Kaspersky - is there a setup thread?

Discussion in 'other anti-virus software' started by nixie21, Feb 26, 2007.

Thread Status:
Not open for further replies.
  1. nixie21

    nixie21 Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    279
    Like the nod32 extra setting thread? If I wanted to try out Kaspersky, it would be great to have a tutorial like that.

    Thanks so much!
     
  2. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
  3. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    i think it's enough to enable the 3rd malware category in settings/protection.
     
  4. nixie21

    nixie21 Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    279
    THANKS SO MUCH, exactly what I was looking for!!!!
     
  5. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    From the "recommended settings" I would consider whether;

    1. You need Potentially dangerous software(riskware) selected.

    2. If your own computer, personally I would have the File/on-demand scanner set to "Prompt for action" rather than disinfect/delete.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    if set to disinfect and delete option the malware is backed upbefore anything is done with it so if its an fp you can restore it.
    lodore
     
  7. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    Thanks for the link.
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    I too prefer this option as it gives me the opportunity to decide what to do if an infection is discovered.
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Anyone who uses the third malware catagory should use "Prompt for action" for exactly this reason. :)
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I think that tutorial is a bit of a cop-out! The things it describes can normally be dealt with after playing about with KAV for a few minutes and making up your own mind. However the really interesting feature of KAV that definitely does need some recommendations is the PDM - and they suggest neutoring that by disabling the best bits of it!

    Perhaps that's why people using KAV get hit by Zlob varients (or whatever) and find themselves with a full blown infection having to reformat or go to a spyware removal site. Yet with a bit of care and suitable configuration, much of their problems could have been avoided.

    What is the point in running KAV if you don't utilize its best features, yet I've not seen a really good explanation of how to set up the PDM. The official help files from KAV are next to useless in this regard. It's a pity 'cos those who can make proper use of the PDM are exactly those users who probably don't even need it! Those who do need it are advised to switch it off - that's ridiculous!

    Really it is the Application Integrity Control that most needs a decent tutorial, such as what progs to add, whether to allow running as 'Child', whether to allow execution at all without a prompt, etc. Obviously the neophyte won't gain fully from this but many others will be encouraged to learn and benefit as a consequence.

    I've got my PDM pretty well maxed out (the way I like it!) but I had to work it all out for myself and that could be hard for those with no experience of these things (setting up tight App exclusion rules in the Reg Guard is not easy to achieve for example).
     
  11. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    well, for novice users yinstalling in basic mode, maybe enabling reg guard should do the trick
    aic is really advanced, the settings are ok, it will prompt for file changes, and loading of new modules into an application. now the tricky part s which modules to allow, there's no tutorial and you can't make one since the dll will change very time.

    setting an exlusion rule is quite easy and requires 3 steps
    1)get a popup
    2)click add to trusted zone
    3)click ok.
     
  12. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Absolutely not! If you do that you allow a process carte blanche to do what it likes; if you then get exploited that process can be caused to create mischief.

    It is very awkward to exclude a process from the impact of a Registry rule, for example, without also excluding it from all the other rules in that Group; thus if you permit IE to make changes to internet security settings, and IE is exploited at a malicious site, it can change all settings in the Group. The only way out is to create new Groups of App rule exclusions and place them higher on the list than the original rules - all a bit complicated!
     
  13. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    no, because IE won't make those changes, the hijacking APP will, which will trigger that alert.
    also, excluding an invader, let's say for an application is the same as just allowing. if the invader repeats on a regular basis how can you tell if this is the "good" invader or a "bad" invader by a malware.
     
  14. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    They?.............................drtweak is a reseller who has his own website and most of his customers are not going to sites like these, so recommending the basicmode is a good idea because in my experience quite a few of these will be completely turned of by the more frequent alerts they have to make a decision about if they enable everything in the PDM especially the Application Integrity Control which will drive some mad!

    Even basicmode will give you extra protection............... i have detected several Zlob's with just basicmode. I use interactivemode normally like yourself and have it pretty well maxed out too, i just don't think the full PDM will be for every user, even with a better tutorial which something like 95-99% wouldn't bother to read anyway. :)
     
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    No, IE will be making the changes because IE is being exploited! (By a script or some other embedded code). It won't be a trojan App making the changes 'cos it won't even be on your machine and running at that point; but it sure as hell will be after your security settings are lowered!

    If a trojan is running on your system, it could, for example, run a .dll by invoking Rundll32.exe. Correct settings in the AIC could prevent this. If a legitimate prog suddenly wants 'operate' in circumstances where it is not invoked and not expected (it depends what you are doing) and especially if that prog is capable of running other progs, then you should be on your guard to stop it - but how can you if you have simply been putting everything in the trusted Zone?
     
  16. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I know nothing of this guy or his site, but the question was posed here at Wilders and answered with that tutorial which is inadequate IMO, for reasons given.
    Unfortunately, quite a few people seem to have been hammered by this and similar malware whilst running KAV - and one wonders why? o_O The PDM could have stopped the full consequences if peoperly used. :cool:
    No it won't be, but the guy asking the question was here at Wilders. ;)

    How many people ever read lenghy help manuals? Not many, but the help manuals still get produced. The fact most don't read them is no excuse for disavantaging the few that do by not even having a help manual at all! So why not have one recommending, or suggesting, settings for the PDM?
     
  17. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    exploits should be handled by the srciptchecker + windows update.
    invader & invader (loader) are warnings for a module injection, the aic only asks about modules loaded normally (the application wants to load them, thery don't load forcefully in it)

    exactly, if the program behaves susspicously by nature and displays such popups, how can you distinguish the good invaders from bad invaders. or should kaspersky have coded it, if a program injects it's code, yet, thethe code is good (how the heck it should know that it's beyond me) allow.
     
  18. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If by scriptchecker you mean KAV's IE based script protection, then this will be seeking to block bad scripts, but it is not blocking any old script per se, it has got to know the script is malicious, and it will not always know this.

    Similarly, Windows updates protect against known and projected threats, they can't protect against the unknown.

    You won't have the same level of protection if you allow every prog on your machine to do what it likes by putting it in the trusted zone. A legitimate prog does not have to to be injected with a trojan module in order to exploited - it can be spawned or invoked via the normal running of Windows; thus services.exe could be used to install a rootkit if it was allowed to run as a 'child' of everything else and change the Registry willy nilly; and that is what happens if it is allowed to do what it likes via the trusted zone. Hence you should make tighter exceptions, based on what is actually required of each app. Then you will receive the necessary warning enabling evasive action - assuming the user understands that what is happening should not be happening (depending on what you are doing at the time).
     
  19. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    183
    Location:
    Chesapeake, VA USA
    TopperID, I'm Dr Tweak and I wrote the tutorial. As Don stated I didn't write it for the typical user that comes to forums like Wilders, I wrote for 99% of my clients who are basic computer users and have no understanding whatsoever of what any alert or popup means. When most of them see something like that my phone is ringing becasue they are worried that something is wrong. I have posted a link to my tutorial here and other forums to help new users to KAV, but as I stated it's mainly for my clients so they can do these things without needing me.

    I have installed KAV or KIS on literally hundreds upon hundreds of computers and I have never once had a problem with the settings in that tutorial. I have never had KAV remove any file that caused a problem, even if it does it backs up everything it detects prior to deleting or quarantining it so you can easily restore it if needed. My philosophy on computers is K I S S (Keep It Simple Stupid), that way there is less room for error or most likely OE (Operator Error). Most of my clients have no idea what a geat job KAV does because those settings are basically set and forget. When I make my next house call I show the client what KAV had detected since my last visit and they are amazed. It simply does it's job quickly and quietly in the background without the need for them to make complicated decisions on what to choose if something pops up or alerts them.

    If you don't do computer repair work they you really won't understand how the average user knows really next to nothing about computers, even people that are computer saavy are clueless about malware, security and the like. To give you an example, I remotely fixed my brother in laws father's computer the other night using UltraVNC. He had McAfee Security Suite that he has paid for the past few years. Internet Explorer would not work was the main problem, I uninstalled McAfee and installed KAV (one of the many things I did for him) and when it ran a full system scan it detected 63 pieces of malware (with those settings in my tutorial). Some were spyware others were viruses, some were in restore points so they were actually duplicate detections, but the point is he is computer saavy and always renewed his McAfee subscription and kept it up to date doing regular scans thinking he was well protected, he wasn't and that was the cause of IE not working (this is not meant to bash McAfee or any other AV program, just a true story).

    So please don't say it's a "cop out", to me that's an insult and said without fully understanding the reasoning behind things.

    *edit* I have edited the tutorial to recommend enabling some of the Proactive Defense modules, these were already set in the configuration file attached to the tutorial that you can download and use but I hadn't changed the tutorial to reflect that.

    :D :cool:
     
    Last edited: Feb 27, 2007
  20. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Well OK, but what in essence you are giving them is KAV 5 Pro complete with macro protection (Office Guard).

    It is beyond dispute that KAV with those settings does let stuff through. Despite its ferocious rate of signature updating, it is impossible entirely to keep up to date with all the fast mutating polymorphic malware that's out there. Hence the desirability of the PDM, which is the main feature putting KAV 6 into another class.

    When a poster comes to Wilders stating they are keen to try out KAV and are seeking a suitable tutorial, I would expect that tutorial to get to grips with the very portion of KAV 6 that makes it what it is (ie not KAV 5 pro, but KAV 6) namely the PDM. If it doesn't do that then I question its worth to our poster; the fact it was intended for a different class of user is something I was not aware of, but is not really relevant here.

    Kaspersky have produced several PDF manuals including:-

    New Features in Kaspersky Anti-Virus 6

    Fighting rootkits with KISS 6/KAV 6

    The power of the Proactive Defence Defence Module

    Products for Home Users - Technologies

    Kaspersky Anti-Virus 6 (Help Manual)

    The above are some of the manuals that Don says are not worth producing because no one would read them! Well Kaspersky have seen fit to produce them, but what a damn shame that not one of them actually advises on configuration of the PDM for optimum protection. Leaving us nothing, apparently, to recommend our poster to read and come away usefully informed on how to get the best out of KAV 6.
     
  21. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    183
    Location:
    Chesapeake, VA USA
    TopperID as I expected you don't understand, you obviously do not do tech support work and have a client base. For the average user you cannot install a true software firewall such as Comodo that monitors and alerts to all incoming and outgoing traffic. Users have no idea what to allow and not allow and end up block so many things they can't even access the internet. Or they simply allow everything so they basically have to protection at all. The same goes for KAV or other antivirus programs that have alerts. I'm not going to argue with you and I'm not going to try explain since there is no point in it, you are entitled to your opinion as we all are. But one thing you can do.... at least read what I wrote in it's entirety i.e. *edit* I have edited the tutorial to recommend enabling some of the Proactive Defense modules, these were already set in the configuration file attached to the tutorial that you can download and use but I hadn't changed the tutorial to reflect that.


    :)
     
  22. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    Can you provide another download link? Registration is required for the current one. Thanks.
     
  23. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
  24. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Yes, that i have to agree with that...the "full" basic will also give you all the Application Activity Analyzer options which is relatively "easy" for the average user to handle IME if given.
    I didn't say it is not worth producing them, just that very few take the time to actually use them to gain knowledge about what they purchased.
     
  25. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    And I might be right in saying those .pdf documents Topper mentions aren't actually available on the main site to download. I think you can only get them through the FTP channels or via the KL forums.
     
Loading...
Thread Status:
Not open for further replies.