My personal experience with Kaspersky Internet Security 2011

Discussion in 'other anti-virus software' started by altruist, Feb 14, 2011.

Thread Status:
Not open for further replies.
  1. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    Please remember this is a personal review, reflecting my opinion. You should take this with a grain of your own salt.

    Been using Kaspersky Internet Security 2011 for about a week. I tried it because:

    1. I remember in the past, it used to be one of the best AVs out there.
    2. AV-Test Q4 2010 showed it having 100%/100%/100% in it's test for protection against 0-day malware attacks. That's very recent, and a very good score. It generally rates very high on most tests.
    3. I like the idea of a built-in HIPS. Kaspersky is one of the few well known AVs with one.
    4. There was once an issue with iSwift years ago, figured it should be fixed by now.

    I am using Windows 7 x64, fresh install. My findings are:

    1. The firewall slows down your internet browsing speed significantly!

    At first I thought it was the web-filter, but it was only until I disable the firewall for the speeds to improve. Of all the firewalls I've used, this has got to be the worst.

    2. A virus managed to sneak right past it!

    I gave myself a false sense of security, with how high it was rated, started to download and run things without care. I mean with a good HIPS, and a good detection rate, how infected can I get in a week? Anyway, it went by Kaspersky completely undetected. On the otherhand, I installed Panda Cloud and PrevX, and running a scan picked it up right away on both.

    3. It does look great.

    The interface has great eye candy, with a status indication gadget on your desktop. I was impressed with it at first, but eventually the lack of functionality wins.

    4. Ran a key logger test program, KIS does absolutely nothing about it.

    Yes, it's not actually a virus, but I'd at least hope Kaspersky goes, "hey, this program wants to log your keys, let it?" Nope. Most likely this means a new unrecognized key logger would go right by unnoticed.

    Overall, I'm very disappointed. It failed (for me) as an AV, as a firewall, and as key logging prevention.

    You may have better luck with another version of Windows (XP/Vista/7 32-bit). Remember your mileage may vary.
     
    Last edited: Feb 14, 2011
  2. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    In case anyone is curious, this was the file sitting in my windows system directory, completely undetected and undetectable by KAV, but considered a virus by Panda (definitely not my favorite AV) and PrevX:

    xttp://dl.dropbox.com/u/1770391/BASSMOD.dll

    Also sent it to virustotal/jotti, it's picked up by at least 10 AVs so I doubt it's a false positive. Apparently there is a legit bassmod.dll out there, but I doubt this is it.
     
    Last edited by a moderator: Feb 14, 2011
  3. Lucius

    Lucius Registered Member

    Joined:
    Dec 9, 2010
    Posts:
    72
    I'm sorry for your bad experiences with Kaspersky.

    What can I say, my opinion of it.. It's been the only security software that has protected me very well. I've tried avira, avast etc. in the past and kaspersky's detection rate is far better, firewall is very good and.. Yeah, nothing else. :cool:

    Does not slow anything down.. And hey, I'm using windows 7 x64
     
  4. EternalFunction

    EternalFunction Registered Member

    Joined:
    Feb 3, 2011
    Posts:
    40
    It straight away get quarantined by immunet/norton o_O
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    Calling the firewall one of the worst you have used because you perceive it to be slow may be overly general (not trying to argue with your impression, just want to verify that speed is the complaint). They make a decent firewall. As for keyloggers, many vendors are asked to intentionally ignore some of them. As for missing a virus, I have a hard time forgiving any vendor for that and promptly uninstall any product that does that, even if I reinstall it later. I hate the cop out of saying "they all miss something" because it excuses them from trying. That's not what I am paying them to do. Nobody is perfect, but they should be trying.
     
  6. Gauchoo

    Gauchoo Registered Member

    Joined:
    Aug 15, 2010
    Posts:
    83
    Location:
    Scotland
    Did you use the 'automatic' setting where KIS makes it's decision on it's own or was it set to manual ?

    KIS set on manual with other settings is one of the best pro-active security suites.

    Can you pm/link the keylogger test.

    NIS '11 download insight detected it as a trojan.
     
  7. Sher

    Sher Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    366
    Location:
    Pakistan
    I completely agree with the topic starter. It does slow down your internet speed considerably. Even, AVC confirmed it. That was my biggest complaint from it back in the days.

    Performance wise, it's also heavier on the system as compared to other top suites.

    And protection isn't the same as it used to be in the past.
     
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    I think the responsible thing in that case would be to send it to the Kaspersky Virus Lab so they can analyse the file and confirm if it is/isn't malicious. If it is, I am sure they would add it to a future update.

    http://support.kaspersky.com/virlab/helpdesk.html

    Your logic puzzles me, how do you know they aren't trying?

    The security companies business depends on their ability to detect malicious software, so I think it is a certainty that companies who release security software are "trying" their best to detect everything they can.

    Saying a missed file is a cop out is akin to saying "if you are not the winner of a race, you did not try to win that race"....
     
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    I don't think I was effective at expressing what I meant. Missing a file is ok to some point, they all will. But when something is missed blowing it off by saying "Oh well, everybody misses something" is the wrong answer when the vendor should be saying, "We'll take a look at that, send us a sample." If there were more of those kind of efforts made some of us would feel a lot better about the products we use. And I will say there are vendors much worse than Kaspersky about this, so it is not meant to be an attack on them specifically.
     
  10. flaubert71

    flaubert71 Registered Member

    Joined:
    Feb 6, 2011
    Posts:
    45
    I used KIS 2011(in precedence I used KIS 2010) and they agree with the tests of av. The firewall is better but it needs to know how to shape it because is effective to 100%. Disarming the interactive module in the settings and to plan only the applications microsoft as reliable. My navigation web is not slow down: excellent the function antibanner. Excellent the defense from the rootkits. In comparison to other antiviruses, excellent the elimination of the viruses.
    Personally I conduct some tests with the viruses signalled in this site:

    ~Link removed. No links to malware are to be posted here.~



    ,and Kaspersky detection rate it's better compared with that of other antiviruses.
     
    Last edited by a moderator: Feb 14, 2011
  11. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    I had it on whatever was default (possibly automatic). I will run another test just to see.

    This was the keylogger test I used: http://www.zemana.com/anti-keylogger.aspx
     
  12. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Haven't seen that. Might be because the browsing speed is greatly limited by my bandwidth though.
    With default settings it works quite different to most HIPSes, and doesn't throw popups (because basic users are annoyed by them). In Interactive Mode it's hard to get infected with KIS.
    In Automatic Mode only "most likely malicious" (deemed so by heuristics) keyloggers get blocked. Also, keyloggers with a valid digital signature will never get intercepted with default settings.

    EDIT: Yeah, that Zemana keylogger test is digitally signed so it's automatically trusted by PDM. I wonder why do they digitally sign their leaktests.. With the whitelists disabled the keylogger is detected.
     
  13. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    Nevermind, I see Rampastein has already tested it himself :) He does makea good point though, considering it's a 'test' it shouldn't be signed?

     
  14. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    You need to uncheck Automatic mode in settings to enable prompts for keyoggers and other stuff (as already mentioned).
    Regardless of settings, when it comes to keyloggers, using the Virtual keyboard is recommended because it defeats pretty much every keylogger that I've seen.

    About the Firewall slowdown, make sure that you have the latest drivers for your NIC.
     
  15. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Well none of the AV vendors can guarantee you 100% protection. You still have to backup your AV/suite with good practises, like only downloading/using software from trusted places, etc. That's just common sense!

    Source

    If you're serious about keeping malware off your pc then you have to take extra steps yourself ... in conjunction with your AV you may need, OS hardening, Limited Rights account usage, a form of virtualization ... You can no longer rely soley on the traditional AV/suites as your #1 protection, the malware makers are just ahead of the game. Mix your protection strategy, rather than throwing everything into one basket.

    You will need all of the protection strategies I named if you're going to go around just willy-nilly using stuff on the internet.
     
  16. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    It was more of an experiment than anything else.

    That said, I believe a decent HIPS program was built, properly configured, in theory, should be able to block close to 99% of malware/virus/trojans from causing undesired harm to your computer. And fairly easily.

    I've yet to see a decent HIPS that can do something like, every time you execute a new program:

    Press [space] then the letter:
    A - full access
    B - internet access only
    C - internet + disk access
    D - internet + restricted disk access
    E - internet + sandbox mode
    F - sandbox mode w/o internet
    F - no internet + no disk access
    G - custom

    The space is to prevent accidental keypresses, and the letters is to make it 'easy' to assign groups (thus preventing the repetitive 'trust everything' syndrome).

    Now assuming a program is a keylogger, if you put it in "F" (or your own custom defined group), it can log all it wants, but it can't hurt you because it can't write to your disk or communicate to a host.

    Assuming a program is malware, if it has restricted disk access, the damage it can cause is very limited. Also, most malware do not adapt. If it was designed to write in C:\windows, and it can't write in that directory, it automatically fails.

    Yet I've been waiting for a program like this for years. Comodo would be nice, only it, like every HIPS I've seen (maybe except online armor to some extent) makes you jump through hoops to do this. No one is going to spend 10 minutes to configure every new application. 95% of the people are just going to click 'trust everything,' if not immediately, eventually.
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    For it HIPS to work like a TRUE HIPS, you have to disable using the whitelist, which will bring quite some pop ups :D
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,770
    Location:
    Outer space
    Pop up galore :D
    I think just disabling automatically trusting signed programs is enough, then you'll stop malware with a fake or stolen certificate. I think disabling the Kaspersky whitelist adds no security, just more user control on legit but possibly unwanted apps for the end user. I have no idea on everything that's on the whitelist. Is it for example as large as Comodo or do they keep a stricter and shorter list? Would generally unwanted apps like Ask toolbar be on it?
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Kaspersky is a good company. But they blew it with the latest version. They need to really take their time and rethink the entire process of where they are going for the next version. They have the ability to do this and I am sure they will. I really think the next version will be very special.
     
  20. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    I liked Kaspersky years ago, but I think they have been eclipsed by some of their competitors recently.
     
  21. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    That's the question!
    I wish CIS would limit their whitelist to a COMPACT, REAL, TRUSTED sources.
    They are whitelisting every single damn thing on the internet that isn't malware and that's NOT GOOD.
     
  22. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559

    The purpose is to cut down on pop-ups. If they reduce the whitelist, the programs becomes un-user friendly.
     
  23. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    2012 beta will probably start somewhere in March, so stick around and find out.
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah i know it's to reduce pop ups, but give me an option to delete the list and make one myself :D (I currently do it manually)
     
  25. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    They don't whitelist if it isn't malware. They have criteria. I've seen them deny some programs even though they weren't malware.
     
Loading...
Thread Status:
Not open for further replies.