Jump to content

sethg

Members
  • Content Count

    20
  • Joined

  • Last visited

About sethg

  • Rank
    Candidate
  1. I know that this question has been brought up before in several threads, but I wanted to go over one of the proposed solutions and its consequences. In each of my systems (Win2K SP4, various processor/RAM configurations), the KAV process takes 2-3 minutes on bootup. There are exclusions for the two BOClean processes, the BlackICE daemon and the AdWatch process. These are all the other security applications (unless there are hidden processes I cannot see with task manager). None of the excluded processes accumulate much CPU time. I also have iChecker/iStreams enabled and 5.0.676 has been on the systems since it was released. There is no administration kit and no externally accessible server in the network. It is a network of three Win2K workstations and one Linux box sharing parts of its drive using Samba. The Windows boxes all mount their respective parts of the Linux drive as a network drive. There is no domain controller and Samba grants access to the appropriate area of the Linux file system based on the Windows login credentials for each user. Basically, each Windows user has a corresponding Linux user and gets access to that user's home directory tree only. The Linux box does not run KAV. One of the previous suggestions was to disable scanning of network drives. It makes sense to disable scanning lots of unncecessary objects on network drives during startup, but I don't understand how you can disable _all_ real-time scanning of network drives and still be protected. Unfortunately, there is no entry for network drives in the "Scan at Kaspersky Anti-Virus Startup" task. It onlly appears under "Configure Real-Time Protection" tab. So here are my questions. 1) What does disabling scanning of network drives under "Configure Real-Time Protection" actually do? Is this for startup objects only, all real-time scanning, both or something completely different? 2) Is it possible to configure KAV to do real-time scan of files read from network drives, but nothing more? 3) Does the fact that the network drive is running EXT3 and accessed through Samba rather than native Windows NTFS create a problem? Are there any setup options for Samba that would create the equivalent of the NTFS alternate streams that iStreams uses? 4) Are there any other measures I can take take to speed up boot time without compromising security?
  2. With the Firewall component coming into WKS BO in the fall, and my BlackICE software renewal coming up soon, I am still curious about how the Kaspersky Firewall compares to BlackICE PC Protection plus Lavasoft AdAware SE Plus. I use and will probably keep BOClean as an anti-trojan application, unless it is truly redundant with the upcoming WKS product. Sometimes I think being behind a NAT router, having strong AV, anti-trojan and anti-sypware defenses is sufficient, and firewalls are perhaps not even necessary anymore (I know, this is dangerous talk in the security business). Having more layers for a virus or trojan to penetrate is probably better. The application is a small office network.
  3. Now that's a big change. I've asked this in another thread, but since no-one has answered yet, I'll ask it here (wherever I get an answer first I will put a link in the other thread redirecting the discussion): 1) Does anyone know how the KIS6 firewall compares to standalone firewall products? 2) Would you drop your current firewall in favor of the one in KIS6?
  4. Is this the full firewall from KIS6 or the limited IDS from KAV WKS 5.0.676?
  5. What do you mean by plugin? I was considering changing from Business Optimal to KIS6 on my small network to get the firewall component, assuming that it is as good as standalone firewalls (I currently use BlackICE). If KAV6 WKS has the firewall, maybe I should just wait.
  6. Thanks, Jan, this was very helpful. OK, so if I stay with Business Optimal, I'll keep the separate firewall. I agree. By overlapping functions, I meant some overlap, not duplication. For example, BOClean is an anti-trojan utility, but KAV detects many trojans as well. Because the two work rather differently, the overlap in function is not a problem. Running two anti-virus scanners is not a good idea, nor is running two firewalls, as they tend to work in very similar ways and there is much potential for conflict. Thanks, I'll look into it, then. I still wonder how the Kaspersky firewall component compares to BlackICE and other standalone firewalls. It would be nice to have one interface for both anti-virus and firewall. How about anti-spyware functionality? Is it as good as the standalone products? As for the spam filtering component, I probably would stick with SpamBayes. I've used a lot of different anti-spam products: some rule-based, some Bayesian and some hybrids. Of these types, I am personally most comfortable with the Bayesian classifiers, but there are large differences between different implementations. SpamBayes, IMHO, is a best-of-breed straight Bayesian classifier. It trains quickly and its performance leaves little to be desired. Kapsersky Anti-Hacker for Small Business http://usa.kaspersky.com/store/business-optimal.php I don't know if this is any different from the firewall component in KIS6, but it appears as a separate product on the Business Optimal page.
  7. I've just installed 5.0.676 and noticed that you have a choice of installing a component for "protection from network attacks". I did not install it, since I couldn't find any documentation that says what it does. So I thought I'd ask here. What does it do and how does it fit in with my current security application lineup? The network currently consists of three Win2K workstations + one Debian Sarge workstation. Each Win2K workstation runs the following security applications: KAV 5.0.676 BlackICE PC Protection 3.6cfg (IDS + firewall) BOClean 4.21 (real-time trojan detector) AdAware SE Plus 1.06r1 (on-demand + real-time adware detector) SpamBayes Outlook plug-in (terrific open-source Bayesian spam filter) MS Malicious Software Removal Tool (probably to remove competitor's applications) The local network is behind a full-cone NAT router with several ports forwarded to specific machines for specific applications. Each Win2K workstation has direct access to the internet (no proxy). I have declared BlackICE, BOClean and AdWatch as trusted processes in KAV to reduce multiple scanning of files, which tends to bog down the machines. I have several questions about this setup, now that KAV has some provision for dealing with "network attacks". 1) Does the new KAV network protection component replace any of the functionality of the above security applications? 2) Using overlapping applications from different vendors has a potential advantage, since it is less likely that any piece of malware could disable all of them or evade detection by all of them. However, it is more complicated and the separate applications can sometimes fight. Do I lose anything by using a more integrated application from a single vendor in this case? 3) For a small network such as this, which may grow to five or ten workstations but not beyond that, would I be better off using KIS6, since it includes a firewall? I have no use for the spam protection component, since I am very happy with the SpamBayes approach. The integrated firewall is interesting, but I would like to know how KIS6 stacks up against KAV for Windows Workstation + BlackICE. 4) There is also a separate business firewall product available from Kaspersky. I would like to know how it contrasts with the KIS6 firewall and the BlackICE IDS/firewall. Thanks for your thoughts.
  8. So this is only a problem if you deinstall KAV while Outlook is still running? [edit] What about other users on that machine running Outlook, even if the administrative user has it closed? Each of them presumably has the Outlook plug-in installed separately and they do all have extend.dat files. Is it a necessary condition for a deinstall of KAV not to cause this problem that all instances of Outlook running on that workstation be closed?
  9. Possibly a dumb question on my part, but MS Office 2000 is up to service pack 3 with several hotfixes since then. Is your MS Office 2000 updated?
  10. If the KAV IDS is incompatible with any known popular firewalls, perhaps it might be a good preventative measure for KAV to pop up a window suggesting the user disable the IDS if it detects those firewalls? This doesn't have to cover every possible incompatible product, but a 90% soution might save a lot of support requests. The firewall market is pretty lopsided, with most of the installations accounted for by only a few products. If the user has administrative privelages, the pop-up box could have a link that would open up the appropriate KAV window and tell them what to change. Otherwise, it would direct them to log on as administrator or contact the administrative user to make the change. When the administrative user next logs on, the pop-up would again appear with the necessary link and instructions. There could even be a help link to a more extended discussion of the reasons for the problem. An ounce of prevention ... That's the whole philosophy behind security apps to start with, and this just applies that philosophy to keep the security apps from interfering with each other, and the user from getting frustrated and making support calls.
  11. This seems to me to be a very good tradeoff, and is also intuitive. The user does choose the security level, and speed is inverse to security level. The actual algorithms, even in the simplified form presented here, would be very hard to explain to the average user and they really don't want to know. The choice of three security levels, with "recommended" doing exactly the right thing for the great majority of users, is an excellent compromise, IMHO. Oleg, how do the iStreams and quarantine period work differently in KAV6? Someone implied it was completely different and all files are scanned all the time. I hope this is a misunderstanding.
  12. Great, all the normal versions now show up. Thanks! I guess we'll all patiently wait for the replacement for 5.0.527 to appear. It's not done till it's done, so better to wait.
  13. Not only is there no English version, there's nothing higher than 5.0.225.
  14. This link returns a 550 error. On the main(?) Kaspersky ftp server, the version in ftp://ftp.kaspersky.com/products/release/...winworkstation/ is 5.0.225. I tried the US ftp server with the same result. Is 527 really out, and if so, where can I find it? [edit] On the Kaspersky Labs website download page, http://www.kaspersky.com/productupdates?chapter=146274385, there are only Italian and Polish versions of 5.0.225 and a Spanish version of 5.0.200. No English versions at all. Seth Goodman
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.