Performance Validation Testing Kaspersky Lab Corporate Security
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Performance
Validation
Testing
Kaspersky
Lab
Corporate
Security
Solutions
1 of 24
Contents Changing Malware Threats in Corporate Networks 3 The Test Objectives 6 Malware Test Suites 8 Malware Detection Test Results 9 Kaspersky Lab Corporate Security Solutions 10 Checkmark Certifications for Kaspersky 14 Checkmark Certification Profile for Kaspersky Lab 15 Conclusion 16 Product Feature Comparisons 17 Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG Standard Edition 18 Kaspersky Security 8.0 for Microsoft Exchange Servers 19 Kaspersky Anti-Virus 8.0 for Linux File Server 20 Kaspersky Anti-Virus 8.0 for Lotus Domino 21 Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition 22 Disclaimer 23 Contact Information 24 2 of 24 www.westcoastlabs.com
Changing Malware Threats
in Corporate Networks
The Evolution of Malware, Security focus in corporate networks shifts away from the
Technologies and Services desktop, into mobile, cloud and virtual computing
resources, security software needs to protect these
By Lysa Myers, environments too.
director of research, The way malware spreads has also changed – there
West Coast Labs is less concern for infecting oneself with a floppy disk
(how many of us even have a floppy disk drive now?)
or via poorly worded and spelled mass-mailer viruses.
T here are few who are unaware
of the malware landscape
changing since the release of
When malware authors discovered there was profit to
be had in spreading their malicious wares, they began
to take many of the tactics used by Search Engine
the first few viruses decades Optimizers and improved their social engineering craft,
ago. But it seems there are
placing files where people were most likely to run
just as few people outside
the computer security industry who understand the across them. Consequently, the Web is now where
nature of that change. No longer is malware as the majority of people become infected with malware
ethereal a threat as an urban legend, and no longer and, given the extent to which the internet is such an
is the virus outbreak of the day making the evening integral part of all corporations’ business activities, the
news. Threats now come not by ones and twos but Web is a potent threat vector. Company’s websites are
by the many tens of thousands each day with the regularly targeted for defacement or infected to spread
known total hovering in the tens of millions. And malware to the site’s visitors.
threats come quietly, remaining as far below the radar
Given that the Internet is operating system agnostic
as possible to maximize their stay on an affected
and because current scripting languages allow for
machine. Corporations are now victims of targeted
attacks, as well as the regular masses of malware and queries of the specific browser version of each visitor,
have specific needs for the protection of corporate malware can be spread which in a manner which
information assets.
While malware activity has increased, security
budgets certainly have not. Many corporate security
staff find themselves facing a tidal wave of new
threats without extra personnel or resources. They
need security software to work faster, harder and
require less manual interaction while providing detailed
reports as to what actions have been taken. Machines
which are infected need to be cleaned completely so
as to get systems back up and running quickly and
painlessly. Anti-Malware software is only as good as
its research and support departments. They are vital in
order to have excellent response times to new threats
and to provide top-notch customer assistance. As
3 of 24 www.westcoastlabs.com
infects any particular visit. In the last few years, test of anti-malware functionality, it is far from a
this has been a tactic which has proved increasingly complete picture of overall product performance.
popular with malware authors, increasing their reach as In order to accurately reflect a user’s experience
the market share of new technology increases. with malware, it is important to gather the full spectrum
Obviously, anti-malware products had to change with of malware from a variety of sources from throughout
the times as the onslaught of malware has increased the internet, which circulate on various protocols. This
and the tactics of malware authors has shifted. The means including not just email-based malware, but
first anti-malware products were designed strictly malicious files on P2P networks, as well as on the Web
as signature scanners, which only ran when a user and other attack vectors. Because malware does not
specifically initiated a scan. In short order, this was stop when the work day ends nor does it recognize
changed to allow the scanner to run continuously in geographic boundaries, threats must be collected all
the background so that each file was examined as it day from around the world.
was accessed, without users having to think about
it. This approach has become more widespread, so
that products require little interaction – users can
automatically have the most up-to-date protection
running at all times.
Another thing which has changed with the times is
the complexity of the scanning processes. No longer
are anti-malware products simply signature-based
scanners.
They now include advanced heuristic technologies
and generic signatures which can proactively detect
new variants of existing families and new malware
families. The best products include a variety of
security features such as web or spam filtering,
behavioural analysis or a firewall technology which As anti-malware products have begun to include
can help protect against brand new threats. With more wide-ranging technologies including ones which
these new, intensive scanning technologies, vendors are initiated upon execution of a file, testing must
have come up with many ways to decrease the overall incorporate dynamic functionality by running threats
processing load, so that scanning will not noticeably on test machines. This naturally takes more time than
decrease access times or interrupt workflow. scanning an immobile directory of files, so one must
As both the malware landscape and anti-malware take care to select the most relevant sample set which
products have changed, so has the security testing a customer is most likely to encounter. This takes
industry. When products under test were updated into account not just prevalence, but attack vector
periodically, used on-demand scanning and the total popularity on which it’s spread, potential for damage on
known malware was in the thousands, it made sense an infected system, as well as geography.
to have only a single pass or fail test which was Malware authors are always abreast of technology
performed a few times a year over a static test-bed of trends – where do people share their information,
samples. This is no longer the reality of the current how do people share files? At West Coast Labs we’ve
user experience. While it can be a meaningful baseline already begun to see an increase of attacks on things
4 of 24 www.westcoastlabs.com
like digital picture frames, USB thumb drives, mobile overall service to meet not just security, but also
phones and on popular Web 2.0 sites. So, suffice to business needs.
say, if you know a few people who use one or other When considering product performance in a
or all – malware authors are looking to exploit them corporate network environment, ‘Protection’ is more
for financial gain. Likewise, anti-malware vendors are than current malware detection capabilities, it’s also
developing technologies to protect them and testers about the extent of a vendor’s product research
like West Coast Labs are developing methodologies and development strategy that anticipates threats
to mirror the user’s risk and potential infection and trends to ensure proactive network protection.
experience. In order to keep up to date on the It can be further defined as the extent to which
evolving malware landscape, one need only see which malware protection is delivered for a multi-platform
new widgets are being used in infrastructure through efficient
home and business network
environments.
“It’s also about the and easily managed solutions
with wide inter-operability
But in the corporate world, capabilities. ‘Protection’ is
keeping updated on the latest extent of a vendor’s also about the extent to
threats and technologies which business interests are
is not enough – TCO and
ROI need to be considered.
product research and protected through vendor
service strategies that now
How well do advanced include optimised and cost-
technologies proactively development strategy effective security plans tailored
detect? How quickly are to individual corporations’
new threats added? How is
customer support response?
that anticipates threats needs for maximising business
productivity, lowering the
and trends to ensure
How easily can the solution total cost of ownership and
be managed remotely? How maximising the return on
much CPU time is used investment. Also, given that
for scanning? To find the
answers to many of these
proactive network corporations are operating in
a worldwide ‘e-economy’ all
protection.”
questions, take a look at this needs to be supported by
product performance data trusted and responsive global
from leading independent support plans.
test organisations such as West Coast Labs and the Yes, the threat landscape is continuing to evolve
performance validation programmes they deliver – with new malware threats spawned at an alarming rate,
such as Real Time Testing. but no longer is malware protection and information
You can also take a close look at how individual security in general just a technical issue - it’s a
vendors are responding to the changing threat business issue. That’s why vendors’ product and
landscape and the implications for the security of service solutions are evolving to suit these changing
corporate networks. Nowadays, vendors are defining needs and West Coast Labs is developing independent
‘Protection’ differently. No longer is it just product product performance programmes that ensure that
performance-related but also related to business and these products and services are tested and validated
customer service issues, delivering a higher value accordingly.
5 of 24 www.westcoastlabs.com
The Test Objectives
Kaspersky Lab commissioned West Coast Labs to the appropriate and commonly supported Operating
carry out the following testing: System and software detailed in the next section of this
• Checkmark Certification for the Baseline, Dynamic report. During installation, all default values were kept
and Real Time testing programme on seven corporate and, where a choice was required, the course of action
security solutions: recommended by the solution and/or the attendant
• Kaspersky Security 8.0 for Microsoft Exchange product documentation was adhered to.
Servers Each solution was updated to the latest available
• Kaspersky Anti-Virus 8.0 for Windows Servers definition, engine, and signature releases before a
Enterprise Edition forensic image was taken and stored for later use. Up-
• Kaspersky Anti-Virus 8.0 for Linux File Server dates were allowed during the test period through any
• Kaspersky Anti-Virus 8.0 for Lotus Domino normal scheduled and automatically enabled update
• Kaspersky Anti-Virus 8.0 for Microsoft ISA mechanism present in the product, and a further foren-
Server and Forefront TMG Standard Edition sic image was taken on the last day of testing for each
• Kaspersky Endpoint Security 8 for Mac combination of products.
• Kaspersky Endpoint Security 8 for Linux Each solution was tested against an appropriate
• Comparative testing of selected Kaspersky test set extracted from the 100,000 samples men-
products against a range of competitor products in a tioned above and made up of real-world, “solution ca-
“static” test environment (see below). pability specific” samples taken from West Coast Labs’
• A comparison of product feature sets using collections, including samples received in the West
publicly available information on vendor websites and Coast Labs Global Honeypot Network. For example,
marketing collateral. the Exchange-based solutions were tested against mal-
A comprehensive list of all Kaspersky Lab Check- ware known to propagate over email. Test sets and the
mark Certifications and Checkmark Platinum Product methodologies were constructed so as to mirror the
Awards can be found on page 15. experience of a real-life installation as far as possible
and not to advantage any one vendor over the others.
The Comprative Product Testing *For a description of the malware used in this test
The comparative testing comprised a basic evaluation programme, refer to Appendix 1 of this report.
of each product’s malware detection capability in a static
test environment. WCL built a test suite of 100,000 live Comparative Product Testing – Test Network
malware samples* from its own independent resources Testing was carried out on distinct networks which com-
that covered all appropriate attack vectors. prised various server and client machines needed to run
Each solution was installed to a server running the respective technologies and operating systems.
Corporate Security Solutions Used in the Comparative Product Testing
Microsoft Exchange Test
Kaspersky Security 8.0 Symantec Mail Security Trend Micro ScanMail
McAfee GroupShield Sophos E-mail Security ESET Mail Security
Lotus Domino Test
Kaspersky Anti-Virus 8.0 Symantec Mail Security Trend Micro ScanMail
McAfee GroupShield Sophos E-mail Security ESET Mail Security
Microsoft ISA Server (replaced by Forefront TMG 2010) Test
Kaspersky Anti-Virus 8.0 Forefront TMG 2010
Windows Server Test
Kaspersky Anti-Virus 8.0 Symantec Endpoint Protection Trend Micro Officescan Server
McAfee VirusScan Enterprise and
VirusScan for Storages Sophos Endpoint Security ESET File Security
Linux Test
Kaspersky Anti-Virus 8.0 Symantec Endpoint Protection Trend Micro ServerProtect
McAfee VirusScan Enterprise Sophos Endpoint Security ESET File Security
6 of 24 www.westcoastlabs.com
In order to provide a balanced reporting process, tests, along with desktop machines to act as remote
West Coast Labs recommended that all client machines points of control and for test management.
should run Windows XP and Service Pack 3 and that
server platforms ran the highest OS version commonly Comparative Product Testing – Test Methodology
supported across each of the solutions. In each test case, the protocol most likely to be used
In some cases this meant that they may not have was employed to test the solutions – detailed below.
been running on the latest version of a particular Microsoft Exchange testing: Testing was conducted
operating system, but this method meant that any on an “On Access” basis. All samples were sent via
testing carried out was more directly comparable. De- email from accounts on a real-life, resolvable domain
tails of highest levels of common operating systems owned and controlled by West Coast Labs to the
per component available at the time of testing are as products under test over a live internet connection
follows: with appropriate firewall rules in place to allow only
Network 1 – Microsoft Exchange communication between the hosts used in the testing.
This network comprised 12 systems – 6 desktops and This enabled West Coast Labs to report on those
6 servers (one of each for each solution). Each of the emails that were stopped at the Exchange Server and
desktop machines were paired up with a server system track those emails that were bounced to allow for
in order to allow an Exchange Server and Outlook client resending to ascertain the gateway protection offered.
configuration. Windows Server testing: Testing was conducted on
Server OS: Windows 2003 Server 64 bit, Exchange an “On Demand” basis. All samples were copied on
Release: 2007 64 bit. to the appropriate server in a number of directories.
Network 2 – Windows Server The solution under test was asked to scan the server
This network comprised 12 systems – 6 desktops and Operating System to report any infections it found.
6 servers (one of each for each solution). Each of the Linux testing: Testing was conducted on an “On
desktop machines were paired up with a server system Demand” basis. All samples were copied on to the
in order to allow a server/client configuration. appropriate server in a number of directories. The
Server OS: Windows 2008 64 bit solution under test was asked to scan the server
Network 3 – Linux Operating System to report any infections it found.
This network comprised 6 systems running the Red Lotus Domino testing: Testing was conducted
Hat Enterprise release 5 version of Linux. on an “On Access” basis. All samples were sent via
Network 4 – Lotus Domino email from accounts on a real-life, resolvable domain
This network comprised 12 systems – 6 desktops and owned and controlled by West Coast Labs to the
6 servers (one of each for each solution). Each of the products under test over a live internet connection
desktop machines were paired up with a server system with appropriate firewall rules in place to allow only
in order to allow a Lotus Domino server and Lotus communication between the hosts used in the testing.
Notes client configuration. This enabled West Coast Labs to report on those
Server OS: Windows 2003 32 bit, Lotus Domino emails that were stopped at the Domino Server and
Release: R8 track those emails that might get bounced to allow for
Network 5 – Microsoft ISA Server (Forefront TMG resending to ascertain the gateway protection offered.
2010) TMG 2010 testing: Testing was conducted on an “On
This network comprised 4 systems – 2 desktop and Access” basis. All samples were provided from a real-life
2 servers (one of each for each solution). Each of the resolvable web, FTP and P2P server on a domain wholly
desktop machines were paired up with a server system owned and controlled by West Coast Labs.
in order to allow a server/client configuration. Attempts were made to download the samples
Server OS: Windows 2008 64 bit, Forefront TMG over a live internet connection with appropriate firewall
2010 rules in place to allow only communication between the
Supporting these five networks there were a number hosts used in the testing using HTTP, FTP and P2P to
of servers designed to collect data from each of the ascertain the gateway protection offered.
7 of 24 www.westcoastlabs.com
Malware Test Suites
W est Coast Labs puts considerable effort into
ensuring the relevance of samples used in testing.
There are three key components to this process.
five different operating environments, namely Microsoft
Exchange, Lotus Domino, MS ISA (TMG 2010) Server,
Windows Server and Linux File Server. The main test
The company’s research facilities continuously monitor suite is divided into separate sub-suites used for each
malware attacks and intercept attempts to attack the environment (although some sub-suites are used more
corporate network of a global company with thousands than once).
of users spread over four continents. For both Microsoft Exchange and Lotus Domino,
WCL also has the advantage of an international the main component of the test suite is a group of
system of honeypots, machines based in many malware that spreads itself via SMTP. Of course, many
countries on most continents that sit on open different files and types of malware can be attached
networks waiting to be attacked. When attacks occur to emails, and therefore the test suite also includes
the malware is intercepted and reported back to a malware gathered internationally that can be sent by
email. Types of malware used in this part of
the test include viruses, bots, Trojans, and
especially those worms designed to spread
by email, all of which have been found in the
email intercepts delivered to WCL.
Windows Server acts as a network server
and repository and so the appropriate test
sub-suites include not only those sub-suites
as used elsewhere but also network worms
as being the malware most likely to infect
and spread via these environments.
MS ISA Server acts as a network edge
gateway and so the suites considered when
testing this include a wide range of malware
concentrating on network traffic including
HTTP, FTP, malware as well as network
central repository, where it is de-duped, checked for worms – malware transported by the sort of traffic flow
corruption and validity, stored and can then be used as that would be associated with a corporate network.
a sample for testing products. Linux has a small selection of malware especially
Another method of collection and validation is designed to run in that environment, but also needs
through honeyclients; systems designed to trawl to recognize Windows malware; although this cannot
the Internet to discover “drive-by downloads” (where run natively in this environment, many companies
malware is downloaded in the background unknown include both Windows and Linux machines on the
to the user who is looking at an otherwise perfectly same networks and any failure to recognize Windows
acceptable web site), and to download files by visiting malware might lead to infection of central or shared
these websites and capturing the output. servers and leave the whole network vulnerable. For
this reason the test sub-suites used in this environment
Comparative Test Project Malware Samples include Linux malware but also Windows malware as
For this particular custom test, testing takes place in used in some of the other tests.
8 of 24 www.westcoastlabs.com
Malware Detection Test Results TEST 1 – Microsoft Exchange Total Malware Samples – 8042 Test Date Detection Rate Test Location Kaspersky Security 8.0 16/09/2009 - 23/09/2010 100%HH WCL UK Lab Product Performance AverageH 100%HH WCL UK Lab Product A 16/09/2009 - 23/09/2010 100%HH WCL UK Lab Product B 16/09/2009 - 23/09/2010 100%HH WCL UK Lab Product C 16/09/2009 - 23/09/2010 100%HH WCL UK Lab Product D 16/09/2009 - 23/09/2010 100%HH WCL UK Lab Product E 16/09/2009 - 23/09/2010 100%HH WCL UK Lab TEST 2 – Windows Server Enterprise Total Malware Samples – 25640 Test Date Detection Rate Test Location Kaspersky Anti-Virus 8.0 20/09/2010 - 23/09/2010 99.68% WCL USA Lab Product Performance AverageH 99.54% WCL USA Lab Product A 20/09/2010 - 23/09/2010 99.45% WCL USA Lab Product B 20/09/2010 - 23/09/2010 99.50% WCL USA Lab Product C 20/09/2010 - 23/09/2010 99.36% WCL USA Lab Product D 20/09/2010 - 23/09/2010 99.69% WCL USA Lab Product E 20/09/2010 - 23/09/2010 99.57% WCL USA Lab TEST 3 – Linux Total Malware Samples – 25640 Test Date Detection Rate Test Location Kaspersky Anti-Virus 8.0 05/10/2010 - 08/10/2010 99.95% WCL USA Lab Product Performance AverageH 99.59% WCL USA Lab Product A 05/10/2010 - 08/10/2010 99.64% WCL USA Lab Product B 05/10/2010 - 08/10/2010 99.24% WCL USA Lab Product C 05/10/2010 - 08/10/2010 99.40% WCL USA Lab Product D 05/10/2010 - 08/10/2010 99.80% WCL USA Lab Product E 05/10/2010 - 08/10/2010 99.53% WCL USA Lab TEST 4 – Lotus Domino Total Malware Samples – 8042 Test Date Detection Rate Test Location Kaspersky Anti-Virus 8.0 06/10/2010 - 10/10/2010 100%HH WCL UK Lab Product Performance AverageH 100%HH WCL UK Lab Product A 06/10/2010 - 10/10/2010 100%HH WCL UK Lab Product B 06/10/2010 - 10/10/2010 100%HH WCL UK Lab Product C 06/10/2010 - 10/10/2010 100%HH WCL UK Lab Product D 06/10/2010 - 10/10/2010 100%HH WCL UK Lab Product E 06/10/2010 - 10/10/2010 100%HH WCL UK Lab TEST 5 – ISA Server (Forefront TMG) Total Malware Samples – 18680 Test Date Detection Rate Test Location Kaspersky Anti-Virus 8.0 14/10/2010 - 19/10/2010 99%HH WCL UK Lab Product A 14/10/2010 - 19/10/2010 99%HH WCL UK Lab HDefined as the performance average of the products included in the tests, which are deemed to be leading solutions in their own rights. HHSamples used in these tests are those found to be in circulation on West Coast Labs’ SMTP malware feeds immediately prior to the commencement of testing. Although appearing unusual, the 100% detection rates are indicative of two key facts. Firstly, the paranoid behaviour of email protection systems and the degree of protection extended to vital communication systems such as these, Secondly, the changing nature of attempts to compromise end users over this vector. Whilst executables and binaries travelling over this vector are still highly prevalent, they are becoming less diverse, ie that there are not as many frequent outbreaks of email based malware as there were and that the targets are more likely to receive phishing emails and links to websites rather than files. 9 of 24 www.westcoastlabs.com
Kaspersky Lab Corporate Security Solutions
Kaspersky Lab Statement
Kaspersky Security 8.0 for
Kaspersky Lab has developed highly-effective anti-malware solutions
Microsoft Exchange Servers
for use in medium and large-scale corporate networks with complex
(Kaspersky Security 8.0).
topologies and heavy loads. Combining ease of use with high standards
of performance across multiple attack vectors, the products are cost Kaspersky Security 8.0 provides
effective solutions which meet both business and technical needs anti-malware and anti-spam protec-
tion for mail traffic on corporate
worldwide.
networks. Its integration with
Exchange allows for detection and
removal of malware and spam at
West Coast Labs’ Executive Summary Report the gateway level.
The product is easy to install
The launch of the Kaspersky Lab’s solutions available anywhere in the and its user-friendly interface, flex-
range of anti-malware products for world today. ible administration and straightfor-
the corporate network environment Details of the specific tests to ward configuration and reporting
provides security managers with which the products are exposed system does not place excessive
an extended choice of effective are published elsewhere in this demand upon Administrator’s time.
solutions for dealing with threats report, but the overall outcome No extra setup is required on
in attack vectors across multiple of the certification testing is the Exchange and malware protection
operating systems. achievement of the Platinum began immediately.
West Coast Labs’ independent Product Award for these prod- Management of the solution is
testing and performance valida- ucts, which is the highest level simple as Kaspersky Security 8.0
tion of the products confirm that of independent validation from employs a Microsoft Management
they combine ease of use and West Coast Labs possible for Console (MMC) snap-in, providing
management with high levels of an anti-malware solution. This is an intuitive interface with full ac-
performance, all of which is driven complemented by very respect- cess to all features. Database and
by Kaspersky Lab’s own research, able malware detection test results signature updates run automatical-
development and customer sup- which position the performance ly, as often as every two hours, but
port programmes. of Kaspersky Lab products very if required may be run on-demand.
Kaspersky Lab has made a favourably alongside more widely Although there are fewer options
significant commitment to the inde- recognised corporate security available compared to other corpo-
pendent validation of its products’ solutions. rate products on the market, it can
efficacy and performance through The specific malware detection be argued that all the necessary
West Coast Labs’ Checkmark capability testing of both Kasper- options are available thus leading
Certification System. This provides sky Lab and a number of com- to a streamlined user experience.
a range of static, dynamic and petitive anti-malware solutions was In the ongoing Checkmark Certi-
real-time tests which make these carried out in September and Oc- fication Static and Real Time tests,
Kaspersky solu- tober 2010 while the Checkmark like all the Kaspersky products, this
tions possibly Certification testing of its products solution has achieved high consis-
the most inten- is performed on an ongoing basis. tently standards of performance.
sively tested Custom test reports and details of For the comparative performance
corporate certification testing are available at testing to measure the product’s
anti-malware www.westcoastlabs.com detection capability of malware
t
t
10 of 24 www.westcoastlabs.comknown to propagate
Test Networks and Methodology
over SMTP, Kaspersky
Security 8.0 achieved In a heterogeneous network
100% detection rate situation it is important to know that
a security solution is both compliant
of the 8042 malware and compatible. Throughout the
samples used in the comparative test programme for
test. This performance ISA/TMG, Linux, Lotus Domino and
is equivalent to and WSEE, WCL utilised the following
matches that of the network configuration to simulate a
corporate network environment:
competitor products
• 64-bit Windows 2008 machine
included in the test. running as a gateway/DNS server
We also test HTTPS. hosting Forefront TMG/ISA Server
• 32-bit Windows 2003 machine
Kaspersky Security 8.0 Update Process running Lotus Domino mail server
Kaspersky Anti-Virus 8.0 for • 64-bit servers running Linux and
Microsoft ISA Server and Windows 2008, both acting as file
Kaspersky Anti-Virus 8.0 allows servers
Forefront TMG Standard Edition
permission or denial of various While each of the solutions
Kaspersky Anti-Virus 8.0 sits on top traffic types – HTTP, FTP, SMTP were tested independently of one
of Microsoft Forefront TMG 2010. and POP3 – plus the ability to another, results of these tests and
While TMG acts as a standalone define what, if any, of the protocols the observations made point to the
various Kaspersky Lab solutions
security solution in its own right, the should be subject to scanning.
providing a multi-faceted security
addition of Kaspersky Anti-Virus 8.0 Data on network status includ- framework for a corporate network.
provides a multi-layered security ing the protocols which are being Taking a hypothetical network into
solution. blocked, numbers of files scanned, account, as below, one can see how
Installation of Kaspersky Anti- and the number of resulting infec- each of the solutions would interact
Virus 8.0 is simple, using a stan- tions is readily available. with and secure the network.
Anti-malware protection, at
dard Windows Installer and settings In the performance testing over the gateway level, is provided by
imported from TMG during the the HTTP and FTP attack vectors, scanning email coming into the
install process. The default settings the combination of Kaspersky ‘corporate network’ over SMTP with
provide fast protection, but a more Anti-Virus 8.0 and TMG provided an initial scan by Kaspersky Anti-
tailored installation can be achieved 99% detection of the range of Virus 8.0 sitting on the TMG server.
In turn, the email is then received
if required. malware samples which were
by the Exchange or Domino server
The solution is managed via included in the test. and a further scan conducted by
MMC with an additional central mon- the appropriate solution. Should
itoring screen and network policies any user require the downloading of
Kaspersky Anti-Virus 8.0 for email from an external POP3 server,
which can be be added to comple-
Linux File Server the Kaspersky for TMG solution
ment those of TMG; making the
scans the traffic as it passes
whole process Kaspersky Anti-Virus 8.0 for through the gateway.
of management, Linux installs from the command When dealing with files any that
administration line, using a shell-script installer. are downloaded over HTTP/FTP are
and ongo- Although some degree of familiarity scanned on the TMG/KAV combined
ing use very with Linux is required, even junior server. Should any network user
then attempt to upload any files to
straightforward. network administrators with a basic
either a Windows or Linux based
file server then here the respective
Kaspersky Lab solution will provide
t
t
further defense-in-depth.
11 of 24 www.westcoastlabs.comKAV 8.0 for Linux File Server interface.
Application interface of KAV for ISA
anti-malware product, the make-up possible to ensure consistency of
of the interface is very familiar – it performance.
understanding of Linux should be is both clear and intuitive. However, Kaspersky Anti-
comfortable with the process. On-Access and On-demand Virus 8.0 sets itself apart in this
Managed via a web-based protection are available as regard. It is well implemented, as
GUI running on a non-standard standard. Administrators can demonstrated in the comparative
port, Kaspersky Anti-Virus 8.0 browse the Quarantine folder from performance tests where it led
is configured from the GUI. No within the product interface to with a 99.95% detection rate
secondary interfaces or files need review any malware logged and on the 25640 malware samples
to be changed and updates are thus decide what actions to take. tested compared to an average
either scheduled or run on-demand. Given the complexities performance rate of 99.52%
For security admin staff who involved with porting anti-malware for 5 other leading corporate
may be familiar with a file-server solutions to Linux, it is not always solutions.
Kaspersky Anti-Virus 8.0 for Lotus Domino
Anyone familiar with Lotus Domino will find the installation
straightforward. It is performed using a Lotus .nsf database
file which is opened through Lotus Notes to run. Admin-
istrators can set various actions to be performed when
malware is detected, however they will need to be familiar
with Lotus in order to get the best out of the solution when
rolling Kaspersky Anti-Virus 8.0 out to a
Domino server.
Delete or quarantine actions are
easily defined for detected malware
and for deleting infected attachments.
Licensing process on Kaspersky Anti-Virus for Lotus
Unlike some of the other vendor prod-
t
t
12 of 24 www.westcoastlabs.comucts included in the comparative
Kaspersky Anti-
performance review, Kaspersky
Virus 8.0 for
Anti-Virus 8.0 does not need the
Windows Servers
installation of a desktop anti-
Enterprise Edition
malware product to be able to use
the desktop product’s scanning Kaspersky Anti-Virus
engine signature files. 8.0 for WSEE uses
In the comparative testing the standard Windows
against 5 other leading corporate Installer interface.
solutions, the test methodology em- Two installations are
ployed a sender machines running required, one for the
a Linux distribution. Scripts devel- Administration tools
oped by WCL were used to send and one for the solu-
the emails that contained infected tion itself. However, Update Process on Kaspersky Anti-Virus WSEE
attachments over a live Internet importing an existing
connection. configuration file to
Emails were sent to servers keep existing settings is possible required setting. On Demand scans
running Lotus Domino 8.5 on when upgrading a previous version. can be set to a pre-defined security
Windows 2003 that each picked Installation is quick and trouble-free. level or customized to meet the
up emails for a FQDN owned and Managed through an MMC demands of the organisation.
controlled by WCL. Client machines snap-in, the product allows product Similarly, On Access protection
running Lotus Notes 8.5 were used updates to be rolled-back if needed. can be set with a preference for
to pick-up the messages from the It provides a quarantine area and a either high speed scans or high
Domino servers and analysed the backup facility just in case the Ad- protection levels.
attachments to aid calculation of ministrator deletes a file that needs Throughout the comparative test
the overall detection rate which to be restored. The interface, as a programme, WCL found the scans
for Kaspersky Anti-Virus 8.0 was whole, provides a rapid means of ran quickly with an overall detection
of a particularly high standard implementing malware security poli- rate for Kaspersky Anti-Virus 8.0 of
which mirrored that of the competi- cies on the solution. 99.68% compared to an average
tor products included in the test All of the available features are performance of 99.51% for the
programme. easy to locate without the need other 5 security solutions included.
All solutions attained a 100% de- for drilling down through multiple
tection rate during the test period. options screens or hunting for a
WEST COAST LABS VERDICT
Combining ease of use with high levels of performance, the Kaspersky
Lab solutions under test have delivered comparable and at times, better
detection rates to equivalent products.
With a consistent level of anti-malware protection across the network
topology, users of the Kaspersky Lab products featured in this report can
be confident that they are all rigorously tested through the Checkmark
Certification and the Real Time testing programme to provide ongoing
independent validation on performance.
13 of 24 www.westcoastlabs.comCheckmark Certifications for Kaspersky
T he Checkmark Certification System is recognised
globally as probably the most comprehensive
independent functionality and performance validation
In Real Time,
the products are
tested 24x7x365
program of its kind. against live malware
With three tiers of certification – Baseline, Dynamic in a range of attack
and Real Time testing – vendors have the opportunity vectors are relevant
to commit to the System at a level that suits the to each product.
performance of their products and services in the real- These include FTP,
world. HTTP, P2P, SMTP and
The Baseline certifications comprise a series of Malicious Web Sites.
static benchmarking tests that measure detection Given the nature of
capability against a finite suite of known malware the Real Time testing
threats. Whereas the addition of Dynamic and Real program and the fact
Time testing transforms this certification program into that it is probably the
a threefold process that results in the most complete most rigorous product
evaluation of an Anti-Malware vendor’s products performance validation of its kind, the products
available. registered for Real Time testing are eligible for the
• Static Testing – baseline tests that measure Checkmark Platinum Product Award.
detection capabilities against known threats. Far more than just a measure of product
• Dynamic Testing – measures product performance performance it also acts as recognition of the
in relation to malware executing as end users and vendor’s commitment to the highest level of
corporations experience them in the real world . independent product validation and a measure of the
• Real Time Testing – measures critical vendor’s responsiveness to emerging threats.
performance characteristics in a network environment The Kaspersky Lab products holding the Checkmark
24x7x365. The testing provides results in metrics Platinum Product Awards are:
including; performance in relation to time, attack • Kaspersky Anti-Virus 8.0 for Windows Servers
vectors, heuristic behavior analysis, signature update Enterprise Edition
and vendor research effectiveness. • Kaspersky Anti-Virus 8.0 for Linux File Server
The combination of these three, distinct test • Kaspersky Anti-Virus 8.0 for Lotus Domino
programs provide the highest • Kaspersky Anti-Virus 6.0
level certification of product for Windows Workstations
performance available. • Kaspersky Anti-Virus 8.0
All the Kaspersky Lab for Microsoft ISA Server
products that form part of this and Forefront TMG Standard
test program are registered Edition
in the Checkmark System • Kaspersky Security 8.0 for
for all three levels of testing Microsoft Exchange Server
– Baseline, Dynamic (where • Kaspersky Endpoint
appropriate) and Real Time. Security 8 for Linux
14 of 24 www.westcoastlabs.comCheckmark Certification Profile
Checkmark Anti Virus Anti Virus Trojan Spyware Anti Anti Anti Malware
Certifications Detection Disinfection Malware Spam Dynamic
Kaspersky Lab Applications
Kaspersky Anti-Virus 8.0 for
Windows Servers Enterprise Editon l l l l
Kaspersky Anti-Virus 8.0 for
Linux File Server l l l l
Kaspersky Anti-Virus 8.0 for
Lotus Domino l l l l
Kaspersky Anti-Virus 8.0 for
Microsoft ISA Server and Forefront
TMG Standard Edition l l l l
Kaspersky Security 8.0 for Microsoft
Exchange Servers l l l l l
Kaspersky Anti-Virus 6.0 for Windows Workstations
Windows XP l l l l l l
Windows Vista l l l l l l
Windows 7 l l l l l l
Kaspersky Endpoint Security 8
for Mac l
Kaspersky Endpoint Security 8
for Linux l l l l l
Kaspersky Anti Spam l
Checkmark Real Time Real Time Real Time Real Time Real Time Real Time
Certifications FTP HTTP SMTP P2P Mal URL Spam
Kaspersky Lab Applications
Kaspersky Anti-Virus 8.0 for
Windows Servers Enterprise Edition l l
Kaspersky Anti-Virus 8.0 for
Linux File Server l l
Kaspersky Anti-Virus 8.0 for
Lotus Domino l
Kaspersky Anti-Virus 8.0 for
Microsoft ISA Server and Forefront
TMG Standard Edition l l l l l
Kaspersky Security 8.0 for
Microsoft Exchange Servers l l
Kaspersky Anti-Virus 6.0 for Windows Workstations
Windows XP l l l
Windows Vista l l l
Windows 7 l l l
Kaspersky Endpoint Security 8
for Linux l l
The above chart denotes those certifications in which the respective Kaspersky solutions are currently enrolled. It is not reflective of each
solution’s test results or full protection capabilities.
15 of 24 www.westcoastlabs.comConclusion
I n this test programme, Kaspersky Lab products
have undergone probably the most extensive testing
carried out by West Coast Labs against a single
second-highest detection rate. It should be noted that
the difference between first and second in the Windows
OS test was just 1/100th of a percent, thus putting
corporate solution. Kaspersky above the Industry Average as defined in
These tests range from West Coast Labs’ the test results.
established Checkmark Certification to ongoing From the results of the test programme it can be
performance validation the Real Time system and the concluded that not only do the Kaspersky solutions
custom malware comparative testing. This programme offer comparative detection rates to offerings from
also includes the first ever product to be awarded the other vendors, it is clear that the level of protection
Checkmark Anti-Malware Macintosh certification. afforded by Kaspersky Lab solutions is consistently
Upon completion of the tests covered in this report high across the range of platforms.
it can clearly be seen that Kaspersky are offering an Whether corporate organisations require protection
extremely competitive and thorough security package for the desktop environment, a file server, Microsoft
to businesses and corporate organisations. Exchange email server, an Apple Mac client, or a
For mail-based systems, Kaspersky recorded a server running Lotus Domino, the Kaspersky Lab
100% detection rate on both Exchange and Lotus performance is consistent throughout.
against samples which propagate over the SMTP Prospective users of Kaspersky Lab products
protocol. While this is an impressive detection rate, it and specifically those featured in this report, can
should be noted that the other vendors also recorded take confidence from the fact that the solutions
the same detection levels. This should be an indicator are rigorously tested on an ongoing basis through
to the level of importance of email coverage and the the Checkmark certification system and the Real
perceived threat to business communications that is Time testing programme to ensure independent
held by the security industry as a whole. validation of a consistently high standard of product
On file server-type systems, in this case Windows performance.
2008 and Red Hat Enterprise 5, there is a differential in
detection levels. On the Linux OS, Kaspersky recorded The full West Coast Labs Test Report for this project
the highest detection rate amongst the solutions on is available online at www.westcoastlabs.com/
test, whilst on the Windows OS Kaspersky recorded the productTestReports/
16 of 24 www.westcoastlabs.comProduct Feature Set Comparisons
W est Coast Labs was asked to compile a
comparative feature list for each of the products
included in this test. This information has been
within the following tables should be taken as a high
level overview and does not constitute a comparison
of those features that were examined as part of the
gathered from freely available marketing literature of extended malware testing.
those companies included in this test. Research was carried out during September and
As this information is gathered from marketing October 2010 using the reference points detailed on
and other such materials, the information contained the following pages.
17 of 24 www.westcoastlabs.comKaspersky Product Comparison Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG
Standard Edition
18 of 24
Feature KAV 8.0 for Microsoft ISA/TMG SE Microsoft Forefront Threat Management Gateway 2010
1. System Requirements
Minimum Processor Spec:
1 GHz processor for ISA Server 2006 Standard Edition and 64-bit dual-core processor
for Forefront TMG Standard Edition Not specified
Minimum RAM Spec:
1 GB RAM for ISA Server 2006 Standard Edition and 2 GB RAM for Forefront TMG Standard Edition 2 GB
Minimum available Hard Disk Space 2.5 GB 2.5 GB
2. Operating Systems Supported
Supports Windows 2008 R2 Yes Yes
Windows 2008 SP2 Yes Yes
Microsoft Windows Server 2003 SP2 Yes Yes
Microsoft Windows Server 2003 R2 Yes Yes
2. 3rd party platforms/software supported
Supports Microsoft Forefront TMG Yes Yes
Compatibility with VMware (Vmware Ready) Yes
3. Security Technology components
Anti-Virus detection Yes Yes
4. Key Product Features
Anti-Virus engine
Detected objects: viruses, mass-mailer worms, Trojan horses, spam, spyware Yes Yes
Real-time antivirus protection Yes Yes
Update rate anti-virus every 1-2 hours not specified
Creation of backup copies Yes Yes*
Scanning traffic
Scanning of HTTP and FTP traffic Yes Yes
Scanning of HTTPS traffic (Forefront TMG only) Yes Yes
Scanning of POP3 and SMTP traffic Yes Provides management, but needs separate product for Exchange
Scanning of HTTP and FTP traffic from published servers Yes Yes
Scanning of VPN connections Yes Yes
Anti-Virus Settings
Exclusions from scanning Yes Yes
Flexible policy settings Yes Yes
Administration
Management via MMC Yes Yes
Monitoring of application status through the administration console Yes Yes
Flexible policy management Yes Yes
Support for non-standard FTP commands Yes Yes
Export and import of settings details Yes Yes
Notification system Yes Yes
Logging system Yes Yes
Detailed reports Yes Yes
Control over performance through the Windows Performance Monitor Yes Yes
Performance
Automatic scalability Yes Yes
Server load balancing Yes not specified
Optimal use of system resources Yes Yes
*This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.
www.westcoastlabs.comKaspersky Product Comparison Kaspersky Security 8.0 for Microsoft Exchange Servers
Feature Kaspersky Security Symantec Mail Security Trend Micro ScanMail McAfee GroupShield Sophos PureMessage ESET Mail Security 4
1. System Requirements
19 of 24
RAM 256 MB 1 GB 1GB RAM, 2GB RAM 512 MB minimum, 1 GB 256 MB to 2 GB 2 GB
recommended (5MB of recommended recommended (services)
RAM per mailboYes)
Available disk space required 512? MB 352 MB 1GB” 740 MB minimum Console: 150 MB 1.9 GB
Services: up to 2 GB
2. Operating Systems Supported
Microsoft Exchange Server 2010 Yes Yes Yes Yes Yes Yes
Microsoft Exchange Server 2007 Yes Yes Yes Yes Yes Yes
Microsoft Windows Server 2008 R2 Yes Yes Yes Yes
Other Software Information Microsoft Exchange 2003 is supported by Exchange 2010, 64 bit Native 64-bit support for Windows 2000-2003 Windows 2000- 2003 Windows 2000- 2003
another version – Kaspersky Security for Windows, VMware and Hyper-V Exchange 2010 and 2007;
Microsoft Exchange 2003 Virtualized environments 32-bit support for Exchange
2003/2000
3. Security Technology components
Anti-Virus detection Yes Yes Yes Yes Yes Yes
Anti-Spam detection Yes Yes Yes Yes Yes Yes
Heuristic analyzer Yes Yes Yes Yes Yes Yes
Linguistic analyzer Yes not specified Yes* not specified Yes No
Real-time UDS requests Yes not specified not specified Yes* not specified No
Graphical signature analyzer Yes not specified Yes No Yes No
SPF and SURBL technologies Yes No No No No No
4. Key Product Features
Anti-Virus engine
Detected objects: viruses, mass-mailer
worms, Trojan horses, spam, spyware Yes Yes Yes Yes Yes Yes
Real-time antivirus protection Yes Yes Yes Yes Yes Yes
Background on-demand scanning Yes Yes Yes Yes Yes Yes
Update rate anti-virus every 1-2 hours “rapid release definitions” “immediate protection” “AutoUpdate” “Updates automatically” No
Anti-Spam engine
Classification of incoming messages Yes Yes Yes Yes Yes Yes
Spam detection for different languages Yes No* No* No Yes No
Update rate antispam every 5 min not specified not specified not specified “constantly” No
Anti-Spam settings
Intensity level Yes Yes Yes Yes Yes Yes
Black and white listing Yes Yes Yes Yes Yes Yes
Configurable scanning eYesceptions Yes Yes* Yes Yes Yes* Yes
Anti-Virus Settings
Configurable scanning eYesceptions Yes Yes Yes Yes Yes Yes
Whitelisting Yes No Yes Yes No No
Creation of backup copies Yes No
In-memory scanning Yes No No Yes No* No*
Administration and notifications
via MMC Yes No No No No No
Notification system Yes Yes Yes Yes Yes Yes
Logging system Yes Yes Yes Yes Yes Yes
Detailed reports Yes Yes Yes Yes Yes No*
Performance
Automatic scalability Yes No No No No No
Optimal use of system resources Yes Yes Yes Yes Yes Yes
Server Architecture
Clusters support Yes Yes Yes Yes No No
Compatibility with DAG in Microsoft Exchange 2010 Yes Yes Yes* Yes Yes No
VMware ready Yes Yes No No No No
*This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.
www.westcoastlabs.comKaspersky Product Comparison Kaspersky Anti-Virus 8.0 for Linux File Server
Feature KAV 8.0 for Linux FS Symantec Endpoint Protection Trend Micro Server Protect for Linux t McAfee VirusScan Enterprise Sophos Anti-Virus for Linuxt ESET File Security for Linux/BSD/ Solaris
20 of 24
1. System Requirements
Intel Pentium II processor 400 MHz or higher Intel Pentium processor or compatible) Inte Pentium II 266 MHz or higher Intel x86 or x64; AMD x64 no information i386 (Intel 80386), AMD64 (x86_64)
architecture (32-bit and 64-bit
512 MB RAM 1 GB RAM 256 MB min 256 MB min 256 MB 32 MB
Cache size 1GB or higher
2 GB hard disk space for installation and 4 GB 50 MB for /opt + 50 MB for /tmp 500 MB 100 MB min 32 MB
temporary files.
2. Operating Systems Supported
Red Hat Enterprise Linux 5.5 Server Red Hat Enterprise Linux 3.x, 4.x, 5.x Red Hat Enterprise Linux (AS, ES, WS) 4.0 Red Hat Enterprise 4.x, 5.x Red Hat Enterprise 3, 4, 5 Linux Kernel version 2.2.x, 2.4.x or 2.6.x;
glibc 2.2.5 or higher;
Fedora 13 Fedora Core 10, 11, and 12
CentOS-5.5 CentOS 4.x, 5.x
SUSE Linux Enterprise Server 10 SP3, 11 SP1 SuSE Linux Enterprise (server/desktop) SuSE Linux Enterprise Server 9 SuSE Linux Enterprise Server/Desktop 9.x, 10x, 11 SuSE Linux Enterprise Server 8, 9, 10, 11;
9.x, 10.x Desktop 10 Sun Solaris 10
Novell OES 2 SP2 Novell Open Enterprise Server (OES/OES2) Novell Linux Desktop 9
openSUSE Linux 11.3 openSUSE Linux 10/10.1
Mandriva Enterprise Server 5.1 (32 bit only) TurboLinux 10/11 Server
Ubuntu 9.10 Server Edition Ubuntu 7.x, 8.x Ubuntu 8.04, 9.04, 9.10 Ubuntu LTS Server Edition 6.06/8.04
Ubuntu 10.04 LTS Server Edition
Debian GNU/Linux 5.0.5 Debian 4.x Debian 3.1
FreeBSD 7.3, 8.1 FreeBSD: Version 5.x, 6.x, 7.x
Miracle Linux 4.0 Dazuko kernel module 2.0.0 or higher
(optional)
Asianux 2.0/3.0 NetBSD 4.x
2. Security Technology components
Anti-Virus detection Yes Yes Yes Yes Yes Yes
Backup/Quarantine Yes Yes Yes Yes Yes Yes
3. Key Product Features
Anti-Virus engine
Detected objects: viruses, Trojan horses, spyware Yes Yes Yes Yes Yes Yes
Real-time antivirus protection Yes Yes Yes Yes Yes Yes
Background on-request or on-demand scanning Yes Yes* Yes Yes* Yes Yes
Update rate anti-virus every 1-2 hours daily every 1 hour every 1 hour “as often as every 10 minutes” daily
Creation of backup copies Yes No* No* No* No* No*
Scanning of critical system areas Yes Yes Yes Yes Yes Yes*
Scans and treats archived files Yes Yes Yes Yes Yes Yes
Anti-Virus Settings
Assigning trusted zones /users Yes Yes No* No* Yes No*
Flexible setting of scan times Yes No* Yes No* Yes No*
Additional settings for Samba servers Yes No* No* No* Yes No*
Administration
Centralized administration Yes Yes Yes Yes Yes Yes
Administration via Kaspersky Web Management Console Yes n/a n/a n/a n/a n/a
Command line administration Yes Yes No* No* Yes Yes
Notification system Yes Yes Yes Yes Yes Yes
Logging system Yes Yes Yes Yes Yes Yes
Detailed reports (PDF, XLS, CSV, etc.) Yes Yes Yes Yes Yes Yes
Performance
Automatic scalability Yes Yes Yes* Yes* Yes* Yes*
Optimal use of system resources Yes Yes* Yes* Yes* Yes* Yes*
Server load balancing Yes Yes* Yes* Yes* Yes* Yes*
Continuous server operation Yes Yes Yes Yes Yes Yes
t The McAfee and Sophos products support other Linux implementations but only for on-demand scanning, not on-access scanning *This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.
www.westcoastlabs.comKaspersky Product Comparison Kaspersky Anti-Virus 8.0 for Lotus Domino
Feature KAV 8.0 for Lotus Domino” Symantec Mail Security for Domino Trend Micro ScanMail McAfee GroupShield Sophos PureMessage for ESET Mail Security for
Multi-platform Edition Lotus Domino Lotus Domino Server
21 of 24
1. System Requirements
Processor Intel Pentium 32 bit / 64 bit or higher) 1 GHz Pentium or Higher Intel Pentium P4 or higher Intel or compatible 133 Mhz processor Not specified. Not specified
(or equivalent
Memory 512 MB of RAM (1GB or more recommended) 512 MB of RAM (1GB or more recommended) 256 MB - 1 GB (depends on platform) 256 MB or higher 256 MB Not specified
Disk space to install 1 GB of free space on the hard drive
(3 GB or more recommended) 300 MB minimum 300 - 800 MB 1 GB 500 MB Not specified
Recommended size of swap file: 2 times larger
than the physical memory
2. Operating Systems Supported
Microsoft Windows 2000 Yes Yes Yes Yes Yes Yes
Microsoft Windows Server 2003 x32/x64 Yes Yes Yes Yes Yes Yes (32 bit only)
Novell SuSE Linux Enterprise Server 9, 10, 11 x32/x64 Yes Yes 9, 10 10 No No
Red Hat Enterprise Linux 4, 5 x32/x64 Yes Yes Yes 5.x No No
Supported Lotus Notes/Domino servers:
Lotus Notes/Domino version 6.5, 7.0, 8.0, 8.5 Yes 7.x or later Yes 6.x or later 7, 8.x Yes
2. 3rd party platforms/software supported
Supports Linux Yes Yes Yes Yes No No
Compatibility with VMware (Vmware Ready) Yes No No No No No
3. Security Technology components
Anti-Virus detection Yes Yes Yes Yes Yes Yes
4. Key Product Features
Anti-Virus engine
Detected objects: viruses, mass-mailer worms, Trojan horses,
spam, spyware Yes Yes Yes Yes Yes Yes
Real-time antivirus protection Yes Yes Yes Yes Yes Yes
Background on-request or on-demand scanning Yes Yes Yes Yes No No
Update rate anti-virus every 1-2 hours not specified “immediate protection” “Always up to date” “Latest protection” not specified
Creation of backup copies/Quarantine Yes Yes Yes Yes Yes Yes
Protection against malware outbreaks Yes Yes Yes Yes Yes
Scans and treats attachments, including archived files Yes Yes Yes Yes* Yes* Yes*
Lotus Domino specific features
Scanning of databases, documents and other objects Yes Yes* Yes* Yes Yes Yes
Anti-Virus Settings
Exclusions from scanning Yes Yes Yes Yes Yes Yes
Administration
Centralized management of server groups Yes Yes* Yes Yes Yes
Distributed management of protection parameters Yes Yes No No No No
Replication of application statistics Yes No No No No No
Control of inserted parameters Yes No No No No No
Role-based administration and management of access rights Yes Yes No Yes Yes No
Installation and management via a web interface Yes No* No* Yes Yes No
Installation and management via the Lotus Notes Client Yes No* No* Yes Yes Yes
Notification system Yes Yes Yes Yes Yes Yes
Logging system Yes Yes Yes Yes Yes Yes
Detailed reports Yes Yes Yes Yes Yes
Performance
Automatic scalability Yes No* No* No* Yes No
Scalable configuration Yes Yes Yes Yes Yes No
Optimal use of system resources Yes “Optimized for high performance” “Optimized for high performance” “reduced server load” No* No
Server load balancing Yes No No No No No
Flexible adjustment of server load Yes No No No No No
Server Architecture
Supports operation in server clusters Yes Yes Yes Yes* Yes* No
*This solution offers a comparable technology but is not referred to specifically by this name, or this technology is not specifically documented in the publicly available literature.
www.westcoastlabs.comYou can also read
