Vendor Analysis: Kaspersky Anti-Virus Products Examined




Vendor Analysis: Kaspersky Anti-Virus Products Examined
Featured Author - Laura Taylor - November 23, 2002

Executive Summary

Kaspersky Labs is no newcomer to anti-virus products. Headquartered in Moscow, Russia, with offices in Pleasanton, California and Cambridge, England, Kaspersky Labs has successfully branded itself as a leader in multi-platform anti-virus products. Though many IT decision makers neglect to protect their UNIX systems from viruses, research done by Kaspersky Labs indicates that Linux may be just as prone to viruses as Microsoft operating systems.

Company Background

Kaspersky Labs began taking shape in 1989 when Eugene Kaspersky discovered that his own computer had been infected with the Cascade virus. From 1991 to 1997 Mr. Kaspersky was employed by KAMI Information Technologies Center in Moscow. (KAMI is now owned by i-Teco and is one of the largest systems integrators in Russia.) While at KAMI, Mr. Kaspersky led the development of an anti-virus project called AVP (AntiViral Toolkit Pro) that would later upgraded to Kaspersky Anti-Virus. In June 1997, Kaspersky Labs was founded by Eugene Kaserpsky heading up the research division, and Natalya Kaspersky heading up the corporate operations as CEO. Kaspersky's current anti-virus products that exist today have been progressively engineered from the Kaspersky Anti-Virus development version that has been in existence and updated since 1989. As a result, the products are mature well-developed products with proven-track records of successful virus eradication.

Figure 1. Corporate Information

Headquarters: Geroyev Panfilovtsev str. 10, 125363 Moscow, Russia
Field Offices: Pleasanton, California; Cambridge, UK; Sophia Antipolis, France; Czestochowa, Poland.
Major Products: Kaspersky Anti-Virus Lite, Kaspersky Anti-Virus Personal, Kaspersky Anti-Virus Personal Pro, Kaspersky Anti-Virus for Linux Servers, Kaspersky Anti-Virus for Linux Workstations, Kaspersky Business Optimal, Kaspersky Corporate Security, Kaspersky Security for Palm OS
Primary Platforms Supported: Windows 95/98/ME, Windows NT, Windows 2000, Windows XP Home Edition, Windows XP Professional, Novell NetWare, S.u.S.E. Linux, Debian GNU/Linux, Linux-Mandrake, Red Hat Linux, ASP Linux, Slackware Linux, OS/2, FreeBSD, OpenBSD, BSDi, Solaris, MS Exchange Server, Lotus Notes/Domino, Sendmail, Qmail, Postfix, Exim, CheckPoint Firewall-1.
Customer Scope: Multi-platform information technology businesses; individual users.
Industry Focus: Data integrity, information security, server and desktop security, application security, messaging security.
Key Features: New Virus Notification, Bi-Daily Updates, Scheduling System, Phone and Email Support, Command Line Commands and Switches, Simple User Interface, Monitoring Mode, Reporting, Generator and Logging.
Employees: Over 250
Contact Information: 011 +7 095-797-8700
Web site: http://www.kaspersky.com

Product Strategy and Strengths

Kaspersky anti-virus product line consists of 25 different anti-virus products that work across a wide variety of operating system platforms. There are currently 206 viruses listed on the In-The-Wild list of viruses. The In-The-Wild list of viruses does not include all virus variants, and is by no means a complete list of all viruses in the world, however, it is a well-respected count of leading viruses that have been reported by at least two WildList industry participants. Kaspersky products are tested against the In-The-Wild list by the Kaspersky anti-virus research team on a regular and on-going basis and are able to detect polymorphic (self-encoding) viruses, stealth viruses, Trojans, network worms, macroviruses, viruses for Java applets, and viruses for Microsoft, UNIX, and IBM client platforms.

Kaspersky's line of anti-virus products operate by using a scanner, an on-the-fly virus interceptor, an integrity checker, and behavior blocker. Kaspersky Anti-Virus protects all the most wide-spread e-mail server-based and client-based applications, including Microsoft Exchange, Microsoft Office, Lotus Notes/Domino, Sendmail, Qmail, Exim, Postfix, The BAT!, Eudora, Outlook, and Outlook Express. All the Kaspersky products are powered by a second-generation heuristic code analyzer, which allows customers to be protected against even future viruses.

Kaspersky's Personal and Personal Pro anti-virus products are made especially for home computers and computers used for remote mobile access. Kaspersky Anti-Virus Personal Pro includes a unique change examiner (integrity checker) that traces all disk changes and includes the ability to restore modified files and boot sectors.

Figure 2. Image of Kaspersky's Anti-Virus Lite Graphical User Interface

Kaspersky's engineered the first anti-virus product in the world for a comprehensive protection of UNIX and Linux systems, and their product line currently offers anti-virus products for the following platforms:

  • Red Hat Linux
  • S.u.S.E. Linux
  • Linux-Mandrake
  • Debian GNU/Linux
  • Slackware Linux
  • ASP Linux
  • FreeBSD
  • BSDi
  • OpenBSD
  • Solaris

Clearly Kaspersky is a leader in detecting viruses for UNIX and Linux operating systems and Relevant Technologies expects their UNIX and Linux products to set the standard for UNIX and Linux anti-virus products in the industry. The redundant scanning feature in Kaspersky Anti-Virus Linux File Server (KAVLFS) is a particularly nice because where other products might simply neutralize a virus that divides itself into several parts, KAVLFS removes the entire contents of virus including the parts of the virus left in file slack. When some anti-virus product neutralize viruses, they delete the virus code found in the entry point and main part of the virus body but often leave bits and pieces of the virus left in the file slack. File slack is the extra unused space at the end of a file that exists before you get to the new fixed length block of data that starts the next file. (File slack is sometimes called padding.)

In our tests, Kaspersky's anti-virus products installed easily without a hitch. The user interface was easy to use and their products worked as advertised. We reviewed the documentation carefully, and it was well written and easy to understand. Though the company is based in Moscow, the English version of documentation did not contain erroneous colloquialisms typically found in documents written by companies based in countries outside the United States.

In the future Kaspersky expects to add Personal Firewall features to their anti-virus products to offer an anti-virus and workstation firewall in one package.

Kaspersky's current anti-virus list is viewable on the Web can be found at http://www.viruslist.com. Their virus database is updated regularly twice per day (urgent updates upon a new virus detection are also available), and email support and vendor or reseller phone support. Cures for new viruses are guaranteed within 24 hours of their first report.

Figure 3. Kaspersky Anti-Virus Reporting Panel

Market and Product Challenges

The anti-virus market is a mature market, and there are numerous competitors in this information security market segment. According to the Virus Bulletin, a British anti-virus research publication, there are twenty-seven major anti-virus vendors. Some of these vendors are for the most part exclusively European vendors - they do not have an English language Web site, and cannot be considered viable contenders in the U.S. anti-virus market. Anti-virus products have become widely adopted in businesses, organizations, and with home users.

Though the anti-virus industry's stronghold is protecting Microsoft operating systems from viruses, in recent years UNIX systems have also proved to be vulnerable to viruses, and many vendors now offer products to protect UNIX systems. Kaspersky first released its Linux (UNIX) anti-virus product for S.u.S.E. Linux in 1999. Eleven of the twenty-seven vendors inspected by Virus Bulletin offer S.u.S.E. Linux anti-virus products. Oakland, California based S.u.S.E., Inc. makes S.u.S.E. Linux, a leading open-sourced UNIX operating system. S.u.S.E. Linux powers firewalls, messaging servers, database servers, and application servers all of which are vulnerable to viruses. The fact that Kaspersky is among the smaller group of anti-virus vendors that offer a S.u.S.E. anti-virus platform indicates their leadership in new anti-virus development. However, S.u.S.E. is just one Linux platform out of many that Kaspersky offers anti-virus products for. While it was once thought that UNIX and Linux systems were immune to viruses, research done by companies such as Kaspersky have shown that these platforms are also vulnerable to a wide variety of viruses. Another reason for Linux systems to require the reliable virus protection is that they may carry other types of viruses (such as Windows viruses) that may infect and destroy other computers within an enterprise-wide network.

Mature and competitive markets require distinct product marketing campaigns in order to establish the branding required to become a market leader. Kaspersky's anti-virus products are based on solid software engineering practices, but require additional marketing and strengthened branding to increase its customer base particularly in the United States. As a leader in UNIX and Linux anti-virus products, end-users will look to companies like Kaspersky for anti-virus products for Sun's Solaris UNIX operating systems in the future.

User Recommendations

Kasperky's anti-virus products are robust tools for keeping your valuable information free from the destruction and manipulation caused by viruses. IT decision makers should make sure that all their client systems, messaging servers, and other mission critical servers are protected from viruses. Advanced anti-virus products like Kaspersky's offer remote administration via Windows-based interface and web browsers.

  • Users should update their anti-virus database/signatures at least 1 time per day.
  • Kaspersky Labs have proven that UNIX/Linux platforms require virus protection.
  • All major mission critical servers require protection from viruses.
  • On-going virus management should be a part of every business with an IT infrastructure, and is typically performed by the security or IT support groups.
  • Most users fail to update their virus signatures often enough. For proper virus protection, it is paramount that users update their virus signatures on a daily basis.
  • End-user systems should be scanned for viruses at least once a day.
  • Anti-virus scan logs should be reviewed on a regular schedule.
  • Reports generated by anti-virus products offer valuable information for understanding which viruses are invading your network.
  • Messaging servers are particularly vulnerable to viruses (sent in via email) and installing anti-virus products directly on messaging servers is a very effective way of combating viruses.
  • Many viruses sent via Zip files can get past anti-virus software on messaging servers which is why it is important to have anti-virus software on your desktop even if you have an anti-virus package on your messaging server.

About the Author

Laura Taylor is the Chief Technical Officer of Relevant Technologies (http://www.relevanttechnologies.com) a leading provider of original information security content, research advisory services, and best practice IT management consulting services.

You can contact her by e-mail on ltaylor@relevanttechnologies.com.

Copyright 2002 Relevant Technologies, Inc. All rights reserved.

 
comments powered by Disqus