Kingsoft Antivirus 2012 [Cloud]

Quick question before I install and try for the first time... are there any toolbars or other 3rd party things attached and/or bundled with this AV?

 

I've seen some youtube videos on KSAV and other clouds, they didn't do so well. But obviously these are based on small sample. I'd like to see official results. I guess I will wait for those. I do like to see how these compare.

 

Nope, no 3rd party garbage.

 

Great.. Thanks RejZoR...

 

Yeah I've seen all the youtube video's. They didn't do too bad. I believe it missed 2 samples. Not bad for a companion AV. Once 2013 comes out I'm sure detection will be improved.

 

That's for sure since it will have AVIRA engine along with their own. AVIRA already scores highly so in theory it can become an AV with highest detection rate. Without all the nonsense that is plaguing AVIRA Free version...

 

2013 keeps getting delayed, any idea on ETA?

I plan on switching out the boxes with Webroot over to this, free is better of course. I think WR should offer the base one for free personally. At any rate, from what I have read the 2013 is a significant improvement.

4 months left on my 5 WR licenses, so I will switch over when it comes out. But the 2012 version isn't too impressive to me.

 

5.3 standard protection already uses AVIRA's signatures so it should be getting good scores. 2013 will be adding the new detection engine, FireEye. Should be interesting.

 

5.3 is useless as it's completelly outdated and buggy. Why would anyone want to use outdated security software? AVIRA engine or not, it's a bad pratice...

 

What I was referring to was that since 5.3 KAV has had avira signatures.

 

Actually that's not true. version 5.3 has them and nothing but 5.3. Any version after it doesn't have AVIRA engine or signatures. Thats the main problem. If they kept it updated in parallel it would be fine. But they left it to rot in an outdated state.

 

I agree, as KAV sits right now, I would absolutely not recommend it.. 2013, might be another story - but why do they keep delaying it?

 

Since I live in Brazil I did an observation of two Brazilian VirusTotal collaborators and their submissions across the approximate period of a month (November 2012). Kingsoft surpassed AVG, Avast (which was the worst), BitDefender, and Comodo (by a small margin). Avira came out the best. I only compiled the results for some programs (basically those that have free editions, or at least rescue disks). Here are the numbers:

~VT results remove per Policy~

 

Excuse me for that.

 

The problem with anything like Virustotal or Virscan or Jotti or whatever, is they are not reflective of real world operations. They don't factor HIPS, ID, or other things that would go beyond simple signature/heuristic scanning, so the results are quite possibly - entirely irrelevant.

For example Webroot should be approaching 100% protection, but 'user input' is required for that, so in signatures/cloud, WR might only score 80-90%, but if you add in the user input with the HIPS/Sandbox, it should reach 100% or close. Similar to many other products where user input is crucial. (such as Emsisoft)

 

Well, I was considering detection rates only. I know about HIPS.

This observation I made is relevant as far as I can tell. Most viruses that were sampled came from e-mails or websites pretending to be real businesses or banks or even government fiscal stuff. I say these are real threats.

Also, it reflected what I had observed about Avast for example. Although it does well in US-based tests, it rarely caught these viruses from my country when I got them through spam.

 

I have never had any confidence in Avast in raw signatures and detections.

I have some statistics from Virscan.org, and it is most interesting to see what is detected. Kingsoft rarely finds anything there, but Ikarus finds a ton. FProt finds more than you'd imagine through heuristics, and Avira fails magnificently. So really, I think it depends.

These days I am more concerned with HIPS/ID than raw detections, although it would be amazing to have a fantastic raw detection product with a superb HIPS/ID combination along with safe-browsing or something.. Nothing seems to fit that bill yet.. If Comodo licensed a better AV engine with their IS it might fit the bill..

 

Yes, detection depends on many factors, that's why I was trying to find what AV would best detect threats for my location.

But of course detection and heuristics are only a part of the deal. I use Comodo with the AV component off, coupled with a better AV (Avira usually, testing Panda right now). This method has been working quite well for me.

 

Of course avast! "fails". Because all these online services use nothing but signatures basically. And even that on file level only. avast! heavily relies on Network Shield to block malicious domains even before malware files hit your local storage (HDD/SSD). Then there is Auto Sandbox which is never used in any online scanning services. And FileRep also isn't used in most of these services.

 

China Chinese Edition Of Poison Bully

http://www.kingsoftsecurity.com/forum/viewtopic.php?f=3&t=1340

 

It's time for the english ver now...

 

Agreed, these systems do not offer accurate pictures, only part of the picture. Some WR tests on Youtube, WR blocks 100%. But when the person scans a huge directory of malware, WR only picks up 20-30%. So it looks really bad, but doesn't factor the overall real world protection. When I test a product for myself, I image it, then hit it with everything I can find 'out there' for a day or two. If I cannot willfully infect a machine, then I consider it a good product. I consider WR good, because it's not all that easy to do this, but simple bulk scanning tests don't show the whole picture. BG scores lower than Bit on simple bulk scanning tests, but try and infect a BG system, and get back to me on that.

Important considerations!

 

So what's the current consensus on the current version? I just formatted my step-neice's computer, and was considering installing this.

 

I think it's a very good second opinion AV. Plus it has some features that I've only seen in this product, and some I've seen only in few. It scans for vulnerabilities that hackers could use and missing security updates. Once I created a .com file on my desktop to specify settings I wanted to open a program with and Kingsoft warned me about a suspicious desktop shortcut. It scans files when they are downloaded from most well-known browsers. And it's very lightweight.

I use it as a second opinion AV because detection rates are not the best. I double it with Avira. When using it as a complemental AV you should leave it configured with its Quick Monitor instead of Standard Monitor (Quick Monitor only scans executables).

Aside from the features I mentioned, it's great as a second layer of AV real-time protection because sometimes it will catch things that even Kaspersky misses for the moment.

 

Wait for 2013 version, in the meantime install a 30-90 day trial of something else, and hope it comes out. Maybe Bullguards 90 day trial while you wait for KS2013.