Why Kaspersky?

To see why Kaspersky is arguably the best antivirus program out there check
out:

http://www.virus.gr/english/fullxml/...p?id=69&mnu=69

Note that its undetected percentage, 0.72% is nearly *three times better*
than the next best program (AVK 2.07%).

The latest Kaspersky programs (version 5 series) do use a controversial
feature, istreams, which places data in an alternate data stream attached
to each scanned file on an NTFS partition/drive. This feature can be
*disabled* if the user prefers (the location is not obvious, however!) and
any already tagged files can be untagged with the utility klstreamremover
available from Kaspersky (or using third-party tools such as the excellent
ADS uninstaller that comes with Hijackthis).

Regards,

nemo_outis wrote:
> To see why Kaspersky is arguably the best antivirus program out there check
> out:
>
> http://www.virus.gr/english/fullxml/...p?id=69&mnu=69

I would argue the phrase "arguably the best antivirus program out there".
That debate is long-running and not something that should take up
bandwidth on this list.

> Note that its undetected percentage, 0.72% is nearly *three times better*
> than the next best program (AVK 2.07%).
>
> The latest Kaspersky programs (version 5 series) do use a controversial
> feature, istreams, which places data in an alternate data stream attached
> to each scanned file on an NTFS partition/drive. This feature can be
> *disabled* if the user prefers (the location is not obvious, however!) and
> any already tagged files can be untagged with the utility klstreamremover
> available from Kaspersky (or using third-party tools such as the excellent
> ADS uninstaller that comes with Hijackthis).

While Kaspersky is good, I uninstalled it after I found out it disabled
vnc viewer and a lot of tools I use on a daily basis. Even after I added
them as exclusions, it categorized them as "hostile scripts" and denied
access to them. After I disabled that kind of protection, the files were
useless. The only *useful* way I found around this was disabling
Kaspersky altogether - something I didn't like doing, but hey, I make
money with these tools...

The other thing I didn't like about it was the configuration. I normally
don't spend that much time adding every single file I don't want scanned
to a list, only to have that list ignored. I probably could have spent
more time learning all the configuration options, but then again, I
shouldn't *have* to. And removing the extra stream data after I
uninstalled the software left a bad taste in my mouth as well - it should
take care of that on it's own during the uninstall.

Just my .02

Kevin

From: "Kevin Reiter" <tux@penguinnetwerx.net>

| nemo_outis wrote:
>> To see why Kaspersky is arguably the best antivirus program out there check
>> out:
>>
>> http://www.virus.gr/english/fullxml/...p?id=69&mnu=69
|
| I would argue the phrase "arguably the best antivirus program out there".
| That debate is long-running and not something that should take up
| bandwidth on this list.
|
>> Note that its undetected percentage, 0.72% is nearly *three times better*
>> than the next best program (AVK 2.07%).
>>
>> The latest Kaspersky programs (version 5 series) do use a controversial
>> feature, istreams, which places data in an alternate data stream attached
>> to each scanned file on an NTFS partition/drive. This feature can be
>> *disabled* if the user prefers (the location is not obvious, however!) and
>> any already tagged files can be untagged with the utility klstreamremover
>> available from Kaspersky (or using third-party tools such as the excellent
>> ADS uninstaller that comes with Hijackthis).
|
| While Kaspersky is good, I uninstalled it after I found out it disabled
| vnc viewer and a lot of tools I use on a daily basis. Even after I added
| them as exclusions, it categorized them as "hostile scripts" and denied
| access to them. After I disabled that kind of protection, the files were
| useless. The only *useful* way I found around this was disabling
| Kaspersky altogether - something I didn't like doing, but hey, I make
| money with these tools...
|
| The other thing I didn't like about it was the configuration. I normally
| don't spend that much time adding every single file I don't want scanned
| to a list, only to have that list ignored. I probably could have spent
| more time learning all the configuration options, but then again, I
| shouldn't *have* to. And removing the extra stream data after I
| uninstalled the software left a bad taste in my mouth as well - it should
| take care of that on it's own during the uninstall.
|
| Just my .02
|
| Kevin

It is good feedback.

The problem with such comparisons is the process of testing often may be biased. Either
deliberately or accidently skewing the results. Kasperski is a top rated AV, no doubt about
it. However, if you compare this listing to others you'll find they don't compare and are
all different from each other.

Remember; there are lies, damn lies, statistics and benchmarks ;-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Kevin Reiter <tux@penguinnetwerx.net> wrote in
news:5uqQe.1890$bT1.823@fe08.lga:

> nemo_outis wrote:
>> To see why Kaspersky is arguably the best antivirus program out there
>> check out:
>>
>> http://www.virus.gr/english/fullxml/...p?id=69&mnu=69
>
> I would argue the phrase "arguably the best antivirus program out
> there".
> That debate is long-running and not something that should take up
> bandwidth on this list.

As for your "I would argue...," that is precisely what the term
"arguably" means in the sentence to which you responded.

As for inappropriate bandwidth usage, it is difficult to credit your
position as you contribute to the alleged problem :-) Antivirus programs
are an essential feature of computer security; discussing which one is
most effective is an entirely apopropriate topic for this group.

....snip...>
> While Kaspersky is good, I uninstalled it after I found out it
> disabled vnc viewer and a lot of tools I use on a daily basis. Even
> after I added them as exclusions, it categorized them as "hostile
> scripts" and denied access to them. After I disabled that kind of
> protection, the files were useless. The only *useful* way I found
> around this was disabling Kaspersky altogether - something I didn't
> like doing, but hey, I make money with these tools...
>
> The other thing I didn't like about it was the configuration. I
> normally don't spend that much time adding every single file I don't
> want scanned to a list, only to have that list ignored. I probably
> could have spent more time learning all the configuration options, but
> then again, I shouldn't *have* to. And removing the extra stream data
> after I uninstalled the software left a bad taste in my mouth as well
> - it should take care of that on it's own during the uninstall.
>
> Just my .02

Kevin


Yep, Kaspersky is not everyone's cup of tea. However, that it is the
best of breed by far at the core function of antivirus detection and
removal mitigates things to the point that folks put up with its warts.

As for ADS it has been a legitimate (if very weakly supported) feature of
Windows for over a decade. The Windows OS, Internet Explorer, and other
programs use ADS without apology (or even much by way of explanation).
It is therefore not unreasonable that an antivirus program should also
use the feature to achieve its goals. I do agree that the checkered
history of misuse of ADS (to hide malware, etc.) tends to taint ADS with
suspicion, but that is hardly Kaspersky's burden to expunge; they're just
using - entirely appropriately - an OS feature. However, I do agree
Kaspersky could have managed informing users about its use of the feature
and how to disable it much better than they have.

Regards,

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:tMrQe.4712$Uz2.3355@trnddc02:

>
> It is good feedback.
>
> The problem with such comparisons is the process of testing often may
> be biased. Either deliberately or accidently skewing the results.
> Kasperski is a top rated AV, no doubt about it. However, if you
> compare this listing to others you'll find they don't compare and are
> all different from each other.
>
> Remember; there are lies, damn lies, statistics and benchmarks ;-)


I've read any number of reviews in which the "best" antivirus (or firewall,
or...) differs depending on the criteria applied and the judgment of the
reviewer. Generally, though, a handful tend to consistently cluster at or
near the top.

And, for instance, "percent detected" should not be the sole criterion in
evaluating antivirus programs; others, such as response time to issue a
revised detection file for a new virus threat, are also important (but
seldom reported). And then there are ease of use, resource consumption,
cost, and on and on. (Kaspersky, for instance, can be quite expensive. I
have a remedy which significantly alleviates this but some detractors
disparage my solution as copyright infringement :-)

Regards,

nemo_outis wrote:
> Kevin Reiter <tux@penguinnetwerx.net> wrote in
> news:5uqQe.1890$bT1.823@fe08.lga:
>
>
>>nemo_outis wrote:
>>
>>>To see why Kaspersky is arguably the best antivirus program out there
>>>check out:
>>>
>>>http://www.virus.gr/english/fullxml/...p?id=69&mnu=69
>>
>>I would argue the phrase "arguably the best antivirus program out
>>there".
>> That debate is long-running and not something that should take up
>>bandwidth on this list.
>
>
> As for your "I would argue...," that is precisely what the term
> "arguably" means in the sentence to which you responded.
>
> As for inappropriate bandwidth usage, it is difficult to credit your
> position as you contribute to the alleged problem :-) Antivirus programs
> are an essential feature of computer security; discussing which one is
> most effective is an entirely apopropriate topic for this group.

<snip>

It is difficult to credit my position? How, exactly? By "my position"
are you referring to "my opinion" or "my position regarding where I stand
with what I think of Kaspersky"?

As far as your original link to virus.gr claiming Kaspersky is rated the
best, I can point to numerous other sites claiming that other products
were ranked "the best" by their testing methodology. There's at least 1
page per product, and if I Google for "antivirus tests", I get 737,000 pages.

Regarding virus.gr, which is relatively new to the game, consider this
statement from the website:

"Why is this test different from all the others (e.g. pc magazines'
antivirus tests)

This test was made by the only Greek virus collector, known as VirusP,
webmaster of www.virus.gr, whose collection consists of approximately
230,000 virus samples (crc32 different files) and is one of the biggest
virus collections worldwide."

Yes, that's extremely professional...

Domain Name:virus.gr
Domain Handle:dr-150455-gr
Protocol Number:150455
Creation Date:13-3-2002
Expiration Date:12-3-2006
Updated Date:30-5-2005
Registrar:.GR OnLine Registrar

So, here we have the tests done in a basement by 1 person who's been
"collecting" infected files for a number of years and posts his results on
his website. No documentation on how he actually "tests" anything, which
is what I'm interested in. (How does he test e-mail? What protocols are
used? POP3? S/IMAP? How are the infected files introduced to the
operating system? What about network-aware viruses? ...and so on...)

Now, I would point you to ISCA Labs, The WildList, Virus Bulletin, Secure
Computing, and other _organizations_ who have 1) been around longer, and
have gained a trusted name in the industry as a credible source of testing
comparisons, and 2) have a testing methodoly in place that encompasses
more than just Windows XP as the testing platform. PUBLISHED testing
methods, I might add.

So, in short, you are claiming that the outcome of 1 person's tests
(Antony Petrakis, aka "VirusP") performed in a basement/garage/bedroom
using an unknown method on unknown platforms with unverified results
should carry more weight than ISCA Labs, the CERTIFYING AGENCY for
firewalls, antivirus products, and other secure computing software, which
has their testing methodology published (along with the actual scores of
such tests and comparisons)? Get serious.

The "best" antivirus is the one that suits your liking the best, has the
options YOU want/need, can afford, and get warm fuzzies over.

NO product is 100%, so the argument should stop right here.

Finally, as I mentioned before, the arguments over "which antivirus is the
best" has been going on for years in hundreds of forums and multiple
newsgroups, along with the "which operating system is the best" and "which
distro of Linux is the best" and other such topics. Yes, that discussion
has merit here, since antivirus is a concern of security professionals,
but would be best suited in, say, alt.comp.antivirus or another related
group. Defining "the best" is impossible when more than 2 people are
coming up with the definitions.

I could go on, but I think I've made a valid point and supported my
original argument quite well.

Kevin

Kevin Reiter <tux@penguinnetwerx.net> wrote in
news:CZvQe.2042$bT1.1797@fe08.lga:

> nemo_outis wrote:
>> Kevin Reiter <tux@penguinnetwerx.net> wrote in
>> news:5uqQe.1890$bT1.823@fe08.lga:
>>
>>
>>>nemo_outis wrote:
>>>
>>>>To see why Kaspersky is arguably the best antivirus program out
>>>>there check out:
>>>>
>>>>http://www.virus.gr/english/fullxml/...p?id=69&mnu=69
>>>
>>>I would argue the phrase "arguably the best antivirus program out
>>>there".
>>> That debate is long-running and not something that should take up
>>>bandwidth on this list.
>>
>>
>> As for your "I would argue...," that is precisely what the term
>> "arguably" means in the sentence to which you responded.
>>
>> As for inappropriate bandwidth usage, it is difficult to credit your
>> position as you contribute to the alleged problem :-) Antivirus
>> programs are an essential feature of computer security; discussing
>> which one is most effective is an entirely apopropriate topic for
>> this group.
>
> <snip>
>
> It is difficult to credit my position? How, exactly? By "my
> position" are you referring to "my opinion" or "my position regarding
> where I stand with what I think of Kaspersky"?

....snip endless off-point rant - a true and well-presented but
nonetheless off-point rant...

Neither! You don't read very carefully. Note the opening phrase of my
sentence, "As for inappropriate bandwidth usage." The point regarding
which you cannot be taken seriously is not the merits or demerits of
Kaspersky nor antivirus reviews and reviewers but rather that discussing
such matters is a waste of bandwidth. And the reason I gave for not
crediting your position on that one particular point - and no other! - is
that you were - and are! - continuing to contribute to the alleged
problem by your extended discussion of it. I chided you jocularly but
pointedly, but not pointedly enough, it seems, for you to get it.

Regards,

"nemo_outis" <abc@xyz.com> wrote in message
news:Xns96C0920BA6B1Babcxyzcom@204.153.244.170...
> To see why Kaspersky is arguably the best antivirus program out there
check
> out:
>
> http://www.virus.gr/english/fullxml/...p?id=69&mnu=69
>
> Note that its undetected percentage, 0.72% is nearly *three times better*
> than the next best program (AVK 2.07%).
>
> The latest Kaspersky programs (version 5 series) do use a controversial
> feature, istreams, which places data in an alternate data stream attached
> to each scanned file on an NTFS partition/drive. This feature can be
> *disabled* if the user prefers (the location is not obvious, however!) and
> any already tagged files can be untagged with the utility klstreamremover
> available from Kaspersky (or using third-party tools such as the excellent
> ADS uninstaller that comes with Hijackthis).

Just out of interest, CA's AV has been doing this for (leans, over, checks,
umm.. the version I have that does this is dated 2001. Sigs are "a little"
more up-to-date)

It /can/ be a major PITA if you do a lot of server stuff in Windows - you
can get a lock warning when copying files.

No direct experience of Kasp, beyond the usual "heard it's very good". The
reason for choosing CA was pretty simple - used to get the stuff for free
(as an employee), never had a problem, $9.95 per annum seemed a reasonable
subscription price. Still does, TBH - although it has its flaws (critically,
in not notifying you that its license has expired, and in failing *silently*
when updating)

I tend to ignore percentages, myself, as it's (i) Day Zero response that
counts, and that (ii) MickeySoft actually give away tools that handle most
of that percentage. Once a month. Hence the D0 comment ;o)

And, of course, (iii) the paranoiac's observation that 90%+ of these
"viruses" come from AV vendors' labs - they're variants, will never ever
appear in the wild, and serve no other purpose but to bolster vendor
statistics.

Let's just say that, where I grew up, the local MP used to be Disraeli. I
trust his opinion on statistics ;o)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in
news:NlMQe.291$w4.132@newsfe7-win.ntli.net:

....snip reasonable POV...

> Let's just say that, where I grew up, the local MP used to be
> Disraeli. I trust his opinion on statistics ;o)

You'd have thought Gladstone would have expressed a contrary opinion.

Regards,

Jim Watt <jimwatt@aol.no_way> wrote in
news:ml47h1torf11206i1jlau0tbmuce494kbn@4ax.com:

> On Mon, 29 Aug 2005 22:53:33 GMT, "Hairy One Kenobi"
> <abuse@[127.0.0.1]> wrote:
>
> <large snip>
>
>>I tend to ignore percentages, myself, as it's (i) Day Zero response that
>>counts,
>
> Yes, and the 'virus' threat has changed, we are no longer swapping
> floppies which may contain boot sector infections. I find the virus
> scanners overly intrusive and wastefuil of resources. The main place
> to defend the network these days is at the mail server. Thats where
> problems can be pre-empted best. Trash all executable attachments.
>
> And educate users not to download rubbish spyware from the Internet if
> you cannot actively block their stupidity.
> --
> Jim Watt
> http://www.gibnet.com
>

Your observations are largely true for mainstream and corporate users.
However, there are many who have more venturesome (some might say
foolhardy) habits such as downloading from P2P, warez groups, etc. For
such as they real-time scans are not mere frippery.

Regards,