Kaspersky Internet Security ReviewVersion 7.0
by Coenraad de Beer (Webmaster & Founder of Cyber Top Cops)
Posted on 30-10-2007
There is nothing strange to the setup program of Kaspersky Internet Security, it's a simple installation wizard just like any other installation program. You simply choose the Express Installation option to install the suite with its default settings. The installer checks your system for other anti-virus and firewall applications already installed on your computer and offers to un-install them for you, to prevent any clashes. The installation process is followed by an Initial Setup Wizard, where you activate the software (an active Internet connections is required for this) and to enable the firewall (which is done for you automatically). You need to restart your computer once the installation is complete.
The database was a bit outdated, so I had to download another 5 megabytes of data (which is not too much in my opinion) to run the software with the latest anti-virus database, security patches and other updates. Kaspersky Internet Security periodically checks for new updates in the background and installs them automatically. Kaspersky Lab claims that they update their database on an hourly basis.
Kaspersky Internet Security brags with 6 different resident shields (the firewall and spam filter excluded from this figure) namely the File Anti-Virus shield, the Mail Anti-Virus Shield, the Web Anti-Virus shield, the Proactive Defence shield, the Privacy Control Shield and the Parental Control shield. More about each shield a little later under the Scanning & Healing section of the review. Each shield can be configured, enabled or disabled individually, making this Internet security suite very flexible. Kaspersky Internet Security basically protects your computer from almost every possible angle.
If you take into account the number of resident shields protecting your computer, the active scans and automatic updater running in the background, then it is absolutely amazing to see how responsive your system remains. Even during a full system scan, you can still do non-intensive tasks like browsing the web, reading your e-mails or listening to your favourite MP3's. Kaspersky Internet Security took a while to load during the Windows Startup on our machine (with 256 MB of RAM), but this should not be a problem for machines running with 512 MB or more. However the performance of your machine always depends on how many programs are loaded during the Windows Startup.
Isolation of Threats
Once a threat is detected you can't rename, copy or move it. It basically means that a threat is toast once Kaspersky Internet Security detects it. You can set the File Anti-Virus settings to disinfect a detected threat automatically or delete it if disinfection fails. This means the threat is treated before you even lay eyes on it.
The Kaspersky Internet Security Firewall protects your computer from various types of network attacks, including port scans, DoS (Denial of Service) attacks and general intrusion attacks. The firewall isolates an attack by adding the attacking computer to a black list for 60 minutes (which is the default setting, but you can increase or decrease this time limit if you want).
I found my way around the menus, dialogs and controls of the program quite easily. The overall layout and design of the program is very logical and I had no hard time finding the settings I looked for. To summarise, I found the user interface user friendly and very stylish.
Scanning & Healing
- Fast-scan function: Yes
- Scanning of Single objects: Yes
- Customisable scanning: Yes
- Boot sector scanning: Yes
- Memory scanning: Yes
- Registry scanning: Yes
- System Area scanning: Yes
The scanner of Kaspersky Internet Security has been designed for optimal performance, thanks to iCheckerTM, iSwiftTM technologies. Smart Mode scanning is aimed at speeding up file processing, therefore allowing the user to work with the files on his/her computer without any unnecessary interruptions or delays. The scanner also keeps productivity in mind by only scanning new and changed files. This means that your very first system scan may take some time to complete, but all subsequent scans will be much faster. The scanner prompts for action once the scan is complete. This speeds up the scanning process and does not annoy the user with a prompt each time it detects a new threat. After the scan, the user can take action against each threat individually or all threats at once. You can either attempt to disinfect or delete a threat, or you can add it to Kaspersky's Trusted Zone if you believe the file was wrongfully detected. Kaspersky Internet Security includes a special scanner for rootkits as well.
This is the main scanner of the security suite and scans files on hard drives, CD's, DVD's and flash drives when they are accessed. This means every file on your computer has to pass through this scanner before it can be executed or loaded. The heuristic analyser of the File Anti-Virus shield is turned off by default. Kaspersky Lab analyses new threats quickly and new methods for disinfecting them are added to the database updates on an hourly basis. Therefore if you update Kaspersky Internet Security on a regular basis and maintain the optimal protection level (indicated by a colour coded indicator at the top of the application window) on your computer, you will not need to use the heuristic method regularly. An anti-virus application can only tell you if a file or specific action is malicious if it corresponds to a signature in the database. The heuristic analyser on the other hand, can detect malicious behaviour, even if the signature of a specific threat is not present in the anti-virus database. It is a handy tool to analyse suspicious files, but should be used with caution, because legitimate processes may also contain virus-like behaviour, that are not necessarily malicious. The heuristic analyser should therefore be used by advanced users only.
This scanner scans your e-mails for malicious attachments. It scans for malware on POP, SMTP, IMAP and NNTP protocols. It has special support for Microsoft Office and The Bat! The attachment filter can be used to rename or delete specific file types.
This shield protects you against malware attacks from websites while browsing the Internet. It scans HTTP traffic for malicious code and blocks dangerous scripts in Microsoft Internet Explorer. With more and more users on Firefox these days, I would like to see a version of this add-on being developed for Firefox as well.
The Proactive Defence mode is an impressive feature of Kaspersky Internet Security that consists of three components namely the Application Activity Analyser, analysing the actions performed by every application running on your computer; the Application Integrity Control, tracking the integrity of your programs by the composition of the program modules and checksum of the program itself; and the Registry Guard, analysing all attempts made to change keys in the Windows Registry. Novice users should not feel intimidated by these strange terms. The Proactive Defence module is mainly a tool for power users, but is already optimally configured for normal use.
The Kaspersky Internet Security Firewall is a very thorough and robust intrusion detection system. By default, it allows network activity of all applications except those explicitly prohibited by user defined application rules. This is the best setting for novice users, where they enjoy firewall protection without the annoying nagging prompts of most firewall applications in the industry. Power users can move the security level of the firewall up by one notch to enable the Training Mode. Most firewalls are based on the basic principles of this mode, namely training. You train the firewall by telling it which applications should be trusted as you use them on your system. However you need to have some solid knowledge about the applications installed on your computer before switching to this mode.
Additional features of the firewall include a built-in popup blocker (Anti-Publicity), blocking annoying pop-up windows and the Anti-Banner feature, blocking advertisement banners on the web, or the ones that are built into the interfaces of various programs installed on your computer.
This shield includes Anti-Phishing and Anti-Dialer protection. The Anti-Dialer protection informs you of telephone numbers being dialled in the background of your computer without your knowledge. Kaspersky Internet Security protects your confidential data by prompting you whenever an unauthorised transmission of confidential data occurs over the Internet or when someone or some program tries to access your saved passwords or personal information stored in the Windows Protected Storage.
The Kaspersky Internet Security Anti-Spam filter can process traffic from POP, SMTP and IMAP protocols. It also includes support for Microsoft Office Outlook/Outlook Express and The Bat! via a plug-in. Kaspersky should consider expanding this plug-in to Thunderbird as well. The Mail Dispatcher allows you to preview e-mail messages (only header information, not the content) and delete them directly from the mail server if you believe they are spam. This is where the PDB technology of the filter comes into action. It shows you which e-mails are considered as spam according to certain elements in the header. The Mail Dispatcher tells you why an e-mail is regarded as spam, by supplying a reason in the "Reason" column. This helps you to identify possible spam e-mails and delete them before downloading them. Note that the Mail Dispatcher is not dependant on your e-mail client, so whether you use Outlook Express or Thunderbird, you will always get the Mail Dispatcher window before the e-mail client retrieves the e-mail (unless you choose to turn the Mail Dispatcher off).
The Kaspersky Internet Security Anti-Spam filter acts as a proxy between your e-mail server and e-mail client, which saves downloading time and cuts down on bandwidth costs (because you delete spam before downloading it). You can do initial training on the spam filter by running the Anti-Spam Wizard to show the spam filter which e-mails you regard as non-spam, by pointing the filter to a folder in your e-mail client containing non-spam e-mails only. When the wizard asks for samples of spam e-mails, you can point it to the junk folder (or any other folder containing spam e-mails only).
When you open Microsoft Office Outlook or Microsoft Outlook Express for the first time, after installing Kaspersky Internet Security, the Anti-Spam Configuration Wizard automatically starts. You mainly specify how the Anti-Spam filter should handle spam or probable spam (copy or move it to a specific folder, delete it or skip spam filtering and leave it in the inbox). The plug-in adds a special toolbar to Microsoft Office Outlook/Outlook Express to make the training of the spam filter easy and effortless. You hit the Spam button if you believe an e-mail is spam, or the Not Spam button if you feel that the spam filter wrongfully labelled a legitimate e-mail as spam. You don't have to use a supported e-mail client to be able to train the spam filter. You can still train the filter in the main application under the Anti-Spam configuration settings.
The filter also has a white and black list of e-mail addresses and key phrases. E-mails from people on your white list or e-mails containing the key phrases on your key phrases white list, will never be labelled as spam. The black list has the exact opposite effect. Three different spam recognition filters are used for spam filtering namely the self-training iBayes algorithm, for text recognition; the GSG technology for image recognition and the PDB technology for header recognition. Additional spam ratings can be assigned to fine-tune the filter to meet your specific needs.
This is a very handy tool for parents who are concerned about what their children can access on the Internet. The tool is very basic and easy to configure. Kaspersky Internet Security blocks websites containing content related to pornography and erotic materials, drugs, violence, explicit language, weapons and gambling. Parents can also restrict access to chat and Internet Mail. A white list and black list can be used to allow or block specific URL's or specific phrases/words found in an URL.
Further options include the ability to block access completely or to log the event only. The logging option can be useful to see which sites your children visit regularly. You can limit your child's daily operating time on the Internet or allow Internet access only at specific times of the day (for instance only when you are at home). The settings can be password protected to prevent your children from changing or overriding the Parental controls.
Different profiles can be created to control access for different types of people, for instance the Parent Profile does not limit web browsing in any way, while the child profile blocks access to the web as explained above. You can even create a Teen Profile where you, for instance, allow unlimited Internet access, but log your teenager's activity while browsing the web.
Kaspersky Internet Security allows you to view the events logged by the parental control in an easy and understandable way. You can view the time and date of the event, the website that was visited and whether access to the site was allowed or blocked. This enables you to identify prohibited sites that are not being blocked by the Parental Controls. You simply add these sites or URL's to the Parental Control black list to prohibit access to these sites in the future. You can even use the black list to block content/images in e-mails coming from specific domains. The Parental Controls of Kaspersky Internet Security can be configured, not only to block access to the website alone, but all images from that website as well, so your child will not be able to bypass the restrictions by asking a friend to sign up for newsletters from the prohibited website, remote images in the newsletters will be blocked as well.
An un-install option is available from the Kaspersky Internet Security group created under Program Files on the Start Menu. You can select to remove the program completely or you can choose to retain certain elements after the un-install process. The un-install process was fairly easy and straightforward and it honoured my request to remove the software completely.
Kaspersky Internet Security:
|Isolation of Threats:||9|
|Scanning & Healing:||9|
(Filtering & Effectiveness):
(Anti-Phishing, Privacy & Parental Control):