Why Kaspersky?

Discussion in 'Computer Security' started by nemo_outis, Aug 28, 2005.

  1. nemo_outis

    nemo_outis Guest

    To see why Kaspersky is arguably the best antivirus program out there check
    out:

    http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69

    Note that its undetected percentage, 0.72% is nearly *three times better*
    than the next best program (AVK 2.07%).

    The latest Kaspersky programs (version 5 series) do use a controversial
    feature, istreams, which places data in an alternate data stream attached
    to each scanned file on an NTFS partition/drive. This feature can be
    *disabled* if the user prefers (the location is not obvious, however!) and
    any already tagged files can be untagged with the utility klstreamremover
    available from Kaspersky (or using third-party tools such as the excellent
    ADS uninstaller that comes with Hijackthis).

    Regards,
    nemo_outis, Aug 28, 2005
    #1
    1. Advertising

  2. nemo_outis

    Kevin Reiter Guest

    nemo_outis wrote:
    > To see why Kaspersky is arguably the best antivirus program out there check
    > out:
    >
    > http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69


    I would argue the phrase "arguably the best antivirus program out there".
    That debate is long-running and not something that should take up
    bandwidth on this list.

    > Note that its undetected percentage, 0.72% is nearly *three times better*
    > than the next best program (AVK 2.07%).
    >
    > The latest Kaspersky programs (version 5 series) do use a controversial
    > feature, istreams, which places data in an alternate data stream attached
    > to each scanned file on an NTFS partition/drive. This feature can be
    > *disabled* if the user prefers (the location is not obvious, however!) and
    > any already tagged files can be untagged with the utility klstreamremover
    > available from Kaspersky (or using third-party tools such as the excellent
    > ADS uninstaller that comes with Hijackthis).


    While Kaspersky is good, I uninstalled it after I found out it disabled
    vnc viewer and a lot of tools I use on a daily basis. Even after I added
    them as exclusions, it categorized them as "hostile scripts" and denied
    access to them. After I disabled that kind of protection, the files were
    useless. The only *useful* way I found around this was disabling
    Kaspersky altogether - something I didn't like doing, but hey, I make
    money with these tools...

    The other thing I didn't like about it was the configuration. I normally
    don't spend that much time adding every single file I don't want scanned
    to a list, only to have that list ignored. I probably could have spent
    more time learning all the configuration options, but then again, I
    shouldn't *have* to. And removing the extra stream data after I
    uninstalled the software left a bad taste in my mouth as well - it should
    take care of that on it's own during the uninstall.

    Just my .02

    Kevin
    Kevin Reiter, Aug 28, 2005
    #2
    1. Advertising

  3. From: "Kevin Reiter" <>

    | nemo_outis wrote:
    >> To see why Kaspersky is arguably the best antivirus program out there check
    >> out:
    >>
    >> http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69

    |
    | I would argue the phrase "arguably the best antivirus program out there".
    | That debate is long-running and not something that should take up
    | bandwidth on this list.
    |
    >> Note that its undetected percentage, 0.72% is nearly *three times better*
    >> than the next best program (AVK 2.07%).
    >>
    >> The latest Kaspersky programs (version 5 series) do use a controversial
    >> feature, istreams, which places data in an alternate data stream attached
    >> to each scanned file on an NTFS partition/drive. This feature can be
    >> *disabled* if the user prefers (the location is not obvious, however!) and
    >> any already tagged files can be untagged with the utility klstreamremover
    >> available from Kaspersky (or using third-party tools such as the excellent
    >> ADS uninstaller that comes with Hijackthis).

    |
    | While Kaspersky is good, I uninstalled it after I found out it disabled
    | vnc viewer and a lot of tools I use on a daily basis. Even after I added
    | them as exclusions, it categorized them as "hostile scripts" and denied
    | access to them. After I disabled that kind of protection, the files were
    | useless. The only *useful* way I found around this was disabling
    | Kaspersky altogether - something I didn't like doing, but hey, I make
    | money with these tools...
    |
    | The other thing I didn't like about it was the configuration. I normally
    | don't spend that much time adding every single file I don't want scanned
    | to a list, only to have that list ignored. I probably could have spent
    | more time learning all the configuration options, but then again, I
    | shouldn't *have* to. And removing the extra stream data after I
    | uninstalled the software left a bad taste in my mouth as well - it should
    | take care of that on it's own during the uninstall.
    |
    | Just my .02
    |
    | Kevin

    It is good feedback.

    The problem with such comparisons is the process of testing often may be biased. Either
    deliberately or accidently skewing the results. Kasperski is a top rated AV, no doubt about
    it. However, if you compare this listing to others you'll find they don't compare and are
    all different from each other.

    Remember; there are lies, damn lies, statistics and benchmarks ;-)

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 29, 2005
    #3
  4. nemo_outis

    nemo_outis Guest

    Kevin Reiter <> wrote in
    news:5uqQe.1890$:

    > nemo_outis wrote:
    >> To see why Kaspersky is arguably the best antivirus program out there
    >> check out:
    >>
    >> http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69

    >
    > I would argue the phrase "arguably the best antivirus program out
    > there".
    > That debate is long-running and not something that should take up
    > bandwidth on this list.


    As for your "I would argue...," that is precisely what the term
    "arguably" means in the sentence to which you responded.

    As for inappropriate bandwidth usage, it is difficult to credit your
    position as you contribute to the alleged problem :) Antivirus programs
    are an essential feature of computer security; discussing which one is
    most effective is an entirely apopropriate topic for this group.

    ....snip...>
    > While Kaspersky is good, I uninstalled it after I found out it
    > disabled vnc viewer and a lot of tools I use on a daily basis. Even
    > after I added them as exclusions, it categorized them as "hostile
    > scripts" and denied access to them. After I disabled that kind of
    > protection, the files were useless. The only *useful* way I found
    > around this was disabling Kaspersky altogether - something I didn't
    > like doing, but hey, I make money with these tools...
    >
    > The other thing I didn't like about it was the configuration. I
    > normally don't spend that much time adding every single file I don't
    > want scanned to a list, only to have that list ignored. I probably
    > could have spent more time learning all the configuration options, but
    > then again, I shouldn't *have* to. And removing the extra stream data
    > after I uninstalled the software left a bad taste in my mouth as well
    > - it should take care of that on it's own during the uninstall.
    >
    > Just my .02


    Kevin


    Yep, Kaspersky is not everyone's cup of tea. However, that it is the
    best of breed by far at the core function of antivirus detection and
    removal mitigates things to the point that folks put up with its warts.

    As for ADS it has been a legitimate (if very weakly supported) feature of
    Windows for over a decade. The Windows OS, Internet Explorer, and other
    programs use ADS without apology (or even much by way of explanation).
    It is therefore not unreasonable that an antivirus program should also
    use the feature to achieve its goals. I do agree that the checkered
    history of misuse of ADS (to hide malware, etc.) tends to taint ADS with
    suspicion, but that is hardly Kaspersky's burden to expunge; they're just
    using - entirely appropriately - an OS feature. However, I do agree
    Kaspersky could have managed informing users about its use of the feature
    and how to disable it much better than they have.

    Regards,
    nemo_outis, Aug 29, 2005
    #4
  5. nemo_outis

    nemo_outis Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
    news:tMrQe.4712$Uz2.3355@trnddc02:

    >
    > It is good feedback.
    >
    > The problem with such comparisons is the process of testing often may
    > be biased. Either deliberately or accidently skewing the results.
    > Kasperski is a top rated AV, no doubt about it. However, if you
    > compare this listing to others you'll find they don't compare and are
    > all different from each other.
    >
    > Remember; there are lies, damn lies, statistics and benchmarks ;-)



    I've read any number of reviews in which the "best" antivirus (or firewall,
    or...) differs depending on the criteria applied and the judgment of the
    reviewer. Generally, though, a handful tend to consistently cluster at or
    near the top.

    And, for instance, "percent detected" should not be the sole criterion in
    evaluating antivirus programs; others, such as response time to issue a
    revised detection file for a new virus threat, are also important (but
    seldom reported). And then there are ease of use, resource consumption,
    cost, and on and on. (Kaspersky, for instance, can be quite expensive. I
    have a remedy which significantly alleviates this but some detractors
    disparage my solution as copyright infringement :)

    Regards,
    nemo_outis, Aug 29, 2005
    #5
  6. nemo_outis

    Kevin Reiter Guest

    nemo_outis wrote:
    > Kevin Reiter <> wrote in
    > news:5uqQe.1890$:
    >
    >
    >>nemo_outis wrote:
    >>
    >>>To see why Kaspersky is arguably the best antivirus program out there
    >>>check out:
    >>>
    >>>http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69

    >>
    >>I would argue the phrase "arguably the best antivirus program out
    >>there".
    >> That debate is long-running and not something that should take up
    >>bandwidth on this list.

    >
    >
    > As for your "I would argue...," that is precisely what the term
    > "arguably" means in the sentence to which you responded.
    >
    > As for inappropriate bandwidth usage, it is difficult to credit your
    > position as you contribute to the alleged problem :) Antivirus programs
    > are an essential feature of computer security; discussing which one is
    > most effective is an entirely apopropriate topic for this group.


    <snip>

    It is difficult to credit my position? How, exactly? By "my position"
    are you referring to "my opinion" or "my position regarding where I stand
    with what I think of Kaspersky"?

    As far as your original link to virus.gr claiming Kaspersky is rated the
    best, I can point to numerous other sites claiming that other products
    were ranked "the best" by their testing methodology. There's at least 1
    page per product, and if I Google for "antivirus tests", I get 737,000 pages.

    Regarding virus.gr, which is relatively new to the game, consider this
    statement from the website:

    "Why is this test different from all the others (e.g. pc magazines'
    antivirus tests)

    This test was made by the only Greek virus collector, known as VirusP,
    webmaster of www.virus.gr, whose collection consists of approximately
    230,000 virus samples (crc32 different files) and is one of the biggest
    virus collections worldwide."

    Yes, that's extremely professional...

    Domain Name:virus.gr
    Domain Handle:dr-150455-gr
    Protocol Number:150455
    Creation Date:13-3-2002
    Expiration Date:12-3-2006
    Updated Date:30-5-2005
    Registrar:.GR OnLine Registrar

    So, here we have the tests done in a basement by 1 person who's been
    "collecting" infected files for a number of years and posts his results on
    his website. No documentation on how he actually "tests" anything, which
    is what I'm interested in. (How does he test e-mail? What protocols are
    used? POP3? S/IMAP? How are the infected files introduced to the
    operating system? What about network-aware viruses? ...and so on...)

    Now, I would point you to ISCA Labs, The WildList, Virus Bulletin, Secure
    Computing, and other _organizations_ who have 1) been around longer, and
    have gained a trusted name in the industry as a credible source of testing
    comparisons, and 2) have a testing methodoly in place that encompasses
    more than just Windows XP as the testing platform. PUBLISHED testing
    methods, I might add.

    So, in short, you are claiming that the outcome of 1 person's tests
    (Antony Petrakis, aka "VirusP") performed in a basement/garage/bedroom
    using an unknown method on unknown platforms with unverified results
    should carry more weight than ISCA Labs, the CERTIFYING AGENCY for
    firewalls, antivirus products, and other secure computing software, which
    has their testing methodology published (along with the actual scores of
    such tests and comparisons)? Get serious.

    The "best" antivirus is the one that suits your liking the best, has the
    options YOU want/need, can afford, and get warm fuzzies over.

    NO product is 100%, so the argument should stop right here.

    Finally, as I mentioned before, the arguments over "which antivirus is the
    best" has been going on for years in hundreds of forums and multiple
    newsgroups, along with the "which operating system is the best" and "which
    distro of Linux is the best" and other such topics. Yes, that discussion
    has merit here, since antivirus is a concern of security professionals,
    but would be best suited in, say, alt.comp.antivirus or another related
    group. Defining "the best" is impossible when more than 2 people are
    coming up with the definitions.

    I could go on, but I think I've made a valid point and supported my
    original argument quite well.

    Kevin
    Kevin Reiter, Aug 29, 2005
    #6
  7. nemo_outis

    nemo_outis Guest

    Kevin Reiter <> wrote in
    news:CZvQe.2042$:

    > nemo_outis wrote:
    >> Kevin Reiter <> wrote in
    >> news:5uqQe.1890$:
    >>
    >>
    >>>nemo_outis wrote:
    >>>
    >>>>To see why Kaspersky is arguably the best antivirus program out
    >>>>there check out:
    >>>>
    >>>>http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69
    >>>
    >>>I would argue the phrase "arguably the best antivirus program out
    >>>there".
    >>> That debate is long-running and not something that should take up
    >>>bandwidth on this list.

    >>
    >>
    >> As for your "I would argue...," that is precisely what the term
    >> "arguably" means in the sentence to which you responded.
    >>
    >> As for inappropriate bandwidth usage, it is difficult to credit your
    >> position as you contribute to the alleged problem :) Antivirus
    >> programs are an essential feature of computer security; discussing
    >> which one is most effective is an entirely apopropriate topic for
    >> this group.

    >
    > <snip>
    >
    > It is difficult to credit my position? How, exactly? By "my
    > position" are you referring to "my opinion" or "my position regarding
    > where I stand with what I think of Kaspersky"?


    ....snip endless off-point rant - a true and well-presented but
    nonetheless off-point rant...

    Neither! You don't read very carefully. Note the opening phrase of my
    sentence, "As for inappropriate bandwidth usage." The point regarding
    which you cannot be taken seriously is not the merits or demerits of
    Kaspersky nor antivirus reviews and reviewers but rather that discussing
    such matters is a waste of bandwidth. And the reason I gave for not
    crediting your position on that one particular point - and no other! - is
    that you were - and are! - continuing to contribute to the alleged
    problem by your extended discussion of it. I chided you jocularly but
    pointedly, but not pointedly enough, it seems, for you to get it.

    Regards,
    nemo_outis, Aug 29, 2005
    #7
  8. "nemo_outis" <> wrote in message
    news:Xns96C0920BA6B1Babcxyzcom@204.153.244.170...
    > To see why Kaspersky is arguably the best antivirus program out there

    check
    > out:
    >
    > http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69
    >
    > Note that its undetected percentage, 0.72% is nearly *three times better*
    > than the next best program (AVK 2.07%).
    >
    > The latest Kaspersky programs (version 5 series) do use a controversial
    > feature, istreams, which places data in an alternate data stream attached
    > to each scanned file on an NTFS partition/drive. This feature can be
    > *disabled* if the user prefers (the location is not obvious, however!) and
    > any already tagged files can be untagged with the utility klstreamremover
    > available from Kaspersky (or using third-party tools such as the excellent
    > ADS uninstaller that comes with Hijackthis).


    Just out of interest, CA's AV has been doing this for (leans, over, checks,
    umm.. the version I have that does this is dated 2001. Sigs are "a little"
    more up-to-date)

    It /can/ be a major PITA if you do a lot of server stuff in Windows - you
    can get a lock warning when copying files.

    No direct experience of Kasp, beyond the usual "heard it's very good". The
    reason for choosing CA was pretty simple - used to get the stuff for free
    (as an employee), never had a problem, $9.95 per annum seemed a reasonable
    subscription price. Still does, TBH - although it has its flaws (critically,
    in not notifying you that its license has expired, and in failing *silently*
    when updating)

    I tend to ignore percentages, myself, as it's (i) Day Zero response that
    counts, and that (ii) MickeySoft actually give away tools that handle most
    of that percentage. Once a month. Hence the D0 comment ;o)

    And, of course, (iii) the paranoiac's observation that 90%+ of these
    "viruses" come from AV vendors' labs - they're variants, will never ever
    appear in the wild, and serve no other purpose but to bolster vendor
    statistics.

    Let's just say that, where I grew up, the local MP used to be Disraeli. I
    trust his opinion on statistics ;o)

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Aug 29, 2005
    #8
  9. nemo_outis

    Jim Watt Guest

    On Mon, 29 Aug 2005 22:53:33 GMT, "Hairy One Kenobi"
    <abuse@[127.0.0.1]> wrote:

    <large snip>

    >I tend to ignore percentages, myself, as it's (i) Day Zero response that
    >counts,


    Yes, and the 'virus' threat has changed, we are no longer swapping
    floppies which may contain boot sector infections. I find the virus
    scanners overly intrusive and wastefuil of resources. The main place
    to defend the network these days is at the mail server. Thats where
    problems can be pre-empted best. Trash all executable attachments.

    And educate users not to download rubbish spyware from the Internet if
    you cannot actively block their stupidity.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Aug 30, 2005
    #9
  10. nemo_outis

    nemo_outis Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
    news:NlMQe.291$:

    ....snip reasonable POV...

    > Let's just say that, where I grew up, the local MP used to be
    > Disraeli. I trust his opinion on statistics ;o)


    You'd have thought Gladstone would have expressed a contrary opinion.

    Regards,
    nemo_outis, Aug 30, 2005
    #10
  11. nemo_outis

    nemo_outis Guest

    Jim Watt <_way> wrote in
    news::

    > On Mon, 29 Aug 2005 22:53:33 GMT, "Hairy One Kenobi"
    > <abuse@[127.0.0.1]> wrote:
    >
    > <large snip>
    >
    >>I tend to ignore percentages, myself, as it's (i) Day Zero response that
    >>counts,

    >
    > Yes, and the 'virus' threat has changed, we are no longer swapping
    > floppies which may contain boot sector infections. I find the virus
    > scanners overly intrusive and wastefuil of resources. The main place
    > to defend the network these days is at the mail server. Thats where
    > problems can be pre-empted best. Trash all executable attachments.
    >
    > And educate users not to download rubbish spyware from the Internet if
    > you cannot actively block their stupidity.
    > --
    > Jim Watt
    > http://www.gibnet.com
    >


    Your observations are largely true for mainstream and corporate users.
    However, there are many who have more venturesome (some might say
    foolhardy) habits such as downloading from P2P, warez groups, etc. For
    such as they real-time scans are not mere frippery.

    Regards,
    nemo_outis, Aug 30, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    10
    Views:
    1,218
  2. You HAVE NO IDEA

    Why Why Why

    You HAVE NO IDEA, Apr 22, 2004, in forum: MCSE
    Replies:
    31
    Views:
    1,465
    billyw
    Apr 24, 2004
  3. RJB

    Problems with Kaspersky

    RJB, Sep 26, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    579
    ┬░Mike┬░
    Sep 26, 2003
  4. Slacker

    Kaspersky question, maybe problem

    Slacker, Apr 9, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    456
    reid decker
    Apr 9, 2004
  5. Velvet Whore

    Why? why? why?

    Velvet Whore, Nov 18, 2005, in forum: Computer Information
    Replies:
    1
    Views:
    364
    Fakename
    Nov 20, 2005
Loading...

Share This Page