Author Topic: Another reason to drop Kaspersky? (Read 50835 times)

tranglos · « **on:** September 17, 2010, 10:34 AM »

My annual KAV license expires in a few days. Is it or is it not (I wonder) a good time to see a post like this?

Delphi programs blocked by Kaspersky Antivirus. Need workarround. - Stack Overflow

tomos · « **Reply #1 on:** September 17, 2010, 02:39 PM »

I dont know about Kapersky, but I'm considering going the Microsoft Security Essentials route when my AV (Avira AntiVir paid) runs out.

According to the first reply in "All Replies" in this MS Answers thread it is "for personal or home business use".

It's supposed to not get too many false positives and if a real virus does get in I'll probably just restore OS partition from an image backup anyways...

Darwin · « **Reply #2 on:** September 17, 2010, 03:38 PM »

tomos - I still have a 3 machine license for VIPRE Premium and overall like it. However, I'm running MS Security Essentials on all but my own computer and MS Security Essentials seems fine to me. When my VIPRE subscription ends I may just switch my computer over as well. VIPRE started out lean and mean and very resource miserly. However, with v.4 each new build seems a bit more intensive and I've experienced quite a bit of disk thrashing and CPU hogging with it, to the point that I've had to disable it from scanning files and folders as they are opened. We'll see how it fares over the coming months...

[off-topic]Hope you are well![/off-topic]

f0dder · « **Reply #3 on:** September 17, 2010, 03:59 PM »

MSE seems pretty lean-and-mean. Yes, it does take a speed hit, but it's no heavier than KAV or NOD32 from my gut feeling - and probably a bit faster. Not sure how it ranks against nod/kav, but I've definitely had less false positives than with either of those... and it's been able to detect (and clean!) some malware that a couple of the other freebies couldn't.

Interesting SO post - I wonder what happens... people mention signatures and stuff, but that's crap - the app isn't blocked, it's the file creation that fails *after* the app is loaded. Bug in kaspersky? If it wasn't a bug, it should have triggered a heuristic warning instead of failing the delphi call.

Darwin · « **Reply #4 on:** September 17, 2010, 05:49 PM »

This reminds me of this thread from a week or so ago...

tranglos · « **Reply #5 on:** September 17, 2010, 06:15 PM »

This reminds me of this thread from a week or so ago...
-Darwin (September 17, 2010, 05:49 PM)

Totally.

tomos · « **Reply #6 on:** September 20, 2010, 08:17 AM »

tomos - I still have a 3 machine license for VIPRE Premium and overall like it. However, I'm running MS Security Essentials on all but my own computer and MS Security Essentials seems fine to me.
[...]
[off-topic]Hope you are well![/off-topic]
-Darwin (September 17, 2010, 03:38 PM)

Yeah, I'm starting to feel like why should I pay for something that just doesnt work so well - and from the comments lately, people are complaining about all the antivirus apps including the one that have been popular over the last few years with those 'in the know'. I complained about Avira (paid) elsewhere here

PS I'm very well thanks!

superboyac · « **Reply #7 on:** September 20, 2010, 08:47 AM »

Yes, I'm interested in all of this also. I'd love to get rid of Kaspersky if I could find a good way to do it. My computer runs significantly faster without it. But what is the solution? It catches things often enough where I would be uncomfortable having no AV program at all. I've even thought about just disabling everything and only running a scan once a night, after I go to bed. I don't see too many problems with that, but it won't stop a "live" virus. I don't know. I would love to hear about AV software alternatives. And, no, I don't mean things like "I am so careful and knowledgeable that I don't even need an AV. I just never put myself in that position."

No, I want solutions for normal people. We are going to do bad things and get viruses. What is the best way to deal with it? What's the alternative to having an AV program running constantly?

tranglos · « **Reply #8 on:** September 20, 2010, 09:03 AM »

I've even thought about just disabling everything and only running a scan once a night, after I go to bed. I don't see too many problems with that, but it won't stop a "live" virus. I don't know.
-superboyac (September 20, 2010, 08:47 AM)

I've been thinking along the same lines. The unknown here is how hard it may be to remove an infection - during that nightly scan - once it's already on the system. Years ago I understood what viruses did - from writing messages to screen to clobbering the MBR. I knew the difference between viruses, worms and trojans.

But now? Do the "old-school" viruses still exist at all? Can a virus overwrite MBR under Windows 7? (I doubt that!) Or are they all trojans now really, mostly designed to intercept sensitive data like passwords and send them home somewhere? Truth be told, I no longer quite understand the difference between AV software like Kaspersky and anti-malware like MalwareBytes.

When choosing a backup regime, the thing to do is start with deciding what you want to protect and from exactly what risks. Same here, I think: what exactly are we trying to guard ourselves against? What threats, what infection scenarios? What do viruses do these days?

superboyac · « **Reply #9 on:** September 20, 2010, 09:10 AM »

Years ago I understood what viruses did - from writing messages to screen to clobbering the MBR. I knew the difference between viruses, worms and trojans.
-tranglos (September 20, 2010, 09:03 AM)

Yeah, that's a good point. I don't know.
Around 2000, the lab I was working in got a virus on one of the computers. I noticed it because the computer had a bunch of mp3 files, and each mp3 file all of a sudden had a duplicate file with some other weird extension. I checked it out with an AV, and it was a virus sure enough. It got cleaned and that was that. But it had spread throughout the entire drive--every mp3 file was duplicated.

Around the same time, I got a pretty nasty virus on my home pc. My technogeek roommate was able to fix it using some dos methods, which was really amazing to me at the time. It was a bad virus--I couldn't even start up my computer...probably an MBR virus?

But now, they don't really do that. My sister and mom got a virus, and it was from facebook. I don't really know what it did, but it prevented programs from running, lots of popups. The bad thing was you couldn't run any exe files, the task manager was disabled.

f0dder · « **Reply #10 on:** September 20, 2010, 01:28 PM »

You shouldn't worry about MBR infections, they're pretty much a thing of the past. But you should worry about malware installing rootkits... get a particularly nasty one of those, and it's game over - you won't even be able to detect it without running an offline scan from recovery media.

superboyac · « **Reply #11 on:** September 22, 2010, 04:44 PM »

I would be VERY interested in a discussion about how to specifically configure our programs to work in a way where we are still protected essentially, but also not sacrificing in speed or performance, AND no annoying nuisances like what tranglos has experienced here.

For example: I use kaspersky. I'd like to know which modules I can disable without being a big deal. I've disabled the anti-spam because I use another program for that, and the same goes for the anti-banner component (I use ad muncher). But how about the firewall? how necessary is that? How about the live monitoring? Do I need that? Should I set it up to just scan the folder I download files to? I mean, it doesn't have to scan everything all the time, does it? how much risk would I be taking if I do that? Do I even need a scanner? What if I scan just in the evenings after I sleep? Etc. etc.

I think it would be beneficial to discuss how to configure our pc's in this way. Because these AV companies are ALL going the bloat route, and its the kind of software that most definitely affects your computer's performance.

Also, I am NOT interested in solutions that are like, "be more careful in the way you use your computer." that doesn't help anything. Let's operate under the assumption that we are horrible computer users and we come across shady sites on a daily basis. I want my mind free of those concerns.

Bamse · « **Reply #12 on:** September 24, 2010, 08:06 AM »

Is Kaspersky mandatory? If so check their forum. You are unlikely to alone.

I do not understand those who buy peace/security packages and then later complain and ask WHY? 1 advice. Keep Kaspersky running but install Virtualbox/VMware Player. Go nuts on your shady sites, by which I assume you mean download sites, and then evaluate what is needed for "protection". You need to get some facts on real life problems which are easier to understand and deal with than trying to understand lingo from X or Y product. KISS principle is great for security.

patthecat · « **Reply #13 on:** September 24, 2010, 11:49 AM »

FYI regarding Microsoft Security Essentials. Starting in October, in addition to being free for home use, it will also be free to small businesses with up to 10 computers.

http://www.eweek.com...l-Businesses-148952/

f0dder · « **Reply #14 on:** September 24, 2010, 11:56 AM »

FYI regarding Microsoft Security Essentials. Starting in October, in addition to being free for home use, it will also be free to small businesses with up to 10 computers.

http://www.eweek.com...l-Businesses-148952/
-patthecat (September 24, 2010, 11:49 AM)

Indeed

tranglos · « **Reply #15 on:** September 24, 2010, 11:56 AM »

I do not understand those who buy peace/security packages and then later complain and ask WHY? 1 advice. Keep Kaspersky running but install Virtualbox/VMware Player. Go nuts on your shady sites, by which I assume you mean download sites, and then evaluate what is needed for "protection". You need to get some facts on real life problems which are easier to understand and deal with than trying to understand lingo from X or Y product. KISS principle is great for security.
-Bamse (September 24, 2010, 08:06 AM)

Um, no shady sites for me, thanks. I do love to try out software, but I bail out at the smallest suspicion. (Of course there have been cases where known, trusted software brands distributed infected installation packages, which is why I'd say that "shady sites" are quite beside the point.)

In my case I receive my daily work as attachments (Word, Excel, PDF, Access, some specialized formats), and I can't exactly run all this in a virtual machine nor would I want to. Then I sometimes take my pendrive to a printing shop (they are *all* infected, no exceptions) or plug it into a friend's computer. So these are the two major attack vectors for me, practically the only two.

Given that scenario, a real-time scanner puts a needless strain on my system, where an on-demand scanner would work just fine. But even the real-time engine is only one of many components of AV solutions like Kaspersky. Most of them give more annoyance than they're worth, but these days you can't buy an on-demand only AV, they just don't seem to exist any more.

BTW, Kaspersky's behavioral analysis flags Find and Run Robot when it starts. FARR stays just below the total prohibition threshhold, so KAV allows it to run, but displays a warning message. That was when I disabled all the behavioral and heuristic components. My annual KAV license expires today, I won't be renewing.

superboyac · « **Reply #16 on:** September 24, 2010, 02:06 PM »

My annual KAV license expires today, I won't be renewing.
-tranglos (September 24, 2010, 11:56 AM)

So what will you be doing? I'm very interested in practical solutions. I'm not that interested in this KISS stuff, which comes off as sounding a little holier than thou, and really doesn't help me find a solution to this problem.

Look, I keep having to say this: I use my computer as safely as i can stomach. But I do bad things also, whether knowingly or unknowingly. The point is this: I DON'T WANT TO WORRY ABOUT IT. Other people use my computers. I don't like telling them to be careful with this and be careful with that. I want them free to do whatever they need to do. So I want my computer protected from our badness. I'm operating under the assumption that bad things will happen. So i want solutions that can either prevent the bad things, or even if bad things happen, it can be cleaned up relatively painlessly.

It doesn't seem like I'm hearing about any practical solutions here. I may just start experimenting with stuff and see what happens. Maybe I'll turn off ALL of my kaspersky components, and then try each one out one by one and see what affects performance the most, and what is effective in protection or not. My licenses still have almost 3 years on them. However, I would drop it real quick if something better came up.

Tranglos, please keep us informed on how you are going to replace kaspersky.

CWuestefeld · « **Reply #17 on:** September 24, 2010, 02:54 PM »

Keep Kaspersky running but install Virtualbox/VMware Player.
-Bamse (September 24, 2010, 08:06 AM)

One comment in defense of Kaspersky. I just upgraded my KIS to the 2011 version. They've got a neat new feature so you don't have to do that.

In last year's version there was a setting so that you could have specific applications run inside a sandbox. In the new version this is extended, so that you can open a whole sandboxed desktop. This accomplishes the same thing that running in a VM would, but is much faster and easier.

tranglos · « **Reply #18 on:** September 24, 2010, 03:46 PM »

My annual KAV license expires today, I won't be renewing.
-tranglos (September 24, 2010, 11:56 AM)
So what will you be doing?
-superboyac (September 24, 2010, 02:06 PM)

Right now I'll replace it with MS Security Essentials. It's got fawning reviews, fared well in tests, and is supposed to be rather lightweight. In July, months ago when I was still running XP, I installed version 2 beta - and it was the opposite of lightweight, looking at the RAM footprint, but maybe that was just a beta thing. So I'll install the current, non-beta release. I sure hope it has a command to pause the realtime scanner!

superboyac · « **Reply #19 on:** September 24, 2010, 05:42 PM »

Thanks, tranglos. Let us know how that goes. I'm still toying with the idea of turning everything off and just running daily scans while I'm sleeping or at work.

patthecat · « **Reply #20 on:** September 24, 2010, 09:18 PM »

Yes, MS Security Essentials has a setting to turn off it's real time protection. For the past year I've had it running on my Win 7 laptop, no issues so far. Even if you have Windows Autoupdate turned off, MS Essentials will still update its database daily which is a good thing. It also creates a system restore point before database updates and you can choose to create system restore point before daily scanning of computer (if you have daily scanning enabled).

tranglos · « **Reply #21 on:** September 25, 2010, 04:58 AM »

Yes, MS Security Essentials has a setting to turn off it's real time protection.
-patthecat (September 24, 2010, 09:18 PM)

I can now see that it does, but not in the tray menu - you have to go all the way into the configuration (and re-enable it manually). I can live with that, but there is something else that I don't like at all. MSSE says it will transmit information about what it removes or does not remove, and that information may include your personal data... and you cannot disable it at all:

Another reason to drop Kaspersky?

Out of the frying pan, into the !@#$% fire!

f0dder · « **Reply #22 on:** September 25, 2010, 08:11 AM »

Thanks, tranglos. Let us know how that goes. I'm still toying with the idea of turning everything off and just running daily scans while I'm sleeping or at work.
-superboyac (September 24, 2010, 05:42 PM)

Bad idea - if you get hit with a rootkit, the daily scan isn't going to catch it.

Microsoft Security Essentials seems to do a pretty good job, and doesn't get in my way.

Stoic Joker · « **Reply #23 on:** September 25, 2010, 08:40 AM »

If you get hit with a really new rootkit, chances are a realtime scan won't catch it either.

In a choice between reduced permissions solid results, and system crippling AV software's crap-shoot results... I'm on the fence here worse then ever (LUA never FPs). I'm currently still running MSE, but I've got more faith in a plain user account.

f0dder · « **Reply #24 on:** September 25, 2010, 10:32 AM »

Stoic Joker: true - and I don't know whether MSE is purely signature-based or has heuristics... if it's purely signature-based, you're definitey SOL. With a degree of heuristics, you have a chance of fending off a new rootkit (malware writers will definitely be focusing a LOT on slipping past MSE, though).

As for LUAs, they're great, and I love how Vista has made it bearable to have your main account as a LUA. But we can't rule out 0-day privilege escalation, so IMHO running LUA is only part of the security solution.

MSE is great and relatively lightweigtht - I do feel a bit of a hit in application loadtime, but not nearly as much as I've had with other solutions. MsMpEng.exe weighs in ~180meg of private bytes, though - not a problem for me, but it's somewhat of a hit for lower-end machines.