Security for Everyone - Reviewing Kaspersky Internet Security 2010

Our guest this week in our Security for Everyone series is Kaspersky Internet Suite 2010, the latest version of Kaspersky's security suite that has recently been blessed with Windows 7 compatibility. Kaspersky Lab is one of the most important players on the security market. Read on to see if they have lived up to their name with this release.

First impressions

Kaspersky's website did not make a favorable first impression. Downloading the trial version requires that you accept to receive newsletters. Despite the option being offered as a checkbox, if you don't check it, you can't download the trial version. However, Kaspersky Labs has a tradition of not nagging people who are just trying out their products and I did not receive anything annoying from them via e-mail.

The unfavorable impression did fade away quite quickly. The installation program is very easy to use, offering what is effectively a one-click install. Experts can configure extra settings, but for the purpose of this test I just installed using the default options. No unwanted software is installed and everything is ready to use within minutes. The only lengthy operation performed at install time (besides copying the program files) is a quick scan of the system's files in order to identify the applications installed on your system.

What struck me after just a few minutes of working with Kaspersky Internet Security 2010 is the remarkable number of features it boosts. I literally cannot name a feature that I have seen in other suites and I have not seen in this one, except perhaps those from the cloud computing-derived approach on heuristic detection in Norton Internet Security 2010. Kaspersky made this version into a veritable testbed for several new approaches, and it is only fair to point out that, in spite of this, their release has nothing from the shakiness of a version that includes new, less traditional technology.

Ease of use and configuration

The first run turned out to be quite a surprise for me. Kaspersky Internet Security 2010 does not run any preliminary checks on your system and leaves the task of performing an initial scan to the user. This is a first sign that Kaspersky Internet Security 2010 is not aimed directly at the novice user, an impression that is kept throughout the interface.

During the first days of day-to-day work on the test computer, I was impressed by the minimalist approach that is quite similar to our last guest here at Security for Everyone. Kaspersky Internet Security 2010 will only pop up a message if there is something important to be announced or if there is some decision to take and it cannot take it itself reliably. The usability implications of this approach are hard to appreciate until you have not had the opportunity to work almost without any nagging and without having to undo almost every automatic decision made by a brain-damaged engine. For activities that really require no interruption, Kaspersky Internet Security 2010 also includes a "silent mode", intended for gamers or cinemaphiles that will eliminate all nagging alerts completely.

Kaspersky Internet Security 2010 is a very feature-packed suite. In fact, I think it is the most feature-packed in this series so far. The side effect is that it really feels intimidating. The configuration screen is not for the faint-hearted. While easy to use and well-organized, it offers a lot of tweaking options in a huge list of categories. Almost all the intricate details of the program can be configured and every kind of behavior can be tweaked in some way. This is supported by a very helpful documentation.

The main screen itself is a very detailed view, that offers immediate access to all the features. The main screen offers an action-oriented tabbed interface rather than a module-oriented paradigm. This means that rather than dividing the main screen into sections called "Anti-virus", "Firewall", "Anti-spam" and so on, it will divide the areas based on the type of actions they perform: "My Protection", "My security zone", "Scan my computer" etc.. Each section offers access to more specific sections. It takes some using to, but it makes it far easier to find what you are looking after. This approach is perfectly suited for the huge list of features that Kaspersky Internet Security 2010 offers.

Configuring Kaspersky Internet Security 2010 is a breeze, once you manage to get past the shock of the configuration screen. It is well-organized and very easy to use, which is remarkable given the impressive list of customization options it offers. The very detailed configuration panes display correctly classified information, intuitive controls and a lot of attention has been given to fine usability details. There are no settings that influence each other without warning, no separate controls performing the same functions and no settings hiding under different names.

I was also pleasantly surprised by the new features and by the improvement in older ones. The most impressive new feature that Kaspersky Internet Security 2010 offers is the Safe Run Mode. This effectively builds a sandbox environment inside which applications cannot make any changes to the system; they are offered a virtual registry and access to some resources so as to run correctly, but reversing all changes can be done by simply clicking the "Clear" button. Applications running in Safe Run Mode are distinguished by a green margin around their window. This approach is useful when dealing with questionable applications and websites. It is not unique - ZoneAlarm offers a similar feature, too - and it is not without its quirks (some applications, like Opera, do not seem to be willing to run in this environment). However, it is still an elegant and powerful solution. And Kaspersky Lab's new approaches don't stop here.

Firewall

Kaspersky Internet Security 2010 boosts an interesting approach to firewall protection. Instead of trying to stealth all the ports, it keeps them closed while protecting against malicious traffic. Most security tools try to hide all the computer's ports, making the system discard the traffic silently as if it was not online. While this approach has some benefits, it can also make the system more vulnerable to Denial-of-Service attacks and can make integrating the firewall with the system more difficult.

I was quite reluctant to the benefits of this approach, but it seems to be sufficient for desktop-level protection. The firewall did leak some information to remote scanners, but it provided good protection against all the important tools in a cracker's toolbox. The firewall process itself is well protected as well: I could not kill the process from Task Manager nor disable it in any other way, and I could not change the Registry settings associated with it in any way. I was also unsuccessful in trying to sneak malicious programs.

Kaspersky Internet Security 2010 takes the firewall idea to an interesting new level through the Intelligent Application Control (IAC). IAC will not only block the programs from accessing the network, but it will also attempt to keep those that are authorized from abusing their status. Programs that are digitally signed or whitelisted by Kaspersky will receive full access to the network and operating system resources. Programs that are not known are categorized as Low Restricted, Highly Restricted or Untrusted using heuristic algorithms that try to guess how safe a program is based on its behavior. These restriction levels translate to programs being denied access to personal data, not being allowed to access network resources and so on. Overall, Kaspersky Internet Security 2010 proved to have an extremely solid firewall engine. In fact, it is the most solid one we tested in our series so far.

The firewall tries to do as much auto-detection as possible. As a consequence, there are very few nagging alerts. In fact, this is perpetuated throughout the entire program; this minimalist approach that is more and more popular has huge usability benefits as long as the underlying decision-making system is good enough and its decisions can be reversed without difficulties in case they get it wrong. Fortunately, this is the case with Kaspersky Internet Security 2010. The firewall configuration interface is very easy to use and programs can easily be whitelisted or blacklisted.

Antivirus and antispyware features

Kaspersky has a long-running reputation as having one of the best anti-virus engines on the market. This reputation is confirmed by most 3rd party tests, most of which reveal a perfect detection rate. Indeed, Kaspersky detected almost all of my spyware samples, being on-par with Norton Internet Security 2010 and G-Data InternetSecurity 2010, our references in the series so far. Unfortunately, despite the detection rate for trojans and spyware being very good, I was not very impressed by the overall protection offered by the antivirus. Its detection rate was especially low when dealing with keyloggers and was only average when dealing with rootkits. Furthermore, even when detecting the threats, some of them could not be removed, or were removed only after several rounds of disinfection and a reboot. Kaspersky Internet Security 2010 also found a lot of false positives. I should point out, however, that an elegant solution against keyloggers is offered in the form of a secure, virtual keyboard that can be used to enter data so sensitive that you do not mind operating a tedious, mouse-driven keyboard.

The behavior of the anti-virus is confusing. Some malware programs required a special disinfection procedure which is followed by a reboot. Malware that poses major threats is automatically removed, but the user is offered the option of choosing what to do with less dangerous misconducts. Unfortunately, removing a trojan will sometimes work and sometimes fail silently, making it forever unclear whether the system was cleaned of not.

Despite the active protection feature being of a good quality and very responsive (to the point where it wiped out half of my infected samples when I opened the folder in My Computer), the performance impact is important. Kaspersky Internet Security 2010 seemed to be the slowest in our series so far, the consistent performance penalty being comparable with G-Data InternetSecurity 2010's double-engine system. This is somewhat ironic because G-Data InternetSecurity actually uses Kaspersky Lab's anti-malware engine, so the fault for this lack of slimness resides in the overall architecture of the program. Nevertheless, it is only fair to point out that Kaspersky Internet Security 2010 is far more complete.

These two problems make Kaspersky Internet Security 2010's antivirus engine a rather disappointing surprise. In spite of the problems with rootkits and keyloggers, the detection rate itself is not below average, an impression confirmed by most 3rd party anti-virus related where Kaspersky Internet Security 2010 had good scores in lab conditions. Unfortunately, it proved less effective than I had hoped in real-life situations. It is even more unfortunate to see this when considering the exceptional degree of integration: Kaspersky Internet Security 2010 can work seamlessly with e-mail clients and instant messaging applications. I can only hope that Kaspersky's efforts to update their malware signatures will bring the anti-virus module on par with the rest of the suite.

Besides the feature set, an important aspect of Kaspersky Internet Security 2010's anti-malware protection is its excellent vulnerability scanner. This module will scan the system to find and possibly resolve any vulnerabilities that appear due to out-of-date or incorrectly configured programs. Taking an active approach over the idea of protection is one of the emerging techniques on desktop-level security, and other suites have adopted it as well, but I believe that Kaspersky Internet Security 2010's is, at the moment, the most solid one.

Verdict

While the anti-malware engine is not exactly up to the rest of the modules, Kaspersky Internet Security 2010 is an extremely solid security suite. However, it is not aimed at novice users. It is a complex, feature-packed and configurable program that is easy to use for the power user but intimidating to novices due to the huge range of features and customization possibilities.

On the other hand, I have to point out that, unlike some of our other guests, it is not a failed attempt at making a technologically shaky program appealing to novice users just in order to hide its lack of resources. Kaspersky Internet Security 2010 is a rock-solid suite with state-of-the art technology. It just wasn't designed with your grandmother in mind, it's mostly aimed at computer geeks who know how to take advantage of all the features and configuration options. If you want to try it yourself, you can find the trial version on Kaspersky's trials page or on Softpedia, where you get to skip the step of providing your contact details.

Also, if you have used Kaspersky Internet Suite 2010 already, don't hesitate to share your comments and impressions.

Purchasing options:

You can buy this product from Amazon US (if you are from North America) or from Amazon UK (for European countries). When you are buying from Amazon, we also receive a small affiliate commission which will help pay for some of our work on the site. A big thank you to all of you who are buying using these links.

Related articles: