August 12, 2008, 12:49 PM — Fans of all-in-one security suites should take a serious look at the just-released Kaspersky Internet Security 2009, which includes modules for antivirus, antispyware, firewall and more, yet uses little enough system resources and RAM that it won't slow down or clog up your system.
Like many of its competitors, Kaspersky takes the "everything but the kitchen sink" approach to Internet security, and it largely succeeds. The software's sprawling features are well integrated via a single control panel with individual screens for anti-malware, system security, online security and content-filtering sections. The default settings for each module should work well for most people, but for those who like to tweak, the program offers considerable customization tools as well.
The list of protection methods offered by the software is very long indeed: antivirus, antispyware, a firewall, an intrusion-protection system, antiphishing, antidialer, antispam, parental controls, an ad banner blocker, application filtering ... and even more. Surprisingly, despite all these features, Kaspersky won't slow down your system. On my Core Duo 1.83-GHz laptop running Windows XP with 1GB of RAM, I experienced virtually no performance hit at all.
One potential problem with comprehensive security suites is that you can wind up spending as much time training the program, or answering its queries about how to handle potential threats, as you will actually using your computer. Not so with Kaspersky. By default, it handles notices and alerts on its own, taking what it deems the most appropriate action for the potential threat. You can tell it to ask how you would like to handle threats and potential threats, but you're far better off letting the software handle that for you.
Antivirus and antispyware
The heart of any security suite is its anti-malware protection, and here Kaspersky does a very creditable job. The antivirus engine has been redone from previous versions; it has new algorithms and can take advantage of multiple processors on a machine. Kaspersky claims a 50% increase in scanning speed; I did not use earlier versions of the software, so I can't verify that claim. But the scans I did with this version went exceedingly quickly; after my initial scan, it took less than two minutes for all subsequent scans.
Another plus: The customizable scanner lets you pause and resume easily; you can even have it automatically reboot or shut down your system after a scan.
As installed, scans aren't on a schedule; you'll have to set those up manually. However, you can customize scanning in many different ways, and can schedule scans to a fine-tuned degree, even having the software do a scan after every signature update. Considering the frequency of signature updates, however, you'd be better off not setting it to work on that schedule.
Of course, speed and flexibility is one thing; effectiveness is another. Here again, Kaspersky does a very credible job. According to AV-Comparatives.org, an independent malware-testing site that measures the antivirus portion of the suite, Kaspersky's newest release measures up well. The site tested a beta version and gave it an "Advanced" certification, and also noted that it had a very low rate of false positives.
Keep in mind, though, that "Advanced" is not the highest level of certification. The highest level is Advanced+, a rating given to very few programs, including NOD32 Anti-Virus and AntiVir PE Premium. By way of comparison: McAfee received an Advanced, and Norton a Standard.
An unobtrusive firewall
The second most important module of a security suite is a firewall, and again, Kaspersky's measures up. The firewall is so unobtrusive that you might not even notice it's there. Unlike many other firewalls, it doesn't require extensive training. There is a set of rules built in that either allows or blocks a particular application from accessing the Internet. These rules also determine which network resources can be accessed. So you won't be bothered by pop-ups or training time, although the suite does inform you when it allows or disallows a new application.
You can set different levels of firewall protection and can also extensively fine-tune the rules, setting not just which programs can and can't access your machine and the Internet, but also to block or allow various network services, among other settings. But most likely you won't need to do this; the default works fine.
A key component of the suite is its application-filtering module, which determines how trustworthy each piece of software is on your PC. It does this using several different methods, including by examining a signature database, and by testing applications in a secure environment it sets up on your PC. It also uses heuristic analysis and assigns a security rating to each application.
Based on its rating for applications, they may be blocked or allowed to run, or only allowed to take certain actions. This applies to other components of the suite as well -- for example, the firewall may not allow an application to access the Internet based on the rating.
Many other components are essentially invisible to you as they go about their work, although you can also customize them. For example, Kaspersky's Proactive Defense feature detects keyloggers, stops hidden drivers from being installed, and halts other potentially dangerous activities. There's also an Intrusion Prevention System, among a variety of other protection tools.
Kaspersky is packed with lots of wizards and extras, such as a Security Analyzer wizard, which scans your system for vulnerable applications and holes. If it finds any security vulnerabilities, lists how critical the problem is (such as "Very dangerous"), and includes a link to a description of the vulnerability and a fix if one is available. On my test machine, it found nine vulnerabilities, all having to do with software whose older versions had holes. Patching each of the apps using the link provided solved the problem.
The wizard also analyzes browser and system vulnerabilities, and recommends fixes. For example, it suggested that I turn off autorun on network drives, along with a variety of browser changes, such as turning on a setting to clear browser cache whenever I exit the browser.
Content filtering needs help
Not everything in the suite is up to the standards of its firewall and anti-malware modules. Kaspersky's content filtering, in particular, needs help, and its antiphishing filter is less than useful. It frequently let me visit phishing sites that Firefox blocked -- you'll be far better served by using your browser's built-in phishing filter than relying on Kaspersky's.
In addition, the Parental Control tool is difficult to use, without many advanced options. It doesn't offer as many types of filters as some other parental control software, and it doesn't have a way to block certain games from being played. The Banner Ad Blocker, though, works well, if you want to surf the Web with fewer ads. By default it's turned on, although you can easily turn it off.
If you already have antivirus or other security software running, you'll need to uninstall it before installing Kaspersky. If not, there's a good chance you'll run into installation problems. I was running Avast and disabled it for the installation, but under Windows Vista, I received error messages that Kaspersky couldn't write to portions of the Registry and so it wouldn't install -- but the program didn't tell me the source of the problem was Avast.
In a Windows XP installation, Kaspersky warned me that Avast needed to be uninstalled, and offered to do the uninstallation itself. However, choosing that option only resulted in an endless loop, with Avast still uninstalled. After exiting Kaspersky, then uninstalling Avast via normal methods, the Kaspersky installation went fine.
The bottom line
For hands-on tinkerers and skinflints, there are plenty of very good free firewalls and anti-malware apps out there -- you can put together your own suite of them without spending anything.
However, if you want the wider range of tools and single controlling interface that a suite offers, you probably want to know how Kaspersky measures up to one of its biggest competitors, Norton Internet Security. Symantec recently released a public beta of its newest version, NIS 2009, and judging from that, the two are pretty much neck-in-neck.
In general, both offer the same protection: anti-malware, firewall, intrusion protection and so on. The Kaspersky suite offers a cleaner, simpler design and a few extras that Norton lacks, notably the Security Analyzer wizard. On the other hand, Norton has a few features that Kaspersky doesn't have, such as a very nice home network map that warns you if you're not using encryption on your network and gives details (such as IP and MAC addresses) about each device on your network.
If you're looking for a simple networking tool in addition to a security suite, Norton will be a better choice. If cleaner design and easy-to-use security wizards are what you're after, Kaspersky is the one to choose.
Preston Gralla is a contributing editor for Computerworld.com , and the author of more than 35 books, including How the Internet Works.