App Review Kaspersky Total Security Boot Time Protection

[sunrise]

This is really bad news... I hope this test serves as a bomb exploding in the face of KL developers and improve the boot protection.

There is a setting that cruelsister didn't changed/disabled (enabled by default) or tested, don't know whether the result would be the same, anyway They should fix this lack of boot protection as soon as possible...

I will try to move some threads and report this test in beta testing KL QA Bug Tracker...

I don't think they will reply to consumers. They only reply to enterprise customers. Consumers are like beta testers. Remember that their every version is released before it is stable enough.

 

[Tony Cole]

I thought when you changed the application control both to untrusted then you were safe; it is very bad, as these are the maximum settings for Kaspersky, unless you enable trusted applications mode, and uncheck trusted digitally signed applications. Kaspersky will not change a thing, probably say it's a fake test and try to wiggle out of it.

Cruelsister, what about Comodo, does this have boot-time protection?

 

[Venustus]

I thought when you changed the application control both to untrusted then you were safe; it is very bad, as these are the maximum settings for Kaspersky, unless you enable trusted applications mode, and uncheck trusted digitally signed applications. Kaspersky will not change a thing, probably say it's a fake test and try to wiggle out of it.

Cruelsister, what about Comodo, does this have boot-time protection?

It would seem that Kaspersky services are not loading fast enough on reboot to stop the autorun entry that encrypts your files??

 

[Tony Cole]

Could well be, but the setting to change trust level of software started before Kaspersky services should ensure that's not the case. So, ESET, AVG and Bitdefender have boot-time protection, but the rest do not - why? Surly it's of most importance to do so.

 

[Solarquest]

I partially understand the need to find the "right" balance between detection, performance and nr. of false positives...but not protecting at boot (especially from "known" malwares) is a shame (for all AV)!

 

[cruelsister]

I was actually surprised that so many products were lacking in the area of Startup protection. For adequate system security it should be intuitively obvious to all vendors that this is essential. BitDefender, ESET, and AVG have it already; Qihoo added it within 7 days of my video on their product so the re-coding apparently wasn't that onerous of a task.

Preferential startup of an AV product should be considered mandatory- and it can be seen that all the important sounding terms like hardened, Paranoid, and untrusted really mean little if malware can do damage prior to these things being effective.

Regarding Comodo, it will prevent my malware from being effective.

 

[Deleted member 2913]

Its a shame...a product like Kaspersky...mostly on top in every test...failed on max settings.

I wonder if Kaspersky services were up fast on system startup...would Kaspersky have protected the system or not i.e is the failure due to late start of Kaspersky services or not i.e would it fail no matter what?

By the way how easy/hard is to get infected with such malware from external devices like USB?
Coz products like Kaspersky, Norton, etc... may have failed the test but it does seems they are quite strong on protecting the system online i.e anything entering the system through the web?

 

[Tony Cole]

Thank you cruelsister - the malware you used, is that currently in the wild? Another excellent set of video's! The paid version of Bitdefender 2016 does this include boot-time protection? I have removed Kaspersky. Tony

 

[hjlbx]

Heh, heh... Boot Time protection is vastly over-rated as a protection - as Fabian Wosar from Emsisoft points out.

Emsisoft Anti-Malware & Emsisoft Internet Security 11 has been released | Page 5 | Wilders Security Forums

PS - I think it is important for the typical user, but it does affect boot.

 

[hjlbx]

Thank you cruelsister - the malware you used, is that currently in the wild? Another excellent set of video's! The paid version of Bitdefender 2016 does this include boot-time protection? I have removed Kaspersky. Tony

@Tony Cole

Why don't you adopt AppGuard - then you won't have to deal with such AV\security suite nonsense ?

 

[Tony Cole]

I would never be able to config AppGuard, is it easy, or for experienced users? I really disagree with Fabian, cruelsister showed how boot-time protection is required to stop such attacks, if this malware becomes well known; then he would be very wrong to suggest that it's pointless.

 

[hjlbx]

I would never be able to config AppGuard, is it easy, or for experienced users?

AppGuard would take some initial learning, but once it is configured, it is essentially set-and-forget. It requires patience and ability to not get upset... LOL.

If you can handle messing about with Kaspersky, then you can handle AppGuard.

This is off-topic, so if you wish to continue, move it to PM. Thanks.

 

[Evgeny]

Thank you cruelsister - the malware you used, is that currently in the wild? Another excellent set of video's! The paid version of Bitdefender 2016 does this include boot-time protection? I have removed Kaspersky. Tony

If the free version was passed so, the paid will also i guess.

 

[Azure]

Thank you cruelsister - the malware you used, is that currently in the wild? Another excellent set of video's! The paid version of Bitdefender 2016 does this include boot-time protection? I have removed Kaspersky. Tony

Seeing how Kaspersky contacted cruelsister due to that video, they must likely intent to correct(or implement) boot time protection. So you probably didn't need to remove it though this depends in how long it takes them.

 

[Deleted member 2913]

Thank you cruelsister - the malware you used, is that currently in the wild? Another excellent set of video's! The paid version of Bitdefender 2016 does this include boot-time protection? I have removed Kaspersky. Tony

I have removed Norton Security & installed Kaspersky Endpoint Security Core Protection

 

[hjlbx]

I have removed Norton Security & installed Kaspersky Endpoint Security Core Protection

Let us know how that goes... LOL.

 

[Nightwalker]

I have removed Norton Security & installed Kaspersky Endpoint Security Core Protection

Do you have the resources to configure and actually pay for it?

 

[shukla44]

Thanks a lot for this video.

I have set my kaspersky to max protection, i.e. possible, without degrading performance & i have applied all the necessary steps so that the boot protection is not needed in kaspersky.

Although kaspersky is good in all the other areas where other av's with boot-time protection is not so good, this video got me to apprehend that i need to UP the protection in kaspersky app control to protect against ransomwares.

And the golden rule: No AV is 100% secure, Always backup your data.

 

[Deleted member 2913]

Let us know how that goes... LOL.

I have installed only core protection minus all those business features on my Win 10 64 Home Edition.
Its running light.
I find it better than Kaspersky Home products i.e I dont like HTTPS scanning & its not there in KES, good & required settings & not lots of settings, custom install to not install not required features, no toolbars, etc...

I have installed only

Application Control - Application Privilege Control i.e all those Low/High/Untrusted
File & Web AV
Firewall & Network Blocker & System Watcher, thats it.

Do you have the resources to configure and actually pay for it?

What do you mean by resources to config?

Have installed only core protection like Home products.

 

[Tony Cole]

So, Fabian basically says these tests are worthless and cruelsister would not respond to his requests, is he correct (I'm confused) I think I side with cruelsister and has done an excellent job showing why boot-time security is required. At present we do not know what malware is around the corner, what happens if it does become a major problem?