kaspersky anti-hacker - my experiences so far

Hi devilhawk42420,

That is what I'm talking about (and I assume the others, but I don't want to jump to any conclusions). I pass the UDP scan but the remaining 4 TCP scans are non-stealth. I haven't made up my mind if I'll ask for the refund yet, but knowing me I'll probably follow CrazyM's advise and not worry about it to much as non-stealth just means they are closed and not open. As more people purchase the software and report to Kav's Lab, they'll probably have it fixed in no time at all. Hopefully!

 

I do not want to start another long running thread about whether stealth is important or not, but I want to point out something.
If a firewall claims it will stealth your machine, and yet some port show as closed, then the firewall is not behaving as advertised and there may be some concern as to why?
If you go to a scan site and most of the ports show stealth and a couple show closed, why is that?
Just as an example, I help people with Outpost. Outpost claims it will stealth your machine. If someone comes to the board and says all my ports are stealth except for port xxx, then I know there is a problem. Period. It can be fixed by changing some rule, or finding some other problem The only alternative is that Outpost will not work properly on that machine.
If a firewall makes no claim for providing stealth, then choose it if you like. I would not, but that is a matter of personal choice. At least it is probably working as advertised.
I hope people understand what I'm saing here. The issue is not if stealth is necessary or not. The issue is, is the firewall performing as it is supposed to?

 

Hi Mike,

That's exactly what I'm getting with KAH as well. In my e-mail to Kaspersky support, I directed them to this thread - hopefully they'll see they need to get this fixed. I'll post any response I receive here. (As someone who actually works in software tech support, I was very appalled at their response to you!)

 

Read the Articles Library on PC Flank: http://www.pcflank.com/art27.htm

 

You are quite right Root , that is the issue as the product is claiming full stealth, and apparantly it is not happening with tcp from pc flanks, although on some sites it is fine. I wrote to kaspersky late last nite (my time ) and had received a reply within a few hours that was
Dear Robert,
Can you please describe me all characteristics of your PC. What software
is installed? What is your OS?
If there are any error messages appears?
I'm looking forward to hearing from you.
Best regards,
Sergey Novikov___________________________________________
Technical support /Kaspersky Lab Ltd
10, Geroyev Panfilovtsev Str., 125363, Moscow, Russia
E-mail: service@kaspersky.com;
http://www.kaspersky.com; http://www.viruslist.com
Secure your cyberspace!
This was a kindly response compared to an earlier cposting by (I think ) Giannmikes.
I have replied , as i have very little running on this system, and shall see what they say. I just wish i could access more scan sites but i seem to be limited here (definitely cant get into flanks ), where as those that i can such as sygates and Shields up give a 100% I feel that when they do tidy up this matter , it will be a great pure an simple firewall , I shall post their response.

 

Well, I finally got a response from Kaspersky support - and it was virtually identical to the one GiannMike received - 'unfortunately, we do not use such online scanners.'

My refund request has already been submitted.

 

I agree 100%!

 

For anyone who may be interested I have received another email today concerning the stealth problems from Kaspersky labs . It reads

Dear Sir,

This version of Kaspersky Anti Hacker is the first version. I forward the description of this progblem and we will correct this.

Sincerely yours,
Saphia Rahimova
____________________________________________
Technical support /Kaspersky Lab Ltd
Tel.: +7 095 797 87 07; Fax: +7 095 797 87 00;
E-mail: support@kaspersky.com;
http://www.kaspersky.com; http://www.viruslist.com
Secure your cyberspace!


Im still hanging onto mine lol, Regards an a peaceful new year,
Robert

 

I'm having a real bad problem with anti-hacker. When I first install it, it ran fine. Then I got a new video card so I decided to reinstall windows 98SE. When I installed all the drivers I installed Norton av 2003 pro and then Anti-hacker right after. Now when I tried an load IE it AH asks if I want IE to access the internet and I say YES and to always allow it. But it won't connect to any site. I installed other programs and they all work on the net (getright, norton live reg, outlook express etc...). I tried to goto the internet settings and configure they way I connect to the internet (lan), I changed all the security settings back to normal (AH changed them to custom). I also tried closing down AH and trying IE and it still won't show a web page. I also removed norton av 2003 pro and AH from the start up and still nothing different. As soon as I uninstall AH and reboot the system, IE works perfectly. I also have all the current updates for Win98SE. Anybody know what it could be, I've tried lots of things and still nothing. I really liked AH (I usually use Sygate Pro) and want to continue to use it. Thanks.

 

I had to uninstall Sygate firewall after installing KAH in order get access the net. If you have it or another firewall installed, try uninstalling them. Simply disabling them would not work for me, I had to totally uninstall them.

 

Hello everyone !
I've installed KAH on my computer. Then I decided to check it by pcflank site.
And to my surprise I found out that my computer was absolutely stealthed !!!
All test had been passed successfully !!!

Maybe I've got a bad link to pcflank, but I tested it several times...
Well ... KAH seems to be a very nice firewall, and I'll recommend to to all my friends ))

best regards,
GeN.

 

Hello,

Which OS ? If WinXP and ICF is running too, you are stealth KAH or no KAH.

Could you test without KAH and see whether you are stealth ?

There are some ISP which give you a stealth result without any FW too.

AFAIK the problem about stealth is still pending with KAH.

Rgds,

 

Well it must be at least 3 weeks since I contacted Kaspersky with the problem of non-stealthing. I have sent 7 e-mails in total to kaspersky both here and in the UK, using both official and unofficial contact addresses. I have yet to receive a reply . This together with their so called support forum at kaspersky.com for their antivirus programs where there is no one from kaspersky actually offering support means in general their support to individual customers is a joke .

Since I consider support to be a vital part of the package for any decision about buying software I will definitely not renew my licence for either KAV4 or AntiHacker this year. They give a very good impression of not caring about their customer base( unless of course you are a big corporate client)

In addition the quality of their products is slipping compared to other similar programs e.g. NOD32 and LookNStop. Bye Bye Kaspersky.

 

Yes Its a shame that such a company treats us lowely souls with such an attitude , Although i have had better luck with some commumication , it does not go far enough , I also requested from Element 5 yesterday a refund for my anti-hacker (and received it within a few short hours - excellent support and service from them )
Look @stop looks good lol. For the mo Im enjoying outpost and with its plugins its really good. My KAV lite is still doing the job , but will await the next Nod version and also check that one out as its pretty light and fast so they say .

 

Hi all !
Since KAH is relatively new, support may be hard to find for a while; ie..forums, etc.
If it stays around for a while, I'm sure their will be more support to be found around the net !!
I tried the Beta version a while back and it didn't suit me, but it sounds as though the proggie you users now have seems different from the Test version I tried!!

Regards,
bill

 

Hi Bill , As appearances go , they have added a stealth mode to the KAH which was not in the Betta version. Just a shame it does not fully work. However they did say that they are looking into to it. Dont think theres much diffirence otherwise to the Betta version apart from that
regards , Robert

 

Stealth KAH

imagine IP address of a Hacker. (H)
H. tries to scan My computer. (M)
H will never see M unless M establishes connect to H.

So.
1. if M establishes connect to Some Host (S) -> both of them will be able to send data each other.
2. If M doesnt establish connect to S , S will never see M.

Well... and this site ... You make connection to it first. Just to get pages from it. And when you press "scan me pleeeeease !!" -> you establish connection. So it's natural, that KAH believe you connect an ordinary computer, not a HACKER !!! ))
Imagine the situation, when hacker is sitting and dringing a cup of tea (or something), and in this very moment a USER asks him : "Dear Hacker ! My IP is XXXXX. Please, scan me please !"
It's nonsence ! ))

 

Hi GeN. Evidently you are not familiar with some of the concepts involved in testing one's computer for stealthed or closed ports.
I will try to explain the basics here.
When you click on a bookmark or type in an url to go to a website, your computer sends out pakets of information to that website, basically saying knock knock, let me in. The website will then send packets of information back to your computer and say sure, come on in. How can I help you.
When you have a firewall on your computer, set to monitor traffic, it sees the initial packets go out to xyz website, and expects to see packets returned from xyz.
Now, when you go to a site that is going to scan your defenses for weaknesses, the initial conversations are same as any other website.
BUT, when you hit scan me, that website then starts sending various packets of information at your computer on various ports, that was not replies to anything. In other words, unsolicited connection attempts. Your firewall sees these packets trying to get in, and if the firewall is supposed to stealth your computer, it will just log those connection attempts and drop the packets, so nothing goes back to the website. If the packets are returned to the website, with a hello, then that port is considered open. If the firewall returns the packets, but with a message that the port is not available, then the port is considered closed.
The concept of going to certain sites that can scan your ports to see if you have any open doors to the internet is an old and accepted part of people using the results to judge how well their firewall is doing.
If you still feel this is not a satifactory method of testing firewalls, please, let me know and we can discuss.

 

Hello Igor , I am hoping you may be able to help us with some of the many questions that this thread has generated regarding the protection that KAH gives ,as for many users we choose to operate a firewall in full stealth and our testings at various sites have shown that KAH has not yet achieved this level of security for us , can you enlighten us with this , and what one may need to do to attain this , Thanks, Robert

 

I have just received an e-mail to-day from Lisa Clancy the main support person at Kaspersky UK.

After considerable testing, Kaspersky did find a fault with the stealth mode of AntiHacker but they have now rectified the problem. It will now pass all stealth tests including those over at PC Flank.

There will therefore be a new version of Antihacker released - version 1.5- after some more testing and with some new features added.

See my latest thread for more detail. And a big thanks to Lisa who passed on all our moans and complaints to Kaspersky in Russia.

 

KAH failed so of the tests ...at the sygate online security check ...ie ...NETBIOS protection ....and more ........

 

Hey guys !
I've got the driver that provides full stealth mode !!
I could upload it to ftp-site or I could send it by email ...
Are you interested ? )

 

GeN


A number of us would be very interested in this 'stealth' driver. Is it Kaspersky certified?

Can I ask where you originally obtained it? And therefore provide this URL?

Otherwise probably best to load it to a ftp-site as there may be many requests?

 

the driver is REAL. It hasnt been fully tested, but I suppose this driver will be in 1.5 version.
(or maybe with minimal changes).
If you wish to wait for 1.5 version - it's up to you...
I can tell you the changes from previous version driver.

1. ADSL support.
2. two additional attack prevention (SMBDIE, Helkern). There will be just a notification without specification. (User app needs to be modified ...)
3. Updated stealth algorithm

regards, GeN.

 

I suggest thar anyone interested in this new driver waits until official word is given, Blackcat has already approached Kaspersky with reference to this and word should be forthcoming soon.

I'm not doubting its validity but its best to be safe rather than sorry