Kaspersky Internet Security - Views?

Hi,

I see lots of comment in this NG about how apparently useless personal
firewalls are in respect of monitoring outgoing traffic and alerting the
user to malware attempts to "phone home" etc. The reason given for this
is usually along the lines of "because any malware worth anything would
be able to circumvent such checks and communicate out without being
detected". Fair enough, I see the logic in that. However, amongst the
firewalls discussed I haven't seen anyone comment specifically about
Kaspersky Internet Security (KIS6.0). Kaspersky claims to protect its
own files (via "Self-Defense")and also monitors all manner of process
activity and alerts the user to strange behaviour. Is this getting any
nearer to a useful facility? It has seemed very good to me but of
course you could argue that either I have no malware on my machine (I am
careful despite the fact that this PC is for family use) or I cannot see
what any installed malware is doing anyway.

Any comments?

--
Wilf

Re: Kaspersky Internet Security - Views?

Wilf wrote:
> I haven't seen anyone comment specifically about
> Kaspersky Internet Security (KIS6.0). Kaspersky claims to protect its
> own files (via "Self-Defense")and also monitors all manner of process
> activity and alerts the user to strange behaviour.

I'm home user just like you, and I don't use Kaspersky so my opinions
are not very relevant (I think it has a good anti-virus).

This is what I think that I know.

All software solutions, today, use API for operation. Rootkit is hidden
from API so Kaspersky is not aware that rootkit exist. So it cannot
protect you or itself from rootkit activity.

Process infection. Malware will choose process which already has
approval for activities it need. So there will be no strange behaviour.
Reading of Kaspersky files/keys can be done by rootikt so Kaspersky
wan't detect it.

AFAIK, currently, there is no good solution against rootkits, but I hope
that situation is going to change soon.

You can scan your machine with some rootkit revealer. This one seems to
be good.

http://www.microsoft.com/technet/sysinternals/Security/Rootk itRevealer.mspx

Re: Kaspersky Internet Security - Views?

@lf wrote:
> Wilf wrote:
>> I haven't seen anyone comment specifically about
>> Kaspersky Internet Security (KIS6.0). Kaspersky claims to protect its
>> own files (via "Self-Defense")and also monitors all manner of process
>> activity and alerts the user to strange behaviour.
>
> I'm home user just like you, and I don't use Kaspersky so my opinions
> are not very relevant (I think it has a good anti-virus).
>
> This is what I think that I know.
>
> All software solutions, today, use API for operation. Rootkit is hidden
> from API so Kaspersky is not aware that rootkit exist. So it cannot
> protect you or itself from rootkit activity.
>
> Process infection. Malware will choose process which already has
> approval for activities it need. So there will be no strange behaviour.
> Reading of Kaspersky files/keys can be done by rootikt so Kaspersky
> wan't detect it.
>
> AFAIK, currently, there is no good solution against rootkits, but I hope
> that situation is going to change soon.
>
> You can scan your machine with some rootkit revealer. This one seems to
> be good.
>
> http://www.microsoft.com/technet/sysinternals/Security/Rootk itRevealer.mspx
Thanks for this. And any over views please?

--
Wilf