Friday, March 20, 2009

Kaspersky Anti-Virus 2009



Product summary

The goodThe good: Kaspersky Anti-Virus 2009 includes a fast malicious software engine, Secunia vulnerability database, and built-in system restore capabilities.

The badThe bad: Kaspersky Anti-Virus 2009 results messages were unclear, installation could have been a lot smoother, leaves behind registry file after uninstall.

The bottom lineThe bottom line: Kaspersky Anti-Virus 2009 provides adequate protection, but the program itself could use some work in telling the user what's going on.

Specifications: License qty: 1 user ; License type: Complete package ; Min processor type: Microsoft Windows Vista) , 800 MHz Intel Pentium (Microsoft Windows XP

Despite winning our Editors' Choice award two years in a row, Kaspersky Anti-Virus 2009 did not impress us enough to extend that run another year. Granted, there are significant improvements to the anti-malicious-software engine in KAV 2009; it is faster, although we only saw evidence of that during the file scan test. In our application and boot tests, the numbers were actually worse than last year. This highlights our dilemma. The problem with KAV 2009 is not so much with malicious software detection (it does that very well), but with the execution of the overall program. Our installation process required a few too many reboots, and we also experienced more than the usual system glitches on our Windows XP test machines from code we were told was final and already being sold in parts of Europe. The interface is a little clunky, and messages regarding updates and scans are very unclear. Some of the new features didn't seem to be fully developed. For a world-class software vendor, we expect better.

Installation
Note: Kaspersky Anti-Virus 2009 requires Windows XP and Windows Vista.

Our installation of KAV 2009 on a Windows XP test machine wasn't neat. First, KAV 2009 identified ZoneAlarm and AVG 8.0 as potential conflicts that needed to be removed--only one was currently installed on our machine. Turns out, KAV read the registry files and found an old installation of AVG 8.0 that had been removed, but not completely uninstalled (that's why products need to be uninstalled completely). Kaspersky technical support, we were told, offers a tool--avg8.zip, which includes KLeaner.exe, that you can download from their site to remove old installations; however, installation of a security application should not be this complicated. Once we removed these, we needed to reboot and restart our installation.

Once the files were loaded, Windows XP asked us whether the Windows Firewall should block Kaspersky. Shouldn't KAV 2009 be accepted by Windows? When we tried to register with the product code--which we copy and pasted--we were unable to do so. We kept getting a message that only manually entered numbers and Latin characters would be accepted. Kaspersky representatives said the latter scenario should not have happened, but it did. Customers who order online will get a file that you can point to during installation. Then, once the program was installed, we had to reboot.

Two reboots of the computer and 20 minutes later, we were up and running. (Note: We also experienced boot lockup problems after our installation and configuration of both KAV 2009 and in Kaspersky Internet Security 2009. We're willing to attribute this to early code, but we sincerely hope Kaspersky makes a fix available soon.)

Should you decide to remove KAV 2009 from your system, there is an All Programs icon to Update, Modify, or Remove the program. However, after uninstalling the program, and rebooting the system, we found more than a few traces of Kaspersky within the system registry--the exact problem we experienced during the installation with residue from another antivirus product lurking within the registry. Representatives of Kaspersky blamed the Microsoft uninstaller for the residue, citing a similar problem with AVG Technologies AVG 8, but Kaspersky didn't offer an explanation why it doesn't provide its own uninstaller such as the one found with Check Point ZoneAlarm products.

Interface
The KAV 2009 interface didn't initially win us over. On every screen, we are reminded that more protection is available in Kaspersky Internet Security 2009, which has the effect of suggesting we're not fully protected with KAV 2009.

The first thing you'll notice is a scary red alert. That's good because you notice it; it's bad because usually it's flagging not a problem with your machine, but with the program itself. Click the Fix Now and, in most cases, you'll discover that you only need to download the latest updates. This is automated and probably halfway done by the time you realize it. The fact the system is self-updating is clear if you look to the left, there's a percentage indicator showing how the update is progressing.

Messaging for system scans is also confusing. After running a quick scan, we were simply taken back the scan screen, not a results page. Even if there were no results, we expected to see some indication that we had a clean system (most products show a blank results screen). Instead, it appeared as though we hadn't run the Quick Scan (which takes less than one minute). In fact, we had run the test several more times before we realized there is a report button. Many of the screens within KAV 2009 have hard-to-see buttons that will reveal details if asked. In this case, however, the button only displayed the times at which the scans ran with real no confirmation that our system was clean. Kaspersky representatives said they'd take our suggestions under review.

Features
Like most antivirus software today, KAV 2009 concentrates on three specific areas: files and memory; e-mail and instant-message protection; and Web traffic protection. The extras set it apart. Unfortunately, not all the extras feel fully baked.

KAV 2009 includes something called Post Infected System Restore. It's a wizard that helps restore a system to a previous state when a virus or malicious software has caused a problem. In the case where malicious code has deleted system files, KAV 2009 includes the capability to create a Rescue Disk. Of course, you need to do that advance, and KAV 2009 never prompted us to do so. Also to create a Windows XP rescue disk, you need a Windows XP SP2 disk, which some users (if they updated from Windows XP SP1) won't have. A Linux Rescue Disk for Windows XP and Vista can also be downloaded.

While we really like the idea, the execution of Kaspersky's new Security Analyzer needs more work. It's good that it checks with the Secunia database for the latest reported vulnerabilities and vendor updates. But it's bad that upon our first run our test system had 481 vulnerabilities. Bad because there is no one-stop shopping here--we needed to click on each alert individually. We also had to download the correct patch for our system, but which version of the vulnerable software are we running? It gets confusing and tedious even for someone relatively tech savvy. It would be good if the scanner also identified not only that you are running vulnerable software, but also which version of the software you are running. Sometimes fixing one removes others, but the current implementation leaves the process unclear.

Performance
In CNET Labs' performance tests, Kaspersky Anti-Virus 2009, in general, scored worse than last year. However, it managed to halve its individual file scan time. In third-party, independent antivirus testing using live viruses, Kaspersky Anti-Virus 2009 scored in the upper ranks, although not always at the top position. On the CNET iTunes test, Kaspersky Anti-Virus 2009 came in way above the test system at 275 seconds, 3 seconds longer than last year's result and 7 seconds more than the test system. On the CNET Microsoft Office test, Kaspersky Anti-Virus 2009 finished last at 1,584 seconds, requiring 66 more seconds to complete this year compared with last year. In a test scanning a single folder with compressed and media files, Kaspersky Anti-Virus 2009 had better results, completing this test in 256 seconds, or roughly half the time it took last year (521 seconds). Although in terms of boot speed, Kaspersky took longer this year (33.84 seconds) versus last year (29.77 seconds).

To find out how we test antivirus software, see CNET Labs' How we test: Antivirus software page.

In terms of whether Kaspersky Anti-Virus 2009 will protect your PC, we cite results from two leading independent antivirus testing organizations. In the latest test results from AV-Comparatives.org, for on-demand scans Kaspersky Anti-Virus 7 earned an Advanced + (highest) rating, catching 98 percent of all malicious software tested, tying with Norton Antivirus 2007. However, for the Retrospective/Proactive test, Kaspersky Anti-Virus 7 earned an Advanced (second-highest) rating, although Kaspersky produced very few false positives compared with other antivirus applications in the same test. From CheckVir.com, there is no data.

Support
Kaspersky Anti-Virus 2009 provides an excellent context-sensitive help file. For example, if you are on the Data Files page and you click Help, you're taken to the entry for Data Files entry within the help file. It's a small touch, but one we don't see often enough. Kaspersky also delivers excellent online FAQ and knowledge base. There are also active user forums. Finally, you can e-mail or call a toll-free number for live technical support.

Conclusion
Kaspersky Anti-Virus 2009 includes some significant changes to its malicious software engine and new security tools. However, we think the interface and the messaging around the new security tools could be much better. We look forward to next year's release.

No comments:

Post a Comment