Vendor Analysis: Kaspersky Anti-Virus Products Examined
Featured Author - Laura Taylor
- November 23, 2002
Labs is no newcomer to anti-virus products. Headquartered in Moscow,
Russia, with offices in Pleasanton, California and Cambridge, England, Kaspersky
Labs has successfully branded itself as a leader in multi-platform anti-virus
products. Though many IT decision makers neglect to protect their UNIX
systems from viruses, research done by Kaspersky Labs indicates that Linux
may be just as prone to viruses as Microsoft operating systems.
Labs began taking shape in 1989 when Eugene Kaspersky discovered that his own
computer had been infected with the Cascade virus. From 1991 to 1997 Mr. Kaspersky
was employed by KAMI Information Technologies Center in Moscow. (KAMI
is now owned by i-Teco and is one of the largest systems integrators
in Russia.) While at KAMI, Mr. Kaspersky led the development of an anti-virus
project called AVP (AntiViral Toolkit Pro)
that would later upgraded to Kaspersky Anti-Virus. In June
1997, Kaspersky Labs was founded by Eugene Kaserpsky heading up the research
division, and Natalya Kaspersky heading up the corporate operations as CEO.
Kaspersky's current anti-virus products that exist today have been progressively
engineered from the Kaspersky Anti-Virus development version that has been in
existence and updated since 1989. As a result, the products are mature well-developed
products with proven-track records of successful virus eradication.
Panfilovtsev str. 10, 125363 Moscow, Russia
California; Cambridge, UK; Sophia Antipolis, France; Czestochowa,
Anti-Virus Lite, Kaspersky Anti-Virus Personal, Kaspersky Anti-Virus
Personal Pro, Kaspersky Anti-Virus for Linux Servers, Kaspersky Anti-Virus
for Linux Workstations, Kaspersky Business Optimal, Kaspersky Corporate
Security, Kaspersky Security for Palm OS
95/98/ME, Windows NT, Windows 2000, Windows XP Home Edition, Windows
XP Professional, Novell NetWare, S.u.S.E. Linux, Debian GNU/Linux,
Linux-Mandrake, Red Hat Linux, ASP Linux, Slackware Linux, OS/2, FreeBSD,
OpenBSD, BSDi, Solaris, MS Exchange Server, Lotus Notes/Domino, Sendmail,
Qmail, Postfix, Exim, CheckPoint Firewall-1.
information technology businesses; individual users.
integrity, information security, server and desktop security, application
security, messaging security.
Virus Notification, Bi-Daily Updates, Scheduling System, Phone and
Email Support, Command Line Commands and Switches, Simple User Interface,
Monitoring Mode, Reporting, Generator and Logging.
Product Strategy and Strengths
anti-virus product line consists of 25 different anti-virus products that work
across a wide variety of operating system platforms. There are currently 206
viruses listed on the In-The-Wild list of viruses. The In-The-Wild list of viruses
does not include all virus variants, and is by no means a complete list of all
viruses in the world, however, it is a well-respected count of leading viruses
that have been reported by at least two WildList industry participants. Kaspersky
products are tested against the In-The-Wild list by the Kaspersky anti-virus
research team on a regular and on-going basis and are able to detect polymorphic
(self-encoding) viruses, stealth viruses, Trojans, network worms, macroviruses,
viruses for Java applets, and viruses for Microsoft, UNIX, and IBM
line of anti-virus products operate by using a scanner, an on-the-fly virus
interceptor, an integrity checker, and behavior blocker. Kaspersky Anti-Virus
protects all the most wide-spread e-mail server-based and client-based applications,
including Microsoft Exchange, Microsoft Office,
Lotus Notes/Domino, Sendmail, Qmail,
Exim, Postfix, The BAT!,
Eudora, Outlook, and Outlook Express.
All the Kaspersky products are powered by a second-generation heuristic code
analyzer, which allows customers to be protected against even future viruses.
Kaspersky's Personal and Personal Pro anti-virus products are made especially for home computers and computers used for remote mobile access. Kaspersky Anti-Virus Personal Pro includes a unique change examiner (integrity checker) that traces all disk changes and includes the ability to restore modified files and boot sectors.
2. Image of Kaspersky's Anti-Virus Lite Graphical User Interface
Kaspersky's engineered the first anti-virus product in the world for a comprehensive protection of UNIX and Linux systems, and their product line currently offers anti-virus products for the following platforms:
Red Hat Linux
Kaspersky is a leader in detecting viruses for UNIX and Linux operating systems
and Relevant Technologies expects their UNIX and Linux products to set the standard
for UNIX and Linux anti-virus products in the industry. The redundant scanning
feature in Kaspersky Anti-Virus Linux File Server (KAVLFS)
is a particularly nice because where other products might simply neutralize
a virus that divides itself into several parts, KAVLFS removes the entire contents
of virus including the parts of the virus left in file slack. When some anti-virus
product neutralize viruses, they delete the virus code found in the entry point
and main part of the virus body but often leave bits and pieces of the virus
left in the file slack. File slack is the extra unused space at the end of a
file that exists before you get to the new fixed length block of data that starts
the next file. (File slack is sometimes called padding.)
In our tests, Kaspersky's anti-virus products installed easily without a hitch. The user interface was easy to use and their products worked as advertised. We reviewed the documentation carefully, and it was well written and easy to understand. Though the company is based in Moscow, the English version of documentation did not contain
erroneous colloquialisms typically found in documents written by companies based in countries outside the United States.
In the future Kaspersky expects to add Personal Firewall features to their anti-virus products to offer an anti-virus and workstation firewall in one package.
current anti-virus list is viewable on the Web can be found at http://www.viruslist.com.
Their virus database is updated regularly twice per day (urgent updates upon
a new virus detection are also available), and email support and vendor or reseller
phone support. Cures for new viruses are guaranteed within 24 hours of their
Figure 3. Kaspersky Anti-Virus Reporting Panel
Market and Product Challenges
anti-virus market is a mature market, and there are numerous competitors in
this information security market segment. According to the Virus Bulletin,
a British anti-virus research publication, there are twenty-seven major anti-virus
vendors. Some of these vendors are for the most part exclusively European vendors
- they do not have an English language Web site, and cannot be considered viable
contenders in the U.S. anti-virus market. Anti-virus products have become widely
adopted in businesses, organizations, and with home users.
Though the anti-virus industry's stronghold is protecting Microsoft operating systems from viruses, in recent years UNIX systems have also proved to be vulnerable to viruses, and many vendors now offer products to protect UNIX systems. Kaspersky first released its Linux (UNIX) anti-virus product for S.u.S.E. Linux in 1999. Eleven of the twenty-seven vendors inspected by Virus Bulletin offer S.u.S.E. Linux anti-virus
products. Oakland, California based S.u.S.E., Inc. makes S.u.S.E. Linux, a leading open-sourced UNIX operating system. S.u.S.E. Linux powers firewalls, messaging servers, database servers, and application servers all of which are vulnerable to viruses. The fact that Kaspersky is among the smaller group of anti-virus vendors that offer a S.u.S.E. anti-virus platform indicates their leadership in new anti-virus development. However, S.u.S.E. is just one Linux platform out of many that Kaspersky offers anti-virus products for. While it was once thought that UNIX and Linux systems were immune to viruses, research done by companies such as Kaspersky have shown that these platforms are also vulnerable to a wide variety of viruses. Another reason for Linux systems to require the reliable virus protection is that they may carry other types of viruses (such as Windows viruses) that may infect and destroy other computers within an enterprise-wide network.
Mature and competitive markets require distinct product marketing campaigns in order to establish the branding required to become a market leader. Kaspersky's anti-virus products are based on solid software engineering practices, but require additional marketing and strengthened branding to increase its customer base particularly in the United States. As a leader in UNIX and Linux anti-virus products, end-users will look to companies like Kaspersky for anti-virus products for Sun's Solaris UNIX operating systems in the future.
Kasperky's anti-virus products are robust tools for keeping your valuable information free from the destruction and manipulation caused by viruses. IT decision makers should make sure that all their client systems, messaging servers, and other mission critical servers are protected from viruses. Advanced anti-virus products like Kaspersky's offer remote administration via Windows-based interface and web browsers.
Users should update their anti-virus database/signatures at least 1 time per
- Kaspersky Labs
have proven that UNIX/Linux platforms require virus protection.
- All major mission
critical servers require protection from viruses.
- On-going virus
management should be a part of every business with an IT infrastructure, and
is typically performed by the security or IT support groups.
- Most users
fail to update their virus signatures often enough. For proper virus protection,
it is paramount that users update their virus signatures on a daily basis.
- End-user systems
should be scanned for viruses at least once a day.
scan logs should be reviewed on a regular schedule.
- Reports generated
by anti-virus products offer valuable information for understanding which
viruses are invading your network.
- Messaging servers
are particularly vulnerable to viruses (sent in via email) and installing
anti-virus products directly on messaging servers is a very effective way
of combating viruses.
- Many viruses
sent via Zip files can get past anti-virus software on messaging servers which
is why it is important to have anti-virus software on your desktop even if
you have an anti-virus package on your messaging server.
Taylor is the Chief Technical Officer of Relevant Technologies (http://www.relevanttechnologies.com)
a leading provider of original information security content, research advisory
services, and best practice IT management consulting services.
can contact her by e-mail on firstname.lastname@example.org.
2002 Relevant Technologies, Inc. All rights reserved.