This article can also be found in the Premium Editorial Download "Information Security magazine: Spotlight on the incident response hot seat."
Download it now to read this article plus other related content.
Kaspersky Anti-Virus Business Optimal 5.0
Price: Starts at $225 for five seats, server license and one-year maintenance
|Kaspersky Anti-Virus Business Optimal 5.0|
Russian AV vendor Kaspersky Lab recently planted its flag in the U.S., and its Anti-Virus Business Optimal 5.0 suite is a solid SMB security product that has the potential to contend for American business against established domestic AV companies.
The suite provides strong desktop and server AV, with good central management for Windows networks only, although the Business Optimal package includes AV modules for Linux, Unix and NetWare servers.
Installation and management were easy and intuitive--key points for SMB security managers who have heavy workloads and limited resources.
Management with the Administration Kit console is straightforward, using a typical tab interface. The console can be installed on any Windows workstation, but we would have liked to see at least the option of a secure Web browser-based console for remote access.
Rules are very flexible and easy to set up by group, individual station and server. For example, we instructed the client AV, Kaspersky Anti-Virus, on each workstation to clean or delete files with detected viruses; our policy on servers was to quarantine infected files.
Signature update policies are similarly flexible. We set up a central server to download updates from Kaspersky every hour and set our workstations to poll the server every six hours.
Installation was a piece of cake. We installed clients on two Windows 2000 servers and two XP workstations in about 10 minutes. The Administration Kit, which requires installation of the bundled MSDE database, went just as smoothly. We had everything running in about a half-hour.
Business Optimal performs where it counts, too, by detecting and stopping malware. We tested its e-mail scanning capabilities by sending the EICAR AV test file as an attachment to an Out-look client. Kaspersky Anti-Virus caught and deleted it, leaving the content of the e-mail intact. We also tested the workstation at the file level; we copied the EICAR test file to a workstation with the real-time protection disabled, then enabled it and ran a file scan, which detected the test file and popped up a dialogue box giving us the option to delete or quarantine. The AV also handles compressed files; it detected infected files in .zip and .jar formats without a problem.
Finally, we tested Kaspersky's antispyware capabilities by downloading and installing Perfect Key Logger and Claria's Gator E-Wallet. We set the macro/script options, which successfully blocked these programs from executing.
Business Optimal's reporting options are adequate for an SMB and easy to use. Templates can generate reports on the number of infections and whether stations have up-to-date definitions. The only downside is that reports can only be exported in HTML.
Kaspersky also has a large-enterprise product, Corporate Security Suite, which it sells but is not actively markeing in the U.S. at this time, clearly targeting SMBs as its best shot to grab market share. (Kaspersky has had an indirect U.S. presence for some time through OEMs.)
Given Anti-Virus Business Optimal's functionality and performance, Kaspersky could break out of its beachhead and make its U.S. presence known.
This was first published in March 2005