Internet Security » Kaspersky
Every computer should have antivirus and firewall protection, and every security suite offers at least these two components. Some stay lean and mean, adding just a few additional components. Others try to supply every possible security need in a single, integrated package. Kaspersky PURE 3.0 Total Security ($89.99 per year for three licenses) definitely falls in the latter category. It contains just about every security component you can imagine, and most of these components do a very good job.
Kaspersky PURE bears the same relationship to Kaspersky Internet Security (2013) that Norton 360 (2013) does to Norton Internet Security (2013). In both cases, the mega-suite includes all the features of the basic suite and adds significant extras.
In the past, both Kaspersky PURE and Norton 360 ran on a release schedule offset by about six months from their basic suites. This past fall, Symantec put both its suites on the same schedule, but Kaspersky PURE remains offset from the other Kaspersky products.
The product’s main window features three large panel-style buttons devoted to Backup, Computer Protection, and Parental Control, each displaying basic statistics about its coverage area. If there’s any problem with security configuration, the corresponding panel changed from green to yellow or red; clicking the Fix button that appears gives you a chance to correct all problems.
Installation and Scanning
Kaspersky PURE installed without incident on most of my malware-infested test systems. The WindowsUnlocker feature of Kaspersky’s Rescue Disk took care of ransomware on one system. Another system reported a problem with corrupted security components. At tech support’s request, I used the built-in support tool to generate logs and to run the problem-specific cleanup scripts they supplied. It took a few tries, but we solved the problem.
When Kaspersky detects a high-risk threat, it will offer to run an advanced disinfection process, including an automatic system reboot. On half of the test systems it popped up this request shortly after install; on the other half it asked for advanced disinfection during the full scan. Kaspersky’s Task Manager is completely capable of running multiple scans simultaneously. Frequently the forced reboot for advanced disinfection interrupted the full system scan; after the reboot, Kaspersky picked up that scan where it left off.
A few of the test systems required more than one round of advanced disinfection, but eventually all of them ran to completion. Yes, running multiple scans made the cleanup process take quite a while, but if your system is truly infested you’ll want to spend all the time necessary to get it cleaned.
New this month, I’m including a star rating for ease of use in installation. A product that installs and scans without a hitch, or with only minor help from tech support, can get five stars. If installation succeeds with use of ancillary tools like a rescue CD or threat-specific cleanup utility, that’s good for four stars, which is what Kaspersky earned.
Decent Malware Removal
With at least one round of advanced disinfection for each of the infested test systems, I expected stellar results in my malware removal test. I was a little disappointed to find that Kaspersky came out good, not great.
I was pleased to find that after every scan that detected malware, Kaspersky automatically checked for Windows settings damaged or modified by malware. It’s quite common to find that a Trojan or ransomware threat will disable use of Task Manager, Registry Editor, and Command Prompt, to protect itself. Kaspersky’s “Post-infection Microsoft Windows Troubleshooting” takes care of this kind of problem.
Kaspersky detected 78 percent of the malware samples, slightly more than avast! Premier 8. These two are the only products that have been tested with my new malware collection. Kaspersky would have scored higher than the 6.0 points it earned, but it left a number of executable malware traces behind, some of them actually running.
Tested with my previous malware collection, the previous edition of Kaspersky PURE detected 76 percent and scored 5.3 points, not so different from the current edition’s score. Comodo Internet Security Complete 2013, Webroot SecureAnywhere Complete 2013, and Norton 360 all scored 6.6 points against that collection, the top score for security suites.
To get a full explanation of my malware removal test, see How We Test Malware Removal.
Kaspersky PURE 3.0 Total Security malware removal chart
Decent Protection Against Attack
As noted, I recently replaced my malware collection with a new set of samples. Kaspersky PURE and avast! are the only products that have been tested with this new set. Both of them detected 86 percent of the threats, but not the same 86 percent. And both scored 8.5 points for malware blocking.
The previous edition of Kaspersky PURE scored 8.4 points against my previous malware collection, almost the same as in the current test. Webroot scored 9.9 points against that collection, while SecureIT Plus (2013) came close with 9.7 points. In the past I’ve broken out a separate score for rootkit blocking, but my current collection just doesn’t include enough rootkits to merit a separate score.
When I tried to download my malware collection again, Kaspersky’s Web antivirus component blocked access to 74 percent of those still having a valid URL. Combining URL-level protection with blocking after the download began, avast! managed 88 percent. Comodo blocked 100 percent of the URLs pointing to my previous threat collection, most of them during the download process.
For a full explanation of my malware blocking test methodology, see How We Test Malware Blocking.
Kaspersky PURE 3.0 Total Security malware blocking chart
Praise from Independent Labs
Kaspersky’s antivirus technology definitely scores better with the independent labs than it did in my tests, enough so that I’ve raised its sub-ratings for malware protection. ICSA Labs and West Cost Labs both certify Kaspersky for antivirus detection and removal; West Coast Labs has also awarded it Platinum Checkmark certification. It detected all samples in the last ten tests by Virus Bulletin, but missed VB100 certification in one test due to a single false positive.
Austrian lab AV-Comparatives puts antivirus products through a number of different kind of tests. They run an on-demand test to measure detection rates, and another on-demand test with deliberately outdated malware definitions to simulate detection of zero-day threats. The arduous whole product dynamic test challenges each product to block hundreds of malware attacks daily, for weeks, using any and all of its protective features. In all three of these test, Kaspersky rated ADVANCED+, the highest rating.
AV-Test puts antivirus products through a collection of static and dynamic tests in three categories: Protection, Repair, and Usability. Kaspersky earned 5.5 of 6 possible points in the first two categories and 5 points for usability. 11 of 18 possible points are needed for certification; with 16 points in the latest test Kaspersky is well beyond that minimum. Only Bitdefender Total Security 2013 scored higher, with 16.5 points.
To learn more about the independent testing labs, please read article How We Interpret Antivirus Lab Tests.
Kaspersky PURE 3.0 Total Security lab tests chart
Highly Accurate Phishing Detection
Kaspersky PURE blocks access to known phishing sites; it also uses real-time analysis to detect brand-new fraudulent websites. A red warning indicates a known phishing site, while a yellow warning means the site was detected using heuristic analysis. This two-part phishing protection, very similar to what Norton 360 uses, proved extremely effective.
Very few products that promise phishing protection actually deliver. The SmartScreen Filter component of Internet Explorer 8 does a better job than two-thirds of them; that feature in Internet Explorer 9 and 10 is even more powerful. Kaspersky PURE’s detection rate came in 24 percentage points ahead of IE alone.
I use Norton as a touchstone for phishing detection, because it consistently exhibits a high degree of accuracy. Kaspersky actual beat Norton by three percentage points. The only recent product to do better was McAfee Total Protection 2013, which beat Norton by four percentage points.
For a full explanation of where I get my super-fresh phishing URLs and how I calculate these scores, please see How We Test Antiphishing.
Kaspersky PURE 3.0 Total Security antiphishing chart
Just about every modern firewall manages the basic task of securing your PC against hack attack, and Kaspersky is no exception. It stealthed all the test system’s ports, making it invisible to outside attack, and defended against port scans and other Web-based attacks.
There’s a lot more variation in the way firewalls handle program control, the process of managing what sort of Internet and network access different programs are permitted. The most rudimentary firewalls foist those decisions off on the user, often using arcane and confusing language in their popup confirmation queries. An immense database of known programs can help reduce this flood of popups, but relying on the user to make important security decisions is still a bad idea.
Like Norton, Kaspersky handles program control without hassling the user. The app automatically configures permissions for known programs. When it encounters an unknown, it assigns a trust level based on the program’s behavior. The lower the trust level, the less access the program will have to the network and to sensitive system areas.
It’s not uncommon for this kind of “smart” program control to ignore leak tests, programs that demonstrate techniques to evade normal program control but have no actual malicious payload. I turned off the file antivirus and ran a dozen such utilities. Their trust levels ran the gamut from Untrusted (meaning the file could not execute) through High and Low Restricted all the way to Trusted. However, when I turned the file antivirus back on it prevented every single one from launching.
To check the firewall’s ability to protect against exploit attacks, I launched thirty-odd exploits generated by the Core IMPACT penetration tool against the test system. Kaspersky PURE blocked over 70 percent of them. In most cases heuristic detection revealed the attack, but it also identified quite a few of the attacks by name. Avast! blocked over 90 percent of these attacks, and Norton blocked them all. In any case, even those attacks that weren’t actively blocked didn’t manage to breach security.
In theory, a zero-day threat not detected by Kaspersky might use standard Windows functions to disable the firewall or other security components by terminating processes, disabling services, or even just setting protection to “off” in the Registry. Kaspersky, though, is hardened against all these attacks. Trying them manually gets “Access Denied,” while an attacking program would simply fail.
Kaspersky’s firewall is just what most users need. It protects from outside attack, it takes care of program control internally, and it resists direct attack by malware.
You do want a firewall that handles exploit attacks, to ensure you’re protected against brand-new exploits for which no patch exists. However, you can head off known attacks by simply keeping your operating system, browsers, and sensitive applications fully patched.
Kaspersky’s Vulnerability Scan, found on the same page as the full anti-malware scan, generates a report on significant unpatched system components and third-party applications. Click on a particular found problem and a Fix button appears; click the button to obtain and install the patch. McAfee, avast!, and others offer a similar feature.
Slow but Steady Antispam
Kaspersky’s antispam component filters POP3 or IMAP email and integrates with Microsoft Outlook, Outlook Express / Windows Mail, and The Bat!. It marks spam and probable spam by modifying the subject line—those using an unsupported browser can simply define a message rule to divert spam into its own folder. Note that even if you’re using Outlook, the default behavior is to just mark spam messages. If you want it to sort them into their own folder you have to choose the folder.
In testing, I found that the process of downloading email was measurably slowed by Kaspersky’s analysis. Download 1,000 messages took nearly three times as long as downloading 1,000 messages without any spam filter. Depending on how much email you get, this slowdown might be noticeable.
After discarding messages more than 30 days old, I sorted the contents of the Inbox into valid personal mail, valid bulk mail (newsletters, for example), and undeniable spam, discarding any messages not fitting these categories. I did the same for the contents of the Spam folder. Kaspersky did a pretty good job of blocking spam without discarding important mail. It did send 0.4 percent of valid personal mail to the spam folder, but whitelisting known correspondents would help with that.
Kaspersky’s spam filter let over 11 percent of undeniable spam into the Inbox. That’s not too bad, but Norton and Bitdefender let in just 5.3 and 6.8 percent respectively, with no false positives and no appreciable slowdown. For an explanation of how I analyze antispam accuracy, please see How We Test Antispam.
Kaspersky PURE 3.0 Total Security antispam chart
Cross-Device Password Manager
Modern online life requires a zillion passwords. The only way you can stick with strong, unique passwords is to invoke the help of a password management utility. Not many security suites include this level of security. Besides Kaspersky, Norton and Webroot offer full-scale password management; Trend Micro Titanium Maximum Security 2013 includes a license for Trend Micro DirectPass.
Kaspersky’ password manager handles all expected tasks. It captures your username and password as you log in to secure sites and automatically fills them in when you revisit a site that has login credentials saved. It can store multiple logins for the same site, and it detects and records password change events. You can assign a newly-saved login to the group of your choice; however, unlike LastPass 2.0 and others, Kaspersky doesn’t let you create a new group at that time.
Clicking the password manager button in your browser brings up a menu that includes all of your stored logins, arranged into submenus to match any groups you’ve defined. Selecting a menu item navigates to the site and fills in your credentials.
You can also define one or more identities for filling in Web forms. For each identity you can include personal details such as your full name and birthdate, electronic and physical contact details, social networking accounts, and business data. You can also add one or more bank accounts or credit cards. When you open a Web form, Kaspersky puts a red border around fields that it can fill; all you need do is select the desired identity.
New in this edition, Kaspersky can now sync your passwords and identity data between multiple systems, via your online Kaspersky account.
Full-Scale Parental Control
Not everyone needs a parental control system, but for those who do, Kaspersky offers the real deal. To start using it, you define a password to protect its settings and identify which Windows user accounts should be managed. For each account you can choose a predefined Child or Teen profile, set it to monitor without blocking, or define custom settings.
Kaspersky can block access to inappropriate websites in fourteen categories. Its protection is browser-independent, and it handles HTTPS connections too. That means your precocious teen won’t be able to evade parental control by using an off-brand browser or connecting through a secure anonymizing proxy. For search sites that support it, Kaspersky can force Safe Search to stay turned on.
Some parental control systems let parents control the child’s time on the Internet; others allow restricting overall computer use. Kaspersky does both, with a weekly schedule of permitted times plus a daily maximum both for computer use and for Internet use. You can apply a similar schedule to any specific program, including the ability to totally block use of that program.
You can configure the parental control system to monitor your child’s instant messaging and social network messaging, with an option to block specific contacts and filter out parent-specified keywords.
Privacy can be a particular concern for parents. You wouldn’t post your home phone or address in public, but your impulsive child might. Built into the parental control system is an option to prevent transmission of specific private information.
If you want truly high-end parental control features like remote notification, remote management, and control over what games the kids can play, you’ll need a dedicated parental control utility like Editors’ Choice AVG Family Safety. Barring that, Kaspersky offers a better parental control system than most suites.
Home Network Control
You can install Kaspersky on your own computer, your child’s computer, and the shared computer in the den, but will it stay configured correctly? The kids may turn off protection because they imagine it slows their online gaming, or automatic updates might fail for some reason. Yes, you could patrol the house checking settings on each computer, but Home Network Control lets you handle that task without leaving your desk.
Simply activate Home Network Control on each PC using the same administrator password. Once the PCs find each other on the network, you’ll see them in the main control panel, with any security problems flagged.
From the network control console you can correct problems, launch scans, and trigger updates. If the remote computer has any backup tasks configured, you can launch a backup. You can even adjust parental control settings and view parental control reports. Home Network Control gives you total control over all Kaspersky-equipped PCs in the house.
Those concerned about Internet bandwidth can configure PCs on the network for group updates. In this mode, just one of the computers actually connects to Kaspersky’s website for updates, while the others siphon their updates from this local computer.
Hackers and viruses aren’t the only threats your PC and data face. A laptop might get stolen; a desktop PC might get fried by a power surge. You can recover from that sort of disaster, as long as you’ve prepared by making a backup of that essential data.
The previous version of Kaspersky PURE offered a number of options for where to store your backed-up files. It defaulted to the hard drives on your computer, but you could configure it to use a removable drive, a network drive, or even an FTP server.
Backing up to a local drive won’t help if the whole computer is destroyed or stolen, and the other options can be tough for the non-techie user. New in this edition, Kaspersky can link to your Dropbox account and store backups there. Do note that your backed-up files are exactly as secure as anything else in Dropbox, no more and no less.
To define a backup task, you start by choosing what files to back up. Kaspersky includes presets to back up documents, movies, pictures, and music; you can also define your own custom file set. As noted, you have a number of options for where to store the backed-up files, but keeping them offset in Dropbox is safer than storing them locally. Finally, you can set a schedule to run this backup task automatically.
It’s easy to restore any or all files from a backup set. Just check off the ones you want and specify whether to restore to the original location or a different folder. If you’ve chosen online storage, you can access your backed-up files from anywhere by logging in to Dropbox.
Norton 360 lets you share backed-up files with others using a secure link. Webroot and Trend Micro do that as well, and they can also sync files between multiple computers. Kaspersky’s addition of online storage is a definite plus, but it has a ways to go before it can challenge these higher-end backup systems.
Encrypt and Shred Files
Keeping an offsite backup protects your files against loss, but that’s not the only type of file security you might need. Preventing others from viewing the contents of business plans or other sensitive files can be equally important. Stick those files in a Kaspersky encrypted container and they’ll be safer from snoops.
When you enter the password and open an encrypted container, it behaves exactly like any other drive. You can copy files into and out of it, or create files within it. When you close and encrypt the drive, there’s no way anybody can access the files it contains. Simple!
If you simply move a sensitive file into the encrypted container, the file’s deleted data remains on disk in its original location, marked as free disk space. It’s possible that a forensic expert could retrieve the unprotected original version. Instead of moving the file, copy it into the encrypted container and then use Kaspersky’s File Shredder to securely delete the original.
By default the File Shredder overwrites the file’s data with zeroes, overwrites it again with random bytes, and then deletes it. Even this Quick Delete mode will balk all but the most advanced hardware-based forensic recovery. Advanced users can choose from six other secure deletion algorithms.
Many high-end suites include the ability to find and delete useless files and traces of your browsing history. Kaspersky separates those two features into a Privacy Cleaner and an Unused Data Cleaner. The Privacy Cleaner scans for such elements as browser history, cached files, and Windows log files, while the Unused Data Cleaner finds temporary files, log files, and other unnecessary files.
Both tools give you the option to review what they’ve found and choose which items to delete. In the unlikely event that the Privacy Cleaner caused a system problem, you can roll back its changes and try again.
Many attacks and exploits target Internet Explorer, so keeping IE configured for maximum security is important. Kaspersky’s Browser Configuration Wizard will find and fix settings to maximum IE security.
Safe Money and Secure Data Entry
Doing your shopping and banking online is incredibly convenient, but there’s always the possibility your transaction might not be perfectly secure. When you navigate to a financial site or other sensitive site, Kaspersky’s Safe Money feature first verifies that the URL is valid, the site’s security certificate is current, and your operating system is free of banking-related vulnerabilities. Assuming it finds no problems, it then offers to open the site in a secure browser.
Avast! includes a similar feature using a hardened browser based on Chrome. Kaspersky instead launches a sandboxed instance of the browser you were using; a glowing border lets you know this is the secure browser.
When you’re using Safe Money or entering passwords and other sensitive data, Kaspersky enables secure keyboard input. This establishes an encrypted connection between the keyboard and the data entry field, a connection that can’t be snooped by a keylogger or other malware. It’s very unobtrusive; you’ll briefly see a popup noting that secure keyboard input is enabled.
To be very, very sure there’s no chance your keystrokes might be intercepted, you can invoke Kaspersky’s virtual keyboard. Click in an entry field, open the virtual keyboard, and click on the desired keys. They’ll appear in the entry field without any chance of capture by a keylogger.
In testing, I was surprised to find that this plug-in, along with all other Kaspersky plug-ins, is incompatible with the current edition of Firefox. My Kaspersky contact explained, “We don’t use Mozilla’s system to distribute our own updates, we use our own product patches. There’s a window between when the latest browser is issued, and when we’re able to get our own patch out to bring our browser plug-ins into compatibility. That’s what you’re experiencing now.” I’m not too impressed; it seems that Firefox users will periodically suffer a hiatus in protection.
Performance Impact Varies
I noted earlier that downloading email took noticeably longer with Kaspersky’s spam filter analyzing messages. My boot-time test, which measures the time from the start of the boot process until the computer is ready for use, also took noticeably longer. Averaging 100 reboots with no suite and with Kaspersky installed, I found that Kaspersky increased the boot time by 49 percent. The average for this test is 15 percent; only three current products had more impact on boot time than Kaspersky.
On the other hand, you probably boot up the computer no more than once per day, and Kaspersky did much better in my other performance tests. A script that times how long it takes to fully load 100 websites took just 8 percent longer with Kaspersky’s various plug-ins installed; the current average is 17 percent.
On-access file inspection can slow some file management tasks, if it’s not handled well. To check this, I time two scripts, one that moves and copies a big collection of huge files between drives and one that zips and unzips that same collection. The file move/copy test took 16 percent longer under Kaspersky’s protection; the zip/unzip test took 11 percent longer. Given that the averages for those two tests are 23 and 16 percent respectively, that’s a good showing.
For details on my security suite performance tests, see How We Test Security Suites for Performance.
Kaspersky PURE 3.0 Total Security performance chart
With Kaspersky PURE 3.0 Total Security you get just about every imaginable security component. Its firewall is notable for handling program control without hassling the user, and phishing protection is excellent. In my own malware protection tests its scores were good, though not great, but it earned top marks from all the independent antivirus test labs. Norton 360 (2013) remains our Editors’ Choice for mega-suite, but Kaspersky PURE is also a very good choice.
|Disclosure / Disclaimer: We do NOT own the software we Review. If we create a link to a software in a review, in most of the time, we do get paid a commission if you purchase the software or service through the affiliate link. But we do not receive revenue for writing software reviews. And although we make money from those affiliate programs, we always give our honest opinions and experiences on those topics or software.|