Kaspersky Lab
Facts
Kaspersky Lab vs. McAfee
Kaspersky Lab: Principal facts
Kaspersky Lab is a private company founded in 1991. Eugene Kaspersky, one of its founders, has combated viruses since 1989. The group of antivirus software developers headed by him has existed for 18 years.
The company currently focuses on the development of solutions that provide protection from malicious software, spam and hacker attacks.
The company has more than 700 employees in offices across the globe.
Local offices exist in 11 countries, including China, France, Germany, Japan, Korea, the UK and the US.
Extensive partner network: more than 500 companies in over 60 countries.
McAfee: Principal facts
McAfee was founded in 1989 by John McAfee. The company’s headquarters is in Santa Clara, CA, USA. In 1997, McAfee merged with Network General (a developer of network monitoring and management tools) to form Network Associates.
In 2004, the company launched a restructuring program. It sold off Magic Solutions and Sniffer, reverted back to McAfee and re-focused on security technologies.
McAfee purchased rather than developed most of its security technologies. Specifically, it became a player in the antivirus market after acquiring S&S International (which developed antivirus products under the Dr. Solomon brand).
In 2006, top managers of McAfee were implicated in a fraud scandal. The company’s president, Kevin Weiss, was fired and its CEO and Chairman George Samenuk retired. In early 2007, the former McAfee general counsel Kent Roberts was indicted by a federal grand jury on charges of fraudulent stock-option grant deals.
Independent Assessment of the Companies’ Market Position
In 2006, Kaspersky Lab received the Frost & Sullivan Growth Strategy Leadership Award for the highest growth rate on the antivirus market
Antivirus vendor revenue growth in 2004-2005 (estimate by IDC & Gartner)
9%
17%
9%15%
63%
20%20%
41%
27%
13% 14%12%
24%
43%
13%
95%
11%18%
0%
20%
40%
60%
80%
100%
Kaspersky F-Secure Panda McAfee Sophos S ym antec Norm an Trend Mic ro Total
ID C Gartner
The Kaspersky VirusLab is located in a single research center in Moscow. This makes it possible to train new analysts and share expert knowledge with minimal delays.
The system for collecting malicious program samples is geographically distributed, with honeypots placed in numerous locations, enabling analysts to receive samples almost as soon as after they appear “in the wild”.
Kaspersky Lab uses unique tools to automate the collection and processing of malicious program samples. It takes just a few minutes to analyze malware samples and add their signatures to antivirus databases.
Updates are tested automatically. Performing multiple operations in parallel accelerates the update testing process, which takes less than an hour.
A broad range of proactive technologies developed by the company enable Kaspersky Lab products to detect most threats even BEFORE their signatures are released.
Technologies: Kaspersky Lab’s VirusLab
Technologies: Kaspersky Lab’s SpamLab
A team of professional linguists
Spam is analyzed 24 / 7 / 365
a network of spam traps across the world (“exposed” mailboxes on public mail servers)
mass mailing detection system
volume of information analyzed: 100,000–150,000 spam messages every day
Algorithms for linguistic analysis are continually improved and updated
It takes just a few minutes to add a spam signature to the database
Clients receive updates in real time (using the UDS technology)
Technologies: McAfee Avert Labs
McAfee Avert Labs is a research lab with 20 offices in 14 countries and more than 100 analysts
The lab works 24 / 7 / 365
The lab’s work covers all aspects of corporate IT security, both internal and external (including phishing attacks and mobile threats):
• analysis of malicious code
• antivirus research
• prevention of various types of attacks
• searching for and the analysis of vulnerabilities
Technologies: McAfee Avert Labs
According to the company, McAfee Avert Labs updates for its antivirus products occur at a frequency of 1 update per week or (in emergency situations) 1 update per day
The average new virus response time (the time it takes to develop a virus signature and include it in a product update) is 3-4 hours; development of a disinfection module (for file recovery after an infection) takes 24 hours on average.
A sad fact from history:
“An error in McAfee's virus definition file released Friday morning caused the company's consumer and enterprise antivirus products to flag Microsoft's Excel, as well as other applications on users' PCs, as a virus called W95/CTX…”
Source: CNET News.com, March 10, 2006
And here is what results of independent analyses show…
Technologies: Malicious program detection
Overall detection of malicious programs
98,96%
97,89%
94,88%
91,63%
50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100%
AV-Comparatives.org
AV-Test.org
Kaspersky McAfee
Technologies: Malicious program detection
Detection of malicious software in archives and compressed files(Source: AV-Test.org)
96%
100%
74%
83%
50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100%
in compressed files
in archives
McAfee Kaspersky
Technologies: Response time
New threat response times(Source: AV-test.org)
0-2 hours
8-10 hours
0 2 4 6 8 10
Kaspersky
McAfee
risk zone (period before updates are released)
period during which updates are released
Technologies: Update frequency
Number of malicious program database updates per month(Source: AV-Test.org )
23
615
0 100 200 300 400 500 600 700
McAfee
Kaspersky
Technologies: Effectiveness of the personal firewall
Personal firewall scores in "leak tests"
7950
2325
0 1500 3000 4500 6000 7500 9000
Kaspersky
McAfee
Source: matousec.com
These companies have integrated Kaspersky Lab antivirus technologies into their solutions
Products: Integrated protection for PCs
Features Kaspersky Internet Security McAfee Internet Security Suite
Treatment of an active infection* –
Self-defense (protection from attempts by malicious programs to disable the antivirus solution)**
–
Proactive protection (heuristic / behavior blocker / rollback of malicious changes) / / / / –
File antivirus
Mail antivirus (POP3 / SMPT / IMAP4) / / / / –
Web antivirus (scanning of HTTP traffic) –
Treatment of files in archives ZIP, ARJ, CAB, RAR, LHA ZIP
Detection of rootkits
Protection from spyware
Protection from network attacks (firewall / IDS) / /
Protection from phishing / spam / unwanted advertising / / / /
Protection of confidential data
Parental control
Support for creating an emergency recovery disk to recover the computer from infections –
*Anti-Malware.ru**PC Professionell
Products: Scanning speed and impact on system performance
Unlike on-demand scanning, the antivirus monitor remains resident in RAM. Therefore, it is especially important for users how much the antivirus monitor when scanning files increases the time required to open and close these files
On-access overhead on executable and system files (in seconds)
12,59
16,39
42,67
96,66
135,36
180,47
71,75
74,63
116,44
0 40 80 120 160 200
Avas t!
Kas pers ky
N OD32
Micros oft
Sym antec/N orton
C A
McAfee
AVG
Sophos
Source: V irus Bulle tin
Products: Scanning speed and impact on system performance
On-access overhead on archive files (in seconds)
0.66
1.31
2.81
3.27
4.47
8.50
9.86
9.08
5.80
0 2 4 6 8 10 12
Kaspersky
Avast!
AVG
NOD32
Symantec/Norton
CA
Sophos
Microsoft
McAfee
Source: Virus Bulletin
Products: Scanning speed and impact on system performance
On-access overhead on media files and documents (in seconds)
5.23
12.80
21.52
22.87
32.88
34.38
34.41
45.42
17.55
0 10 20 30 40 50
Kaspersky
Symantec/Norton
Avast!
McAfee
NOD32
AVG
Sophos
CA
Microsoft
Source: Virus Bulletin
Products: Scanning speed and impact on system performance
Experts from CNET Labs analyzed the impact of running an on-demand scan on the time it takes users to perform standard operations (such as converting music and video files). Kaspersky Lab products have a minimum impact on system performance.
Effect of the antivirus solution on system performance (time in seconds required to perform standard operations while on-demand
scanning is running)
174
162
234
194
196
296
206
208
0 50 100 150 200 250 300
AVG
BitDefender
Symantec/Norton
CA
McAfee
NOD32
Kaspersky
No antivirus
Source: CNET Labs
Products: Integrated protection of all nodes on the corporate network
Products Kaspersky Lab McAfee
Protection of workstations
Microsoft Windows Workstation + +
Linux Workstation + +
Apple Macintosh Workstation* – +
Protection of file servers
Microsoft Windows + +
Linux + +
FreeBSD/OpenBSD + –
Novell Netware + +
Sun Solaris* – +
Microsoft SharePoint* – +
* The demand for these solutions is limited
The myth that McAfee’s product line is much more extensive than the Kaspersky Lab product line remains nothing but a myth
Products: Integrated protection of all nodes on the corporate network
Products Kaspersky Lab McAfee
Protection of smartphones and PDAs
Symbian OS + +
Windows Mobile + +
Palm OS + +
Protection of mail systems
Standalone solution for mail protection that does not require integration with the mail systems installed on the corporate network
+ +
Microsoft Exchange + +
Lotus Domino + +
Sendmail + –
Qmail + –
Postfix + –
Exim + –
Clearswift MIMEsweeper + +
Products: Integrated protection of all nodes on the corporate network
Products Kaspersky Lab McAfee
Protection for Internet gateways
Standalone solution for the protection of the Internet traffic requiring no integration with the gateway and proxy servers installed on the corporate network
+* – Appliance only
Protection solution integrated with the proxy server via the ICAP protocol + –
Appliance only
Microsoft ISA Server + +
CheckPoint FireWall-1 (CVP) + –
Appliances
Kaspersky Lab solutions are integrated into appliances from Blue Coat Systems,
Borderware, Juniper Networks, SonicWall, ZyXEL etc.
McAfee offers its own appliance solutions
Administration system (management of protection)
+ +
*A combination of Kaspersky Anti-Virus for Proxy Server and the free Squid Proxy Server with support for the ICAP protocol provides a customer with a standalone solution for the protection of HTTP and FTP traffic at the gateway level.
Products: Effective integrated protection in a single product for workstations
Kaspersky Anti-Virus
for Windows Workstations
McAfee VirusScan Enterprise
1. File antivirus 2. Mail antivirus 3. Protection from spyware and adware4. Protection from network attacks (IDS) 5. Firewall 6. Cisco NAC support
7. Installation on an infected computer and treatment of an active infection*
8. Self-defense (protection from attempts by malicious programs to disable the antivirus solution)**
9. Proactive protection (behavior blocker) with system recovery
10. Web antivirus (on-the-fly scanning of Internet traffic)
11. Protection from spam, phishing and unwanted advertising
?*Anti-Malware.ru, February 2007**PC Professionell, August 2006
Products: A fully functional security management tool
FeaturesKaspersky
Administration Kit McAfee ePolicy
Orchestrator 3.6.0Scanning of the network for new and unprotected computers (via IP subnetwork / Active Directory / Windows Network)
+ / + / + – / + / +
Automatic installation of antivirus applications on new computers on the network + –
Support for an unlimited number of levels in the administrative server hierarchy + –
Auditing of administrator actions + –
Multicasts as a method of update distribution + –
Support for intermediate update distribution centers + –
Additional policy for mobile users + –
Companies that have acknowledged the advantages of Kaspersky Lab products
I.NET S.p.a., Italy T-Mobile, Czech Republic Rectorat Amiens, France University of Western Australia Bancaja Group, Spain Tatneft’, Russia VimpelCom, Russia Central Bank of Russia and others
Deutscher Bundestag, Germany International Atomic Energy
Agency (IAEA) Retarus, Germany Government Development
Bank, Malaysia Ministry of Equipment, France Conseil Général 92, France M&G Finanziaria Industriale,
Italy Ministry of Labor and Social
Affairs, Czech Republic
You can find the list of McAfee customers on the company’s website. We are confident that the comparison will be to our advantage.
Why do you need these facts?
To make the right choice!