Why I won't purchase Kaspersky.

vihag · 09-06-2011, 03:20 PM

I was really disappointed with Kaspersky in the previous version, despite it being the most appealing feature that made me try Untangle. I didn't catch anything when testing with 0 day viruses. I thought I would i give it another try. Same result. As you can see I downloaded a suspected infected file. Kaspersky passed it as clean. I uploaded the same file to Virus Total and Kaspersky flags it. Virus signatures were updated prior to the test. Is it just inherent that gateway virus scanning is less effective at catching compared to client AV?

drsminkus · 09-06-2011, 03:29 PM

What a difference a few hours makes. From 22:26 UTC.

drsminkus · 09-06-2011, 03:39 PM

I have always had good luck with Kaspersky enterprise on servers/workstations. Even with the major issues with fake antiviruses in the last couple of years my clients that run Kaspersky have never had an issue. A lot of other customers have had some type of issue with fake AVs. I do believe that the endpoint protection catches more than gateway protection because endpoint protection allows more time to run heuristics and such while gateway scanning is more time-sensitive and must make a determination faster lest the client timeout. Another difference is that Untangle uses the Linux version of Kaspersky which from my understanding doesn't have as many bells and whistles as the newer Windows versions.

sky-knight · 09-06-2011, 03:54 PM

The endpoint has a different perspective on the virus. It also has a larger market penetration and gets more attention. This will naturally lead that technology to be more effective. Untangle's AV modules are there not as a replacement to solid desktop AV, but as an augmentation. And to be fair, they are largely designed to protect a mail server.

So if you aren't scanning SMTP sessions for mime encoded attachments, it's effectiveness takes a hit. The Web Filter's malware category catches far more stuff than my AV modules do for surfing.

vihag · 09-06-2011, 04:12 PM

Quote:

Originally Posted by drsminkus

What a difference a few hours makes. From 22:26 UTC.

Perhaps Kaspersky is watching this thread?

Maybe I'll give it a second chance.

dmorris · 09-06-2011, 04:21 PM

I doubt it. You mentioned nothing about your setup, how you tested, or how you "updated" the signatures.
I suspect you are comparing apples to oranges.

drsminkus · 09-06-2011, 04:23 PM

What is your timezone or what is the UTC time from your log entries?

09-06-2011, 03:54 PM	#4 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,464	The endpoint has a different perspective on the virus. It also has a larger market penetration and gets more attention. This will naturally lead that technology to be more effective. Untangle's AV modules are there not as a replacement to solid desktop AV, but as an augmentation. And to be fair, they are largely designed to protect a mail server. So if you aren't scanning SMTP sessions for mime encoded attachments, it's effectiveness takes a hit. The Web Filter's malware category catches far more stuff than my AV modules do for surfing. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

09-06-2011, 04:21 PM	#6 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,614	I doubt it. You mentioned nothing about your setup, how you tested, or how you "updated" the signatures. I suspect you are comparing apples to oranges. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

Protect

Filter

Perform

Connect

Manage

Add-Ons

09-06-2011, 03:39 PM	#3 (permalink)
drsminkus Master Untangler Join Date: Aug 2011 Location: Buckhannon, WV Posts: 121	I have always had good luck with Kaspersky enterprise on servers/workstations. Even with the major issues with fake antiviruses in the last couple of years my clients that run Kaspersky have never had an issue. A lot of other customers have had some type of issue with fake AVs. I do believe that the endpoint protection catches more than gateway protection because endpoint protection allows more time to run heuristics and such while gateway scanning is more time-sensitive and must make a determination faster lest the client timeout. Another difference is that Untangle uses the Linux version of Kaspersky which from my understanding doesn't have as many bells and whistles as the newer Windows versions.

09-06-2011, 04:23 PM	#7 (permalink)
drsminkus Master Untangler Join Date: Aug 2011 Location: Buckhannon, WV Posts: 121	What is your timezone or what is the UTC time from your log entries?