Kaspersky updates security suite for 2010

Kaspersky's 2010 updates for its Internet Security and Anti-Virus programs introduce several useful features, including behavioral-based threat detection, program sandboxing, and a gamer mode.

UPDATED: Benchmarks provided by CNET Labs were added on Monday, August 24.

A new season of security suites is upon us, and Kaspersky has made improvements to its Kaspersky Internet Security and Kaspersky Anti-Virus programs that include changes indicative of where security software as an industry is leaning. Three new features along with expected upgrades to its antivirus engine keep Kaspersky competitive.

The main window of Kaspersky Internet Security 2010. (Credit: Screenshot by Seth Rosenblatt/CNET)

The full-feature suite Kaspersky Internet Security offers a complete and competitive range of security options. The new features in the 2010 edition include a behavioral-based detection system called the Urgent Detection System. The UDS utilizes the anonymous data of 10 million Kaspersky customers who choose to participate in submitting their system scans to Kaspersky's central servers for analysis. In fact, the UDS must be opted-out of--there's a check box and data collection statement to read when you install the program.

Although this might sound insidious, it's actually a smart way to leverage a huge consumer base for security purposes as long as the data remains anonymous. Symantec's Norton 2010 will contain a behavioral check, too, and what both do is look at programs installed on your computer and judge their safety based on how many people have them installed and how they behave. Among UDS's better sub-features are the ability to customize how long it takes to pass judgment on a new program and per-user configuration of the rules governing program behavior.

Even if a program has deep penetration and it starts behaving badly, Kaspersky will block it. If it's an unknown, Kaspersky will treat it skeptically, monitoring and restricting the program until it has been proven safe. The Vulnerability Scan option, available under the Scan tab, utilizes tech from Secunia to determine which programs are potential security risks because they lack recent updates or patches. For programs that may not warn you that they have a pending security update, such as Adobe Flash, having this tool baked-in could be exceptionally useful.

The tools offered under the My Protection tab are nothing short of robust. There's antivirus protection for files, e-mail, HTTP traffic, and instant messaging. Application control, the aforementioned UDS, includes options for customization, should you need to force access for a specific program that Kaspersky is identifying as a threat. There are protections against spam, phishing, and banner ads, firewall control, and a network monitor to track network activities for users who like to drill down deep into their system's behavior. There's also a Parental Control filter, with options to outright block children from particular sites or merely log events. By default, the Parental Control filter is off, and when activated it assigns all other users on the computer Child status until directed otherwise. There's a Teenager status, as well, for more granular control of restrictions.

Safe Run is Kaspersky's new sandboxing feature for further securing programs that access the Internet. (Credit: Screenshot by Seth Rosenblatt/CNET)

The My Security Zone tab is where most of the application control features live. From here, a clean chart organizes your installed programs according to trustworthiness, the Digital Identity Protection feature allows you to uncover which files your personal information resides in according to program, and the Safe Run sandbox can be controlled. Safe Run nearly doubles the amount of RAM the program uses, but provides a secure environment for launching a program. Safe Run also comes with a sandboxed folder into which you can save files without worry. The feature currently will not run on Windows 7 computers, but Kaspersky has told me that it expects to have the feature fixed before the October release of the new operating system.

Programs can be launched into Safe Run in one of two ways. You can add the program manually through the Kaspersky Security Zone panel, or you can launch it on the fly using the context menu. Hopefully, there will be casual launcher added to jump lists in Windows 7, but that feature doesn't exist now.

Scans and definition file updates performed empirically as expected, with the Quick Scan taking less than three minutes. The Vulnerability Scan took less than four minutes, as well. The Full Scan, which was expected to be slow, took less than an hour, but as it approached 80 percent completion it oscillated between telling me that it would finish in one minute and two minutes. In fact, it would take another 11 minutes to finish.

The Update Center tab offers a smooth update scheduler integrated into the main interface. Click on Run Mode to change the schedule. This isn't remarkable except to point out that only the definition file update offers an update like this. To schedule any other regular scan, you must click on the Settings option at the top right of the main Kaspersky window, choose the feature you want to schedule from the list on the left if it wasn't open in the main window when you hit settings, select Settings from within the window that opens, and then finally click the Run Mode tab on yet one final pop-up window. It's a tedious process and could be streamlined to great effect, but makes one of the basic features of this security program unnecessarily hard to get to.

Setting a scheduled scan in Kaspersky Internet Security 2010 is no simple task. (Credit: Screenshot by Seth Rosenblatt/CNET)

The program also comes with an auto-run disable feature and a virtual keyboard so that you can enter in passwords without worrying about a keylogger. I think most users will find this superfluous. The new gamer mode, however, isn't. This basically keeps Kaspersky functioning while you play games but kills interrupting pop-ups and strips memory usage down to its minimum.

If you're testing the trial version, a yellow bar announcing that your computer security is at risk can be toggled under the Report link at the top right of the main window, then go to the Status tab.

Full benchmarks from the CNET Labs were not available when this blog originally ran, but we have them now. CNET Labs' benchmarks reveal a slightly different side to KIS. KIS slowed down our test computer's cold boot time by 2.21 seconds, and shutdown time by nearly 5 seconds. Scan times were actually faster on Kaspersky Internet Security 2010 than Kaspersky Anti-Virus 2010 by 9 seconds. They have identical engines, but KAV has fewer ancillary features. During our MS Office and iTunes decoding tests, both KIS and KAV performed identically, although during the media multitasking test KIS was slower by 64 seconds. In our Cinebench test, KIS fared the worst compared to a standard machine and KAV. KIS hit 3,908, while KAV notched 4,190 and baseline computer marked 4,217.

According to virus and malware detection results at AV-Test.org and AV-Comparatives.org, last year's Kaspersky 2009 has scored average or better in all areas of detection. AV-Test.org noted that it detected more than 98.4 percent of malware on demand and 98.3 percent of spyware on demand, with an average rate of false positives. AV-Comparitives.org awarded Kaspersky 2009 Advanced+ in both February 2009's on-demand comparative and in May 2009's retrospective/pro-active test, noting few false positives and a 50 percent detection rate, behind Microsoft, Eset, Avira, and G Data. The short version of these independent test results is that last year's Kaspersky scored above average in general, and was excellent at malware detection.

If you're interested only in Kaspersky Anti-Virus, it contains the most of the same engines and features as Kaspersky Internet Security. It lacks the personal two-way firewall, parental and privacy control, whitelisting and application control, safe run virtual sandbox, antispam protection, and banner ad blocking.

Using this year's interface and detection numbers for the previous version, I think it's safe to say that Kaspersky is a strong security suite, but that the extra features available in Internet Security make it worthwhile to pay for, whereas the standard Kaspersky Anti-Virus doesn't offer enough on its own to compare favorably against high-performing, free antivirus programs.