problem was. I made restrained comments and I continued to use KAV until December at which time I could no longer ignore the damage to chkdsk and, what was worse, the deafening silence from Kaspersky.

Now, I learn from Lucian that Frode was right all along and that there was no escaping ISwift even though many of us with this problem thought we were not using ISwift. I was shooting myself in the foot continuing to use KAV. The damage was just taking a lot longer to build up for me since I had unchecked ISwift and did no full scans. There is simply no doubt in my mind though that this damage is due to my using KAV6. Chkdsk worked perfectly, on a four month old machine, just before I installed KAV6. It was still working perfectly two months later (although the damage was probably accumulating but hadn't reach "critical mass" yet), but by four months of KAV installation, I too had the hang that Frode first described and that he predicted would eventually happen to me also.

After I removed KAV for good in December, I made an occasional post warning users about this problem but I tried to do it in a restrained manner. I was resigned to having permanent chkdsk problems from KAV6 especially after Grnic finally posted that comment that made me want to strangle him in the KAV thread this year. Then my friend Jim started that thread at dslr. I'm so glad he did that. I then went back to the KAV thread which I had last seen to have ended on page 13 several months earlier and was just stunned at what Lucian and some others were saying about how it was impossible to turn off ISwift. That is when I became angry, very angry...not so much because this very expensive, very, very nice computer is permanently damaged by Kaspersky but because I had trusted Kaspersky and that was the wrong thing to do. Kaspersky had lied about ISwift, did not obtain my consent to it putting all this junk on my files, and refuses to help those of us who now have damaged computers even after we removed the product that caused the damage. Kaspersky never told us in the Eula that we were consenting to FOREVER HAVING THIS CRAP ON OUR FILES. Kaspersky has treated this problem just like they did the ADS fiasco. Kaspersky is not worthy of trust by its customers even by those who are not affected (or think they are not) by this problem. Actually, everyone is affected because the data placed on all files is there forever. I feel betrayed by a company I trusted. Of course, I am angry.

 

"I feel betrayed by a company I trusted. Of course, I am angry" Mele20

I can understand why you are upset, Mele.
I don't have the delays many are speaking of, just a very slow chdsk scan now when I tried it.
All this discussion has to make one think about this problem and whether it will affect me.
This computer is only 6 months old now and I do not want it damaged.
Been using KIS for the last 1 and 1/2 yrs.
Still, I think, the best out there, but now at what price?
I, like others, have a decision to make.
And you are right. You have to have the trust in the product and the company. My trust in the company is quite iffy right now.
And with no comments coming from them at this point, the trust factor goes down.
That's what's sad.
Dan

 

If you check the thread about this topic in the Kaspersky forum you would see that it contains over 18 pages. Sounds to me like Kaspersky was informed.

 

Valid point on the technology disclosure.
My doubts and questions come from the problems posters are listing on 3 forums that I'm aware of.
I too ran betas of Kis6 and most of KIS 7.
It appears I have no such problem.
I believe there is some sort of a problem here, though.
Will it show up on our systems down the road?
Maybe this is a problem only on certain systems or in combination with different software involved.
I would just like to find out the truth to what is going on.
One would think with the accusations pointing at Kav right now, that they would want to look into this to see what the problem is and fix it.
Sotware does develop problems but most companies add updates to correct this.
I would just like Kav to look into this and do the same.
If the doubts remain, I'd rather take off KAV then take a chance of having problems down the road.

 

One would certainly think so.

 

http://forum.kaspersky.com/index.php?showtopic=14995

This thread is from Kaspersky's own forum, so how can you make an allegation that people do nothing but complain? Kaspersky was well aware of the problem. To have a Moderator make such a statement seems a little disappointing.