Kaspersky x64 bit Protection

Status
Not open for further replies.

Tony Cole

Level 27
Thread author
May 11, 2014
1,639
I have seen a few posts on MalwareTips re: the protection capability of Kaspersky on 64bit systems, so today I have submitted a request via my Kaspersky account to tech support for an official reply. Citing my concerns about whether I am as well protected as someone using 32bit system. Email below:

Dear Tech Support:

I have been using Kaspersky for 3-4yrs and have always had a x64 bit OS but a colleague informs me of the following note: I have seen Kaspersky lacks certain functionality with x64 bit OS:

If malware installs, for example, a malicious 64-bit service or other unhookable malicious 64 bit processes, then Kaspersky HIPS will not alert when that service or those processes run...

Will such a thing make a difference between preventing or allowing an infection - probably not - as Kaspersky will likely detect the file via signature. If not, and it is Unknown, then Kaspersky Application Control will assign it to Low or High Restricted.

Once assigned to Low or High Restricted and executed... Kaspersky HIPS will not alert to certain 64-bit processes. The typical user is not going to know that HIPS alerts are missing\not being generated - or even if they were generated - what the hell those alerts mean.

Anything assigned to Low or High Restricted in Kaspersky will activate HIPS alerts - and there will typically be an overwhelming amount of them. Typical user does not know what to do - Allow, Allow Once, Block - what ???

The fact that HIPS alerts are generated means that the infection is being installed - or - is already installed on the system. In either case, an infection is present on the system.

So it is debatable whether or not the missing 64-bit services\process HIPS alerts would have made any kind of difference in stopping the infection and in the grand scheme of things.

That"s the problem with Classical HIPS - it is entirely dependent upon the user"s knowledge and experience.

The real issue is that with Kaspersky, certain sophisticated 64-bit malware can get onto the system and do a whole lot of damage - the whole time being undetected - except perhaps by the firewall... but I wouldn"t count on it.

Case in point was Gamma International"s FinFisher FinSpy Surveillance Suite that created so much hub-bub when the reports were WikiLeaked.

Comodo and Emsisoft (64 bit) detected it - the only ones to do so - on all system installs.

Kaspersky, BitDefender, Avira, etc, etc - either missed it completely or only detected it partially in isolated cases. Part of the problem with Kaspersky is that it is only 32-bit.

I suspect if Kaspersky had 64-bit version then it would have done better job at detecting FinFisher FInSpy.

If you use antiexecutable or default-deny configuration - and pay very close attention to software activity - then you don"t worry about such things.

Could you please explain the above, as I am kinda concerned that due to my system I am not as well protected by Kaspersky, as say someone with x32 bit.

Best wishes, Tony Cole.

P.S. I will of course update when they reply.
 

Azure

Level 27
Verified
Top poster
Content Creator
Oct 23, 2014
1,620
If Kaspersky can't completely protect 64bit systems. It makes me wonder if during all those AV tests where Kaspersky is among the top 5, they were all using 32bit systems instead?
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,297
H

hjlbx

I am going to leave it at this... the KIS manual deliberately does not fully explain what "cannot be configured" means...

I stand by my statement: KIS Application Control and HIPS will not function with some 64 bit processes and system is not fully protected - and certainly not identical to protection of a 32 bit system install.

This is precisely what all this means:

From Kaspersky Internet Security User's Manual, pp. 69 - 70

CONTROLLING APPLICATION ACTIVITY ON THE COMPUTER AND ON THE NETWORK
Application Control prevents applications from performing actions that may be dangerous for the operating system and controls access to operating system resources and your personal data.
Application Control tracks actions performed in the operating system by applications installed on the computer and regulates them based on rules. These rules restrict suspicious activity of applications, including access by applications to protected resources, such as files and folders, registry keys, and network addresses.

On 64-bit operating systems, applications' rights for the following actions cannot be configured:
  •  Direct access to physical memory
  •  Printer driver management
  •  Service creation
  •  Service reading
  •  Service editing
  •  Service reconfiguration
  •  Service management
  •  Service start
  •  Service removal
  •  Access to internal browser data
  •  Access to critical objects of the operating system
  •  Access to password storage
  •  Debugger rights setup
  •  Use of program interfaces of the operating system
  •  Use of program interfaces of the operating system (DNS)
On 64-bit Microsoft Windows 8, applications' rights for the following actions cannot be configured:
  •  Sending of window messages to other processes
  •  Suspicious operations
  •  Installation of interceptors
  •  Interception of inbound stream events
  •  Making of screenshots
Applications' network activity is controlled by the Firewall component.
When an application is started on the computer for the first time, Application Control checks the safety of the application and assigns it to a group (Trusted, Untrusted, High Restricted, or Low Restricted). The group defines the rules that Kaspersky Internet Security applies for controlling the activity of the application.
Kaspersky Internet Security assigns applications to trust groups (Trusted, Untrusted, High Restricted, or Low Restricted) only if Application Control or Firewall is enabled, and also when both these components are enabled. If both these components are disabled, the functionality that assigns applications to trust groups does not work.
 
  • Like
Reactions: jasonX

Tony Cole

Level 27
Thread author
May 11, 2014
1,639
I'm sure it can never hurt to get an expert opinion from the people that actually make the product. If I do not like their reasons, and feel my security is not what it should be, i.e., many do not read the user manual so would never know, I will leave Kaspersky and find a product, other than Comodo (which I wouldn't install on my worse enemies computer, let alone mine!) that will fully protect x64bit systems. However, Nico was telling me that you would never beat Kaspersky's protection capabilities, and he really must know.
 
  • Like
Reactions: jasonX
H

hjlbx

I'm sure it can never hurt to get an expert opinion from the people that actually make the product. If I do not like their reasons, and feel my security is not what it should be, i.e., many do not read the user manual so would never know, I will leave Kaspersky and find a product, other than Comodo (which I wouldn't install on my worse enemies computer, let alone mine!) that will fully protect x64bit systems. However, Nico was telling me that you would never beat Kaspersky's protection capabilities, and he really must know.

You worry too much... despite Kaspersky's 64-bit system limitations it is still one of the best ways to protect your system.

If it worked OK on my specific system then I would use it permanently... but Application Control does not work properly - for whatever reason(s).
 
  • Like
Reactions: Spawn
H

hjlbx

that would be crazy, talk about some skepticism on these companies that do the testing . I am also not a big believer in the ethics conducted there or their real effectiveness.

All the AV lab tests are essentially signature-detection tests. In that regard, Kaspersky is absolutely first-rate.

AV labs do not test all separate AV protection modules = HIPS, sandbox, Intrusion Detection Systems, file monitoring and rollback, firewall, etc, etc.

Typical AV test lab report reader has no idea this is the case and believe\think test is an endorsement of all of the AV's individual protection modules. In reality, it is an endorsement of only the real-time protection = scan engine + signatures.

Really bad way to test AV... if you ask me.

Those AV test result charts are the "Graphs of a 1000 Lies." :D
 
Last edited by a moderator:
H

hjlbx

I tried kaspersky recently on my infected system at the time, and it didnt impress me at all. I personally have never had much luck with them either. Got a nasty worm on system after first purchase three years ago. I think we all are in trouble on these 64 bit systems, even root kits are getting past the patch guard now a days.

Rootkits will inherit the Earth... they're like cockroaches that can't be killed and never die... :D
 
H

hjlbx

Thats funny. Probably some truth to that. I am suffering from memory issues already, and my google chrome keeps acting like its being touched and it will shoot off into some other feature. Clean system for sure. lol who knows, i think i need to tear everything down and rebuild software?

Clean install OS and then AV, then other softs...
 

Tony Cole

Level 27
Thread author
May 11, 2014
1,639
Please I am not trying to get at anyone, I am actually really annoyed. The general home user will not read that far in to the maunal, so they would percieve they were/are protected, Kaspersky clearly states on their website, it works on both x32 / x64 bit operating systems. So, I want their answer.
 
  • Like
Reactions: Nirv5668

Tony Cole

Level 27
Thread author
May 11, 2014
1,639
Forgive me, Kaspersky does state ** Some product features might work on 32-bit operating systems only.
 
H

hjlbx

Please I am not trying to get at anyone, I am actually really annoyed. The general home user will not read that far in to the maunal, so they would percieve they were/are protected, Kaspersky clearly states on their website, it works on both x32 / x64 bit operating systems. So, I want their answer.

What they mean by 32\64 is that it can be installed and will operate on both 32 and 64 bit systems; it is compatible with both.

It does not mean that 32 bit K will fully protect a 64 bit system... hence their cryptic warnings in the manual.
 
H

hjlbx

Forgive me, Kaspersky does state ** Some product features might work on 32-bit operating systems only.

You're careful when it comes to IT... obsessively so. So, really - you do not need to worry so much. I've seen your config. It is as good as it is going to get without migrating to an Enterprise grade security config.

In that case you'll blow a gasket - spending months configuring the rules.
 
H

hjlbx

Please I am not trying to get at anyone, I am actually really annoyed. The general home user will not read that far in to the maunal, so they would percieve they were/are protected, Kaspersky clearly states on their website, it works on both x32 / x64 bit operating systems. So, I want their answer.

At least Kaspersky includes it in the manual. Webroot has had firewall controls on W8.1 systems disabled since early 2012, but it does not inform consumers about it before purchase.

Now Webroot is one absolutely unethical outfit.

Just sayin'...
 
  • Like
Reactions: Nirv5668

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
8,018
As it has been said before in this thread, not fully x64 protection in Kaspersky because of Microsoft Windows Kernel Patch Guard... Kaspersky in general usually follows all the Microsoft security considerations about their products. I think Kaspersky is enough clear warning about it in their products manual.

Even SandBoxie has the same limitations in x64:

http://www.sandboxie.com/index.php?NotesAbout64BitEdition
http://www.sandboxie.com/index.php?ExperimentalProtection

Don't know whether the other security suites follow Microsoft considerations about Kernel Patch Guard and/or warn in their products manuals about these limitations because of Microsoft x64 systems...
 

darko999

Level 17
Verified
Well-known
Oct 2, 2014
807
I don't know how people get worms and stuff, telling like it's a nightmare where Kaspersky is unable to protect you, really. I mean, I've been using ESET for a very long time and 0 infections. People complaining about Kaspersky in a 64 bit environment? I would say, complain about yourself for getting infected son, that's the thing.
 
  • Like
Reactions: Cats-4_Owners-2
Status
Not open for further replies.