Introduction

System Requirements

Installation/Removal and Start of Use

Performance grading and capability comparison

Conclusion

Introduction

Following the release of a new antivirus package Kaspersky Pure, Kaspersky Labs decided to update the whole traditional line-up of their products for home users having developed Kaspersky Antivirus 2011 and Kaspersky Internet Security 2011. We decided to find out what changes have taken place in the new version of Internet Security and thus here is a review devoted to the comparison of two versions of the antivirus product for secure work in the internet.

System Requirements

The transition from KIS 2009 to its 2010 version was not related to any changes in the requirements regarding the CPU and RAM of the PC or the notebook. However, the transition to Kaspersky Internet Security 2011 demands a slight increase in the available resources with use the Microsoft Windows Vista operating system and a considerable change of hardware parameters for the Windows XP users. System requirements for Windows 7 haven’t been changed. We decided to gather the main minimal hardware and software PC requirements in the unified table for different Windows OS’s and also specified the size of the distributive.

 The increase in the size of the distributive for KIS 2011 was caused not only by the change on the graphical interface but also by the alteration of the program core itself oriented at the work with modern operation systems.

Installation/Removal and Start of Use

As any modern antivirus complex, before installing Kaspersky Internet Security 2011 demands to delete all competitors’ antivirus modules. The packet is installed wholly on default.

 

Upon completion of the installation process, the program will enquire if you want to replace the standard Windows firewall with KIS.

Now you will see a separate beautiful control element (gadget) on your desktop. But this will only happen in Windows 7 using the abilities of the operating system. A Windows XP user will only see a newly designed old interface. The red ball will change its color to green as soon as all problems are eliminated, be it detected viruses or activation absence.

To work with the program activation is required which as well as in KIS 2010 should be performed in the very region where the software was bought. Besides, one has to keep in mind that now activation is only possible with the help of an activation code while you are connected to the global network.

 If you have to activate the program on computers which aren’t connected to the internet, you’ll have to address to the manufacturer’s technical support which offers the following activation procedure.

 With your activation code on the activation site receive an archive with a key file:
- Save the key file (it will be sent to your e-mail as an archive. First extract it) on  the disc C:\ root
- Press the Start button in the lower left-hand corner of the screen -> click  “Run - > in the window, type “cmd” command and press “OK” -> a command prompt window will open
- Open the C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ folder -> find the avp.com file, select it with your mouse and drag and drop it right in the command prompt window -> the full path to the avp.com file will appear in the command line
- in the same line press space and add an addkey C:\ (the key file name) command

It’s also worth noting that on the computers without an internet connection we sometimes came across temporary problems with updating from a local folder when the antivirus couldn’t see the specified updates source.

In the Kaspersky Internet Security 2011 and Kaspersky Antivirus 2011 activation system, there is a new possibility of a quick transition between the products which consists in the following: when you activate KIS 2011 with this or that key, only the functions matching the key become available, while the protection possibilities of Kaspersky Antivirus 2011 may be upgraded to Kaspersky Internet Security 2011. However, it’s worth saying that license downgrade from KIS2011 to KAV2011 is only possible through paying the full price for the Antivirus because any downgrade discounts seem to be unavailable.

 

Traditionally, the users are offered a month-long trial period when Kaspersky Internet Security is fully functional.

To migrate from KAV2009/KIS2009 and KAV2010/KIS2010 to the corresponding 2011 products you don’t have to buy any additional licenses. It’s sufficient to activate the antivirus product with the received earlier activation code in the case when the activation information was lost when the previous version was being uninstalled. Being uninstalled the program allows retaining anti-spam bases, activation and some other parameters.

 

 When the article was being written, the prices for KIS 2009/2010/2011 for protection/license prolongation for one, three or more PCs were the following (in US dollars):

 

By the way, the pricing policy is strange, because for 6 year protection it’s cheaper to prolong your license 3 times for 2 years than to buy 2 times for 3 years and for protecting 10 PCs for a year it’s better to take 5 PCs for a year and prolong another 5 PCs for a year than to take 10 PCs at once.

When the article was almost complete, a new version of the antivirus package – 11.0.2.556 – appeared on the manufacturer’s site. The upgrade to this version was successful but further on problems showed up. For instance, the sanctum sanctorum of the updates sources – Kaspersky Lab update servers – disappeared from the list. The problem gets solved only after full removal of the product and its further re-installation. The Kaspersky Lab made corrections of the existing product and the version available for downloading at the present moment is free from the detected problems.

To conclude this section, we would like to point out that after their removal KIS 2010 and KIS 2011 leave some (trails in the registry with the names containing “kaspersky” and “KAV”, which may require using special utilities for registry clean-up before installing any antivirus software from other manufacturers.

Performance grading and capability comparison

For testing we used the latest versions of the antivirus products KIS 2010 (9.0.0.736) and KIS 2011 (11.0.1.400) run on Windows 7 (x32 and x64) and Windows XP (x32 and x64) operating systems. As a hardware platform for testing the performance we chose several equal PCs with the characteristic presented below. We installed the required operating systems and antivirus software on them.

For our tests we made three different file collections of 1 Gbyte with the names distribs, office files and other.

In the distribs collection there are different setup files, that is installers themselves and archives with installers and accompanying files. Altogether there’re 171 folders and 696 files in this collection.

Office files contain 782 files of Microsoft Office, Acrobat Reader, JPG, Corel Graphics and other formats, arranged in 56 folders.

Files which didn’t get into either of the previous groups and containing photos, text documents of other than office formats, clips, etc. were put into the Other group. Altogether there’re 149 files in 12 folders.

Beside these three groups we created another collection containing files of all previous types. They were placed only on a flash card because on such drives users transport and store all kinds of data. As an external data storage device we used Flash Drive Silicon LuxMini 720. There we put 4.84 Gbyte of data in 2081 files arranged in 286 folders.

 

  

 First we tested the memory flash card itself to measure the access speed to the drive. For this purpose we used Intel IOmeter (version 2006.07.27).

 

Testing the memory flash card included 56 measurements in the course of which the key characteristics to the process of data transfer were changed. These characteristics are the size of the data block to transfer and the percentage ratio of sequential and random access in the transfer process. For example, the size of the block was changed from 512 bytes to 4 Mbytes doubling with every step.

Each measurement was held first with 100% sequential data transfer and then with 100% random transfer.

Now let’s move on to measuring the time it takes the antivirus to check various file collections. In the table below you can see the time it took to check each of file collections by both antivirus versions.

 

For some reason, after deleting an infected autorun.inf file from the flash card the antivirus product demands to reboot the system. This is still a mystery for us.

Both versions of the program launch two processes in the system: one under user account and another – under SYSTEM. The resource intensity is defined by the memory taken by the program in Mbytes and in the percent of the CPU performance.

As these values were constantly changing, only the minimum and maximum values are stated in the table.

In x64 operating systems Kaspersky antivirus works in the 32-bit mode, which is displayed in the task manager.

In Kaspersky Internet Security 2011 a geo-filter has been implemented. It allows permitting or prohibiting access to web-sites on the grounds of their belonging to different regional domains with different infection risk.

A domain is considered to be prohibited in the following cases:

  • access to this domain was prohibited by the user in the settings of the web-antivirus
  • the previous access to a website from this region was prohibited by the user

When the geo-filter detects a try to open a website from a prohibited domain, an alert window will appear in the browser.

After the access to the website has been blocked the user may perform one of the following actions:

  • go to the previous page
  • open the web-resource – load the website from the prohibited domain
  • open the geo-filter settings – open the geo-filter tab of the web-antivirus settings window

So basically, the access to the sites is not prohibited, only an alert of the site belonging to a problem region is displayed.

Naturally, we decided not only to determine the scanning speed, but also its quality. While scanning, KIS 2011 detected and deleted all malware present on the test computer (including a virus for Windows 98). The only problems occurred with viruses created on our own which were sometimes overlooked by the product. So, one of the main advantages of the product – the virus removal system – has remained intact. The scripts allow deleting all consequences and trails of the virus attack in the system (“system recovery wizard”). There was no problem with the WinLock type of viruses, either. First of all, KIS 2011 informed that the site we were about to receive WinLock from was fishing and potentially dangerous. Still, we manually allowed access to the site; Kaspersky scanned the downloaded module, detected and removed a virus in it. False alarms were mainly related to key generating programs (keygen). Also KIS 2011 seems to estimate the remaining scanning time more realistically that its predecessor.

In KIS 2011 parental control has been substantially enhanced. It is intended to restrict the use of computer and internet by children.

Below you can see the features of the new parental control module.

  • Limit the time the child uses the computer
  • Prohibit or allow access to certain programs on the computer
  • Prohibit or allow access to certain sites
  • Control the child’s communication in IM-clients (ICQ, MSN) and in social networks. For instance, it’s possible to make a black list of contacts communication with which will be restricted or banned or to record the conversations, etc.
  • Control file downloads, i.e. to prohibit downloading certain file types
  • Control sending personal information, for example, it’s possible to ban sending confidential data like home address, telephone number, etc. The list of personal data the child won’t be allowed to send is to be named in the module settings

However, there are several disadvantages in the module. Among them is a big number of false alarms (blockings) on quite innocuous sites containing legal or even official information. For example, the official site of the Saratov region is recognized as an internet shop. On the contrary, some sites whose contents are dubious are not blocked at all. The Kaspersky Lab forum is constantly working on improving the quality of the parental control base. Also setting the level of site heuristic analysis present in KIS 2010 is unavailable. Though detecting web-sites is not quite successful, KIS 2011 does very good work with fishing links in the ICQ inserting the “Kaspersky Anti-Virus: forbidden incoming black link” phrase instead of the incoming message.

Kaspersky Internet Security 2011 allows recording an “Emergency Recovery Disc” not only to a CD\DVD disc but also to a USB-drive, which certainly is an advantage.

Also one can’t help mentioning the disappearance from the KIS 2011 version of the network packets analysis service of which we’ve already spoken on our pages.

Now let’s summarize the results of our brief comparison.

Conclusion

On the whole we were quite happy with the product we tested, though some minor drawbacks are still present.

The advantages of Kaspersky Internet Security 2011 in comparison with the previous version are listed below.

  • The increase in the scanning speed of certain collections of files in certain operating systems
  • The addition of new antivirus modules as the geo-filter
  • The possibility of recording an emergency recovery disc on a flash card
  • The possibility of quick transition between the licenses of the Antivirus and Internet Security

However, there are disadvantages either inherited from the previous versions or newly acquired ones.

  • The removal of the network packets analysis module
  • Safe run doesn’t work at all or works with some limitations on x64 operating systems
  • There is some trail of the antivirus package after its removal
  • The inability to fully ban access to regional domains in the geo-filter
  • The increase in system requirements
  • The decrease of scanning time of certain file collections in certain operating systems

It’s also worth noting that the functions of the safe virtual environment folder (Sandbox) and the ones of the folder present in Windows 7 for launching programs in a restricted environment are practically identical.

We would recommend updating Kaspersky Internet Security to 2011 version those who have already upgraded their PC hardware platform and installed Microsoft Windows 7.

WinRAR x64 performance test

x64 operation systems and applications were created several years ago, but the difference in performance between x32 and x64 is still negligible. It is explained by the fact that current 64-bit applications don’t need the extended x64 processor commands. The maximum performance can reveal itself in cryptographic and archiving procedures. 30 April 2009 RARLAB released the first beta-version of WinRAR 3.9 with x64 and x32 support. Of course we couldn’t pass this event by and decided to test this new build.

We have two personal computers with Microsoft Windows XP x64 SP2 and Windows Vista x64 SP1. At first we started the test with XP. We tested the archiving performance on the video files and then on the Microsoft Office 2007 setup files. It is obvious that the archiving performance depends on the hardware platform, however we didn’t have the aim to determine the maximum available speed, we just wanted to find the performance correlation.

At first we created an archive with the old 3.80 version and determined the speeds about 1.74 and 1.98 Mbyte/s for video and setup files accordingly. After it beta1 x32 3.9 was installed. We determined the speeds about 2.53 and 2.70 Mbyte/s for the same files sets. The archiving parameters are shown below.

However, when installing beta1 3.90 x32 we saw informational message about the necessity of using x64 WinRAR version for our operation system.

After 64 bit beta1-version 3.90 installation the archiving performance increased up to 2.62 and 2.86 Mbyte/s. It looks like the version change (from release 3.80 to 3.90 beta1) increases the performance to 36-45% depending on the type and number of handled files. The load level of two CPU cores was about 90% with beta1 3.90, whereas 3.80 demanded a higher load level of both cores. The load level of both cores with x64 version 3.90 beta1 remained the same, but the performance increased up to 3.6-5.9%. Beside the higher performance the 3.90 version can offer a little bit better compression ratio.

We made the same tests with Windows Vista x64 SP1 as well. The difference in the performance between 32 bit and 64 bit applications was from 2 to 5%, but the difference between 3.80 and 3.90 versions was not so considerable as with Microsoft Windows XP x64 SP2.

We addressed to the WinRAR support team for the comments on our tests. The reply was that all WinRAR algorithms were made for the 32 bit math and new x64 version was made for the better compatibility with the x64 operation systems. Both 32 and 64 bit versions can use the same license, so you don’t need to buy any additional licenses for the transition to the x64 architecture.

In spite of the creation 64 bit version of the most popular archiver, the performance cannot be the significant argument for the transition to the x64 operation systems, because of the absence of performance increase. We hope the situation will change for the better in the future.

The author would like to publicly acknowledge the help of Andreeva Maria, who corrected the english version of the article.

APC AP9617/AP9619

Introduction

Exterior and interior design

Firmware update

Console management and telnet

Web-interface review

Testing

Conclusion

Introduction

Everybody got used to the fact that an UPS is a very heavy metal or plastic box of a medium size that can only beep when the power goes down. And to this box we trust the security of home computers and audio/video system as well as servers with expensive network devices. Is it possible to get extended information about the UPS state by standard means or system administrators are just doomed to listen to these beeps? One of the ways out can be the use of special ports with the help of which the UPS is connected to the computer and its state is monitored by PowerChute utility. Yet, this solution is not ideal, as for its realization the UPS should be placed near the computer or server it protects. Besides, without add-in cards the UPS can be monitored and administrated only on the computer or server connected to it by special COM or USB-cable. The administration of a group of UPSs turns into a real headache for IT-specialists of any company. A more universal way of UPS administration is when it is connected to LAN with the built-in or additional management card. And this very scheme we are going to study on the example of APC UPS with AP9617 and AP9619 optional management cards. The use of APC UPS management cards allows not being dependent on a certain computer or server. A correct OS shutdown is performed by PowerChute Network Shutdown utility. Yet this utility provides only minimum information needed for correct shutdown of a PC and nothing about UPS operation and settings.

Exterior and interior design

Management card can be inserted into an UPS through a special connector on the back panel of the device or through a special optional chassis if there is more than one card. In case an UPS is sold without the pre-installed NIC this connector is closed with plastic or metal cover to prevent from penetrating of dust and foreign objects into the device. The process of AP9617 installation into APC Smart-UPS 750 is shown on the photo below.

The card itself is a green printed circuit board with one-sided element location.

On the face side of AP9617 there is the largest chip ATMEL AT56753-1U for the functioning of which Spansion flash-memory S29JL032H70TFI22 with capacity of 4 Mbytes is mounted on the board.

Chip CY7C1041CV33-20ZXC (Cypress) with capacity of 512 Kbyte functions as a RAM. The operation diagram of the memory chip is shown below.

 

The battery is used for the built-in clock. Beside the specified elements there is also WJLXT972C chip (Intel) on the board. Judging by the location of this chipset we can say that it is related with network support. Beside all the above mentioned there is a connector for optional add-in cards and sensors. The review of management system hardware of APC UPS is over here.

Firmware update

Firmware update of the management card can be performed in two ways: via telnet (with the help of XMODEM, TFTP or FTP protocols) or by a special program that goes together with new firmware image. Updating via web-interface is unavailable. Let’s make a brief review of each way.

To make the update via telnet it is necessary to download files with the latest firmware version to a separate FTP or TFTP server. By the time the article was written the files were apc_hw02_aos_355.bin and apc_hw02_sumx_355.bin. On entering the device it is necessary to go over the following submenus: System-Tools-File Transfer.

Here it is necessary to select the desired way of update and proceed to the process of firmware update which is presented below.

It should be mentioned that for successful update both files must be downloaded.
Now let’s turn to the method of updating via special utility upgrd_util.exe. After running the utility it is necessary to specify the IP-address of the management card, the user name and password.

If all the parameters are correct then the next step is to press 1 to continue with the update process. The whole process is shown below and usually doesn’t take more than 5 minutes.

The firmware is updated. Let’s go on to studying its functionality.

Console management and telnet

The use of add-in cards AP9617 and AP9619 with APC UPS gives a wide range of possibilities in UPS management. We have installed management cards into Smart-UPS 750 and Smart-UPS 3000 RM. We also tested Smart-UPS RT 5000 XL in which the management card was inserted at a factory. These devices are equal in configuration that’s why Smart-UPS 3000 RM has been taken as a basis for description of the configuration process. The access speed via console port is 2400 baud.
After entering the correct account information (name and password) the user gets an access to the main menu of the device.

Let’s study more thoroughly some menu categories to see what possibilities give AP9619 and Smart-UPS 3000 RM to administrators.
When addressing to the first category of Device Manager menu the administrator gets information about the connected devices.

The first subcategory, i.e. Smart-UPS 3000 RM contains information about input and output voltage, alternating current frequency, battery charge, load power as well as about voltage maximum and minimum line registered by the device.

Yet the functions of AP9619 are not limited to providing the access to the UPS through the net. It also allows connecting some sensor, for instance, a temperature sensor which goes together with AP9619. In order to get an access to the sensor it is necessary to select the Environment subcategory in Device Manager menu.

Judging by the above displayed output the temperature in the room where the sensor was placed is 17 degrees C. AP9619 makes it possible to specify the temperature limits. Any temperature deviation from the setpoints is reported to the administrator. Such feature of the add-in card is useful in cases when there is no other thermal monitor in the racks which allows turning off a group of servers when the air temperature inside the rack reaches the critical level.
Let’s go back to the main menu and have a brief look at the rest two complicated categories: Network and System. In the Network category one can configure network parameters of the management card. In the TCP/IP subcategory there are all the IP parameters of AP9619. In the rest of the subcategories (DNS, Ping Utility, FTP Server, Telnet/SSH, Web/SSL/TLS, Email, SNMP, Syslog and WAP) one can configure the corresponding protocols and services. Thus, Ping Utility is used for checking network connectivity via ICMP echo-request.

The System category allows the administrator to manage the list of users that have an access to the device, to configure time/date parameters and to get the additional information about the connected devices.

The review of console capability is over here. Yet, we can’t but mention about some problems that we came across while UPS administration. Shortly before the article was ready, we bought racks and IBM UPS 7500. APC AP9619 cards were installed in these UPSs. UPS7500 is supplied with the USB-Serial cable that should be used when all the available COM-ports are occupied or there are no COM-ports at all. The attached disk didn’t have drivers for our test system, Microsoft Windows Vista Ultimate x64 Rus. There was the model name "AP9833 - APC USB to Serial Smart Signaling Cable" on the package of the controller. Unfortunately, the official APC web-site didn’t give us any information about this cable. Addressing to a web search engine was not very effective because of the lack of comprehensive information. Yet, we got an idea about the device we had. Drivers for the above mentioned OS were found here. We consider it a bit strange that the vendor didn’t mention about such adaptor on its site.

Web-interface review

When addressing to the UPS via a web-browser the user is required to enter the user name and password.

Upon successful authentication, the administrator finds himself in the AP9619 first page. On this page there are several log entries of the UPS operation as well as presence and absence of alarm. On the whole, the web-interface is equal to the console and has many features in common.

Let’s pass on to the UPS tab. It contains such categories as Overview, Status, Control, Configuration, Diagnostics, Scheduling, Sync Control, PowerChute® and About. In the Overview category there is some general information about the device loading and battery charge.

A more detailed information about the device current status can be found on the Status page.

The main device power parameters are placed in the subcategories of the Configuration menu.

The subcategories of the PowerChute® menu allow configuring the interaction of AP9619 with the technology of the same name.

All the parameters of the additional sensors are placed in the menu categories in the Environment tab.

The Logs tab allows configuring the log parameters.

Let’s go on to the last tab – Administration. It contains four groups: Security, Network, Notification and General.
The web-interface group Network duplicates the features of the same-name console menu.

The configurations of AP9619 triggers for different events are made in the Notification group.

The general configurations are in the General group. Here the user can configure the time and the UPS identification, as well as preferences in temperature measure; and get the information about serial number, MAC-address, card uptime etc.

The brief review of the web-interface is over for now. Let’s test the UPS network management card in work.

Testing

In order to check the network self-protection of the management card we performed network scan with the help of Positive Technologies XSpider 7.5 (Demo build 2000). We found only three open TCP-ports: 23 – Telnet, 80 – HTTP and 443 – HTTP SSL. The most interesting additional data are presented below.

TCP-80 HTTP

TCP-443 HTTP SSL

The availability of the cross site scripting doesn’t have a direct negative effect on the management card itself or on the UPS. Yet, it allows attacking other users addressing to the card web-server.

We measured the current load passing through the devices connected to the UPS with the help of an amperemeter. The value read with the help of the amperemeter and the data displayed in the web-interface were almost the same. It is worth mentioning that the UPS spends part of the received energy on its own needs that’s why it is necessary to take into consideration that the consumed power exceeds about 10 percent the one that goes to the powered devices.

At the beginning of the article we specified the main topic as the management and monitoring of the UPS, so let’s hold to this idea up to the end of the testing. With a great number of UPSs located in different racks and even at different computer centers there appears a serious problem in management of the scattered UPSs and in the data acquisition. As after the installation of AP9617 or AP9619 the APC device becomes available by SMTP protocol we decided to gather the statistics by means of this protocol and then display it in the form of a diagram. For these purposes we used a freeware MRTG – MultiRouter Traffic Grapher which is good not only for gathering statistics on the quantity of sent data via network interfaces but also for displaying any other numerical information. For this part of the testing we chose APC SmartUPS 750 with the installed AP9619 card to which were connected additional external temperature and humidity sensors. With the help of MRTG it is possible to collect and to store in the web-form such UPS parameters as input and output voltage, output current, battery load and capacity, temperature of the battery and of the external sensor, the cause of the last battery use, the management card network activity. For displaying the received text and diagram data we used freeware HTTP-server – Apache. By the time the article was written the latest stable MRTG and Apache versions were 2.16.2 and 2.2.8 respectively. The daily measurement of the input voltage is shown below.

Here the testing is over.

Conclusion

On the whole we find the tested management system quite satisfying. The advantages of this system are the following.

  • Configuration flexibility and simplicity in installation.
  • The possibility of connecting additional sensors (in some management card models).

Still there were some negative moments such as the price of the management cards. At that moment AP9617 and AP9619 cost $200 and $400 respectively which is equal to the price of cheap UPSs. The unavailability of firmware upgrade via the web-interface makes the process of changing the AP9617/9619 firmware more difficult.

When the article was almost ready we found out that APC released two new management cards – AP9630 and AP9631 as an alternative for the existing ones. Nevertheless everything said in the article about AP9617/9619 is valid for the new management cards as well.