Performance Validation Testing Kaspersky Lab Corporate Security

Page created by Lloyd Chambers
 
CONTINUE READING
Performance Validation Testing Kaspersky Lab Corporate Security
Performance
          Validation
          Testing

          Kaspersky
          Lab
          Corporate
          Security
          Solutions
1 of 24
Performance Validation Testing Kaspersky Lab Corporate Security
Contents

Changing Malware Threats in Corporate Networks                                            3

The Test Objectives                                                                       6

Malware Test Suites                                                                       8

Malware Detection Test Results                                                            9

Kaspersky Lab Corporate Security Solutions                                               10

Checkmark Certifications for Kaspersky                                                   14

Checkmark Certification Profile for Kaspersky Lab                                        15

Conclusion                                                                               16

Product Feature Comparisons                                                              17

Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG Standard Edition     18

Kaspersky Security 8.0 for Microsoft Exchange Servers                                    19

Kaspersky Anti-Virus 8.0 for Linux File Server                                           20

Kaspersky Anti-Virus 8.0 for Lotus Domino                                                21

Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition                          22

Disclaimer                                                                               23

Contact Information                                                                      24

2 of 24                                                                www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
Changing Malware Threats
in Corporate Networks
The Evolution of Malware, Security                         focus in corporate networks shifts away from the
Technologies and Services                                  desktop, into mobile, cloud and virtual computing
                                                           resources, security software needs to protect these
By Lysa Myers,                                             environments too.
director of research,                                          The way malware spreads has also changed – there
West Coast Labs                                            is less concern for infecting oneself with a floppy disk
                                                           (how many of us even have a floppy disk drive now?)
                                                           or via poorly worded and spelled mass-mailer viruses.

T   here are few who are unaware
    of the malware landscape
changing since the release of
                                                           When malware authors discovered there was profit to
                                                           be had in spreading their malicious wares, they began
                                                           to take many of the tactics used by Search Engine
the first few viruses decades                              Optimizers and improved their social engineering craft,
ago. But it seems there are
                                                           placing files where people were most likely to run
just as few people outside
the computer security industry who understand the          across them. Consequently, the Web is now where
nature of that change. No longer is malware as             the majority of people become infected with malware
ethereal a threat as an urban legend, and no longer        and, given the extent to which the internet is such an
is the virus outbreak of the day making the evening        integral part of all corporations’ business activities, the
news. Threats now come not by ones and twos but            Web is a potent threat vector. Company’s websites are
by the many tens of thousands each day with the            regularly targeted for defacement or infected to spread
known total hovering in the tens of millions. And          malware to the site’s visitors.
threats come quietly, remaining as far below the radar
                                                               Given that the Internet is operating system agnostic
as possible to maximize their stay on an affected
                                                           and because current scripting languages allow for
machine. Corporations are now victims of targeted
attacks, as well as the regular masses of malware and      queries of the specific browser version of each visitor,
have specific needs for the protection of corporate        malware can be spread which in a manner which
information assets.
    While malware activity has increased, security
budgets certainly have not. Many corporate security
staff find themselves facing a tidal wave of new
threats without extra personnel or resources. They
need security software to work faster, harder and
require less manual interaction while providing detailed
reports as to what actions have been taken. Machines
which are infected need to be cleaned completely so
as to get systems back up and running quickly and
painlessly. Anti-Malware software is only as good as
its research and support departments. They are vital in
order to have excellent response times to new threats
and to provide top-notch customer assistance. As

3 of 24                                                                                  www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
infects any particular visit. In the last few years,      test of anti-malware functionality, it is far from a
this has been a tactic which has proved increasingly      complete picture of overall product performance.
popular with malware authors, increasing their reach as      In order to accurately reflect a user’s experience
the market share of new technology increases.             with malware, it is important to gather the full spectrum
    Obviously, anti-malware products had to change with   of malware from a variety of sources from throughout
the times as the onslaught of malware has increased       the internet, which circulate on various protocols. This
and the tactics of malware authors has shifted. The       means including not just email-based malware, but
first anti-malware products were designed strictly        malicious files on P2P networks, as well as on the Web
as signature scanners, which only ran when a user         and other attack vectors. Because malware does not
specifically initiated a scan. In short order, this was   stop when the work day ends nor does it recognize
changed to allow the scanner to run continuously in       geographic boundaries, threats must be collected all
the background so that each file was examined as it       day from around the world.
was accessed, without users having to think about
it. This approach has become more widespread, so
that products require little interaction – users can
automatically have the most up-to-date protection
running at all times.
    Another thing which has changed with the times is
the complexity of the scanning processes. No longer
are anti-malware products simply signature-based
scanners.
    They now include advanced heuristic technologies
and generic signatures which can proactively detect
new variants of existing families and new malware
families. The best products include a variety of
security features such as web or spam filtering,
behavioural analysis or a firewall technology which           As anti-malware products have begun to include
can help protect against brand new threats. With          more wide-ranging technologies including ones which
these new, intensive scanning technologies, vendors       are initiated upon execution of a file, testing must
have come up with many ways to decrease the overall       incorporate dynamic functionality by running threats
processing load, so that scanning will not noticeably     on test machines. This naturally takes more time than
decrease access times or interrupt workflow.              scanning an immobile directory of files, so one must
    As both the malware landscape and anti-malware        take care to select the most relevant sample set which
products have changed, so has the security testing        a customer is most likely to encounter. This takes
industry. When products under test were updated           into account not just prevalence, but attack vector
periodically, used on-demand scanning and the total       popularity on which it’s spread, potential for damage on
known malware was in the thousands, it made sense         an infected system, as well as geography.
to have only a single pass or fail test which was             Malware authors are always abreast of technology
performed a few times a year over a static test-bed of    trends – where do people share their information,
samples. This is no longer the reality of the current     how do people share files? At West Coast Labs we’ve
user experience. While it can be a meaningful baseline    already begun to see an increase of attacks on things

4 of 24                                                                               www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
like digital picture frames, USB thumb drives, mobile    overall service to meet not just security, but also
phones and on popular Web 2.0 sites. So, suffice to      business needs.
say, if you know a few people who use one or other           When considering product performance in a
or all – malware authors are looking to exploit them     corporate network environment, ‘Protection’ is more
for financial gain. Likewise, anti-malware vendors are   than current malware detection capabilities, it’s also
developing technologies to protect them and testers      about the extent of a vendor’s product research
like West Coast Labs are developing methodologies        and development strategy that anticipates threats
to mirror the user’s risk and potential infection        and trends to ensure proactive network protection.
experience. In order to keep up to date on the           It can be further defined as the extent to which
evolving malware landscape, one need only see which      malware protection is delivered for a multi-platform
new widgets are being used in                                                      infrastructure through efficient
home and business network
environments.
                               “It’s also about the                                and easily managed solutions
                                                                                   with wide inter-operability
    But in the corporate world,                                                    capabilities. ‘Protection’ is
keeping updated on the latest  extent of a vendor’s                                also about the extent to
threats and technologies                                                           which business interests are
is not enough – TCO and
ROI need to be considered.
                               product research and                                protected through vendor
                                                                                   service strategies that now
How well do advanced                                                               include optimised and cost-
technologies proactively       development strategy                                effective security plans tailored
detect? How quickly are                                                            to individual corporations’
new threats added? How is
customer support response?
                               that anticipates threats                            needs for maximising business
                                                                                   productivity, lowering the

                               and trends to ensure
How easily can the solution                                                        total cost of ownership and
be managed remotely? How                                                           maximising the return on
much CPU time is used                                                              investment. Also, given that
for scanning? To find the
answers to many of these
                               proactive network                                   corporations are operating in
                                                                                   a worldwide ‘e-economy’ all

                               protection.”
questions, take a look at                                                          this needs to be supported by
product performance data                                                           trusted and responsive global
from leading independent                                                           support plans.
test organisations such as West Coast Labs and the           Yes, the threat landscape is continuing to evolve
performance validation programmes they deliver –         with new malware threats spawned at an alarming rate,
such as Real Time Testing.                               but no longer is malware protection and information
    You can also take a close look at how individual     security in general just a technical issue - it’s a
vendors are responding to the changing threat            business issue. That’s why vendors’ product and
landscape and the implications for the security of       service solutions are evolving to suit these changing
corporate networks. Nowadays, vendors are defining       needs and West Coast Labs is developing independent
‘Protection’ differently. No longer is it just product   product performance programmes that ensure that
performance-related but also related to business and     these products and services are tested and validated
customer service issues, delivering a higher value       accordingly.

5 of 24                                                                               www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
The Test Objectives
Kaspersky Lab commissioned West Coast Labs to                     the appropriate and commonly supported Operating
carry out the following testing:                                  System and software detailed in the next section of this
   • Checkmark Certification for the Baseline, Dynamic            report. During installation, all default values were kept
and Real Time testing programme on seven corporate                and, where a choice was required, the course of action
security solutions:                                               recommended by the solution and/or the attendant
       • Kaspersky Security 8.0 for Microsoft Exchange            product documentation was adhered to.
         Servers                                                      Each solution was updated to the latest available
       • Kaspersky Anti-Virus 8.0 for Windows Servers             definition, engine, and signature releases before a
         Enterprise Edition                                       forensic image was taken and stored for later use. Up-
       • Kaspersky Anti-Virus 8.0 for Linux File Server           dates were allowed during the test period through any
       • Kaspersky Anti-Virus 8.0 for Lotus Domino                normal scheduled and automatically enabled update
       • Kaspersky Anti-Virus 8.0 for Microsoft ISA 		            mechanism present in the product, and a further foren-
         Server and Forefront TMG Standard Edition                sic image was taken on the last day of testing for each
       • Kaspersky Endpoint Security 8 for Mac                    combination of products.
       • Kaspersky Endpoint Security 8 for Linux                      Each solution was tested against an appropriate
   • Comparative testing of selected Kaspersky                    test set extracted from the 100,000 samples men-
products against a range of competitor products in a              tioned above and made up of real-world, “solution ca-
“static” test environment (see below).                            pability specific” samples taken from West Coast Labs’
   • A comparison of product feature sets using                   collections, including samples received in the West
publicly available information on vendor websites and             Coast Labs Global Honeypot Network. For example,
marketing collateral.                                             the Exchange-based solutions were tested against mal-
   A comprehensive list of all Kaspersky Lab Check-               ware known to propagate over email. Test sets and the
mark Certifications and Checkmark Platinum Product                methodologies were constructed so as to mirror the
Awards can be found on page 15.                                   experience of a real-life installation as far as possible
                                                                  and not to advantage any one vendor over the others.
The Comprative Product Testing                                    *For a description of the malware used in this test
The comparative testing comprised a basic evaluation              programme, refer to Appendix 1 of this report.
of each product’s malware detection capability in a static
test environment. WCL built a test suite of 100,000 live          Comparative Product Testing – Test Network
malware samples* from its own independent resources               Testing was carried out on distinct networks which com-
that covered all appropriate attack vectors.                      prised various server and client machines needed to run
   Each solution was installed to a server running                the respective technologies and operating systems.

 Corporate Security Solutions Used in the Comparative Product Testing
                                   Microsoft Exchange Test
 Kaspersky Security 8.0            Symantec Mail Security                                  Trend Micro ScanMail
 McAfee GroupShield                Sophos E-mail Security                                  ESET Mail Security
                                   Lotus Domino Test
 Kaspersky Anti-Virus 8.0          Symantec Mail Security                                  Trend Micro ScanMail
 McAfee GroupShield                Sophos E-mail Security                                  ESET Mail Security
                                   Microsoft ISA Server (replaced by Forefront TMG 2010) Test
 Kaspersky Anti-Virus 8.0          Forefront TMG 2010
                                   Windows Server Test
 Kaspersky Anti-Virus 8.0          Symantec Endpoint Protection                            Trend Micro Officescan Server
 McAfee VirusScan Enterprise and
 VirusScan for Storages            Sophos Endpoint Security                                   ESET File Security
                                   Linux Test
 Kaspersky Anti-Virus 8.0          Symantec Endpoint Protection                               Trend Micro ServerProtect
 McAfee VirusScan Enterprise       Sophos Endpoint Security                                   ESET File Security

6 of 24                                                                                        www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
In order to provide a balanced reporting process,     tests, along with desktop machines to act as remote
West Coast Labs recommended that all client machines      points of control and for test management.
should run Windows XP and Service Pack 3 and that
server platforms ran the highest OS version commonly      Comparative Product Testing – Test Methodology
supported across each of the solutions.                   In each test case, the protocol most likely to be used
    In some cases this meant that they may not have       was employed to test the solutions – detailed below.
been running on the latest version of a particular            Microsoft Exchange testing: Testing was conducted
operating system, but this method meant that any          on an “On Access” basis. All samples were sent via
testing carried out was more directly comparable. De-     email from accounts on a real-life, resolvable domain
tails of highest levels of common operating systems       owned and controlled by West Coast Labs to the
per component available at the time of testing are as     products under test over a live internet connection
follows:                                                  with appropriate firewall rules in place to allow only
Network 1 – Microsoft Exchange                            communication between the hosts used in the testing.
This network comprised 12 systems – 6 desktops and        This enabled West Coast Labs to report on those
6 servers (one of each for each solution). Each of the    emails that were stopped at the Exchange Server and
desktop machines were paired up with a server system      track those emails that were bounced to allow for
in order to allow an Exchange Server and Outlook client   resending to ascertain the gateway protection offered.
configuration.                                                Windows Server testing: Testing was conducted on
    Server OS: Windows 2003 Server 64 bit, Exchange       an “On Demand” basis. All samples were copied on
    Release: 2007 64 bit.                                 to the appropriate server in a number of directories.
Network 2 – Windows Server                                The solution under test was asked to scan the server
This network comprised 12 systems – 6 desktops and        Operating System to report any infections it found.
6 servers (one of each for each solution). Each of the        Linux testing: Testing was conducted on an “On
desktop machines were paired up with a server system      Demand” basis. All samples were copied on to the
in order to allow a server/client configuration.          appropriate server in a number of directories. The
    Server OS: Windows 2008 64 bit                        solution under test was asked to scan the server
Network 3 – Linux                                         Operating System to report any infections it found.
This network comprised 6 systems running the Red              Lotus Domino testing: Testing was conducted
Hat Enterprise release 5 version of Linux.                on an “On Access” basis. All samples were sent via
Network 4 – Lotus Domino                                  email from accounts on a real-life, resolvable domain
This network comprised 12 systems – 6 desktops and        owned and controlled by West Coast Labs to the
6 servers (one of each for each solution). Each of the    products under test over a live internet connection
desktop machines were paired up with a server system      with appropriate firewall rules in place to allow only
in order to allow a Lotus Domino server and Lotus         communication between the hosts used in the testing.
Notes client configuration.                               This enabled West Coast Labs to report on those
    Server OS: Windows 2003 32 bit, Lotus Domino          emails that were stopped at the Domino Server and
    Release: R8                                           track those emails that might get bounced to allow for
Network 5 – Microsoft ISA Server (Forefront TMG           resending to ascertain the gateway protection offered.
2010)                                                         TMG 2010 testing: Testing was conducted on an “On
This network comprised 4 systems – 2 desktop and          Access” basis. All samples were provided from a real-life
2 servers (one of each for each solution). Each of the    resolvable web, FTP and P2P server on a domain wholly
desktop machines were paired up with a server system      owned and controlled by West Coast Labs.
in order to allow a server/client configuration.              Attempts were made to download the samples
    Server OS: Windows 2008 64 bit, Forefront TMG         over a live internet connection with appropriate firewall
    2010                                                  rules in place to allow only communication between the
    Supporting these five networks there were a number    hosts used in the testing using HTTP, FTP and P2P to
of servers designed to collect data from each of the      ascertain the gateway protection offered.

7 of 24                                                                                www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
Malware Test Suites
W    est Coast Labs puts considerable effort into
     ensuring the relevance of samples used in testing.
   There are three key components to this process.
                                                          five different operating environments, namely Microsoft
                                                          Exchange, Lotus Domino, MS ISA (TMG 2010) Server,
                                                          Windows Server and Linux File Server. The main test
The company’s research facilities continuously monitor    suite is divided into separate sub-suites used for each
malware attacks and intercept attempts to attack the      environment (although some sub-suites are used more
corporate network of a global company with thousands      than once).
of users spread over four continents.                         For both Microsoft Exchange and Lotus Domino,
   WCL also has the advantage of an international         the main component of the test suite is a group of
system of honeypots, machines based in many               malware that spreads itself via SMTP. Of course, many
countries on most continents that sit on open             different files and types of malware can be attached
networks waiting to be attacked. When attacks occur       to emails, and therefore the test suite also includes
the malware is intercepted and reported back to a         malware gathered internationally that can be sent by
                                                                       email. Types of malware used in this part of
                                                                       the test include viruses, bots, Trojans, and
                                                                       especially those worms designed to spread
                                                                       by email, all of which have been found in the
                                                                       email intercepts delivered to WCL.
                                                                          Windows Server acts as a network server
                                                                       and repository and so the appropriate test
                                                                       sub-suites include not only those sub-suites
                                                                       as used elsewhere but also network worms
                                                                       as being the malware most likely to infect
                                                                       and spread via these environments.
                                                                          MS ISA Server acts as a network edge
                                                                       gateway and so the suites considered when
                                                                       testing this include a wide range of malware
                                                                       concentrating on network traffic including
                                                                       HTTP, FTP, malware as well as network
central repository, where it is de-duped, checked for     worms – malware transported by the sort of traffic flow
corruption and validity, stored and can then be used as   that would be associated with a corporate network.
a sample for testing products.                                Linux has a small selection of malware especially
    Another method of collection and validation is        designed to run in that environment, but also needs
through honeyclients; systems designed to trawl           to recognize Windows malware; although this cannot
the Internet to discover “drive-by downloads” (where      run natively in this environment, many companies
malware is downloaded in the background unknown           include both Windows and Linux machines on the
to the user who is looking at an otherwise perfectly      same networks and any failure to recognize Windows
acceptable web site), and to download files by visiting   malware might lead to infection of central or shared
these websites and capturing the output.                  servers and leave the whole network vulnerable. For
                                                          this reason the test sub-suites used in this environment
Comparative Test Project Malware Samples                  include Linux malware but also Windows malware as
For this particular custom test, testing takes place in   used in some of the other tests.

8 of 24                                                                                www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
Malware Detection Test Results

TEST 1 – Microsoft Exchange
Total Malware Samples – 8042  Test Date                                           Detection Rate        Test Location
Kaspersky Security 8.0        16/09/2009 - 23/09/2010                             100%HH                WCL UK Lab
Product Performance AverageH		                                                    100%HH                WCL UK Lab
Product A                     16/09/2009 - 23/09/2010                             100%HH                WCL UK Lab
Product B                     16/09/2009 - 23/09/2010                             100%HH                WCL UK Lab
Product C                     16/09/2009 - 23/09/2010                             100%HH                WCL UK Lab
Product D                     16/09/2009 - 23/09/2010                             100%HH                WCL UK Lab
Product E                     16/09/2009 - 23/09/2010                             100%HH                WCL UK Lab
TEST 2 – Windows Server Enterprise
Total Malware Samples – 25640 Test Date                                           Detection Rate        Test Location
Kaspersky Anti-Virus 8.0      20/09/2010 - 23/09/2010                             99.68%                WCL USA Lab
Product Performance AverageH		                                                    99.54%                WCL USA Lab
Product A                     20/09/2010 - 23/09/2010                             99.45%                WCL USA Lab
Product B                     20/09/2010 - 23/09/2010                             99.50%                WCL USA Lab
Product C                     20/09/2010 - 23/09/2010                             99.36%                WCL USA Lab
Product D                     20/09/2010 - 23/09/2010                             99.69%                WCL USA Lab
Product E                     20/09/2010 - 23/09/2010                             99.57%                WCL USA Lab
TEST 3 – Linux
Total Malware Samples – 25640 Test Date                                           Detection Rate        Test Location
Kaspersky Anti-Virus 8.0      05/10/2010 - 08/10/2010                             99.95%                WCL USA Lab
Product Performance AverageH		                                                    99.59%                WCL USA Lab
Product A                     05/10/2010 - 08/10/2010                             99.64%                WCL USA Lab
Product B                     05/10/2010 - 08/10/2010                             99.24%                WCL USA Lab
Product C                     05/10/2010 - 08/10/2010                             99.40%                WCL USA Lab
Product D                     05/10/2010 - 08/10/2010                             99.80%                WCL USA Lab
Product E                     05/10/2010 - 08/10/2010                             99.53%                WCL USA Lab
TEST 4 – Lotus Domino
Total Malware Samples – 8042  Test Date                                           Detection Rate        Test Location
Kaspersky Anti-Virus 8.0      06/10/2010 - 10/10/2010                             100%HH                WCL UK Lab
Product Performance AverageH		                                                    100%HH                WCL UK Lab
Product A                     06/10/2010 - 10/10/2010                             100%HH                WCL UK Lab
Product B                     06/10/2010 - 10/10/2010                             100%HH                WCL UK Lab
Product C                     06/10/2010 - 10/10/2010                             100%HH                WCL UK Lab
Product D                     06/10/2010 - 10/10/2010                             100%HH                WCL UK Lab
Product E                     06/10/2010 - 10/10/2010                             100%HH                WCL UK Lab
TEST 5 – ISA Server (Forefront TMG)
Total Malware Samples – 18680                Test Date                            Detection Rate        Test Location
Kaspersky Anti-Virus 8.0                     14/10/2010 - 19/10/2010              99%HH                 WCL UK Lab
Product A                                    14/10/2010 - 19/10/2010              99%HH                 WCL UK Lab

HDefined as the performance average of the products included in the tests, which are deemed to be leading solutions in their own rights.
HHSamples used in these tests are those found to be in circulation on West Coast Labs’ SMTP malware feeds immediately prior to the
commencement of testing. Although appearing unusual, the 100% detection rates are indicative of two key facts. Firstly, the paranoid
behaviour of email protection systems and the degree of protection extended to vital communication systems such as these, Secondly,
the changing nature of attempts to compromise end users over this vector. Whilst executables and binaries travelling over this vector are
still highly prevalent, they are becoming less diverse, ie that there are not as many frequent outbreaks of email based malware as there
were and that the targets are more likely to receive phishing emails and links to websites rather than files.

9 of 24                                                                                                  www.westcoastlabs.com
Performance Validation Testing Kaspersky Lab Corporate Security
Kaspersky Lab Corporate Security Solutions
Kaspersky Lab Statement
                                                                               Kaspersky Security 8.0 for
Kaspersky Lab has developed highly-effective anti-malware solutions
                                                                               Microsoft Exchange Servers
for use in medium and large-scale corporate networks with complex
                                                                               (Kaspersky Security 8.0).
topologies and heavy loads. Combining ease of use with high standards
of performance across multiple attack vectors, the products are cost           Kaspersky Security 8.0 provides
effective solutions which meet both business and technical needs               anti-malware and anti-spam protec-
                                                                               tion for mail traffic on corporate
worldwide.
                                                                               networks. Its integration with
                                                                               Exchange allows for detection and
                                                                               removal of malware and spam at
West Coast Labs’ Executive Summary Report                                      the gateway level.
                                                                                   The product is easy to install
The launch of the Kaspersky Lab’s     solutions available anywhere in the      and its user-friendly interface, flex-
range of anti-malware products for    world today.                             ible administration and straightfor-
the corporate network environment         Details of the specific tests to     ward configuration and reporting
provides security managers with       which the products are exposed           system does not place excessive
an extended choice of effective       are published elsewhere in this          demand upon Administrator’s time.
solutions for dealing with threats    report, but the overall outcome          No extra setup is required on
in attack vectors across multiple     of the certification testing is the      Exchange and malware protection
operating systems.                    achievement of the Platinum              began immediately.
    West Coast Labs’ independent      Product Award for these prod-                Management of the solution is
testing and performance valida-       ucts, which is the highest level         simple as Kaspersky Security 8.0
tion of the products confirm that     of independent validation from           employs a Microsoft Management
they combine ease of use and          West Coast Labs possible for             Console (MMC) snap-in, providing
management with high levels of        an anti-malware solution. This is        an intuitive interface with full ac-
performance, all of which is driven   complemented by very respect-            cess to all features. Database and
by Kaspersky Lab’s own research,      able malware detection test results      signature updates run automatical-
development and customer sup-         which position the performance           ly, as often as every two hours, but
port programmes.                      of Kaspersky Lab products very           if required may be run on-demand.
    Kaspersky Lab has made a          favourably alongside more widely         Although there are fewer options
significant commitment to the inde-   recognised corporate security            available compared to other corpo-
pendent validation of its products’   solutions.                               rate products on the market, it can
efficacy and performance through          The specific malware detection       be argued that all the necessary
West Coast Labs’ Checkmark            capability testing of both Kasper-       options are available thus leading
Certification System. This provides   sky Lab and a number of com-             to a streamlined user experience.
a range of static, dynamic and        petitive anti-malware solutions was          In the ongoing Checkmark Certi-
real-time tests which make these      carried out in September and Oc-         fication Static and Real Time tests,
                    Kaspersky solu-   tober 2010 while the Checkmark           like all the Kaspersky products, this
                    tions possibly    Certification testing of its products    solution has achieved high consis-
                    the most inten-   is performed on an ongoing basis.        tently standards of performance.
                    sively tested     Custom test reports and details of       For the comparative performance
                    corporate         certification testing are available at   testing to measure the product’s
                    anti-malware      www.westcoastlabs.com                    detection capability of malware
                                                                                                                t
                                                                                                                t

10 of 24                                                                                www.westcoastlabs.com
known to propagate
                                                                                  Test Networks and Methodology
over SMTP, Kaspersky
Security 8.0 achieved                                                             In a heterogeneous network
100% detection rate                                                               situation it is important to know that
                                                                                  a security solution is both compliant
of the 8042 malware                                                               and compatible. Throughout the
samples used in the                                                               comparative test programme for
test. This performance                                                            ISA/TMG, Linux, Lotus Domino and
is equivalent to and                                                              WSEE, WCL utilised the following
matches that of the                                                               network configuration to simulate a
                                                                                  corporate network environment:
competitor products
                                                                                  • 64-bit Windows 2008 machine
included in the test.                                                             running as a gateway/DNS server
We also test HTTPS.                                                               hosting Forefront TMG/ISA Server
                                                                                  • 32-bit Windows 2003 machine
                                          Kaspersky Security 8.0 Update Process   running Lotus Domino mail server
Kaspersky Anti-Virus 8.0 for                                                      • 64-bit servers running Linux and
Microsoft ISA Server and                                                          Windows 2008, both acting as file
                                             Kaspersky Anti-Virus 8.0 allows      servers
Forefront TMG Standard Edition
                                          permission or denial of various              While each of the solutions
Kaspersky Anti-Virus 8.0 sits on top      traffic types – HTTP, FTP, SMTP         were tested independently of one
of Microsoft Forefront TMG 2010.          and POP3 – plus the ability to          another, results of these tests and
While TMG acts as a standalone            define what, if any, of the protocols   the observations made point to the
                                                                                  various Kaspersky Lab solutions
security solution in its own right, the   should be subject to scanning.
                                                                                  providing a multi-faceted security
addition of Kaspersky Anti-Virus 8.0      Data on network status includ-          framework for a corporate network.
provides a multi-layered security         ing the protocols which are being            Taking a hypothetical network into
solution.                                 blocked, numbers of files scanned,      account, as below, one can see how
    Installation of Kaspersky Anti-       and the number of resulting infec-      each of the solutions would interact
Virus 8.0 is simple, using a stan-        tions is readily available.             with and secure the network.
                                                                                       Anti-malware protection, at
dard Windows Installer and settings          In the performance testing over      the gateway level, is provided by
imported from TMG during the              the HTTP and FTP attack vectors,        scanning email coming into the
install process. The default settings     the combination of Kaspersky            ‘corporate network’ over SMTP with
provide fast protection, but a more       Anti-Virus 8.0 and TMG provided         an initial scan by Kaspersky Anti-
tailored installation can be achieved     99% detection of the range of           Virus 8.0 sitting on the TMG server.
                                                                                  In turn, the email is then received
if required.                              malware samples which were
                                                                                  by the Exchange or Domino server
    The solution is managed via           included in the test.                   and a further scan conducted by
MMC with an additional central mon-                                               the appropriate solution. Should
itoring screen and network policies                                               any user require the downloading of
                                          Kaspersky Anti-Virus 8.0 for            email from an external POP3 server,
which can be be added to comple-
                                          Linux File Server                       the Kaspersky for TMG solution
ment those of TMG; making the
                                                                                  scans the traffic as it passes
                      whole process       Kaspersky Anti-Virus 8.0 for            through the gateway.
                      of management,      Linux installs from the command              When dealing with files any that
                      administration      line, using a shell-script installer.   are downloaded over HTTP/FTP are
                      and ongo-           Although some degree of familiarity     scanned on the TMG/KAV combined
                      ing use very        with Linux is required, even junior     server. Should any network user
                                                                                  then attempt to upload any files to
                      straightforward.    network administrators with a basic
                                                                                  either a Windows or Linux based
                                                                                  file server then here the respective
                                                                                  Kaspersky Lab solution will provide
                                                                          t
                                                                          t

                                                                                  further defense-in-depth.

11 of 24                                                                                  www.westcoastlabs.com
KAV 8.0 for Linux File Server interface.

Application interface of KAV for ISA
                                       anti-malware product, the make-up        possible to ensure consistency of
                                       of the interface is very familiar – it   performance.
understanding of Linux should be       is both clear and intuitive.                However, Kaspersky Anti-
comfortable with the process.              On-Access and On-demand              Virus 8.0 sets itself apart in this
    Managed via a web-based            protection are available as              regard. It is well implemented, as
GUI running on a non-standard          standard. Administrators can             demonstrated in the comparative
port, Kaspersky Anti-Virus 8.0         browse the Quarantine folder from        performance tests where it led
is configured from the GUI. No         within the product interface to          with a 99.95% detection rate
secondary interfaces or files need     review any malware logged and            on the 25640 malware samples
to be changed and updates are          thus decide what actions to take.        tested compared to an average
either scheduled or run on-demand.         Given the complexities               performance rate of 99.52%
    For security admin staff who       involved with porting anti-malware       for 5 other leading corporate
may be familiar with a file-server     solutions to Linux, it is not always     solutions.

Kaspersky Anti-Virus 8.0 for Lotus Domino
Anyone familiar with Lotus Domino will find the installation
straightforward. It is performed using a Lotus .nsf database
file which is opened through Lotus Notes to run. Admin-
istrators can set various actions to be performed when
malware is detected, however they will need to be familiar
with Lotus in order to get the best out of the solution when
                     rolling Kaspersky Anti-Virus 8.0 out to a
                     Domino server.
                         Delete or quarantine actions are
                     easily defined for detected malware
                     and for deleting infected attachments.
                                                                  Licensing process on Kaspersky Anti-Virus for Lotus
                     Unlike some of the other vendor prod-
                                                                                                                  t
                                                                                                                  t

12 of 24                                                                                  www.westcoastlabs.com
ucts included in the comparative
                                       Kaspersky Anti-
performance review, Kaspersky
                                       Virus 8.0 for
Anti-Virus 8.0 does not need the
                                       Windows Servers
installation of a desktop anti-
                                       Enterprise Edition
malware product to be able to use
the desktop product’s scanning         Kaspersky Anti-Virus
engine signature files.                8.0 for WSEE uses
   In the comparative testing          the standard Windows
against 5 other leading corporate      Installer interface.
solutions, the test methodology em-    Two installations are
ployed a sender machines running       required, one for the
a Linux distribution. Scripts devel-   Administration tools
oped by WCL were used to send          and one for the solu-
the emails that contained infected     tion itself. However,               Update Process on Kaspersky Anti-Virus WSEE
attachments over a live Internet       importing an existing
connection.                            configuration file to
   Emails were sent to servers         keep existing settings is possible        required setting. On Demand scans
running Lotus Domino 8.5 on            when upgrading a previous version. can be set to a pre-defined security
Windows 2003 that each picked          Installation is quick and trouble-free. level or customized to meet the
up emails for a FQDN owned and             Managed through an MMC                demands of the organisation.
controlled by WCL. Client machines     snap-in, the product allows product           Similarly, On Access protection
running Lotus Notes 8.5 were used      updates to be rolled-back if needed. can be set with a preference for
to pick-up the messages from the       It provides a quarantine area and a       either high speed scans or high
Domino servers and analysed the        backup facility just in case the Ad-      protection levels.
attachments to aid calculation of      ministrator deletes a file that needs         Throughout the comparative test
the overall detection rate which       to be restored. The interface, as a       programme, WCL found the scans
for Kaspersky Anti-Virus 8.0 was       whole, provides a rapid means of          ran quickly with an overall detection
of a particularly high standard        implementing malware security poli- rate for Kaspersky Anti-Virus 8.0 of
which mirrored that of the competi-    cies on the solution.                     99.68% compared to an average
tor products included in the test          All of the available features are     performance of 99.51% for the
programme.                             easy to locate without the need           other 5 security solutions included.
   All solutions attained a 100% de-   for drilling down through multiple
tection rate during the test period.   options screens or hunting for a

                             WEST COAST LABS VERDICT
                             Combining ease of use with high levels of performance, the Kaspersky
                             Lab solutions under test have delivered comparable and at times, better
                             detection rates to equivalent products.
                             With a consistent level of anti-malware protection across the network
                             topology, users of the Kaspersky Lab products featured in this report can
                             be confident that they are all rigorously tested through the Checkmark
                             Certification and the Real Time testing programme to provide ongoing
                             independent validation on performance.

13 of 24                                                                                 www.westcoastlabs.com
Checkmark Certifications for Kaspersky
T   he Checkmark Certification System is recognised
    globally as probably the most comprehensive
independent functionality and performance validation
                                                               In Real Time,
                                                            the products are
                                                            tested 24x7x365
program of its kind.                                        against live malware
    With three tiers of certification – Baseline, Dynamic   in a range of attack
and Real Time testing – vendors have the opportunity        vectors are relevant
to commit to the System at a level that suits the           to each product.
performance of their products and services in the real-     These include FTP,
world.                                                      HTTP, P2P, SMTP and
    The Baseline certifications comprise a series of        Malicious Web Sites.
static benchmarking tests that measure detection               Given the nature of
capability against a finite suite of known malware          the Real Time testing
threats. Whereas the addition of Dynamic and Real           program and the fact
Time testing transforms this certification program into     that it is probably the
a threefold process that results in the most complete       most rigorous product
evaluation of an Anti-Malware vendor’s products             performance validation of its kind, the products
available.                                                  registered for Real Time testing are eligible for the
    • Static Testing – baseline tests that measure          Checkmark Platinum Product Award.
detection capabilities against known threats.                  Far more than just a measure of product
    • Dynamic Testing – measures product performance        performance it also acts as recognition of the
in relation to malware executing as end users and           vendor’s commitment to the highest level of
corporations experience them in the real world .            independent product validation and a measure of the
    • Real Time Testing – measures critical                 vendor’s responsiveness to emerging threats.
performance characteristics in a network environment           The Kaspersky Lab products holding the Checkmark
24x7x365. The testing provides results in metrics           Platinum Product Awards are:
including; performance in relation to time, attack             • Kaspersky Anti-Virus 8.0 for Windows Servers
vectors, heuristic behavior analysis, signature update         Enterprise Edition
and vendor research effectiveness.                             • Kaspersky Anti-Virus 8.0 for Linux File Server
    The combination of these three, distinct test              • Kaspersky Anti-Virus 8.0 for Lotus Domino
programs provide the highest                                   • Kaspersky Anti-Virus 6.0
level certification of product                                 for Windows Workstations
performance available.                                         • Kaspersky Anti-Virus 8.0
    All the Kaspersky Lab                                      for Microsoft ISA Server
products that form part of this                                and Forefront TMG Standard
test program are registered                                    Edition
in the Checkmark System                                        • Kaspersky Security 8.0 for
for all three levels of testing                                Microsoft Exchange Server
– Baseline, Dynamic (where                                     • Kaspersky Endpoint
appropriate) and Real Time.                                    Security 8 for Linux

14 of 24                                                                               www.westcoastlabs.com
Checkmark Certification Profile
		 Checkmark                                  Anti Virus       Anti Virus Trojan Spyware                 Anti    Anti Anti Malware
		 Certifications                             Detection       Disinfection			                           Malware Spam Dynamic
Kaspersky Lab Applications
Kaspersky Anti-Virus 8.0 for
  Windows Servers Enterprise Editon l               l l l
Kaspersky Anti-Virus 8.0 for
  Linux File Server                    l            l l l
Kaspersky Anti-Virus 8.0 for
  Lotus Domino                         l            l l l
Kaspersky Anti-Virus 8.0 for
  Microsoft ISA Server and Forefront
  TMG Standard Edition                 l            l l l
Kaspersky Security 8.0 for Microsoft
  Exchange Servers                     l            l l l  l
Kaspersky Anti-Virus 6.0 for Windows Workstations
  Windows XP                           l          l l l l    l
  Windows Vista                        l          l l l l    l
  Windows 7                            l          l l l l    l
Kaspersky Endpoint Security 8
  for Mac					                                          l
Kaspersky Endpoint Security 8
  for Linux                            l          l l l l
Kaspersky Anti Spam						                                  l

           Checkmark                           Real Time       Real Time        Real Time        Real Time       Real Time      Real Time
           Certifications                        FTP             HTTP             SMTP             P2P            Mal URL         Spam
Kaspersky Lab Applications
Kaspersky Anti-Virus 8.0 for
  Windows Servers Enterprise Edition l            l
Kaspersky Anti-Virus 8.0 for
  Linux File Server                    l          l
Kaspersky Anti-Virus 8.0 for
  Lotus Domino		                                    l
Kaspersky Anti-Virus 8.0 for
  Microsoft ISA Server and Forefront
  TMG Standard Edition                 l          l l  l l
  Kaspersky Security 8.0 for
  Microsoft Exchange Servers		                      l		     l
Kaspersky Anti-Virus 6.0 for Windows Workstations
  Windows XP                           l          l    l
  Windows Vista                        l          l    l
  Windows 7                            l          l    l
Kaspersky Endpoint Security 8
  for Linux                            l          l

The above chart denotes those certifications in which the respective Kaspersky solutions are currently enrolled. It is not reflective of each
solution’s test results or full protection capabilities.

15 of 24                                                                                                    www.westcoastlabs.com
Conclusion

I n this test programme, Kaspersky Lab products
  have undergone probably the most extensive testing
carried out by West Coast Labs against a single
                                                            second-highest detection rate. It should be noted that
                                                            the difference between first and second in the Windows
                                                            OS test was just 1/100th of a percent, thus putting
corporate solution.                                         Kaspersky above the Industry Average as defined in
    These tests range from West Coast Labs’                 the test results.
established Checkmark Certification to ongoing                  From the results of the test programme it can be
performance validation the Real Time system and the         concluded that not only do the Kaspersky solutions
custom malware comparative testing. This programme          offer comparative detection rates to offerings from
also includes the first ever product to be awarded the      other vendors, it is clear that the level of protection
Checkmark Anti-Malware Macintosh certification.             afforded by Kaspersky Lab solutions is consistently
    Upon completion of the tests covered in this report     high across the range of platforms.
it can clearly be seen that Kaspersky are offering an           Whether corporate organisations require protection
extremely competitive and thorough security package         for the desktop environment, a file server, Microsoft
to businesses and corporate organisations.                  Exchange email server, an Apple Mac client, or a
    For mail-based systems, Kaspersky recorded a            server running Lotus Domino, the Kaspersky Lab
100% detection rate on both Exchange and Lotus              performance is consistent throughout.
against samples which propagate over the SMTP                   Prospective users of Kaspersky Lab products
protocol. While this is an impressive detection rate, it    and specifically those featured in this report, can
should be noted that the other vendors also recorded        take confidence from the fact that the solutions
the same detection levels. This should be an indicator      are rigorously tested on an ongoing basis through
to the level of importance of email coverage and the        the Checkmark certification system and the Real
perceived threat to business communications that is         Time testing programme to ensure independent
held by the security industry as a whole.                   validation of a consistently high standard of product
    On file server-type systems, in this case Windows       performance.
2008 and Red Hat Enterprise 5, there is a differential in
detection levels. On the Linux OS, Kaspersky recorded       The full West Coast Labs Test Report for this project
the highest detection rate amongst the solutions on         is available online at www.westcoastlabs.com/
test, whilst on the Windows OS Kaspersky recorded the       productTestReports/

16 of 24                                                                                www.westcoastlabs.com
Product Feature Set Comparisons

W    est Coast Labs was asked to compile a
     comparative feature list for each of the products
included in this test. This information has been
                                                         within the following tables should be taken as a high
                                                         level overview and does not constitute a comparison
                                                         of those features that were examined as part of the
gathered from freely available marketing literature of   extended malware testing.
those companies included in this test.                       Research was carried out during September and
   As this information is gathered from marketing        October 2010 using the reference points detailed on
and other such materials, the information contained      the following pages.

17 of 24                                                                             www.westcoastlabs.com
Kaspersky Product Comparison Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG
                                                     Standard Edition

18 of 24
                                                                          Feature                                                                                           KAV 8.0 for Microsoft ISA/TMG SE                                                                Microsoft Forefront Threat Management Gateway 2010
                        1. System Requirements
                                                                          Minimum Processor Spec:
                                                                                                                                                                            1 GHz processor for ISA Server 2006 Standard Edition and 64-bit dual-core processor
                                                                                                                                                                             for Forefront TMG Standard Edition                                                             Not specified
                                                                          Minimum RAM Spec:
                                                                                                                                                                            1 GB RAM for ISA Server 2006 Standard Edition and 2 GB RAM for Forefront TMG Standard Edition   2 GB
                                                                          Minimum available Hard Disk Space                                                                 2.5 GB                                                                                          2.5 GB
                        2. Operating Systems Supported
                                                                          Supports Windows 2008 R2                                                                          Yes                                                                                             Yes
                                                                          Windows 2008 SP2                                                                                  Yes                                                                                             Yes
                                                                          Microsoft Windows Server 2003 SP2                                                                 Yes                                                                                             Yes
                                                                          Microsoft Windows Server 2003 R2                                                                  Yes                                                                                             Yes
                        2. 3rd party platforms/software supported
                                                                          Supports Microsoft Forefront TMG                                                                  Yes                                                                                             Yes
                                                                          Compatibility with VMware (Vmware Ready)                                                          Yes
                        3. Security Technology components
                                                                          Anti-Virus detection                                                                              Yes                                                                                             Yes
                        4. Key Product Features
                                              Anti-Virus engine
                                                                          Detected objects: viruses, mass-mailer worms, Trojan horses, spam, spyware                        Yes                                                                                             Yes
                                                                          Real-time antivirus protection                                                                    Yes                                                                                             Yes
                                                                          Update rate anti-virus                                                                            every 1-2 hours                                                                                 not specified
                                                                          Creation of backup copies                                                                         Yes                                                                                             Yes*
                                               Scanning traffic
                                                                          Scanning of HTTP and FTP traffic                                                                  Yes                                                                                             Yes
                                                                          Scanning of HTTPS traffic (Forefront TMG only)                                                    Yes                                                                                             Yes
                                                                          Scanning of POP3 and SMTP traffic                                                                 Yes                                                                                             Provides management, but needs separate product for Exchange
                                                                          Scanning of HTTP and FTP traffic from published servers                                           Yes                                                                                             Yes
                                                                          Scanning of VPN connections                                                                       Yes                                                                                             Yes
                                               Anti-Virus Settings
                                                                          Exclusions from scanning                                                                          Yes                                                                                             Yes
                                                                          Flexible policy settings                                                                          Yes                                                                                             Yes
                                               Administration
                                                                          Management via MMC                                                                                Yes                                                                                             Yes
                                                                          Monitoring of application status through the administration console                               Yes                                                                                             Yes
                                                                           Flexible policy management                                                                       Yes                                                                                             Yes
                                                                          Support for non-standard FTP commands                                                             Yes                                                                                             Yes
                                                                          Export and import of settings details                                                             Yes                                                                                             Yes
                                                                          Notification system                                                                               Yes                                                                                             Yes
                                                                          Logging system                                                                                    Yes                                                                                             Yes
                                                                          Detailed reports                                                                                  Yes                                                                                             Yes
                                                                          Control over performance through the Windows Performance Monitor                                  Yes                                                                                             Yes
                                               Performance
                                                                          Automatic scalability                                                                             Yes                                                                                             Yes
                                                                          Server load balancing                                                                             Yes                                                                                             not specified
                                                                          Optimal use of system resources                                                                   Yes                                                                                             Yes

                        *This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.

www.westcoastlabs.com
Kaspersky Product Comparison Kaspersky Security 8.0 for Microsoft Exchange Servers
                                Feature                                                           Kaspersky Security                                              Symantec Mail Security                          Trend Micro ScanMail          McAfee GroupShield     Sophos PureMessage        ESET Mail Security 4
                        1. System Requirements

19 of 24
                                RAM                                                               256 MB                                                          1 GB                                            1GB RAM, 2GB RAM              512 MB minimum, 1 GB   256 MB to 2 GB            2 GB
                                                                                                                                                                                                                  recommended (5MB of           recommended            recommended (services)
                                                                                                                                                                                                                  RAM per mailboYes)
                                 Available disk space required                                    512? MB                                                         352 MB                                          1GB”                          740 MB minimum         Console: 150 MB           1.9 GB
                                                                                                                                                                                                                                                                       Services: up to 2 GB
                        2. Operating Systems Supported
                                Microsoft Exchange Server 2010                                    Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                Microsoft Exchange Server 2007                                    Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                Microsoft Windows Server 2008 R2                                  Yes                                                             Yes                                             Yes                                                                            Yes
                                Other Software Information                                        Microsoft Exchange 2003 is supported by                         Exchange 2010, 64 bit                           Native 64-bit support for     Windows 2000-2003      Windows 2000- 2003        Windows 2000- 2003
                                                                                                  another version – Kaspersky Security for                        Windows, VMware and Hyper-V                     Exchange 2010 and 2007;
                                                                                                  Microsoft Exchange 2003                                          Virtualized environments                       32-bit support for Exchange
                                                                                                                                                                                                                  2003/2000
                        3. Security Technology components
                                 Anti-Virus detection                                             Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Anti-Spam detection                                              Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Heuristic analyzer                                               Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Linguistic analyzer                                              Yes                                                             not specified                                   Yes*                          not specified          Yes                       No
                                 Real-time UDS requests                                           Yes                                                             not specified                                   not specified                 Yes*                   not specified             No
                                 Graphical signature analyzer                                     Yes                                                             not specified                                   Yes                           No                     Yes                       No
                                 SPF and SURBL technologies                                       Yes                                                             No                                              No                            No                     No                        No
                        4. Key Product Features
                                 Anti-Virus engine
                                 Detected objects: viruses, mass-mailer
                                 worms, Trojan horses, spam, spyware                              Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Real-time antivirus protection                                   Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Background on-demand scanning                                    Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Update rate anti-virus                                           every 1-2 hours                                                 “rapid release definitions”                     “immediate protection”        “AutoUpdate”           “Updates automatically”   No
                                 Anti-Spam engine
                                 Classification of incoming messages                              Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Spam detection for different languages                           Yes                                                             No*                                             No*                           No                     Yes                       No
                                 Update rate antispam                                             every 5 min                                                     not specified                                   not specified                 not specified          “constantly”              No
                                 Anti-Spam settings
                                  Intensity level                                                 Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Black and white listing                                          Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Configurable scanning eYesceptions                               Yes                                                             Yes*                                            Yes                           Yes                    Yes*                      Yes
                                 Anti-Virus Settings
                                 Configurable scanning eYesceptions                               Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Whitelisting                                                     Yes                                                             No                                              Yes                           Yes                    No                        No
                                 Creation of backup copies                                        Yes                                                                                                                                                                                            No
                                 In-memory scanning                                               Yes                                                             No                                              No                            Yes                    No*                       No*
                                 Administration and notifications
                                 via MMC                                                          Yes                                                             No                                              No                            No                     No                        No
                                 Notification system                                              Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Logging system                                                   Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Detailed reports                                                 Yes                                                             Yes                                             Yes                           Yes                    Yes                       No*
                                 Performance
                                 Automatic scalability                                            Yes                                                             No                                              No                            No                     No                        No
                                 Optimal use of system resources                                  Yes                                                             Yes                                             Yes                           Yes                    Yes                       Yes
                                 Server Architecture
                                 Clusters support                                                 Yes                                                             Yes                                             Yes                           Yes                    No                        No
                                 Compatibility with DAG in Microsoft Exchange 2010                Yes                                                             Yes                                             Yes*                          Yes                    Yes                       No
                                 VMware ready                                                     Yes                                                             Yes                                             No                            No                     No                        No
                        *This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.

www.westcoastlabs.com
Kaspersky Product Comparison Kaspersky Anti-Virus 8.0 for Linux File Server
                                                    Feature                                            KAV 8.0 for Linux FS                              Symantec Endpoint Protection                     Trend Micro Server Protect for Linux t         McAfee VirusScan Enterprise             Sophos Anti-Virus for Linuxt              ESET File Security for Linux/BSD/ Solaris

20 of 24
                        1. System Requirements
                                                                                                       Intel Pentium II processor 400 MHz or higher      Intel Pentium processor or compatible)           Inte Pentium II 266 MHz or higher              Intel x86 or x64; AMD x64               no information                            i386 (Intel 80386), AMD64 (x86_64)
                                                                                                                                                         architecture (32-bit and 64-bit
                                                                                                       512 MB RAM                                        1 GB RAM                                         256 MB min                                     256 MB min                              256 MB                                    32 MB
                                                                                                       Cache size 1GB or higher
                                                                                                       2 GB hard disk space for installation and         4 GB                                             50 MB for /opt + 50 MB for /tmp                500 MB                                  100 MB min                                32 MB
                                                                                                       temporary files.
                        2. Operating Systems Supported
                                                                                                       Red Hat Enterprise Linux 5.5 Server               Red Hat Enterprise Linux 3.x, 4.x, 5.x           Red Hat Enterprise Linux (AS, ES, WS) 4.0      Red Hat Enterprise 4.x, 5.x             Red Hat Enterprise 3, 4, 5                Linux Kernel version 2.2.x, 2.4.x or 2.6.x;
                                                                                                                                                                                                                                                                                                                                           glibc 2.2.5 or higher;
                                                                                                       Fedora 13                                                                                                                                         Fedora Core 10, 11, and 12
                                                                                                       CentOS-5.5                                                                                                                                        CentOS 4.x, 5.x
                                                                                                       SUSE Linux Enterprise Server 10 SP3, 11 SP1       SuSE Linux Enterprise (server/desktop)           SuSE Linux Enterprise Server 9                 SuSE Linux Enterprise Server/Desktop 9.x, 10x, 11                                 SuSE Linux Enterprise Server 8, 9, 10, 11;
                                                                                                                                                         9.x, 10.x                                        Desktop 10                                     Sun Solaris 10
                                                                                                       Novell OES 2 SP2                                  Novell Open Enterprise Server (OES/OES2)         Novell Linux Desktop 9
                                                                                                       openSUSE Linux 11.3                                                                                                                                                                       openSUSE Linux 10/10.1
                                                                                                       Mandriva Enterprise Server 5.1 (32 bit only)                                                                                                                                              TurboLinux 10/11 Server
                                                                                                       Ubuntu 9.10 Server Edition                        Ubuntu 7.x, 8.x                                                                                 Ubuntu 8.04, 9.04, 9.10                 Ubuntu LTS Server Edition 6.06/8.04
                                                                                                       Ubuntu 10.04 LTS Server Edition
                                                                                                       Debian GNU/Linux 5.0.5                            Debian 4.x                                       Debian 3.1
                                                                                                       FreeBSD 7.3, 8.1                                                                                                                                                                                                                    FreeBSD: Version 5.x, 6.x, 7.x
                                                                                                                                                                                                                                                                                                 Miracle Linux 4.0                         Dazuko kernel module 2.0.0 or higher
                                                                                                                                                                                                                                                                                                                                           (optional)
                                                                                                                                                                                                                                                                                                 Asianux 2.0/3.0                           NetBSD 4.x
                        2. Security Technology components
                                             Anti-Virus detection                                      Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                             Backup/Quarantine                                         Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                        3. Key Product Features
                                              Anti-Virus engine
                                             Detected objects: viruses, Trojan horses, spyware         Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                             Real-time antivirus protection                            Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                             Background on-request or on-demand scanning               Yes                                               Yes*                                             Yes                                            Yes*                                    Yes                                       Yes
                                             Update rate anti-virus                                    every 1-2 hours                                   daily                                            every 1 hour                                   every 1 hour                            “as often as every 10 minutes”            daily
                                             Creation of backup copies                                 Yes                                               No*                                              No*                                            No*                                     No*                                       No*
                                             Scanning of critical system areas                         Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes*
                                             Scans and treats archived files                           Yes                                               Yes                                               Yes                                           Yes                                     Yes                                       Yes
                                              Anti-Virus Settings
                                             Assigning trusted zones /users                            Yes                                               Yes                                              No*                                            No*                                     Yes                                       No*
                                             Flexible setting of scan times                            Yes                                               No*                                              Yes                                            No*                                     Yes                                       No*
                                             Additional settings for Samba servers                     Yes                                               No*                                              No*                                            No*                                     Yes                                       No*
                                              Administration
                                             Centralized administration                                Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                             Administration via Kaspersky Web Management Console       Yes                                               n/a                                              n/a                                            n/a                                     n/a                                       n/a
                                             Command line administration                               Yes                                               Yes                                              No*                                            No*                                     Yes                                       Yes
                                             Notification system                                       Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                             Logging system                                            Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                             Detailed reports (PDF, XLS, CSV, etc.)                    Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes
                                              Performance
                                             Automatic scalability                                     Yes                                               Yes                                              Yes*                                           Yes*                                    Yes*                                      Yes*
                                             Optimal use of system resources                           Yes                                               Yes*                                             Yes*                                           Yes*                                    Yes*                                      Yes*
                                             Server load balancing                                     Yes                                               Yes*                                             Yes*                                           Yes*                                    Yes*                                      Yes*
                                             Continuous server operation                               Yes                                               Yes                                              Yes                                            Yes                                     Yes                                       Yes

                        t The   McAfee and Sophos products support other Linux implementations but only for on-demand scanning, not on-access scanning                         *This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.

www.westcoastlabs.com
Kaspersky Product Comparison Kaspersky Anti-Virus 8.0 for Lotus Domino
                                          Feature                                                             KAV 8.0 for Lotus Domino”                                Symantec Mail Security for Domino          Trend Micro ScanMail                  McAfee GroupShield                      Sophos PureMessage for   ESET Mail Security for
                                                                                                                                                                       Multi-platform Edition                                                                                                   Lotus Domino             Lotus Domino Server

21 of 24
                        1. System Requirements
                                        Processor                                                             Intel Pentium 32 bit / 64 bit or higher)                 1 GHz Pentium or Higher                    Intel Pentium P4 or higher            Intel or compatible 133 Mhz processor   Not specified.           Not specified
                                                                                                              (or equivalent
                                          Memory                                                              512 MB of RAM (1GB or more recommended)                  512 MB of RAM (1GB or more recommended)    256 MB - 1 GB (depends on platform)   256 MB or higher                        256 MB                   Not specified
                                          Disk space to install                                               1 GB of free space on the hard drive
                                                                                                              (3 GB or more recommended)                               300 MB minimum                             300 - 800 MB                          1 GB                                    500 MB                   Not specified
                                                                                                              Recommended size of swap file: 2 times larger
                                                                                                              than the physical memory
                        2. Operating Systems Supported
                                           Microsoft Windows 2000                                             Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                           Microsoft Windows Server 2003 x32/x64                              Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes (32 bit only)
                                           Novell SuSE Linux Enterprise Server 9, 10, 11 x32/x64              Yes                                                      Yes                                        9, 10                                 10                                      No                       No
                                           Red Hat Enterprise Linux 4, 5 x32/x64                              Yes                                                      Yes                                        Yes                                   5.x                                     No                       No
                                           Supported Lotus Notes/Domino servers:
                                           Lotus Notes/Domino version 6.5, 7.0, 8.0, 8.5                      Yes                                                      7.x or later                               Yes                                   6.x or later                            7, 8.x                   Yes
                        2. 3rd party platforms/software supported
                                           Supports Linux                                                     Yes                                                      Yes                                        Yes                                   Yes                                     No                       No
                                           Compatibility with VMware (Vmware Ready)                           Yes                                                      No                                         No                                    No                                      No                       No
                        3. Security Technology components
                                           Anti-Virus detection                                               Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                        4. Key Product Features
                                                Anti-Virus engine
                                           Detected objects: viruses, mass-mailer worms, Trojan horses,
                                           spam, spyware                                                      Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                           Real-time antivirus protection                                     Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                           Background on-request or on-demand scanning                        Yes                                                      Yes                                        Yes                                   Yes                                     No                       No
                                           Update rate anti-virus                                             every 1-2 hours                                          not specified                              “immediate protection”                “Always up to date”                     “Latest protection”      not specified
                                           Creation of backup copies/Quarantine                               Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                           Protection against malware outbreaks                               Yes                                                      Yes                                        Yes                                   Yes                                     Yes
                                           Scans and treats attachments, including archived files             Yes                                                      Yes                                        Yes                                   Yes*                                    Yes*                     Yes*
                                                Lotus Domino specific features
                                           Scanning of databases, documents and other objects                 Yes                                                      Yes*                                       Yes*                                  Yes                                     Yes                      Yes
                                                Anti-Virus Settings
                                           Exclusions from scanning                                           Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                                Administration
                                           Centralized management of server groups                            Yes                                                      Yes*                                       Yes                                   Yes                                     Yes
                                           Distributed management of protection parameters                    Yes                                                      Yes                                        No                                    No                                      No                       No
                                           Replication of application statistics                              Yes                                                      No                                         No                                    No                                      No                       No
                                           Control of inserted parameters                                     Yes                                                      No                                         No                                    No                                      No                       No
                                           Role-based administration and management of access rights          Yes                                                      Yes                                        No                                    Yes                                     Yes                      No
                                           Installation and management via a web interface                    Yes                                                      No*                                        No*                                   Yes                                     Yes                      No
                                           Installation and management via the Lotus Notes Client             Yes                                                      No*                                        No*                                   Yes                                     Yes                      Yes
                                           Notification system                                                Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                           Logging system                                                     Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      Yes
                                           Detailed reports                                                   Yes                                                      Yes                                        Yes                                   Yes                                     Yes
                                                Performance
                                           Automatic scalability                                              Yes                                                      No*                                        No*                                   No*                                     Yes                      No
                                           Scalable configuration                                             Yes                                                      Yes                                        Yes                                   Yes                                     Yes                      No
                                           Optimal use of system resources                                    Yes                                                      “Optimized for high performance”           “Optimized for high performance”      “reduced server load”                   No*                      No
                                           Server load balancing                                              Yes                                                      No                                         No                                    No                                      No                       No
                                           Flexible adjustment of server load                                 Yes                                                      No                                         No                                    No                                      No                       No
                                                Server Architecture
                                           Supports operation in server clusters                              Yes                                                      Yes                                        Yes                                   Yes*                                    Yes*                     No
                        *This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.

www.westcoastlabs.com
You can also read