Jump to content
sethg

network protection component in 5.0.676

Recommended Posts

I've just installed 5.0.676 and noticed that you have a choice of installing a component for "protection from network attacks". I did not install it, since I couldn't find any documentation that says what it does. So I thought I'd ask here. What does it do and how does it fit in with my current security application lineup?

 

The network currently consists of three Win2K workstations + one Debian Sarge workstation. Each Win2K workstation runs the following security applications:

 

KAV 5.0.676

BlackICE PC Protection 3.6cfg (IDS + firewall)

BOClean 4.21 (real-time trojan detector)

AdAware SE Plus 1.06r1 (on-demand + real-time adware detector)

SpamBayes Outlook plug-in (terrific open-source Bayesian spam filter)

MS Malicious Software Removal Tool (probably to remove competitor's applications)

 

 

The local network is behind a full-cone NAT router with several ports forwarded to specific machines for specific applications. Each Win2K workstation has direct access to the internet (no proxy).

 

I have declared BlackICE, BOClean and AdWatch as trusted processes in KAV to reduce multiple scanning of files, which tends to bog down the machines. I have several questions about this setup, now that KAV has some provision for dealing with "network attacks".

 

1) Does the new KAV network protection component replace any of the functionality of the above security applications?

 

2) Using overlapping applications from different vendors has a potential advantage, since it is less likely that any piece of malware could disable all of them or evade detection by all of them. However, it is more complicated and the separate applications can sometimes fight. Do I lose anything by using a more integrated application from a single vendor in this case?

 

3) For a small network such as this, which may grow to five or ten workstations but not beyond that, would I be better off using KIS6, since it includes a firewall? I have no use for the spam protection component, since I am very happy with the SpamBayes approach. The integrated firewall is interesting, but I would like to know how KIS6 stacks up against KAV for Windows Workstation + BlackICE.

 

4) There is also a separate business firewall product available from Kaspersky. I would like to know how it contrasts with the KIS6 firewall and the BlackICE IDS/firewall.

 

Thanks for your thoughts.

Share this post


Link to post

Hmz.. a 100% reply to these questions is tricky.. A good answer would include a survey of the products and their actual performance. But nevertheless, here's a go at anwering :

 

1) No. KAV 'Network Protection' is really only IDS on a basic level. It's no customizable firewall or anything. Basically, it can perform an action like:

- detect intrusion attempt

- block intrusion

- take further action to make PC 'stealth' on the network.

THe intrusions are detected on a 'known database of intrusion types'

 

2) Are you sure? Two real-time anti-virus products only bogs down your system. And for IDS / firewall it can be a similar story. With products taking over more and more functions, and covering similar areas in protection, it's not always a good choice to have a 'multi-vendor-policy' on 1 workstation.

 

3) Continued on question 2: Yes, you probably would be better off, since it offers a single interface for managing all settings, and limits chances of colliding software operation. Though I have to be honest that I'm not sure about the anti-spam component and how it stands up against SpamBayes

 

4) Which product do you mean exactly? Corporate firewall environments most of the time run on an already installed firewall system at your network, e.g. ISA server or Checkpoint firewall.

 

Hope this covers some of your questions :)

Share this post


Link to post

Thanks, Jan, this was very helpful.

 

1) No. KAV 'Network Protection' is really only IDS on a basic level.

OK, so if I stay with Business Optimal, I'll keep the separate firewall.

 

2) Are you sure? Two real-time anti-virus products only bogs down your system. And for IDS / firewall it can be a similar story. With products taking over more and more functions, and covering similar areas in protection, it's not always a good choice to have a 'multi-vendor-policy' on 1 workstation.

I agree. By overlapping functions, I meant some overlap, not duplication. For example, BOClean is an anti-trojan utility, but KAV detects many trojans as well. Because the two work rather differently, the overlap in function is not a problem. Running two anti-virus scanners is not a good idea, nor is running two firewalls, as they tend to work in very similar ways and there is much potential for conflict.

 

3) Continued on question 2: Yes, you probably would be better off, since it offers a single interface for managing all settings, and limits chances of colliding software operation. Though I have to be honest that I'm not sure about the anti-spam component and how it stands up against SpamBayes

Thanks, I'll look into it, then. I still wonder how the Kaspersky firewall component compares to BlackICE and other standalone firewalls. It would be nice to have one interface for both anti-virus and firewall. How about anti-spyware functionality? Is it as good as the standalone products?

 

As for the spam filtering component, I probably would stick with SpamBayes. I've used a lot of different anti-spam products: some rule-based, some Bayesian and some hybrids. Of these types, I am personally most comfortable with the Bayesian classifiers, but there are large differences between different implementations. SpamBayes, IMHO, is a best-of-breed straight Bayesian classifier. It trains quickly and its performance leaves little to be desired.

 

4) Which product do you mean exactly?

Kapsersky Anti-Hacker for Small Business http://usa.kaspersky.com/store/business-optimal.php

 

I don't know if this is any different from the firewall component in KIS6, but it appears as a separate product on the Business Optimal page.

Share this post


Link to post

With the Firewall component coming into WKS BO in the fall, and my BlackICE software renewal coming up soon, I am still curious about how the Kaspersky Firewall compares to BlackICE PC Protection plus Lavasoft AdAware SE Plus. I use and will probably keep BOClean as an anti-trojan application, unless it is truly redundant with the upcoming WKS product.

 

Sometimes I think being behind a NAT router, having strong AV, anti-trojan and anti-sypware defenses is sufficient, and firewalls are perhaps not even necessary anymore (I know, this is dangerous talk in the security business). Having more layers for a virus or trojan to penetrate is probably better. The application is a small office network.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.