Jump to content
Sign in to follow this  
Logan

"Kaspersky's Anti-Virus products are rootkits"

Recommended Posts

Read this article: http://www.computerworld.com.au/index.php/...49;fp;16;fpid;0

 

I can vouch that the part about Symantec is true. However, Kaspersky?

 

Is this true on your part? Very interesting... what is the purpose of you using a rootkit in your software? Like the article said, if it's true, then you need to re-architect your product. No need for a rootkit to be involved.

 

This really turns me off from Kaspersky.

Share this post


Link to post
Read this article: http://www.governmentsecurity.org/forum/in...showtopic=18508

 

I can vouch that the part about Symantec is true. However, Kaspersky?

 

Is this true on your part?

 

this is not a simple subject. yes it is true that kaspersky is using "rootkit" technology, but what actually is "rootkit" technology?!

 

1. is it the fact that it is malicious or potentially malicious? if so, then we have to check how safe is the design of it. for example sony BMG was by it self not malicious, but it was proved that it could be misused (hijacked) by malware. symantec by itself is also not malicious but there ware also cases where it could be misused by malware. by kaspersky however there is no know case where malware could be misusing its "rootkit" technology, because it has a good/safe design (i belive :) )

 

2. or is it the fact that it hides things/objects? if so then we have to say that kav6 does not do this any more (at least as far as i know :) ) this was only used by kav5 to protect its ntfs ads (iStreams).

 

3. but actually "rootkit" technology is just that, an technology. programing technology/techniques where system hooks and kernel drivers are used and the funny thing about this is that also most of sysinternals (Mark Russinovich) tools are doing this ;)

 

so i think there is no way to compare kaspersky to sony BMG or other real rootkits used by malware.

 

and here are some more comments on this issue http://www.f-secure.com/weblog/#00000776

Share this post


Link to post

Kaspersky 5.0 uses ADS which is a Microsoft feature in it's iStreams technology:http://www.kaspersky.com/faq?qid=156636746.

 

So to answer your question: No Kaspersky 5.0 doesn't use rootkits, it uses a Microsoft feature called Alternate Data Streams and calling that a rootkit is farfetch as it is not spying on you. Kav scans ADS in both Real-time and on-demand.

 

Saso is right when he says 6.0 won't be using the Alternate Data Streams btw.

Share this post


Link to post

Well, KAV 5.0 "hides" ADS created for files using special driver.

Someone can name it "rootkit". I don't think so.

 

Unlike Symantec or Sony, KAV _protects_ these ADS from _all_ access.

Other programs can't access them or use for their hiding.

 

6.0 line get rid if ADS use because of cleanup inconvenience after product deinstallation.

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.