kaspersky lab facts kaspersky lab vs. symantec. the companies: principal facts kaspersky lab a...
Post on 18-Dec-2015
244 views
TRANSCRIPT
Kaspersky Lab
Facts
Kaspersky Lab vs. Symantec
The companies: principal facts
Kaspersky Lab A private company established in 1991. Founder
Eugene Kaspersky has been combating viruses since 1989, and the group of antivirus software developers headed by him has worked for over 16 years
The company focuses on the development of solutions that protect users from malicious software, spam and hacker attacks
More than 700 employees in offices across the globe
11 local offices (including offices in China, France, Germany, Great Britain, Japan, Korea and the US)
Extensive partner network: over 500 companies in more than 60 countries
Symantec Founded in 1982 as a public company; IPO on
June 23, 1989 The company became an active player in the
antivirus market only in 1990, when it merged with Peter Norton Computing, Inc.
Security is not Symantec’s only focus. The company also develops backup and application availability solutions, etc.
Over 14 000 employees, with offices in more than 40 countries worldwide
The companies: independent assessment of market position
In 2006, Kaspersky Lab received the Frost & Sullivan Growth Strategy Leadership Award for the highest growth rate in the antivirus industry
Antivirus vendor revenue growth in 2004-2005 (estimate by IDC & Gartner)
9%
17%
9%15%
63%
20%20%
41%
27%
13% 14%12%
24%
43%
13%
95%
11%18%
0%
20%
40%
60%
80%
100%
Kaspersky F-Secure Panda McAfee Sophos S ym antec Norm an Trend Mic ro Total
ID C Gartner
The VirusLab is a single research center located in Moscow. This makes it possible to train new analysts and share expert knowledge with minimal delays.
The system for collecting malicious program samples is geographically distributed, with honeypots placed in numerous locations, enabling analysts to receive samples almost immediately after they appear “in the wild”.
Kaspersky Lab uses unique tools to automate the collection and processing of malicious program samples. It takes just a few minutes to analyze malware samples and add their signatures to antivirus databases.
Updates are tested automatically. Performing multiple operations in parallel accelerates the update testing process, which takes less than an hour.
A broad range of proactive technologies developed by the company enable Kaspersky Lab products to detect most threats even BEFORE their signatures are released.
Technologies: Kaspersky Lab’s VirusLab
Technologies: Kaspersky Lab’s SpamLab
A team of professional linguists. Spam is analyzed 24/ 7/365:
a network of spam traps across the world (“exposed” mailboxes on public mail servers)
mass mailing detection system volume of information analyzed: 100,000–150,000 spam messages
every day Algorithms for linguistic analysis are continually improved and updated. It takes just a few minutes to add a spam signature to the database. Clients receive updates in real-time (using the UDS technology).
Technologies: Symantec Security Response Labs 8 labs across the globe. Information about threats is collected via:
Symantec Security Operations Centers (SOCs); Symantec’s DeepSight system (a network of honeypots); Symantec Probe Network – spam traps.
Nevertheless, Symantec Security Response Labs are unable to ensure the same threat detection levels or new threat response time as Kaspersky Lab.
Symantec’s long new threat response times cannot be explained by more thorough testing of updates. For example, in Spring 2006, users of Norton Antivirus and Norton Internet Security packages received an update that blocked their access to AOL resources.
Technologies: malicious program detection
96.83%
97.89%
96% 97% 98%
Kaspersky
Symantec/Norton
Overall level of malicious software detection
Source: AV-comparatives.org
Technologies: malicious program detection
Recovery from active infections
86%
82%
60% 65% 70% 75% 80% 85% 90%
Kaspersky
Symantec
Source: PC World, AV-Test.org
Technologies: malicious program detection
Detection of active rootkits
100%
76%
0% 20% 40% 60% 80% 100%
Kaspersky
Symantec
Source: ComputerBild
Technologies: malicious program detection
Detection of malicious software in compressed files
80,35%
42,13%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Kaspersky
Symantec/Norton
Source: PC Professionell
Technologies: response time
Average new threat response time (hours)
4-6 hours
0-2 hours
0 2 4 6 8 10 12 14
Kaspersky
Symantec
Source: PC World, AV-Test.org
Risk zone (time before ther release of updates) Update release period
Technologies: update frequency
Number of antivirus database updates released per month
Source: AV-Test.org
615
31
0
100
200
300
400
500
600
700
Kaspersky Symantec
Technologies: Effectiveness of the personal firewall
Personal firewall scores in "leak tests"
7950
4600
0 1500 3000 4500 6000 7500 9000
Kaspersky
Symantec
Source: matousec.com
Technologies: proactive protection Proactive protection targets new malicious programs for which signatures
have not yet been added to antivirus databases. There are two main proactive protection technologies: heuristic analyzer and
behavior blocker. The heuristic analyzer (heuristic) analyzes the code of objects for typical
attributes of malicious applications. Based on the results of this analysis, the heuristic decides whether the object is potentially hostile.
The behavior blocker is a program that analyzes the behavior of applications running on the user’s computer and blocks any dangerous activity (i.e., actions typically performed by malicious programs).
Kaspersky Lab solutions Symantec solutions
Behavior blocker
Heuristic analyzer
Proactive protection technologies used in Kaspersky Lab and Symantec solutions
Technologies: proactive protection
AV-Test.org has performed an independent study of the time it took antivirus vendors to respond to the appearance of Nyxem Email-Worm.Win32.Nyxem.e (BlackWorm). The lab also conducted a test to evaluate the ability of different antivirus products to proactively detect the Nyxem worm. Results:
Proactive detection of Nyxem
Kaspersky Internet Security Detected
Symantec Not detected
Release time of the signature for the detection of Nyxem
Kaspersky Lab 16.01.2006 11:44 Email-Worm.Win32.VB.bi
Symantec 17.01.2006 17:03 W32.Blackmal.E@mm
Kaspersky Internet Security, which includes a proactive defense module (behavior blocker), blocked Nyxem from performing malicious actions.
− The Symantec product was unable to detect Nyxem (BlackWorm) using proactive methods.
An update including the relevant signature was released by Symantec more than one day later than Kaspersky Lab.
Technologies: proactive protection
The proactive defense module (behavior blocker) included in Kaspersky Lab products has detected most modifications of the Warezov (Stration) worm from the very start of its epidemic.
Detection of Warezov by the Proactive Defense module in version 6.0 Kaspersky Lab products:
Technologies: proactive protection
The heuristic analyzer in Symantec products does not detect Warezov (Stration). Behavior blocker functionality is not available in Symantec products.
Symantec releases signatures for the detection of new Warezov (Stration) modifications after long delays. As a result, users remain unprotected for long periods of time:
Kaspersky Email-Worm.Win32.Warezov.dc Zero-hour
Symantec W32.Stration.CX@mm 4:51 hrs.(Data taken from a report by Commtouch, an email security company which tracks how much
different antivirus vendors lag behind in their new threat response time.)
Technologies: antispam protection
Symantec declares that its antispam solutions detect 95% of spam.
Kaspersky Anti-Spam 3.0 Maintenance Pack 1 received the West Coast Labs Anti-Spam Checkmark Premium Award, which means the product detected more than 97% of spam during the entire testing period.
Technologies: these companies use Kaspersky Lab’s antivirus technologies in their solutions
Products: integrated protection for personal computers
Features Kaspersky Internet Security Norton Internet Security
Installation on an infected computer and treatment of an active infection
Self-defense (the antivirus program’s process cannot be terminated/ the service cannot be stopped)* / / -
Proactive protection (heuristic analyzer / behavior blocker / rollback of malicious changes) / / / - / -
File antivirus Mail antivirus (POP3 / SMPT / IMAP4) / / / / -
Web antivirus (scanning of HTTP traffic) -
Rootkit detection (scanning of masked files/ detection of system anomalies)
/ / -
Protection from spyware Protection from network attacks (firewall / IDS) / / Protection from phishing / spam / unwanted advertising / / / / Protection of confidential data Parental control
*PC Professionell
Products: fast operation and minimal effect on system performance
Kaspersky Lab’s version 6.0 products have minimal effect on system performance.
According to independent testing results, Kaspersky Lab’s version 6.0 products outperform Symantec products based on this parameter.
Effect of the antivirus solution on system performance
On-access overhead on executable and system files (in seconds)
12.59
16.39
42.67
96.66
135.36
180.47
71.75
74.63
116.44
0 40 80 120 160 200
Avas t!
Kas pers ky
NOD32
Micros oft
Sym antec/Norton
CA
McAfee
AVG
Sophos
Source: V irus Bulletin
Products: fast operation and minimal effect on system performance
On-access overhead on media files and documents (in seconds)
5,23
12,80
21,52
22,87
32,88
34,38
34,41
45,42
17,55
0 10 20 30 40 50
Kaspersky
Symantec/Norton
Avast!
McAfee
NOD32
AVG
Sophos
CA
Microsoft
Source: Virus Bulletin
Products: fast operation and minimal effect on system performance
On-access overhead on archive files (in seconds)
0.66
2.81
4.47
8.50
3.27
9.86
1.31
9.08
5.80
0 2 4 6 8 10 12
Kaspersky
Avast!
AVG
NOD32
Symantec/Norton
CA
Sophos
Microsoft
McAfee
Source: Virus Bulletin
Products: Scanning speed and impact on system performance
Experts from CNET Labs analyzed the impact of running an on-demand scan on the time it takes users to perform standard operations (such as converting music and video files). Kaspersky Lab products have a
minimum impact on system performance.
Effect of the antivirus solution on system performance (time in seconds required to perform standard operations while on-demand
scanning is running)
174
162
234
208
206
296
196
194
0 50 100 150 200 250 300
AVG
BitDefender
Symantec/Norton
CA
McAfee
NOD32
Kaspersky
No antivirus
Source: CNET Labs
Products: integrated protection of all nodes on a corporate network
* The demand for these solutions is limited
Some people believe that Symantec’s product line is much more extensive than Kaspersky Lab’s. But is this really the case?
Products Kaspersky Lab Symantec
Protection of workstations
Microsoft Windows Workstation + +
Linux Workstation + +
Apple Macintosh Workstation* - +
Protection of file servers
Microsoft Windows + +
Linux + +
FreeBSD / OpenBSD + -
Novell Netware + +
Sun Solaris - +
Microsoft SharePoint* - +
Products: integrated protection of all nodes on the corporate network
Products Kaspersky Lab Symantec
Protection of smartphones and PDAs
Symbian OS + +
Windows Mobile + +
Palm OS + +
Mail system protection
A standalone solution that does not require integration with the mail systems installed on the corporate network
+ +
Microsoft Exchange + +
IBM Lotus Domino + +
Sendmail + -
Qmail + -
Postfix + -
Exim + -
Clearswift MIMESweeper + +
Products: integrated protection of all nodes on the corporate network
Products Kaspersky Lab Symantec
Protection of Internet gateways
A standalone solution that does not require integration with gateways and proxy servers installed on the corporate network
+* +
Solution integrated with the proxy server via the ICAP protocol + +
Microsoft ISA Server + +
Check Point Firewall (CVP) + -
Appliances
Kaspersky Lab solutions are integrated into appliances produced by Blue Coat
Systems, Borderware, Juniper Networks, SonicWall, ZyXEL etc.
Symantec offers its own appliance solutions
Administration system (management of protection)
+ +
* The customer can use Kaspersky Anti-Virus for Proxy Server in combination with the Free Squid Proxy Server with ICAP support as a standalone solution that protects HTTP and FTP traffic at the gateway level.
Products: integrated and effective protection in one product for workstations
Kaspersky Anti-Virus
for Windows Workstations
Symantec Client Security
1. File antivirus 2. Mail antivirus 3. Protection from spyware and adware;4. Protection from network attacks (IDS) 5. Firewall 6. Cisco NAC support
7. Installation on an infected computer and treatment of an active infection
8. Proactive protection (behavior blocker) with system recovery
9. Detection of rootkits (known and unknown)
10. Web antivirus (on-the-fly scanning of the Internet traffic)
11. Protection from spam and phishing
?
Products: a fully functional security management tool
Features Kaspersky Administration Kit
Symantec System Center
Unlimited number of levels in the administration server hierarchy + -
Auditing of administrator actions + -
Integration with the Active Directory + -
Automatic detection of unprotected computers + -
Control over the installation of the client application + -
Support for Wake-on-LAN / Shut Down (remotely turning the computer on / off) + -
Products: the cost and what it includes
Symantec antivirus solutions for workstations are about twice as expensive as Kaspersky Anti-Virus for Windows Workstations.
Symantec Client Security is more than three times as expensive as Kaspersky Anti-Virus for Windows Workstations.
Symantec Client Security includes an antivirus module and a firewall. Kaspersky Anti-Virus for Windows Workstations includes an antivirus module, proactive defense, a firewall, antispam and anti-phishing tools.
Kaspersky Lab provides free technical support. Symantec’s technical support ranges from 10% to 40% of the product’s cost.
Customers: companies that have acknowledged the advantages of Kaspersky Lab products
I.NET S.p.a., Italy T-Mobile, Czech Republic Rectorat Amiens, France University of Western Australia Bancaja Group, Spain Tatneft, Russia VimpelCom, Russia Central Bank of Russia and others
Deutscher Bundestag, Germany International Atomic Energy
Agency (IAEA) Retarus, Germany Government Development
Bank, Malaysia Ministry of Equipment, France Conseil Général 92, France M&G Finanziaria Industriale,
Italy Ministry of Labor and Social
Affairs, Czech Republic
You can find the list of Symantec customers on the company’s website. We are confident that the comparison will be to our advantage.
What do you need these facts for?
To make the right choice!