Ask The Expert: Nikolay Grebennikov Answers Questions From Kaspersky Users Via Social Networks

Information security issues are of greater importance today than ever, and they should be a concern for everyone. The people who can address their concerns to a real expert are

Information security issues are of greater importance today than ever, and they should be a concern for everyone. The people who can address their concerns to a real expert are lucky. We have collected your questions on our products (and security issues in general) on Facebook and other social networks. Nikolay Grebennikov, R&D Director at Kaspersky Lab is here to answer them.

Why does Kaspersky not offer security products for iOS devices?

We do, in fact, have a product for iOS, but it differs from those designed for other platforms. iOS is a proprietary system, with Apple scrupulously controlling the process of app development and distribution. To give you an example, third-party developers do not have access to a considerably large group of APIs, which are vital for creating a fully-fledged antivirus program. That said, Apple’s proprietary nature is the reason why there is not a lot of iOS-targeted malware, especially for end users. However, iOS users are still vulnerable to phishing (fake emails and websites designed to lure confidential information and credentials from users), or even jailbreak exploits. In order to protect users from visiting malware-exposed websites, we have created Kaspersky Safe Browser – our own browser designed, amongst other things, to provide children with safe access to the web and shield them from inappropriate content. The information about malware websites is updated in real time with the help of our cloud solution – Kaspersky Security Network.

Are Kaspersky products able to block NSA spies?

A group of organisations, including the likes of EFF (Electronic Frontier Foundation), asked the very same question in an open letter. Kaspersky Lab was the first antivirus supplier who officially answered. To put it simply: we detect and block any malicious code regardless of its origin.

If you are so well positioned to protect people from malware, why not protect yourself from illegal copying?

It is easy to implement stringent protection measures, but it might result in many unexpected troubles for the users of our legal licences. Even more importantly, our corporate policies state that we give anyone a chance to try our security solution and remain protected. We rest assured our users will pay us as soon as they get a chance.

Will every application starting with 9 nop commands be detected as a Trojan?

We do not employ this detection algorithm. Could you please send us the sample of the file that is being affected by the issue.

Do self-adapting systems and viruses have anything in common? Can the virus mutate under unfavourable factors?

No, they don’t have anything in common, and no, they don’t adapt. But people who develop them do. They rigorously follow the developments carried out by antivirus companies and on a daily basis try to make their “products” undetectable. Also, there are viruses whose creators try to deploy some techniques to pass the security system and to camouflage their malware activities in case an antivirus spots them. But we successfully fight such examples of malware, using our technologies in a complex solution.

How does a free version of antivirus differ from a paid version?

If you mean the differences amongst separate products in the Kaspersky Lab portfolio, we offer only free specialised utilities and a free trial version, which encourage a user to purchase a licence after the trial period is over.

Why does Kaspersky not offer a freeware licence like Avast?

We do have free trial versions, but we are not ready to give away our products completely for free. Without funds to pay our analysts and developers, we would not be able to ensure the supreme quality of our protection suite. This becomes clearer when you look up the results of independent tests of Kaspersky Internet Security, Avast and other freeware solutions. KIS protects the user from a wider range of threats and at the same time offers a higher level of protection from threats affected by both paid and free products. The results of these benchmark tests, regularly published by independent labs, prove that our products offer better protection when compared to the freeware competition.

Can you describe a Trojan-class virus from the expert’s point of view?

Many prominent malware experts write for our SecureList website, which also provides content on Trojans.

When I start the PC every day, it takes up to 4-5 minutes for the antivirus icon to appear on the task bar. Is there a way to launch the antivirus as soon as I start up?

You may not be able to see the icon in the task bar straight away, but the PC is already protected. We launch the security drivers the moment the OS is started (we support early boot as well), so the user need not worry. Just after that, we allow the OS to start, and only then do we upload the GUI. This is intended to shorten the boot time and make the system fully operable as quickly as possible.

Any news on the Linux version?

We have some corporate-class products for Linux, but we do not have any plans to offer consumer products for Linux at this time.

Before, it seemed like with KIS the PC’s boot time was longer. It that true for the 2014 version?

Any launched application slows down the system, especially if it is security software. Moreover, Kaspersky Internet Security has not been seen slowing down the PC for a long time now, just check out the recent AV-comparatives independent performance benchmarks. We enhance performance year by year, so the latest version is faster than the last year’ product. Some operations run 30% faster.

Why does the new KIS use so much of my PC’s resources?

It is impossible to protect the system against modern threats without consuming resources. We significantly sped up KIS, and independent tests show that with a higher level of efficiency, our security solution’s impact on system performance is not higher than that of the competition (with some of them offering far worse protection than us). It might be time for you to check your PC and find other reasons for the performance degradation, for instance, lack of free disk space of a highly fragmented disk drive.

I would love to have back features such as extra settings, heuristics, scan modes and limitations on the compound files in the 2015 version. Is it feasible?

This is a very popular question, which comes up every time we talk about the 2015 version, so it requires a more detailed answer. Firstly, according to use cases statistics available through the Kaspersky Security Network, 90% of users do not take advantage of any customs settings. That means the majority of settings for them, even if the settings are hidden, is a drawback. However, I recall the infamous event when Mike Tyson returned a Ferrari with a mechanical gear box to a dealer, having decided that it was too complicated to drive. We do not want our users to find themselves in such a situation.

Secondly, as the most complex settings are designed by our experts, the users now do not experience any issues when a setting is changed unintentionally and, thus, impacts the level of protection or performance of the PC.

Thirdly, security technologies are getting increasingly complicated, and the logic behind the settings gets more complicated as well. The logic is regularly updated along with the antivirus databases, so it becomes more and more challenging to describe how this or that setting influences the level of protection, making a once familiar setting description out-of-date at any moment.

Why could I not register Kaspersky Internet Security for Android with the Kaspersky Endpoint Security licence key?

You cannot activate the end user product with an enterprise product key. What is more important, corporate-class and consumer systems (including smartphones) require different approaches to security, so I would not recommend using consumer solutions in the enterprise environment either.

Why did you eliminate the option to update through locally stored files? What if I do not have instant?

The option you have mentioned was designed as a last resort measure in times when the Internet was quite limited and not easily available. Today, practically all users enjoy constant unlimited Internet access and can take full advantage of online updates. The new version of KIS uses a new databases format. Those users who still require update retranslation can use the UpdaterUtility, which will support 2014 databases in the near future.

I think the settings in the latest version of your product are not detailed enough. Those settings used to give me a sense of comfort (I agree that might be just a mere assumption), as I knew what to expect. Now when performing a scan, I may choose only between High/Recommended/Low scan modes. What are these definitions supposed to mean and what is the difference between them?

They mean the following: maximum protection (but compromising the system performance), recommended level of protection (balancing protection and system performance), and minimum protection (providing the maximum system performance).

What options we turn on and off to provide a required level of protection is a matter of technology, and, as I have previously stated, this might change with the database update. The most important thing, though, is to decide for yourself which level of protection is optimal, considering the typical tasks done on the PC.

Why do problems occur every time I update Firefox? Are your plug-ins just not compatible with the latest version of the browser?

Is it safe to use Firefox? Many add-ons do not work with this browser.

Firefox developers frequently update the browser, and in many cases the APIs are changed. We, as an external modules producer, use these APIs. That said, each new version of the browser requires our add-on codes to be modified, and we have to run our additional thorough checks of reliability, sustainability, and compatibility. That needs time. I would like to point out that other browsers such as Internet Explorer or Chrome are not prone to such problems as their producers devote so much effort to ensure compatibility and provide support to the developers. Meanwhile, we are also working to make sure that our solutions remain compatible with newer versions of Firefox. To answer your question, it is ok to use Firefox, however, we recommend using Google Chrome as its basic configuration is safer.

Which Kaspersky Lab products resist stealth and advanced persistent threats?

These definitions might mean a wide range of threats, but I presume this is referring to rootkits and exploits. Traditionally, we are highly efficient at securing users from these types of threats. As of our previous version, we employ a very capable Automatic Exploit Prevention mechanism which detects if trusted applications are performing suspicious activities (presumably via exploits), and aborts the malware code execution. Our current version adds the support of a complex ZETA shield technology which has its origins in enterprise systems and is capable of detecting suspicious elements in incoming data – for instance, an executable code inside a PDF file. To protect the system from rootkits, we dig into the deepest layers of the operating system.

What’s your favourite kind of pizza? No questions on your products, everything works like a Swiss clock!

Frankly speaking, I don’t eat much pizza, thus I don’t have a favourite.