Kaspersky Lab
30
Kaspersky Lab Facts Kaspersky Lab vs. ESET
description
Facts Kaspersky Lab vs. ESET. Kaspersky Lab. The companies: principal facts. The companies: independent assessment of market position. - PowerPoint PPT Presentation
Transcript of Kaspersky Lab
Kaspersky Lab
Facts
Kaspersky Lab vs. ESET
The companies: principal facts
Kaspersky Lab A private Russian company with headquarters
in Moscow Eugene Kaspersky has been combating
viruses since 1989, and the group of antivirus software developers he leads has worked for over 16 years. Kaspersky Lab was founded 9 years ago
More than 700 employees in offices across the globe
11 local offices (including offices in China, France, Germany, Great Britain, Japan, Korea and the USA). An extensive partner network: over 500 companies across the globe
ESET A private Slovakian company. After
opening an office in the US, ESET positions itself as an American company: “ESET Software is headquartered in San Diego, California”
On the antivirus market since 1992 A partner network spanning 100
countries
The companies: independent assessment of market position
ESET received the 2006 Deloitte Technology Fast 500 EMEA Award, i.e., it ranked among the 500 fastest growing companies in Europe, the Middle East and Africa
In 2006, Kaspersky Lab received the Frost & Sullivan Growth Strategy Leadership Award for the highest growth rate on the antivirus market
IDC and Gartner, large research companies, do not include data on ESET in their reports. The company’s revenues are included in the Other category
Antivirus vendor revenue growth in 2004-2005 (estimate by IDC & Gartner):
9%
17%
9%13%
27%
41%
20% 20%
63%
15%18%
11%
95%
13%
43%
24%
12%14%
0%
20%
40%
60%
80%
100%
Kaspersky F-Secure Panda McAfee Sophos Symantec Norman Trend Micro Total
IDC Gartner
The VirusLab is located in a single research center in Moscow. This makes it possible to train new analysts and share expert knowledge with minimal delays
The system for collecting malicious program samples is geographically distributed, with honeypots placed in numerous locations, enabling analysts to receive samples almost as soon as after they appear “in the wild”
Kaspersky Lab uses unique tools for automating collection and processing of malicious program samples. It takes just a few minutes to analyze malware samples and add their signatures to antivirus databases
Updates are tested automatically. Performing multiple operations in parallel accelerates the update testing process, which takes less than an hour
A broad range of proactive technologies developed by the company enable Kaspersky Lab products to detect most threats even BEFORE their signatures are released
Technologies: Kaspersky Lab’s VirusLab
Technologies: malicious program detection levels
Overall levels of malicious program detection
99.06% 98.86% 98.96%98.61%
95.65%95.80%
93%
94%
95%
96%
97%
98%
99%
100%
AV-comparatives.org, August 2006
AV-Test.org, September 2006
AV-Test.org, November 2006
Kaspersky ESET
Technologies: proactive protection
Proactive protection targets new malicious programs for which signatures have not yet been added to antivirus databases
There are two main proactive protection technologies: heuristic analyzer and behavior blocker The heuristic analyzer (heuristic) analyzes the code of objects for the
typical attributes of malicious applications. Based on the results of this analysis, the heuristic concludes whether the object is potentially hostile
The behavior blocker is a program that analyzes the behavior of applications running on the user’s computer and blocks any dangerous activity (i.e., actions typically performed by malicious programs)
Technologies: proactive protection
Kaspersky Lab solutions ESET NOD32
Behavior blocker -
Heuristic analyzer
Proactive protection technologies used in Kaspersky Lab and ESET solutions
The best-known analyses of proactive protection are conducted by theAV-Comparatives.org project: Standard Retrospective / ProActive tests conducted by
AV-Comparatives.org assess only the capabilities of the heuristic analyzer AV-Comparatives.org conducts separate analyses to assess the
capabilities of behavior blockers
Technologies: proactive protection
Each method for proactive protection has its pros and cons. However, the facts speak for themselves:
During a special proactive protection test conducted by AV-Comparatives.org, the Proactive Defense Module (behavior blocker) in Kaspersky Anti-Virus 6.0 blocked the actions of 99% of malicious programs
During the Retrospective / ProActive test conducted by AV-Comparatives.org, the heuristic analyzer in NOD32 detected 53% of malicious programs
AV-Comparatives.org provides the following comment on the results achieved by Kaspersky Lab products:
Technologies: proactive protection
Detection of Nyxem worm (BlackWorm) using proactive methods
Kaspersky Lab detected by behavior blocker
Panda detected by behavior blocker
ESET detected by heuristic analyzer
McAfee detected by heuristic analyzer
Symantec not detected
Trend Micro not detected
Sophos not detected
BitDefender not detected
Dr. Web not detected
AV-Test.org, 2006
Malicious programs can be proactively detected by heuristic analyzersor by behavior blockers
Technologies: proactive protection
The proactive defense module (behavior blocker) included in Kaspersky Lab products has detected most modifications of the Warezov worm from the very start of its epidemic.Detection of Warezov by the Proactive Defense Module in Kaspersky Lab’s version 6.0 products:
Technologies: proactive protection
Scanning results shown by jotti.com multiscanner: 19.09.06, 07:30
Kaspersky Anti-Virus Found Email-Worm.Win32.Warezov.dc
NOD32 Found nothing
ESET NOD32 provided neither a signature-based nor proactive detection of Warezov (Win32/Stration) worm at the beginning of the epidemic:
Only after a special update to heuristic rules was released did NOD32 began detecting some, but not all, variants of Warezov:
Scanning results shown by VirusTotal.com multiscanner: 25.10.2006, 11:05
Kaspersky Anti-Virus Email-Worm.Win32.Warezov.do
NOD32 no virus found
Technologies: these companies use Kaspersky Lab’s antivirus technologies in their solutions
Have you heard of any companies that use ESET technologies?
Products: Virus Bulletin 100% awards
ESET NOD32 is a leader in the number of VB100% awards: at the time of writing, ESET had 41 awards, while Kaspersky Lab had 36 awards
However, all Kaspersky Lab failures in VB100% testing were associated with old product versions. In the past two years, all Kaspersky Lab products have successfully passed tests.
2006 February - Windows NT
4.0
April - Red Hat Linux 9
June - Windows XP
August - Netware 6.5
October - Windows 2000
Server
December - Windows XP
x64
Kaspersky Lab
ESET
2005 February - Windows NT
4.0
April - Red Hat Linux 9
June - Windows XP
August - Netware 6.5
October - Windows
Server 2003
December - Windows
Server 2003 Enterprise X64
Kaspersky Lab
ESET
Products: fast operation and minimal effect on system performance
Today, there are two well-established stereotypes:
1. ESET NOD32 is a fast and “light” antivirus solution that requires minimum resources and does not affect system performance
This is true, subject to a number of important caveats
2. Kaspersky Anti-Virus provides solid protection from viruses, but significantly slows down the system
With the release of Kaspersky Lab’s version 6.0 products, the situation changed:Kaspersky Lab products not only protect the system well, but they slow the system down insignificantly
Products: fast operation and minimal effect on system performance
1. Reduced performance of the computer (the time it takes the computer to perform standard actions) due to the consumption of system resources by the antivirus program
2. Slow scanning by the antivirus monitor and on demand scanner
What does “the antivirus slows the system down” mean to users?
An antivirus program always affects system performance. The question is how great is this influence!
Products: fast operation and minimal effect on system performance
Kaspersky Lab’s version 6.0 products have minimal effect on system performance. This is confirmed by independent test results.
CNET Labs июнь 2006
Effect of the antivirus solution on the system’s performance(the time in seconds required for performing standard operations
while on demand scanning is running)
150 170 190 210 230 250 270
F-Secure
Trend Micro
BitDefender
Symantec
McAfee
ESET
Kaspersky
No antivirus
Source: CNET Labs
Products: fast operation and minimal effect on system performance
It is true that a number of independent tests show that NOD32 outperforms Kaspersky Lab products in terms of scanning speed
However:
Using the default settings, Kaspersky Lab products provide more in-depth scanning of the system for malicious programs
The scanning speed is lower only when the user first begins using Kaspersky Lab products. Subsequently, scanning only new and modified files optimizes and accelerates antivirus scanning without sacrificing quality
On demand scanning speed
Products: fast operation and minimal effect on system performance Using the default settings, Kaspersky Lab products provide more thorough in-depth
scanning of the system In NOD32, such important parameters as advanced heuristics and scanning of
compressed files are disabled by default in the on demand scanner settings
Products: fast operation and minimal effect on system performance
The diagram below compares scanning speed for uncompressed and compressed files (with the scanning of compressed files enabled in NOD32). Source: AV-Test.org, 2006
ESET even warns users against using in-depth analysis during scanning:
Scanning time
0:00:00 0:01:26 0:02:53 0:04:19 0:05:46 0:07:12 0:08:38 0:10:05
compressed
non-compressed
NOD32 Kaspersky
Products: fast operation and minimal effect on system performance
Unlike on demand scanning, the antivirus monitor is always active in RAM. Because of this, it is especially important to users how much scanning of files with the antivirus monitor increases the time it takes to open or close these files
CNET Labs июнь 2006
On access overhead (executables and system files, default antivirus settings)
0% 2000% 4000% 6000% 8000% 10000%
Kaspersky Anti-Virus
ESET NOD32
Norman VirusControl
Microsoft Windows Live OneCare
Symantec Anti-Virus
CA Anti-Virus
McAfee VirusScan Enterprise
Grisoft AVG
GDATA AVK 2007
Sophos AntiVirus
F-Secure Anti-Virus for Vista 2007
percentage slowdownSource: Virus Bulletin
Products: fast operation and minimal effect on system performance
On access overhead (archive files, de fault antiv irus se ttings)
0% 2000% 4000% 6000% 8000% 10000% 12000% 14000%
Kaspersky Anti-Virus
Norm an VirusControl
Grisoft AVG
ESET NOD32
Sym antec Anti-Virus
CA Anti-Virus
F-Secure Anti-Virus for Vis ta 2007
Sophos AntiVirus
Microsoft Windows Live OneCare
McAfee VirusScan Enterprise
GDATA AVK 2007
percentage s lowdownSource: Virus Bulletin
Products: fast operation and minimal effect on system performance
CNET Labs июнь 2006
On access overhead (media and documents, default antivirus settings)
0% 5000% 10000% 15000% 20000% 25000% 30000%
Kaspersky Anti-Virus
Symantec Anti-Virus
Norman VirusControl
McAfee VirusScan Enterprise
ESET NOD32
F-Secure Anti-Virus for Vista 2007
Grisoft AVG
Sophos AntiVirus
CA Anti-Virus
Microsoft Windows Live OneCare
GDATA AVK 2007
percentage slowdownSource: Virus Bulletin
Products: fast operation and minimal effect on system performance
Scanning of new and modified files only
Selection of security levels. Three levels: low, recommended or high
Intelligent file scanning mode, in which, e.g., Microsoft Office documents are scanned only when first opened and when last closed, with all intermediate file saving operations excluded from scanning
Automatic pausing of scanning when the processor is loaded by other applications
Support for defining protection scope, i.e., the disk area that will be scanned by the antivirus monitor
Features in Kaspersky Lab’s version 6.0 products that optimize scanning and the use of system resources:
Products: fast operation and minimal effect on system performance
“Kaspersky Anti-Virus 6 is the best antivirus application we've seen this year. In our CNET Labs' performance tests and in results from independent antivirus testing organizations, the Russian antivirus vendor Kaspersky Lab scores high marks against its well-known competition. Kaspersky Anti-Virus 6 scored well in CNET Labs' performance tests and exceptionally well in third-party, independent antivirus testing using live viruses. On our iTunes test, Kaspersky Anti-Virus 6 was first, with a fast 174 seconds, just 12 seconds above our test system. On our Sorensen Squeeze test, Kaspersky Anti-Virus 6 was second, with 256 seconds, just 15 seconds more than our test system.” CNET, June 2006
“Kaspersky Anti-Virus 6.0 detected and deleted practically all the malicious programs in the test group, at the same time achieving fast performance. Overall, the program showed itself to be an excellent quality solution”. Computerbild, July 2006
The experts of PC Magazine also mentioned the advantages of checking file checksums (only new and modified files are scanned, while files that have not been modified since the previous scan are automatically marked as “clean”). PC Magazine Germany, November 2006
The performance of Kaspersky Lab’s version 6.0 products has been acknowledged not only by users but by respected magazines as well:
Products: integrated protection of personal computers and workstations
FeaturesKaspersky Internet Security 6.0 and
Kaspersky Anti-Virus 6.0 for Windows Workstation
ESET NOD32
Installation on an infected computer and treatment of an active infection
Advanced Disinfection and self-
defense technology -
Proactive protection (heuristic analyzer / behavior blocker / rollback of malicious changes) / / / - / -
File antivirus
Mail antivirus (POP3 / SMPT / IMAP4) / / / / -
Web antivirus (scanning of HTTP traffic)
Detection of rootkits (known / unknown)
Protection from spyware
Protection from network attacks (firewall / IDS) / - / -
Protection from phishing / spam / unwanted advertising / / -/ -/ -
Emergency recovery disk (Rescue CD) that correctly works with NTFS file system -
Products: integrated protection of all nodes on the corporate networkProtection types Kaspersky Lab products ESET productsProtection of workstations
−Kaspersky Anti-Virus for Windows Workstations−Kaspersky Anti-Virus for Linux Workstations
− NOD32 for Windows − NOD32 for Linux & BSD
Protection of file servers
−Kaspersky Anti-Virus for Windows File Servers−Kaspersky Anti-Virus for Novell Netware File Server−Kaspersky Anti-Virus for Linux File Server−Kaspersky Anti-Virus for xBSD File Server−Kaspersky Anti-Virus for Samba File Server
− NOD32 for Windows*− NOD32 for Linux & BSD− NOD32 for Novell NetWare
Protection of email −Kaspersky Mail Gateway−Kaspersky Security for MS Exchange Server
2003−Kaspersky Anti-Virus for MS Exchange−Kaspersky Anti-Virus for IBM Lotus Domino−Kaspersky Anti-Virus for Linux Mail Server −Kaspersky Anti-Spam
− NOD32 for Microsoft Exchange Server
− NOD32 for IBM Lotus Domino− NOD32 for Linux & BSD Mail
Servers− NOD32 for Kerio MailServer
Protection of Internet gateways
− Kaspersky Anti-Virus for Proxy Server− Kaspersky Anti-Virus for MS ISA Server
2000/2004/2006 St Edition− Kaspersky Anti-Virus for MS ISA Server 2000/2004
Ent Edition− Kaspersky Anti-Virus for CheckPoint FireWall-1
None
Protection of mobile devices
−Kaspersky Anti-Virus Mobile−Kaspersky Security for PDAs None
Administration system − Kaspersky Administration Kit −NOD32 Remote Administrator
Products: a fully functional security management tool
Kaspersky Administration Kit NOD32 Remote Administrator
A separate administration agent Yes No
Management of security parameters Mechanism based on policies and tasks Configuration file used for installing applications and tasks
Enforcement of security parametersSupport for blocking certain parameters
and settings from being modified on client computers
Unreliable password protection
Access control and auditing of administrator actions
Yes No
Detection of virus outbreaks Yes No
Emergency connection with client applications
Yes No
Push updating of antivirus databases Yes No
In the documentation, the NOD32 administration system is described using a 50-workstation network as an example. This is not accidental, since using NOD32 on large networks is problematic
Products: the cost and what it includes
As an example, consider solutions for the protection of workstations Compare the cost of Kaspersky Anti-Virus 6.0 for Windows Workstation and
ESET NOD32. We are not sure that the ESET product will turn out to be cheaper than the Kaspersky Lab solution.
When a customer buys Kaspersky Anti-Virus 6.0 for Windows Workstation, they get a solution that includes an antivirus program, a firewall, protection from spam and phishing and other protection components.
When a customer buys NOD32, they only get an antivirus program.
Kaspersky Administration Kit, the remote administration system, is provided to customers free of charge.
NOD32 Remote Administrator is supplied only with NOD32 Enterprise Edition, which is 30-40% more expensive than the standard ESET solution and more expensive than Kaspersky Lab solutions.
Customers: companies that have acknowledged the advantages of Kaspersky Lab products
T-Mobile, Czech Republic Rectorat Amiens, France University of Western Australia Keio University (No. 1 university
in Japan) Bancaja Group, Spain Tatneft, Russia VimpelCom, Russia Central Bank of Russia and others
Deutscher Bundestag, Germany International Atomic Energy
Agency (IAEA) Retarus, Germany Government Development
Bank, Malaysia Ministry of Equipment, France Conseil Général 92, France M&G Finanziaria Industriale,
Italy Ministry of Labor and Social
Affairs, Czech Republic I.NET S.p.a., Italy
You can find the list of ESET customers on the company’s website. We are confident that the comparison will be to our advantage
Why do you need these facts?
To make the right choice!
