Beruflich Dokumente
Kultur Dokumente
Kaspersky Anti-Virus 6.0.........................................................................................................................................3 Kaspersky Internet Security 6.0 ............................................................................................................................10 Kaspersky Administration Kit................................................................................................................................21 Kaspersky Security................................................................................................................................................31 for Microsoft Exchange Server 2003 ......................................................................................................................31 Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition.........................................................42 Kaspersky Mail Gateway .......................................................................................................................................52 Kaspersky Anti-Virus for Windows Workstations ...............................................................................................62 Kaspersky Anti-Virus for Linux File Server.........................................................................................................73 Kaspersky Anti-Virus for Lotus Notes/Domino ...................................................................................................78 Kaspersky Anti-Virus.............................................................................................................................................87 for Microsoft Exchange Server 2000/2003 .............................................................................................................87 Kaspersky Anti-Virus for .......................................................................................................................................99 Microsoft ISA Server 2004 Standard Edition .........................................................................................................99
Which product should I choose Kaspersky Internet Security 6.0 or Kaspersky Anti-Virus 6.0?
The range of threats on the Internet today is quite diverse and only by taking a combined approach can users be sure that their computers are fully protected. There are two main choices for users: Using several separate security products (from one or several vendors): each product specializes in protecting the computer from one type of threat. An example of this approach would include installing Kaspersky Anti-Virus 6.0 + firewall + anti-spyware software solution + other programs Using a single integrated product: deploying an all-in-one solution that protects against all types of Internet threats, i.e., Kaspersky Internet Security 6.0 There is no best way that can be recommended across the board to all users. Each user must choose the approach that best meets their individual needs. Generally, Kaspersky Anti-Virus 6.0 can be used in conjunction with personal firewalls and antispam products from other vendors, while Kaspersky Internet Security 6.0 provides comprehensive integrated protection1 for the PC. The table below provides a comparison of the features available in Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.
Protection component
File antivirus protection Mail antivirus protection Internet antivirus protection Proactive protection (behavior blocker + anti-rootkit + registry monitor + scanning of VBA macros) Anti-hacker (firewall + Intrusion Detection System + list of trusted networks) Anti-phishing, anti-banner, anti-adware, anti-dialer Antispam -
By integrated protection, we mean a solution that protects computers from all known types of threats to computers (such as viruses, hacker attacks, spyware and spam), as well as from phishing attacks and undesirable Internet content.
New features
Faster scanning speeds. Version 6.0 products incorporate iSwift technology, which significantly accelerates the operation speed of the whole solution. Reduced update sizes. The download process has been optimized to significantly decrease the size of updates (on average around 20 times). Scan suspension. On demand scanning tasks are automatically suspended during periods of increased user activity. The program frees up resources for use for other applications so that the users work is not slowed down. Scanning of network traffic (POP3, SMTP, IMAP, HTTP, NNTP). Kaspersky Anti-Virus 6.0 processes all incoming and outgoing email on the fly, as well as any files and web pages downloaded from the Internet. Application integrity control. The program protects applications such as Microsoft Internet Explorer from infiltration by malicious code. Control over hidden processes. This function is aimed at combating attempts by malicious code to hide itself in the operating system (by using rootkits). System restore. The program removes malicious objects from the operating system and also rolls back any changes made by it in the operating system. Spyware and adware are processed in the same way. New user interface. This new interface makes maintaining full control over PC security easy, while at the same time offering advanced users versatile settings for fine-tuning the program. Support for laptop users. Kaspersky Anti-Virus 6.0 is compatible with the economy mode on laptops which conserve battery power.
Description Only new and modified files are scanned for viruses thanks to the addition of iChecker and iSwift technologies. System resources are not wasted on repeat scans of files that have not changed since the last antivirus scan. The beauty of this is that the longer the program is used, the fewer files it has to scan. During periods of increased user activity, antivirus scanning is suspended so that system resources are available for other programs and processes. This means that the antivirus program does not slow the users work down. Users have the option of configuring the program to scan only potentially infected files. There are certain types of files that viruses simply cannot infect, since they do not contain any kickoff points or hooks for the virus. Files in the .txt format are a typical example. On-the-fly scanning can be used for detecting malicious code in Internet traffic. When a file is downloaded from the Internet, the program scans each portion of the file as it is copied to the computer. Using this method of scanning users receive scanned objects faster. A scan task can be launched for critical areas of the computer only (that is, system memory, startup objects, disk boot sectors, Windows system catalogs and system32). Infections in these areas cause the most damage to computers. Any active viruses in the system can be quickly detected without having to launch a full system scan of the computer. Users can maintain a list of trusted applications that can be safely excluded from scanning and analysis.
4
Scan suspension
Real-time antivirus scanning for email and working online Antivirus scanning on demand or on schedule SafeStream technology for faster scanning Protection from viruses, Trojans and worms Protection from spyware and adware Scanning and treatment of archive files Blocks dangerous macros in Microsoft Office documents Proactive protection from the latest and unknown malicious programs Scans only files that have been created or modified since the last scan Scan suspension during periods of increased user activity Automatic hourly updates to antivirus databases Support for Intel Centrino mobile technology Choice of skins for the graphic user interface -2 -
Competitive advantages
Kaspersky Anti-Virus 6.0 has a number of advantages over other solutions on the market: High-quality antivirus technology. Kaspersky Anti-Virus 6.0 offers the highest virus detection rates, the fastest response time to new threats (as confirmed by independent tests), support for the largest number of archived and compressed file formats (over 1,200) and treatment in ZIP, ARJ, CAB, RAR and LHA archive formats. Powerful proactive protection. Proactive protection comprises a heuristic engine, behavior blocker, application and Windows registry integrity control and a rollback function for malicious changes. Fast performance. iSwift and iChecker technologies make it possible to limit scanning only to new and modified files, or only potentially dangerous objects. They also ensure balance between scanning speed
2
and the quality of detection. Scan suspension during periods of increased user activity further helps reduce the load on resources. Self-protection. Unique to Kaspersky Anti-Virus 6.0, this mechanism allows the product to protect itself against malicious programs. Small updates. Incremental database updates result in faster performance and more economical use of Internet traffic. Flexible settings. A broad range of settings are available for advanced users to fine-tune the program. A full comparison of Kaspersky Anti-Virus 6.0 and competitor products is provided in Survey of Personal Products for Protection of Microsoft Windows, which will be available on the Kaspersky Lab Partner Extranet shortly: https://www.kaspersky.com/index.html. The document provides a comparison of the following products: Norton AntiVirus 2006 (Symantec) McAfee VirusScan 2006 8.0 (McAfee) Dr. Web Antivirus v. 4.33 (Doctor Web) NOD32 v.2.5 (Eset) Panda Titanium 2006 (Panda Software) BitDefender 9 Standard (BitDefender) The document also includes a section explaining why some functions available in competitor products have not been implemented in Kaspersky Anti-Virus 6.0.
Description of interaction
During installation, the program automatically searches for any other Kaspersky Lab personal products on the computer and deletes them. A list of all of these personal products can be found in the release notes in the distribution package at: ftp://ftp.kaspersky.com/products/release/ Users of Kaspersky Anti-Virus Personal or Kaspersky Personal Pro installed on their PCs are encouraged to save the license key before the program is deleted. It can then be used as a key for Kaspersky Anti-Virus 6.0. During installation, the program automatically searches for other antivirus products on the computer that may cause conflicts on the system. The user will be given the option of deleting any such programs. A list of applications that would need to be deleted during the installation process is available in the product release notes at ftp://ftp.kaspersky.com/products/release/. The product is designed to work correctly with most commonly available firewalls. The product is designed to work correctly with most commonly available mail programs including Microsoft Outlook Express, Microsoft Outlook, Thunderbird, Eudora, The Bat!, Netscape and IncrediMail.
Firewalls
Mail program s
Internet The product is designed to work correctly with most commonly available browsers Internet browsers including Internet Explorer, Opera and Firefox.
The product is also designed to work correctly with instant messaging services (for example, Windows Messenger and Yahoo! Messenger).
Licensing
The licensing scheme follows a simple formula: 1 license = 1 license key. Each license key is unique. No more than two copies of a program sharing the same license key can be installed on a local network3. Users only have access to technical support services after they have activated the program. The activation process involves installing a license key. Without a license key the program will not work! If the product is bought from a retail outlet, the activation code is written on the envelope containing the disk that contains the distribution package. If the product is bought online, the activation code is sent via email. All users are provided with instructions on how to activate the product (in the box for retail customers and via email for online customers). Licenses are available for limited periods 1 or 2 years. In some sales territories, licenses are also available for 3 years. More detailed information is given in the Home User section of the Kaspersky Lab price list. During the license period, registered users have access to the following services: Round-the-clock technical support related to the installation, configuration or use of the product; Regular updates to signature databases, program modules and other updateable program components; Free upgrades to new versions of the product; Information about the release of new software products from Kaspersky Lab and new viruses (this service is available to subscribers to the Kaspersky Lab News Agent). More information on verifying user status, different types of license keys, managing license keys and a comparison table showing the compatibility of license keys in 5.0 and 6.0 products are available on the Kaspersky Lab Partner Extranet at: https://www.kaspersky.com/index.html.
Current product KAV 5.0 KAV 5.0 Pro KPSS KAV 5.0 KAV 5.0 Pro KPSS
Upgrading Conditions
The license period for KAV 6.0 is limited to the license period of the current product.
Expired
1-year license, retail: KAV 6.0 can be purchased at a 30% discount from the price listed. 2-year license, retail: KAV 6.0 can be purchased at a 130% from the 1 year price listed 1-year license, online: KAV 6.0 can be purchased at a 30% discount from the price list 2-year license, online
We do not state this directly to customers. For users upgrading from version 5.0 products, there is no limit to the number of copies of a product that can be installed on a local network.
KAV 6.0 can be purchased at a 70% from the 1 year price listed KAV 5.0 Pro + KAH KAV 5.0 + KAH Expired
5 4
Effective
Free-of-charge. The license period for KAV 6.0 is limited to the product license period which expires first (or at the earlier date). 1-year license, retail: KAV 6.0 can be purchased at a 30% discount from the price listed. 2-year license, retail: KAV 6.0 can be purchased at a 130% from the 1 year price listed 1-year license, online: KAV 6.0 can be purchased at a 30% discount from the price list 2-year license, online KAV 6.0 can be purchased at a 70% from the 1 year price listed
Support
During the license period, registered users have access to round-the-clock technical support related to installation, activation, set up and use of a software product. Links to online support services are provided on the program interface (Support User forum FAQ Comments about program operation. Service):
4 5
Protection component
File antivirus protection Mail antivirus protection Internet antivirus protection Proactive protection (behavior blocker + anti-rootkit + registry monitor + scanning of VBA macros) Anti-hacker (firewall + Intrusion Detection System + list of trusted networks) Anti-phishing, anti-banner, antiadware, anti-dialer Antispam -
By integrated protection, we mean a solution that protects computers from all known types of threats to computers (such as viruses, hacker attacks, spyware and spam), as well as from phishing attacks and undesirable Internet content. 10
Description
Only new and modified files are scanned for viruses thanks to the addition of iChecker and iSwift technologies. System resources are not wasted on repeat scans of files that have not changed since the last antivirus scan. The beauty of this is that the longer the program is used, the fewer files it has to scan.
Scan During periods of increased user activity, antivirus scanning is suspended so that suspen system resources are available for other programs and processes. This means that sion the antivirus program does not slow the users work down.
Scanni ng of only potenti ally infecte d files Onthe-fly scanni ng of Interne t traffic Scanni ng of critical areas of the compu ter Choice of trusted applica tions Userdesign ated areas for realtime antiviru s scanni
Users have the option of configuring the program to scan only potentially infected files. There are certain types of files that viruses simply cannot infect, since they do not contain any kickoff points or hooks for the virus. Files in the txt. format are a typical example.
On-the-fly scanning can be used for detecting malicious code in Internet traffic. When a file is downloaded from the Internet, the program scans each portion of the file as it is copied to the computer. Using this method of scanning users receive scanned objects faster.
A scan task can be launched for critical areas of the computer only (that is, system memory, startup objects, disk boot sectors, Windows system catalogs and system32). Infections in these areas cause the most damage to computers. Any active viruses in the system can thus be quickly detected without having to launch a full system scan of the computer. Users can maintain a list of trusted applications that can be safely excluded from scanning and analysis.
The program scans all files the moment they are opened: including objects on any hard, removable and network disks that are connected to the computer. The user can also select individual catalogs, disks or files for scanning in real time.
ng
Real-time antivirus scanning for email and working online Antivirus scanning on demand or on schedule Protection from viruses, Trojans and worms Protection from spyware and adware Blocks dangerous macros in Microsoft Office documents Proactive protection from the latest and previously unknown malicious programs Blocks dangerous scripts on web pages Blocks popup windows and advertising banners Personal firewall Stealth mode for working online Intrusion Detection System Pre-installed application rules Protection from spam Preview of messages before they are downloaded from the mail server Spam filtration based on analysis of email headers Protection from phishing attacks -7
Scans only files that have been created or modified since the last scan Scan suspension during periods of increased user activity Automatic hourly updates to antivirus databases Support for Intel Centrino mobile technology Choice of skins for the graphic user interface
Analysis of network activity for applications such as Internet browsers, mail programs, etc. Analysis of TCP/IP network packets transferred or received via the network card or modem. The program runs an event log of all events connected with network activity. This technology makes the computer invisible to outside users. It effectively prevents all types of DoS (Denial of Service) attacks. 5 3 These flexible settings allow users to choose their security level: anywhere between complete suspension of the protection to forbidding all network
1
Event log
Stealth mode
activity. The firewall tracks any attempts to send data out from the computer (for example, through a Trojan program), preventing information theft. Pre-installed application rules >250 An extended set of preinstalled rules for computer software and widely used applications (for example, Microsoft Outlook, Winamp, Internet Explorer, Firefox) saves time necessary for program set up. Templates make it easier and quicker to create rules for widely used applications such as mail clients, Internet browsers, download managers, FTP clients, Telnet clients and clock synchronizers. Training mode can be used to automatically create rules for applications that do not already have pre-defined rules. The Intrusion Detection System monitors any network activity characteristic of a hacker attack. The program prevents hacker attacks by blocking connections from the hackers computer. The firewall settings depend on the type of network the computer is connected to. When a new network connection is created, the user can choose and save a security level for it: Internet, Intranet or a trusted network (most convenient for mobile users).
Training mode
This module provides dynamic packet filtering, examining data in the IP header and how the TCP connection was initiated. Dynamic filtering has a number of advantages over traditional statistical filtering: it offers more indepth analysis for IP packets, flexible filtration rules and an overall better level of protection.
Competitive Advantages
Kaspersky Internet Security has a number of advantages over other solutions on the market: Integrated protection. The components of Kaspersky Internet Security 6.0 share a unified operating logic, and have a single traffic interception and scanning point. This eliminates conflicts between components, improves the products performance and reduces its size. The size of the programs distribution package, the amount of RAM used and the hard disk space required by the program are thus smaller. High-quality antivirus technology. Kaspersky Internet Security offers: the best virus detection rates; the fastest response time to new threats (as confirmed by independent tests); support for the largest number of archived and compressed file formats (over 1,200) and treatment in ZIP, ARJ, CAB, RAR and LHA archive formats. Powerful proactive protection. Kaspersky Internet Security includes a heuristic engine, behavior blocker, application and Windows registry integrity control and a rollback function for malicious changes. Fast performance. iSwift and iChecker technologies make it possible to limit scanning only to new and modified files, or only potentially dangerous objects. They also ensure a balance between scanning speed and the quality of detection. Scan suspension during periods of increased user activity further helps reduce the load on resources. Fully functional firewall. This feature includes pre-installed rules for over 250 of the most well known applications. Versatile spam protection. A self-training module learns to detect spam for each individual mailbox without downloading updates. Protection from phishing. Kaspersky Internet Security uses antispam technology to detect phishing messages and links to phishing sites. Small updates. Incremental database updates + no updates for the antispam protection = faster performance and more economical use of Internet traffic. Flexible setting. A broad range of settings are available for advanced users to fine-tune the program. A full comparison of Kaspersky Internet Security and competitor products is provided in Survey of Personal Products for the Integrated Protection of Microsoft Windows, which is available on the Kaspersky Lab Partner Extranet: https://www.kaspersky.com/index.html The document provides a comparison of the following products: Norton Internet Security 2006 (Symantec) McAfee Internet Security Suite 2006 8.0 (McAfee) Trend Micro PC-cillin Internet Security 2006 (Trend Micro)
F-Secure Internet Security 2006 (F-Secure) Panda Internet Security 2006 (Panda Software) BitDefender Internet Security 9 (BitDefender). The document also includes a section explaining why some functions available in competitor products have not been implemented in Kaspersky Internet Security.
The product is designed to work correctly with most commonly available firewalls. During installation of a Kaspersky Lab product comprising the Anti-Hacker component, users are given the option of turning off any active Microsoft Windows firewall. If the user chooses to keep the Microsoft Windows firewall running, Anti-Hacker will not be activated, in order to avoid system conflicts. The product is designed to work correctly with most commonly available mail programs: Outlook Express, Microsoft Outlook, Thunderbird, Eudora, The Bat!, Netscape and IncrediMail. The product is designed to work correctly with most commonly available Internet browsers: Internet Explorer, Opera and Firefox.
The product is also designed to work correctly with instant messaging services (for example, Windows Messenger and Yahoo! Messenger).
Licensing
The licensing scheme follows a simple formula: 1 license = 1 key (in the form of a file). Each license key is unique. No more than two copies of a program sharing the same license key can be installed on a local network8. Users only have access to technical support services after they have activated the program. The activation process involves installing a license key. Without a license key the program will not work! If the product is bought from a retail outlet, the activation code is written on the envelope containing the disk that contains
We do not state this directly to customers. For users upgrading from version 5.0 products, there is no limit to the number of copies of a product that can be installed on a local network.
8
the distribution package. If the product is bought online, the activation code is sent by email. All users are provided with instructions on how to activate the product (in the box for retail customers and by email for Internet customers). Licenses are available for limited periods 1 or 2 years. In some sales territories, licenses are also available for 3 years. More detailed information is given in the Home User section of the Kaspersky Lab price list. During the license period, registered users have access to the following services: Round-the-clock technical support related to the installation, configuration or use of the product; Regular updates to signature databases, program modules and other updateable program components; Free upgrades to new versions of the product; Information about the release of new software products from Kaspersky Lab and new viruses (this service is available to subscribers to the Kaspersky Lab News Agent). More information on verifying user status, different types of license keys, managing license keys and a comparison table showing the compatibility of license keys in 5.0 and 6.0 products are available on the Kaspersky Lab Partner Extranet at: https://www.kaspersky.com/index.html.
Upgrade Conditions
The license period for KIS 6.0 is limited to the license period of the current product. Effective KIS 6.0 can be purchased at a 30% discount from the price listed.
Expired
1-year license, retail: KIS 6.0 can be purchased at a 30% discount from the price list 2-year license, retail: KIS 6.0 can be purchased at a 130% from the 1 year price listed
Effective
Free-of-charge The license period for KIS 6.0 is limited to the product license period which expires first (or at the earlier date). 1-year license, retail: KIS 6.0 can be purchased at a 30% discount from the price list
10
2-year license, retail: KIS 6.0 can be purchased at a 130% from the 1 year price listed 1-year license, online: KIS 6.0 can be purchased at a 30% discount from the price list 2-year license, online KIS 6.0 can be purchased at a 70% from the 1 year price listed
Support
During the license period, registered users have access to round-the-clock technical support related to installation, activation, set up and use of a software product. Links to online support services are provided on the program interface (Support Service): User forum FAQ Comments about program operation
Purpose
This document contains all of the information required by sales staff to promote the product and answer questions from potential customers.
Layout
The first part of the document contains sales information about the product: the target customer, its position in the Kaspersky Lab product line, new features, sales points and licensing options. The second part of the document provides information on product functions, including the information that is available to end users in the data sheets and additional technical information.
Sales information
Why centralized administration is essential
A centralized administration tool provides a convenient way to implement and manage an antivirus protection system that is made up of several antivirus products. It also makes it possible to enforce a unified security policy and provides a central point of control over all antivirus products on the network. Simply installing an antivirus program on each computer is not enough to ensure that the whole network is fully and dependably protected from viruses. There will always be the risk or end users interfering with the antivirus program (for instance, turning off the antivirus protection or making changes to the settings/schedule for updates). A centralized system for administering antivirus software should be installed both on workstations and corporate servers. The system administrator can then configure specific parameters and privileges for the antivirus program, ensure that antivirus databases and program modules are up-to-date and respond appropriately to critical events, etc.
21
Product philosophy
Kaspersky Administration Kit was developed with the following principles in mind (for more detailed information, see the Product Functions section: Universality and scalability: the product is suitable for networks of any size or complexity Management from a single location: all tasks can be completed from the system administrators workstation Complete control: centralized storage of all parameters for antivirus solutions and instant alerts about events. No interruption to the end users work: installation and configuration of the product can be carried out remotely. Secure administration: system administration audit, data exchange between the administrative server and the client via a secure SSL connection. Convenient administration: the product can be administered via the Microsoft Management Console (MMC).
Additionally, Kaspersky Administration Kit requires a database for processing data related to product settings, events, etc. Kaspersky Administration Kit is compatible with Microsoft SQL Server, Microsoft SQL Server Desktop Engine (MSDE) and Microsoft SQL Server 2005 Express Edition.
Kaspersky Anti-Virus for Microsoft Exchange Server 2000. Work is currently underway to add support for Kaspersky Anti-Virus for Microsoft ISA Server 2004.
can create a security policy that allows them to remotely deploy antivirus solutions and schedule tasks. Kaspersky Administration Kit allows system administrators to deploy, configure and maintain antivirus product on the network remotely without having to disturb end users work. Antivirus protection should operate on workstations completely unnoticed by the end user.
Easy installation
Simple to reinstall
Graphic reports
Flexibility
Licensing
Kaspersky Administration Kit is distributed for free-of-charge and does not require a license.
Support
Registered users of Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite are entitled to free technical support for Kaspersky Administration Kit. During the license subscription period, registered users receive: Round-the-clock technical support for all questions related to the installation, configuration and use of the product; Regular updates to antivirus and antispam databases; New versions of the product; Information about the release of new software products from Kaspersky Lab and virus alerts (available to subscribers to the Kaspersky Lab News Agent).
Training
Kaspersky Lab offers training programs and certificates for using Kaspersky Administration Kit. Users from English-speaking countries can write to edu@kaspersky.com for further information. The course teaches system administrators how to implement and maintain Kaspersky Lab antivirus products.
Functions
Main functions
This section provides sales staff with a one-stop information resource to help them provide complete and accurate information to potential clients. Individual features have been grouped by function. In the column on the left is information available to users from the product leaflet; in the column on the right more detailed information.
Description
Kaspersky Administration Kit can be used to administer antivirus solutions on complex networks of any configuration. Communication between administrative servers and clients is still possible when using a dedicated line, VPN (virtual private connection), firewalls and proxy servers. The program supports server hierarchies at any nesting level. Moreover, Kaspersky Administration Kit makes it possible to serve tens of thousands of client computers from a single administrative server. The system administrator can resolve all issues related to the management of the antivirus protection from his/her workstation: Build a logical network and install antivirus programs Configure group (for computers within a single administrative group) and individual (for separate computers) work parameters for antivirus applications. Update antivirus databases and program modules Monitor antivirus protection systems Respond to critical situations. Data between the administrative server and client computers (including laptops) is regularly synchronized to ensure:
Central Administration
Constant Control
Guaranteed delivery of security policies (settings) and tasks to server clients. If a computer is turned off or disconnected, this data is delivered as soon as the computer registers on the network again.
2
The administrator receives information about any incidents on the network even when s/he is not present in the office (by pager or mobile). Low-hassle for end users The system administrator can deploy and maintain the antivirus protection system remotely without having to disrupt end users work. Installation, configuration and operation of antivirus protection on workstations need not disrupt or distract end users. Kaspersky Administration Kit ensures a high level of security for the system by: Clearly defining administrators the roles and privileges work (to of system the
satisfy
Transferring data between nodes on the managed network via a secure SSL connection (for example, to deliver security policies, tasks, updates and information about events to the client server). Permission to make changes to local application settings is limited and antivirus programs operate in non-interactive mode to reduce the risk of end users making dangerous changes during critical events. Kaspersky Administration Kit is a robust and highly functional tool that is at the same time easy to administer: All administration is carried out via the Microsoft Management Console (MMC), which is a familiar tool for most system administrators.
Convenient Administration
System administrators can quickly master the product, learn how to configure and use the program, using the wizards Administrators can make backup copies of all the databases and settings for Kaspersky Administration Kit, which saves time if the system needs to be later reinstalled. Color-coded graphic reports are easily understandable at a glance and are informative enough to be used as official reports to the company. Remote installation Antivirus products can be installed remotely from the system administrators workplace using any of the available methods for Windows operating systems, both forced installation and launch scenario. The system administrator can create an installation package (application distribution package, license key and responses to typical questions that arise during installation). Kaspersky Administration Kit installs applications on remote computers in non-interactive mode. All of the computers on the network can be divided into groups to simplify administration. Groups are formed to reflect the hierarchical structure of the network. Administrative groups can be created either manually or automatically using the structure of the physical network, Active Directory catalogue service or IP addresses. Kaspersky Administration Kit regularly reviews the network, adding new computers to the structure, deleting inactive computers and keeping the network up to date. Centralized management
Kaspersky Lab antivirus products are managed on the network using a system of security policies and tasks. The security policy for an administrative group defines the main work parameters for each application installed on computers within the group and privileges for Centralized application settings changing them. It is also possible to define work parameters for each application by creating and launching tasks for computers across administrative groups. It is not necessary for each individual computer to connect to the Kaspersky Lab server to receive updates. Kaspersky Administration Automatic updates to antivirus Kit regularly receives updates for antivirus applications and can databases and program modules automatically deliver them to all computers on the network (regardless of how the network is configured). Antivirus protection on laptops can be kept fully up-to-date, even when there is no connection with the administrative server (when an employee is traveling, for instance). Updates can be downloaded Full Support for Laptops directly from the Internet and all data (security policies and tasks from the server; events from the client) can be synchronized as soon as the laptop registers on the home network. Monitoring antivirus protection Kaspersky Administration Kit can be used to plan the networks reaction should certain types of events occur too often. For example, the system can send notifications to the administrator by email or by Options for Responding to using NetSend, launch the program (by sending messages by pager Incidents or mobile phone), use a more stringent security policy or perform an emergency update of antivirus databases. A backup folder for copies of infected files and a quarantine folder for suspicious objects are organized in the form of a distributed database Centralized storage for suspicious with centralized administration. Objects can be saved to local storage, and infected objects which end users cannot access, while the system administrator can retrieve any information from them. Statistics about the operation of all Kaspersky Lab programs installed on the network are available in a central database, which makes it easy to check that the applications are working properly and to create reports. Administrators can obtain summary reports on the program's overall operation, as well as detailed reports for individual groups on the corporate network. The system administrator can use the graphic HTML reports and Windows Event Log to monitor the performance of antivirus protection. Reports are automatically created at set intervals and sent to the system administrator. The report can be saved to disk or distributed via email. In-depth Reports By default, a browser is installed to the system for viewing reports. Kaspersky Security additionally allows events to be logged in their own catalogue using the Windows system log. There are 5 pre-installed diagnostic levels that determine the amount and depth of information appropriate for the log.
New capabilities
New functions / enhanced functions Description
A logical network can be created on the basis of the Active Directory. The system administrator does not have to rebuild the logical network from the beginning in order to create administrative groups.
Computers can be divided into administrative groups according to IP addresses. A backup folder for copies of infected files and a quarantine folder for suspicious objects are organized in the form of a distributed database with centralized administration. Objects can be saved to local storage, which end users cannot access, while the system administrator can retrieve any information from them. There are a number of benefits to storing objects locally rather than in a distributed and centralized storage location on the server. It not only saves disk space on the server, but also makes it possible to retrieve objects from quarantine (particularly important for laptop users, who may not always be connected to the server). New algorithms compress traffic transmitted between the administrative server and client computers which reduces the volume of data by 10 times on average. This also increases the number of client computers that can be supported by one administrative server a huge advantage for organizations that use IT channels with low throughput or are geographically dispersed. System administrators can evaluate antivirus protection and the overall security of the network at a glance using color-coded graphic reports. The reports can be printed out and presented in evaluation reports on the IT department. The application includes a selection of wizards, such as the Quick Start Wizard, which simplify administrative tasks. A new, more user-friendly interface makes it possible to automatically update the network, scan the network to detect new computers, or remove inactive computers, quickly locate computers on the network, obtain advice on checking the use of macros and add commentaries for client machines, etc. Administering antivirus protection on laptops: When the laptop is disconnected from the administrative server, antivirus database updates can be downloaded directly from an alternative source on the Internet. Users receive all security policies and tasks assigned to them by the administrator.
Centralized quarantine and backup storage for suspicious and infected objects
Extended scalability
Greater convenience
All events on client laptops are logged and information is sent to the administrative server: data is synchronized with the administrative server as soon as the laptop registers on the home network. Up-to-date information about computers on the network: Kaspersky Administration Kit regularly conducts a scan of the network to stay updated on which computers are present on the network. Computers that remain disconnected from the network for a specified length of time are automatically deleted from the network. Administrating antivirus protection has been made more secure thanks to the introduction of a system for auditing system administrators work, a branched system for access to the administrative server and support for data exchange between the administrative server and clients via a secure SSL connection (Secure Sockets Layer).
The system administrator can define how Kaspersky Administration Kit will respond to specified types of events (for example, the detection of viruses). Excessive numbers of such events triggers a response from Kaspersky Administration Kit. The application can respond by sending alerts via email and/or NetSend, launching an application (by sending a notification to a pager or mobile), raising the security level, launching a full system scan or an emergency update to antivirus databases, etc. The system administrator can thus plan a response to emergency situations in advance and be assured that the antivirus protection will respond appropriately. When creating a remote installation package for antivirus applications, the system administrator can also configure notifications for users asking them to restart their machines and/or informing them of a forced restart to their machines. Installation of antivirus protection is thus guaranteed and intervention from the end user ruled out. This capability allows system administrators to retrieve objects that have been mistakenly labeled as suspicious and placed in the quarantine folder. Unlike competitor administration systems, Kaspersky Administration Kit stores suspicious objects on the client computer and not on the server Support for case sensitive and authentication modes for both Microsoft Windows and the SQL server. The system administrator can create installation packages that contain application distributives, installation scenarios (user replies to questions during installation) and a licensing key. This makes it possible to install a wide range of applications in silent mode (non-interactive mode) without disturbing the end user. The system administrator can install and maintain antivirus programs on client computers outside working hours (on schedule) to avoid disruption to the end user. Kaspersky Administration Kit offers a choice of methods for updating antivirus databases on client computers: Updates can be downloaded from a shared folder on the administrative server. This is the most widely used, but far from the most convenient method. This is a slow method of delivery and is complicated by the fact that some computers on the network may be using Linux operating systems or old versions of Windows (for example, Windows 95).
Improved system for rolling back antivirus databases Extended Support for Microsoft SQL Server Remote installation of Kaspersky Lab applications and other applications in silent mode. Remote startup of client computers (Wake-onLAN)
Updates can be delivered via the FTP or HTTP server, which is much faster but requires installing and configuring a separate update server. Delivery of updates using the network agent. Kaspersky Lab strongly encourages users to update antivirus databases using the network agent, since this provides fast delivery, does not depend upon the operating system installed on the client machine and does not require installing and configuring separate servers. The network agent is included in the package for Kaspersky Administration Kit and can be installed on all computers centrally. Kaspersky Administration Kit delivers updates to client computers in pushmode as soon as updates are received from Kaspersky Lab servers in order to minimize the time computers are left vulnerable to new threats.
The klbackup utility can be used to store all databases and settings for the administrative server. If the server for some reason disappears from the network, a new server can be built within minutes with the same settings and in tune with the logical structure of the network. Backup copies of settings can be made during the installation of Kaspersky Administration Kit.
2
The system administrator can create several security policies (settings for applications on computers in administrative groups and permission rules for them) and can specify stricter security policies during virus epidemics and other specified events.
Sales Information
What is Kaspersky Security for Microsoft Exchange Server 2003?
Kaspersky Security for Microsoft Exchange Server 2003 provides comprehensive antivirus protection for all incoming and outgoing email messages, and for messages stored on the server and in shared folders. The product uses intelligent spam detection technology from Kaspersky Lab combined with Microsoft technology.
Deployment notes
Kaspersky Security for Microsoft Exchange Server 2003 comprises two main components: a security server and a management console, which can be installed separately. The security server should be installed on every Microsoft Exchange Server, while the management console only needs to be installed on the administrators workstation. If cluster servers are used, then Kaspersky Security for Microsoft Exchange Server 2003 should be installed on each Microsoft Exchange Server that constitutes a node in the cluster. If a client has already installed Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003, then it is possible to update it to Kaspersky Security 5.5 for Microsoft Exchange Server 2003.
Cutting-edge technology
Application Fine-Tuning
11
12
Symantec
Kaspersk y
Supports cluster technology (Microsoft Windows 2000 Advanced Server Clusters or Windows 2003 Clusters) Detects spy ware and other potentially dangerous malware (e.g., adware, dialers, hacking & remote access tools, etc.), as well as other malicious programs. Filters spam by checking the formal attributes of the message (analyzing the email or IP address and message headings) Detects spam containing images / blocks spam in image format Checks for spam in attached files / blocks spam sent in attachments and not in the main message Filters spam by checking URL-links in the letter / Includes a mode for processing modified spam messages / blocks modified spam Can categorize messages as possible spam / prevents important information being lost Periodic updates to the antivirus database / more frequent updates of the database reduce the time users are unprotected from new threats Periodic updates to the anti-spam database / more frequent updates to the anti-spam database block new types of spam Prevents virus epidemics / Reacts to virus epidemics onthe-fly
+13
+14
+ + + + Hourly
+ + +
+ + + +
Once a Every day month Several times a No data wk As new Every threats day appear
Every 20 mins
13 14 15 16
Also possible for identical node setups. Fully GSG Technology In TXT, HTML, DOC, RTF formats.
F-Secure + + -
Sophos
McAfee
Panda
Trend Micro
Price Comparison17 Number of users 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-999 More than 1000 Kaspersk y $38,00 $34,00 $31,00 $27,50 $24,00 $22,50 $21,00 $19,50 $18,00 $16,75 Symante c $69,82 $69,82 $69,82 $62,58 $58,94 $55,58 $55,58 $50,60 $44,76 $41,08 McAfee $55,35 $55,35 $55,35 $44,90 $44,28 $44,28 $44,28 $43,67 $39,36 $37,52 Trend Micro $44,28 $44,28 $44,28 $41,70 $39,03 $35,42 $35,42 $31,94 $29,52 $27,92 Sophos $80,70 $62,80 $62,80 $49,30 $40,40 $32,30 $32,30 $26,90 $26,90 $26,90 Panda $45,68 $45,68 $45,68 $43,39 $41,23 $37,11 $37,11 $33,39 $28,39 $24,13 F-Secure $32,33 $32,33 $32,33 $27,61 $23,11 $20,41 $20,41 $17,79 $16,12 $15,16
The following graph shows the comparative prices of the products according to the number of users. Comparison Prices for Products
$90.00 $80.00 $70.00 $60.00 Cost of license $50.00 $40.00 $30.00 $20.00 $10.00 $0.00 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-999 More than 1000 Kaspersky Symantec McAfee Trend Micro Sophos Panda F-Secure
Number of users
17
All prices are given in US dollars, include taxes and are for a one-year license within the EU (figures from August 2005).
Spam Protection
Intelligent technology detecting spam for Several anti-spam techniques are combined to achieve extremely
high detection rates with a minimum of false positives. Firstly, the formal attributes of a message are analyzed according to lists of email and IP addresses, message headers and size. Filtration is also based on blacklists and white lists compiled by the system administrator. Mail can be filtered according to lists of RBL services (widely accessible and constantly growing lists of IP addresses and open-relays which are publicly known as spam sources), but only if this is enabled on the Spam Confidence Level Infrastructure (SCLI) on Microsoft Exchange Server 2003. Analyzing formal attributes of email makes it possible to filter spam in any language.
The application checks all messages that reach the Exchange Server via an SMTP protocol. When detecting characteristics of spam, it analyzes the formal attributes of the mail (email and IP addresses, the size of the message, message headings). It also applies intelligent technology to analyze the content of the message and any attachments, and can scan graphic signatures to detect spam that contains images.
Secondly, the program analyzes content: theme, the message body and any attachments in plain text, HTML, Microsoft Word and RTF formats, searching for words and word combinations typical of spam (around 53,000), text signatures (around 2500) and graphic signatures (around 6000) 18. Content analysis of messages can be carried out in Russian, English, German, French and Spanish. The database is updated every 20 minutes. The administrator can use Microsoft Exchange to make lists of users authorized to send mass mailings.
18
Classifying messages
The administrator can set different rules for each category of unwanted mail and prevent the loss of important information. Messages that are pure spam can be blocked, suspicious messages sent to the junk mail folder, and formal notifications (for example, confirming dispatch or receipt of messages) can be sent to the incoming mail folder.
Messages, which the spam filter has not classified as spam, are sent to user inboxes as normal. The remaining messages that have, for one reason or another, been classified as spam are divided into the following categories: Spam (automatically deleted) Suspicious messages (automatically transferred to the junk mail folder). Formal notifications (automatically sent to the incoming mail folder) Indecent messages (automatically withheld from end users inboxes)
Virus Protection
Real-time scanning
The program scans for and removes all types of viruses, worms, Trojans and other malicious programs from incoming and outgoing mail, including attachments in nearly any format. In addition, the system administrator can enable antivirus scanning of passthrough mail traffic routed through the Exchange server. . Kaspersky Security for Microsoft Exchange Server 2003 Carries out antivirus analyses If all or part of a message is infected, then the object is processed according to the program settings Copies of the object can be saved in the quarantine folder Antivirus analysis and treatment are carried out using the antivirus database, which contains all signatures known at the time of the scan (more than 140,000 definitions as of the beginning of October 2005), as well as heuristic analysis, which is capable of detecting new viruses that have not yet been given a signature. The program supports more than 450 different file utility packages, installers and archivers (more than 1200 versions as of June 2005). This enables us to easily locate viruses in archived files. The Kaspersky Lab antivirus database is updated every hour. Messages and shared folders on the server are regularly re-scanned using the latest version of the antivirus database (when background mode is enabled). Analysis in background mode can be conducted automatically, when the antivirus database is updated, on schedule or manually. If background mode is disabled then messages stored on the server will be scanned using the latest version of the antivirus database when the user opens them. The user always receives messages that have been scanned with the most up-to-date version of the database, regardless of when the server originally received the message. The categories of objects that Kaspersky Security for Microsoft Exchange Server 2003 searches for in mail on the server depend upon which of the two possible levels of antivirus protection is enabled. Standard antivirus protection protects against all malicious programs known at the time of scanning. This is the default mode. Enhanced antivirus protection. Increased protection against potentially harmful programs, such as ad ware, dialers, and spy ware (programs that automatically download files, keyboard spies, programs for cracking passwords and programs for remote management).
The system administrator sets the threshold for virus activity: that is, the maximum number of events of a specified type registered within a limited time frame. If virus activity exceeds this level then notification is sent (via email and/or using NetSend on local networks). The following types of events are monitored: Infected object found. Suspicious object found. Dangerous object found Same virus found on several occasions. When a virus epidemic has been discovered, antivirus scanning can be initiated, the antivirus database updated or the application mode raised from standard to enhanced or extra. Before an infected object or message containing spam is treated, deleted or blocked, an initial copy can be saved in the quarantine folder. The object can later be deleted, restored for the purpose of obtaining information from it, or analyzed using an updated version of the antivirus database. Moreover, suspicious objects that contain variations on known viruses, or codes from unknown viruses, can be sent to the Kaspersky Lab Virus Lab for further analysis. A subsequent analysis of the object with the latest version of the database allows it to be treated or the information saved. A suspicious object is saved in the quarantine folder as a cipher to prevent the risk of infection (the object is only accessible by decoding it). The volume of information in the quarantine folder is limited by the size of the quarantine folder (in megabytes) or by the length of time it can be saved. Search for objects in the quarantine folder can be undertaken using a number of parameters: the objects status (several can be chosen), objects name, sender, recipient, theme and when the message was sent.
Backup copying
Before deleting messages, the application saves backup copies, making it possible to restore important information if attempts to cure an object resulted in failure or if a message was erroneously categorized as spam. A broad range of search parameters can be used to make finding objects in the backup storage easier.
Administration
Fine Tuning
The administrator can configure the program based on the organizations security policy and hardware capabilities, e.g., select the types of malicious and potentially hostile programs to be detected by choosing standard or extended antivirus databases; adjust the applications performance depending on the mail traffic and the number of users; and, scan only potentially hostile objects by disabling scanning of certain file types. The products performance depends partly on the settings chosen. For example, the administrator can choose one of three levels of protection: standard, extended or superfluous. See the section entitled Detecting potentially harmful programs for further details. Certain types of objects can also be excluded from antivirus scanning so that only potentially harmful objects are processed. The administrator can exclude all archives, folders with higher nesting levels, masked files (for example, *.txt) and graphic files. There are three auto-setup modes: For small volumes of mail traffic (around 1-2 messages an hour to every mailbox), when there are a large number of mail servers on the server, but the mail traffic from each of them is insignificant. For large volumes of mail traffic (from 10-15 messages an hour to every mail box), when there are relatively few mail boxes, but each mailbox receives a large number of messages. Medium mode is for when there is an even flow of messages through mailboxes on the server. Kaspersky Security for Microsoft Exchange Server 2003 can analyze objects in the operational memory without saving them in the temporary folder in advance, as long as they do not exceed a given size (by default this is 1 MB). This enables the program to work
4
faster.
Database updates
The antivirus database can be updated on demand or automatically on schedule from Kaspersky Lab Internet servers or from the companys local servers, which are specified by the administrator. Some modules of the antivirus engine and linguistic analyzer can also be updated together with the databases. Antivirus and spam recognition databases can be updated separately
After files have been copied from an update source, the application automatically runs the updated databases and uses it to scan mail for viruses and spam. If the local network is based on a sufficiently complicated structure, then we recommend downloading updates from the Kaspersky Lab server every 20 minutes, so they can be held in a shared folder on the server for local computers to copy updates from. If Kaspersky Administration Kit is installed, updates can be held temporarily in a designated folder, which then serves as the source for updating Kaspersky Security for Microsoft Exchange Server 2003.
Detailed reports
The system administrator can control the operation of the application and the antivirus protection status using descriptive HTML reports or by viewing the Windows event log. The system administrator configures the frequency with which reports are generated and the information to be included in reports. A report can be stored on the hard drive or sent via email.
Administrators can create reports using built-in templates with the required level of detail. Separate reports are issued for antivirus analysis and spam analysis. By default reports are issued on the first day of the month, and cover the last 30 days. When creating templates for reports, administrators can adjust the time period for which data is given, the frequency and time taken to compile reports, as well as how they are received (stored on the disk or via email). Kaspersky Security for Microsoft Exchange Server 2003 can also be set to register certain kinds of events in the Windows system log. The volume and detail entered in the log can be set at one of 5 levels of diagnosis. Administrators can use the administration console: To add or remove new Microsoft Exchange Servers from the list of servers available for managing the console To connect or disconnect from the server available for managing the console To create templates for informing users of new suspicious or infected objects and templates for reports For compiling reports according to a preferred template To set the parameters for locating objects in the quarantine folder To create and set criteria for defining a virus epidemic To obtain copies of objects in the quarantine folder or send them on for analysis to the Kaspersky Lab Virus Laboratory
Centralized administration
The application is configured and administered via the administration console built into Microsoft Management Console (MMC), a convenient management tool familiar to the administrator, or using Kaspersky Administration Kit, which can also be used to administer other Kaspersky Lab products.
Fast installation
The interactive installation and configuration mode used by the program by default is appropriate for most systems, making it possible to begin normal operation of the program without spending much time on installation and configuration.
Immediately after installation the application is fully operable and parameters that are automatically installed are the settings recommended by Kaspersky Lab.
What is Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition?
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition is a software solution that scans files entering the network via the Microsoft Internet Security and Acceleration Server. The program consists of a set of filters which receive data transmitted via HTTP and FTP protocols, a system for configuring the applications settings and a management console.
Features
This section describes the products principal features and provides additional information that will help answer questions from potential customers more completely and professionally. The applications features are grouped by function. In the left column, the description of a function available from Kaspersky Labs marketing materials appears; on the right, additional information for sales managers is provided.
Comprehensive protection against viruses and malicious code ntivirus scanning. Kaspersky AntiVirus for Microsoft ISA Server 2000 scans all data transferred via the Microsoft ISA Server and removes all types of viruses. Objects scanned by the solution include archived and compressed files in over 1200 formats. Data in ZIP, CAB, RAR and ARJ archives can be disinfected. A unique
Details and facts: The ISA Server has three modes of operation:
Firewall, Proxy and Integrated. In Firewall mode, the ISA Server protects internal network communications from various types of Internet-borne threats by using various tools, such as IP packet filters, web filters, and application filters. In this mode, the caching of transmitted information is disabled. In Proxy mode, ISA Server acts as a cache server that routes requests and plans data loading for efficient processing of subsequent client requests. In this mode, the ISA Server does not protect the internal network. In Integrated mode, all features of the firewall and cache server are available. Additionally, in this mode, the ISA Server operates as both Proxy and Firewall. The table below shows which filters are installed for each of the three ISA Server operating modes.
Proxy Yes
dditional filtering parameters By file type. The etails and facts. The administrator can exclude certain file formats from the administrator can define the list of objects to be scanned, for example, graphic files, which are not likely types of objects that will not to contain viruses. be scanned for viruses, helping reduce ISA Server load.
administrator can define the list of trusted servers. Data transferred via these servers is not scanned for viruses. The more servers included on the trusted server list, the less Kaspersky Anti-Virus interferes with data requested by users.
Trusted servers. The system etails and facts. Trusted server parameters can be set in one of four ways:
the server domain name; the server IP address; the subnet; an IP address range.
By
user group. The etails and facts. Each group consists of internal network clients to whom administrator can create the same policies can be applied. Each client can be a member of one or groups of ISA Server users more groups. A client can be defined using an IP address or a group of IP and apply individual data addresses. Clients defined by specific IP addresses can be computers with processing rules to each network services installed and/or permanent IP addresses e.g., mail
19
group, defining specific restriction levels based on the companys security policy and employee needs.
servers. For network clients which do not have a permanent IP address, one client defined by a subnet address and mask can be created. A policy can be defined for each group of clients. cannot have more than one policy. A group
ptimizing the applications performance The product has been certified by Microsoft for compatibility with Microsoft ISA Server Optimization for Intel Xeon. Based on the
results of optimization, Kaspersky Anti-Virus for Microsoft ISA Server has been granted the Intel Xeon logo.
Based on test results, optimization has helped reduce the following parameters:
processor time required to process a fixed set of files reduced by 66%; the number of input-output operations reduced by 30%; and, the amount of data written/read reduced by 17% As a result: the performance of Kaspersky Anti-Virus is higher than the performance of the ISA Server the presence of malicious code is issued faster than the Microsoft ISA Server provides a new object for scanning. When using the server on an Intel Xeon-based computer attempts to create load under which our server becomes a bottleneck failed.
Details and facts. The default settings are optimal for most
configurations. However, the administrator can configure the product based on the companys specific requirements. The administrator can set the following parameters: the number of queued objects cached in memory; buffer size for cached objects (KB); the number of antivirus engines running simultaneously; and, the number of antivirus engine instances reserved for scanning some categories of HTTP traffic (the so-called fast traffic). The following types of objects can be classified as HTTP traffic fast objects: text files smaller than 2 MB; graphic files smaller than 2 MB; and, other objects (excluding executable files) smaller than 256
KB. The size of the queue of objects to be scanned. This field defines the maximum number of objects that can be simultaneously located in the queue for antivirus scanning. Queue sizes from one to 16,383 objects can be set. Maximum scan time in seconds. This field defines the maximum time allowed for scanning an object. If an object could not be scanned during that time, it will be categorized as uninfected and sent to the client requesting it.
The administrator can restore the default values of parameters at any time.
exible management and administration Administration based on Details and facts. The administrator does not need to configure each Settings configured on one node will be array rules. Antivirus server individually.
settings can be configured automatically applied to all array members. on one of the arrays members.
Remote
management. Details and facts. Kaspersky Anti-Virus for Microsoft ISA Server
can be managed using the Kaspersky Administration Kit or the Microsoft Management Console. Differences between security policies for different user groups may include restrictions related to downloading files of certain types, sizes, etc.
Using either of the centralized management tools, the administrator can configure antivirus scanning parameters, create user groups based on various criteria, define security policies for these groups, configure reporting parameters and generate reports, install license keys, update antivirus databases, etc.
relevant logs.
moment.
Solid value
No additional product needs to be purchased in order to manage Kaspersky AntiVirus for Microsoft ISA Server 2000 Enterprise Edition. All administration functions can be performed via Microsoft Management Console or Kaspersky Administration Kit, which is supplied free-of-charge. Purchase of a license for Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition includes not only the right to use the product and subscription to regular updates to antivirus databases and product components, but also free new versions of the program and round-the-clock technical support via telephone or email in several languages.
Convenient administration
Configuration of antivirus protection policies and administration of the server array is performed centrally from any computer with Microsoft Management Console or Kaspersky Administration Kit installed. Kaspersky Administration Kit, unlike many other vendors proprietary administration modules, can be used to set antivirus protection policies for the entire ISA server array.
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition offers a broad range of capabilities related to configuring filtering parameters and transferring scanned data to users, helping reduce the lSA Servers load. Optimization for Intel Xeon processors used in dual-processor systems and support to launch several copies of the antivirus engine allow the solution to process large volumes of data without reducing the ISA Servers performance.
Ease of installation
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition integrates into the ISA Server, automatically detecting its current mode of operation and setting its parameters depending on the ISA Servers mode.
Price Comparison
Number of licenses 10-24 25-49 Kaspersky 13.50 12.50 11.50 (100149) 11.00 (150249) 10.50 10.00 9.00 McAfee 16.63 15.80 13.64 12.14 10.65 9.31 Trend Micro 26-50 51-100 Number of licenses 15.96 14.28 10.98 10.10 9.55
100-249
251-500
501-750 751-1000
Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition HTTP traffic scanning. Support for scanning traffic transmitted via HTTP protocol, which is used for viewing web pages. FTP traffic scanning. Support for scanning traffic transmitted via FTP protocol, which is used for transferring files from the Internet Scanning of FTP over HTTP traffic. Support for scanning FTP traffic transferred via the HTTP protocol (FTP over HTTP) for downloading files from websites Additional filtering parameters for SMTP
Compatible with BitDefender for Mail Servers (WIN SMTP Proxy
For complex files: File size in bytes Nesting level For all files: By file extension
?
By file extension By MIME type
By file extension
Compressed files
_
MMC Web- based interface
MMC
Web- based interface IIS required on the machine with the product
Panda AdminSecure
(+ logs
recorded in Windows Application Event)
Support for arrays Optimization for Intel Xeon Microsoft Certification Notification tools
ISA Server Alerts using SMTP
_ _ _
ISA Server Alerts using SNMP, SMTP
_ _ _
ISA Server Alerts using SMTP
_ _ _
SMTP
_ _ _
SMTP, network broadcast
Licensing
Licensing of Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition is based on the number of workstations and file servers using Microsoft ISA Server to acces the Internet. Each license type is acquired for a certain limited period of time (one, two or three years from the date of purchase). During the term of the license, registered users can receive the following services: round-the-clock technical support via telephone and email on issues related to installing, configuring and using the software product; hourly antivirus database updates and updates of the content filtering database every twenty minutes; program module updates; free new versions of the product; and, information on the release of new Kaspersky Lab software products and notification of new viruses appearing globally (these services are provided to those who sign up to Kaspersky Lab news updates).
51
Positioning
The main product selling points are as follows: integrated protection against viruses and spam available in a single product, with installation, setup and management via a single interface; the highest malicious program detection rate among Linux-based solutions (based on independent testing results, see Attachment 1); the product provides an additional protective buffer, because it is installed BETWEEN the corporate network and the Internet; the product is easy to install as there is no need to integrate it into the existing mail system; the product combines well with other vendors antivirus solutions if they are used on other network nodes (workstations, file servers, mail servers, etc.).
52
Type of installation Antivirus and spam filter on one server BUT separate from the mail server Antivirus and spam filter on one server, on the same machine with the mail server Antivirus on a separate server, spam filter on the same computer with the mail server Antivirus and spam filter on different servers Antivirus and spam filter on one server BUT separate from the mail server Antivirus and spam filter on one server, on the same machine with the mail server Antivirus and spam filter on different servers
Recommended choices / advantages Kaspersky Mail Gateway 5.5 Low cost Kaspersky Mail Gateway 5.5 Low cost
No
Linux / Unix
Kaspersky SMTP Gateway 5.5 for Linux / Unix on the Internet gateway & Kaspersky Anti-Spam Enterprise Edition on the mail server Antivirus and spam filtering are separated and run on different servers Kaspersky Anti-Virus for the relevant mail server (MS Exchange, Lotus Notes / Domino) & Kaspersky Anti-Spam Enterprise Edition on a separate Linux / Unix server Kaspersky Mail Gateway 5.5 Additional antivirus protection plus anti-spam protection Kaspersky Anti-Spam Enterprise Edition Protection of mail against spam as well as viruses Kaspersky Anti-Spam Enterprise Edition on a separate Linux / Unix server Protection of mail against spam as well as viruses
Spam filtering.
The application scans mail traffic for spam based on filtering by formal attributes and analysis of message contents and attachments using intelligent technologies based on special graphical signatures for detecting spam in the form of images.
User notification.
If a suspicious or infected object is detected, the system administrator, sender and recipient of the message receive a notification, the contents, format and language of which is defined by the system administrator. If a message is categorized as spam, it can be blocked, sent to a quarantine folder or delivered to the recipient with a special tag in message header.
20 21
Up-to-date information is published on http://www.kaspersky.com/avupdates Information on anti-spam databases as of early August 2005
Quarantine.
Infected and suspicious objects detected in mail traffic and messages identified as spam can be moved to a quarantine folder. The administrator can view or delete messages in the quarantine folder or forward them to the recipient.
The application can be configured to select messages having a specific status after scanning for viruses and spam and save them in a quarantine folder. In particular, messages identified as spam or probable spam and messages containing infected, suspicious or damaged objects can be saved in the quarantine folder. The application can be set up to either block or deliver copies messages that have been saved in the quarantine folder. The system administrator can at any time view the contents of the quarantine folder, delete messages from it or send a message to an end recipient.
By attachment type
Data integrity
Message archives.
The administrator can maintain archives of received and/or sent messages if this is required by the companys security policy. A special utility manages objects in incoming/outgoing message archives, i.e., the administrator can view the entire contents of an archive or information about specific messages, delete all messages or a specific message from the archive, or send specific messages in the archive to initial recipients.
Configuration optimization
of
and By default, mail messages will be processed based on the rules the specified in the configuration file that is included with the application
5
application.
Depending on mail traffic volume and the stringency of the companys security policy, the administrator can change the applications operating parameters, from maximum system performance to maximum user protection. The administrator can also configure various timeouts for message sending and/or receiving, manage the applications queue and limit the number of objects that can be scanned simultaneously in the background mode.
distribution package. Kaspersky Lab regards this as the optimal operating mode for the application. Rules define which objects will be scanned by the application and how stringently, which actions will be performed on these objects, etc. The administrator can alter the way the application operates by changing message processing rules. The administrator can also use a special utility to manage the applications queue (the queue of messages intended for antivirus processing or anti-spam scanning): view the contents of the queue or information about specific messages in the queue, delete all messages or a specific message from the queue, and/or send all or selected messages bypassing the queue.
Configuration of updates.
The antivirus database can be updated on demand or automatically on schedule from Kaspersky Lab servers on the Internet or from local servers specified by the administrator. Some modules of the antivirus engine and the linguistic analyzer are updated as well.
A special updating component, keepup2date, which is included with the application, is used to update antivirus and content filtering databases. Databases are updated from dedicated Kaspersky Lab servers. If the local network has a sufficiently complex structure, we recommend that updates be downloaded from Kaspersky Lab update servers every 20 minutes and placed in a network folder. Local computers on the network should be configured to copy databases from that folder. Depending on the level of detail specified for a report on the applications performance, it can contain information on critical errors, errors that occurred when scanning objects, license key expiry, the absence of free space on the hard drive, the path to the configuration file, the areas to be scanned, etc. For each object scanned the report may contain sender and recipient email addresses, the IP address of the host from which the message was received, the list of detected viruses, the status after antivirus scanning and processing by the spam filter.
Graphical reports
The Webmin program includes the option to view virus activity for given time periods in graphical form. Data on the types of viruses detected during antivirus scans can also be viewed. In addition, the administrator can receive detailed information on the programs status and operation by using a broad range of reports with the desired level of detail.
Easy installation
McAfee WebShield SMTP 4.5 No version for Linux / Unix. A rather old version (2000), the latest update was released in 2004.
Poor anti-spam functionality: no signature (sample) -based filtering, no filtering based on heuristic methods (word and word combination samples), no filtering by URLs contained in messages, no selection of spam filtering profiles (by stringency). Less frequent antivirus database updates (daily) and antispam database updates (monthly). Trend Micro InterScan Messaging Security Suite 5.5 The Linux version requires installing and configuring a Postfix mail server, making product deployment more difficult. No support for Russian language spam filtering, no filtering of graphical spam, no filtering by URLs contained in messages. Less frequent antivirus database updates (several times a week). The highest price among similar products (see diagram). A PostgreSQL or CBD database needs to be additionally installed. No support for filtering spam in Russian. Less frequent antivirus database updates (as new threats appear) and anti-spam databases (daily). A limited range of anti-spam tools: no filtering based on formal attributes, signatures (samples), attachment file types (extensions), no choice of spam filtering profiles (by stringency). Less frequent antivirus database updates (daily). Higher price. A separate product, F-Secure Spam Control, needs to be purchased for protection against spam. Spam is sorted at the mail client level, not the server level. Less frequent antivirus database updates (daily). Easy installation and setup. Support for filtering spam in Russian, graphical spam, and attachments in TXT, HTML, DOC and RTF formats.
Sophos PureMessage 5.0 Low total cost of ownership. Support for filtering spam in Russian, graphical spam, and attachments in TXT, HTML, DOC and RTF formats
BitDefender SMTP Proxy (Linux) 1.6 Support for filtering spam in Russian, graphical spam, and attachments in TXT, HTML, DOC and RTF formats.
F-Secure Internet Gatekeeper 6.4 & F-Secure Spam Control Integrated protection against viruses and spam in one product. Centralized filtering of spam at the server level.
Number of licenses 5 - 10 11 - 25 26 - 50 51 - 100 101 - 150 151 - 250 251 - 500 501 - 750 751 - 1000 1000 1999 >2000
Kaspersk y n/a 14.50 13.00 12.50 11.30 10.50 9.70 8.10 8.10 6.50 6.50
Symantec n/a 10.42 10.00 10.00 8.91 8.91 8.43 7.89 7.89 7.89 6.80
McAfee n/a 19.66 15.94 15.74 13.77 13.77 13.38 12.20 12.20 11.40 8.06
Trend Micro n/a 38.40 34.06 30.47 26.54 26.54 23.42 21.54 20.38 20.38 20.38
Sophos 107.60 62.80 49.30 40.40 32.30 32.30 26.90 26.90 26.90 26.90 26.90
BitDefend er 24.90 22.48 19.90 17.50 n/a n/a n/a n/a n/a n/a n/a
F-Secure n/a 28.03 23.55 19.29 16.94 16.94 14.84 13.52 13.52 12.75 12.75
110 100 90 80
Symantec McAfee Trend Micro Sophos BitDefender
Price in USD
Kaspersky F-Secure
751-1000 1000-1999
Over 2000
Number of licenses
All prices are in US dollars, inclusive of taxes, for a one-year license for sale within EU territory (information accurate as of June 2005). For Symantec Mail Security for SMTP, the price specified is valid for the US market and may be slightly lower than European prices. 5
22
Licensing
The licensing policy for Kaspersky Mail Gateway offers a choice of two licensing options: 1.
By the number of users protected.
Licensed users are those who send and receive messages which have been scanned by the antivirus engine and the spam filter and did not contain viruses or spam. Hence, the list of users being protected is dynamic (the presence or absence of a user on the list depends on their mail activity) and its size is limited to the number specified in the license. The customer needs to develop a list of addresses (including aliases) that will be covered by antivirus protection and spam filtering.
2.
By volume of mail traffic processed (MB/day). The license key is issued for a certain number of megabytes of incoming and outgoing mail traffic per day. Only uninfected messages and messages not categorized as spam are taken into consideration. Infected messages are scanned but not included into the calculation of the proportion of licensed volume used. Messages received after the licensed limit is exceeded are scanned in the demo mode (i.e., a message is forwarded to the recipient regardless of scan results).
Each type of license can be purchased for a specific limited time period (one, two or three years from the date of purchase) as part of the Business Optimal (by the number of users protected) or Corporate Suite package. The following services are available to registered users of the program during the license term: round-the-clock technical support on issues related to installation, configuration and operating the product; hourly antivirus database updates and updates of the content filtering database released every twenty minutes; new versions of the software product; information on the release of new Kaspersky Lab software products and notification of new viruses appearing globally (these services are provided to users who have subscribed to Kaspersky Lab news).
Sales Information
What is Kaspersky Anti-Virus for Windows Workstations?
Kaspersky Anti-Virus 5.0 for Windows Workstations protects workstations from viruses, malicious code and potentially dangerous programs by scanning all data entering the computer via information sharing tools, email and Internet traffic.
62
63
Confidential
Medium Business License Medium Business License Corporate License Corporate License
For customers in all other countries, the following options are available: Small Business Pack Small Business Pack Enterprise License Enterprise License Enterprise License Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Mail protection Multi-tier protection Mail protection Multi-tier protection Key component protection
Sales Points
Benefits for managers Kaspersky Anti-Virus for Windows Workstations relies upon advanced technologies that provide reliable protection from viruses and potentially harmful programs. The product integrates the Kaspersky Anti-Virus Engine, which is renowned for industry leading detection rates of malicious code. Ownership of Kaspersky Anti-Virus for Windows Workstations includes use of the product, subscription to regular updates of antivirus databases and program components, free upgrades to new product versions and round-the-clock technical support in several languages (by phone or email). Benefits for IT specialists Predefined settings Kaspersky Anti-Virus for Windows Workstations has three pre-defined settings that provide the most suitable protection for typical work scenarios, thus helping reduce time spent on setting up the system.
Kaspersky Administration Kit can be used to remotely install, configure and monitor Kaspersky Anti-Virus for Windows Workstations. The option of creating group tasks helps minimize time spent on implementing antivirus protection on the network.
Symantec AntiVirus Corporate Edition McAfee VirusScan Trend Micro OfficeScan Corporate Edition F-Secure Anti-Virus for Workstations Panda ClientShield Sophos Anti-Virus
This section provides a comparison of the functionality and pricing of Kaspersky Anti-Virus for Windows Workstations with alternative antivirus products.
65
Confidential
Symantec
McAfee
TrendMicro
Panda
F-Secure
Sophos
(Script
Checker)
ZIP, CAB and some other compressed files
PkLite, LZexe, MS Compressed, Ice, Cryptcom, Com2Exe, Diet, Teledisk and several other compressed files, ARC, ARJ, CAB, LHA/LZH, ZIP, RAR, TAR
ZIP, CAB, ARJ and other compressed files (up to 20 nesting levels)
ZIP, TAR, ARJ and several others)
ZIP, TAR, ARJ, LZH, RAR, CAB, BZ2. GZ, JAR, TGZ
ZIP, TAR, CAB, GZIP, RAR ARJ, PKLite, LZEXE, Diet and several other compressed files
Virus detection using heuristic analysis Multiple antivirus engines Detection of potentially harmful programs (e.g., adware, spyware, etc.) Detection of script viruses (VB Script, JavaScript, Java, ActiveX) Integrated firewall On-the-fly detection of script viruses (before they are downloaded or saved to disk) Scanning of archived compressed files and
66
and
ZIP, CAB
(MAPI based email, Lotus Notes)
ZIP, ARJ
(Microsoft Outlook)
(Microsoft
Outlook, Microsoft Outlook Express)
Detection of macro viruses (in Microsoft Office documents) Proactive protection for office applications (behavior blocker) Quarantine storage for infected and suspicious objects Backup storage for copies of infected files
67
Confidential
Scanning for viruses already in the system upon installation Option to exclude files and directories from scanning Option to exclude file types based on extension from scanning Option to specify file types by extension to be scanned Remote installation administration / administration tool Event logs, statistics Optimized for reduced energy consumption on laptops Option to define the periodicity for launching antivirus databases and an
(Kaspersky
Administration Kit)
(Anti-Virus
Management Server)
(McAfee
ePolicy Orchestrator)
(SAVAdmin)
Every 20 minutes
Every week
Every day
68
Confidential
Number of users 5-9 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-749 750-999 1000 or more
Panda 44.95
28 25.50 22.50 20 17 14.50 12.50 10.80 9.50 9.50 9.00 Prices of competing products 25.86 23.14 20.16 20.16 17.80 16.36 15.47 15.47
44.95 44.95 44.95 42.70 40.57 38.54 38.54 36.61 32.95 32.95 29.66
50 45 40 35 30 25 20 15 10 5 0 5-9 10-14 15-19 20-24 25-49 50-99 100149 TrendMicro 150249 250499 Panda 500749 750999 1000
Kaspersky
69
Functions
This section provides sales staff with a one-stop information resource to help them give complete and accurate information to potential clients. Product features are grouped together according to function. The left-hand column provides information for customers, while the right-hand column contains more detailed information.
Kaspersky Anti-Virus for Windows Workstations checks mail for viruses by: Intercepting all incoming and outgoing email sent via SMTP and POP3 protocols (on any mail client) Intercepting incoming and outgoing email in Microsoft Outlook (sent via any protocol) The program scans message bodies and attached objects (at any nesting level). The options for processing suspicious and infected objects are: Treatment (any objects that cannot be treated are deleted); Quarantine storage for suspicious objects; and, Removal. Copies are saved in the backup storage area.
Protection Attacks
from
Hacker
In cases where a user does not already have a firewall installed, these components can fulfill the core functions of a firewall. The application repels network attacks that can potentially shut down computer operability. In Stealth Mode, any vulnerable ports on a computer, which could be used as channels for such attacks, are made invisible.
Network attacks are repelled and using the Stealth Mode renders any vulnerable ports invisible to other users. When a computer lacks a firewall, this component can act as base-level protection for the workstation.
Quarantine for suspicious Infected objects (or copies of infected objects) are saved in encrypted form in the backup folder. System administrators can later and infected objects. delete objects from backup storage; retrieve data from them or reCopies of infected files can be stored in the backup folder and suspicious objects to the quarantine folder. These objects are inaccessible to users, but accessible to system administrators for the purpose of data retrieval. Both folders are
24
scan using a later version of the antivirus database. Suspicious objects can be transferred to the quarantine folder and, if necessary, sent to Kaspersky Lab for further investigation. Rescanning objects using a later version of the antivirus database can sometimes make it possible to treat objects or retrieve data from them. For this reason, each time it is updated, the program re-scans all objects in the quarantine folder.
70
Confidential
Storing suspicious or infected objects locally is a much better option than storing them centrally on the server. It both saves disk space on the server and makes it easier to retrieve objects from quarantine (this is especially important for laptop users who are not always connected to the central administration server). Analysis of VB Script and Java Script macro commands is carried out in real-time. Script viruses can be written in any of a number of script languages (such as VB Script, Java Script, BAT and PHP). They can either infect other script programs (Microsoft Windows or Linux command and server files) or form part of a combined virus attack. If such files can execute scripts, they can infect files in other formats (for example, HTML). Macro viruses can be located in Microsoft Office file formats and usually transmit code to files as they are being edited.
Optimized performance
Trusted applications / processes. Excluding file
activity of trusted applications from the scanning process significantly accelerates overall operation speed and allows for more flexible use of computer resources. System administrators can define lists of trusted processes and applications that are not a potential source of danger. In practice, this significantly increases the operating speed of applications that work at a very active level (for example, with the computers hard disk). Such applications include backup copy programs, databases and defragmentation programs on the hard disk.
System administrators can now choose the most convenient method for centrally installing Kaspersky Anti-Virus for Windows Workstations to individual machines. The distributive of the program is accessible in the MSI format, which is presently the standard format for Windows operating systems
Kaspersky Administration Kit accumulates statistical information on all installations, allowing system administrators to monitor the performance of applications and compile reports. Reports can give general information on the overall operation of
71
Confidential
events that will automatically trigger notification if they occur on any of the network nodes -- e.g., detection of a virus or incomplete updating of antivirus databases. Kaspersky Anti-Virus for Windows Workstations gives system administrators the option of defining which details of system performance will be shown in event reports.
applications, or more detailed information about individual work groups and networks. Reports produced using Kaspersky Administration Kit allow system administrators to evaluate their security system and take any measures that are necessary to correct its operation. Reports can also be used to summarize the results of the IT departments work over any given time period.
72
Confidential
Sales Information
What Is Kaspersky Anti-Virus for Linux File Server?
Kaspersky Anti-Virus for Linux File Servers is a two-tier antivirus solution for workstations and all types of file servers. Due to integration with the operating system the solution provides real-time monitoring of operations resulting in file modification. The program also scans the file system, removable media devices and individual files on demand or on schedule.
73
Licensing
Types of Licensing
Kaspersky Anti-Virus for Linux File Server is licensed by server -- that is, a separate license must be purchased for each protected server.
Licensing Periods
Kaspersky Anti-Virus for Linux File Server can be licensed for a period of 1 or 2 years (3-year licensing is also available outside the Russian Federation). Licenses can be purchased from Kaspersky Lab partners or through the Kaspersky Lab eStore (http://www.kaspersky.com/store). Registered users receive the following services during the license period: round-the-clock technical support on installation, configuration and operation of the product; regular updates to the antivirus and antispam databases; new versions of the product; information on new Kaspersky Lab product releases and notifications of new viruses appearing globally (this service is available to users who subscribe to the Kaspersky Lab news alerts).
License Renewal
Upon expiry of the license period, the license can be extended at a cost of 70% of the new subscription price.
74
Confidential
Quarantine
Backup storage
Remote administration
290.00 285.00 275.00 260.00 220.00 180.00 170.00 160.00 150.00 140.00 20.33 18.75 15.50 15.50 15.50 15.00 14.50
237.50 237.50 237.50 237.50 189.50 165.00 165.00 197.00 169.00 106.50
n/a n/a n/a n/a 25.00 20.90 20.90 20.90 18.90 16.70 5 7 10 15 20 25 182.30 221.50 276.70 360.50 439.50 513.60
As of October 2005.
75
Confidential
30 50
585.60 853.20
The prices are quoted based on published price lists. To discuss prices for ranges not included in the table, please consult the vendor or its representatives.
Functions
This section provides descriptions of the programs main features with additional facts and comments that will help to give more detailed and specific answers to questions from potential customers without having to consult product documentation or other sources of information. Features are grouped by function. The lefthand column contains information available to users from the product leaflet, while the right-hand column provides more detailed information.
Antivirus Protection
The program scans data in real-time. It intercepts all file access requests and scans the files being accessed in order to detect and remove all types of viruses, worms, Trojans and other malicious programs.
Real-time
protection.
Kaspersky Anti-Virus for Linux File Server performs antivirus scanning of objects. If an object is infected, it is processed in accordance with the programs settings. Copies of objects can be saved in backup storage before they are deleted. Objects are scanned and treated using antivirus databases containing descriptions (signatures) of viruses26 known at the time of scanning and the heuristic engine capable of detecting even newer, as yet unknown viruses, signatures for which are not yet available. The program supports over 450 executable file compression utilities, installers and archivers (a total of over 1,200 modifications as of February 2006). This makes it easy for the solution to detect viruses in archived files. Kaspersky Lab antivirus databases are updated hourly. Types of objects detected are determined by the choice between two possible levels of antivirus protection: standard antivirus protection. Protection against all known malicious programs. This is the default mode. Extended antivirus protection. In addition to programs detected in the standard mode, this mode also includes protection against such potentially hostile programs as software that displays advertisements (adware), programs that automatically establish dialup connections with pay sites (dialers), programs that automatically download files, keylogging programs, passwordbreaking software, remote administration utilities and other programs that can be used by cybercriminals for their purposes.
26
Information on the number of records in the antivirus databases is updated daily and published on Kaspersky Labs website at athttp://www.kaspersky.com/avupdates
76
Confidential
Quarantine. All infected, suspicious and damaged objects found in the servers file system can be placed in a quarantine folder, where they can be further processed (e.g., disinfected, deleted, etc.).
Backup storage. The application saves copies of messages in backup storage before their antivirus processing or deletion. This makes it possible to recover important information if treatment results in an error.
The application moves all infected and suspicious objects to a dedicated quarantine storage area, from which objects can be restored if necessary. Suspicious objects can be rescanned later, using updated antivirus databases, after which a new, more accurate verdict on whether these objects are infected or clean can be reached. Subsequent scans using updated databases can also disinfect such objects without destroying the data contained in them. Suspicious objects that contain modifications of known viruses or viruses that are as yet unknown can also be sent to Kaspersky Lab for analysis. Before an infected object is treated or deleted a copy of it can be saved in backup storage. In the event of antivirus processing errors, objects can be deleted from the backup storage area or restored in order to recover information contained in them. The size of the backup storage area can be limited by size (in megabytes) or by the time period during which objects are kept there.
Administration
The antivirus database can be updated on demand or automatically on schedule from Kaspersky Lab Internet servers or from specified local servers on the company network. Updates can include upgrades to some software modules and the antivirus engine. Centralized administration. The application can be configured and administered in two ways: using a text configuration file or via a web-based interface.
Database
updates.
After all files are copied from the specified source, the application automatically loads the databases received. If the local network has a sufficiently complex structure, we recommend downloading updates from Kaspersky Lab servers every 20 minutes to a common folder on the local server. Local computers connected to the network should be configured to copy the databases from this folder.
The text configuration file gives the administrator access to all application settings. All settings have easy-to-understand names and detailed descriptions are provided. This makes it easy to configure the application even for inexperienced administrators, while experienced administrators will be able to fine-tune the program for maximum performance. For those administrators who come from Windows platforms or for those who prefer the graphic interface, Kaspersky Anti-Virus for Linux File Server offers a web-based interface that can be used to configure the application and monitor the status of all its components.
77
Confidential
78
Product Positioning
The following advantages of Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino can be highlighted for customers:
Full and seamless integration with IBM Lotus Domino. The high quality of protection from viruses and other types of malicious programs, as confirmed in independent tests (see Appendix A). The product was expressly developed for Microsoft Windows operating systems 2000/2003, which means that administrators can install/remove the program by following the standard procedures in this operating system. The product is administered via the IBM Lotus Domino interface, which the administrator will be familiar with from working with the server solution.
Product functions
This section describes the main functions of the product, providing explanations and information to help sales staff give full and informed answers to questions from potential clients. Product features are grouped according to function.
Antivirus Protection
Antivirus scanning of IBM Lotus Domino objects A relatively wide range of IBM Lotus Domino objects are vulnerable to infection. To provide complete protection for users information, the application scans all IBM Lotus Domino objects for viruses: incoming, outgoing and internal mail messages; databases; objects exchanged between IBM Lotus Domino servers during replication; scripts specific to IBM Lotus Domino; OLE objects. Several elements of mail messages are analyzed: body of the message; all attachments in mail messages (including archives) independent of their level of nesting. All mail messages and data transferred between IBM Lotus Domino servers during replication are scanned in real time. On demand scanning for Lotus Notes/Domino databases is also available. The application offers a number of options for processing infected objects: treatment; removal; delivery to the end user without treatment.
The system administrator can set rules for processing infected objects when configuring the parameters for antivirus scanning. Before processing or deletion of infected IBM Lotus Domino objects, backup copies can be saved in the backup folder. The application scans and treats objects using antivirus databases that contain
79
Confidential
signatures for all known viruses (165,122 signatures as of February 9, 2006) and a heuristic analyzer that is capable of detecting new viruses. The program supports over 450 types of packing utilities, installers and archivers (over 1,200 modifications) for detecting viruses in archived files. Kaspersky Lab antivirus databases update hourly. Notifications Upon detection of certain types of objects (for example, infected objects) the application notifies: the server administrator (when objects with a specified status are detected both in mail messages and in databases); message sender; message recipient. The application can save data about specified types of objects in the statistic database. The system administrator can view and analyze this information. Notifications can be sent as a separate message or as part of the mail message itself (by selecting the In the message body option on the interface). The administrator can use the notification template to determine the notification procedure, format and content. When events specified in the notification template occur, the program automatically sends a notification to the administrator. The number of both incoming and outgoing messages can increase dramatically during virus epidemics (for example, if the virus starts sending copies of itself to all email addresses in the Microsoft Outlook address book). The application detects heightened virus activity on protected IBM Lotus Domino servers and sends notifications to administrators and end users. This is an extremely important aid to administrators during virus epidemics, since it helps them react promptly to emerging threats from virus attacks. The administrator can set a limit to the frequency at which mail messages are distributed (both incoming and outgoing mail). If messages begin to be distributed at a frequency above this limit, the program can block messages and send a notification to the administrator. Such notification messages contain the following information: the sender and recipient of the message (only the sender for incoming messages); frequency of messages transmitted; the limit on the frequency of messages; the time when the frequency of mail messages reached the limit. The system administrator can adjust the content and format of notifications. The system administrator can enable or disable the function for preventing epidemics and notifications about excessively frequent distribution of mail messages.
Quarantine storage
Infected objects can sometimes contain important information. Moreover, not all objects can be conclusively labeled as infected. Infected, suspicious and damaged objects can be isolated in the quarantine folder. This ensures that dangerous (or potentially dangerous) objects do not pose a risk to the rest of the system, and that the information in them is retained. The advantage is that the message itself or any important information contained in it can later be retrieved from quarantine. Messages in quarantine can also be rescanned for malicious code using later versions of the antivirus database. This means that if, at the time of being saved in quarantine, a message contained a virus, it could be detected by a later, updated version of the antivirus database. The system administrator can view the contents of the quarantine folder, delete objects form it or restore objects and forward them on to their intended recipients.
80
Confidential
Performance
Dependability
Integrity check for antivirus databases The integrity of antivirus databases is verified each time they are updated. If an antivirus database is found to be inoperable (if the database is damaged, for instance), the application can rollback the changes made to the databases in the last update (the application automatically begins using the old version of the databases) The application does not suspend antivirus scanning of IBM Lotus Domino objects, content filtering or epidemic prevention when automatically updating antivirus databases.
81
Confidential
Complete information Choice of sources for antivirus database updates Statistics and reporting
82
Confidential
The total cost of ownership for Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is one of the lowest on the market. The license covers not only subscription to regular antivirus database updates, but also technical support in several languages and free upgrades to new versions of the program.
Simple installation
83
Confidential
Stricter system requirements: Intel Pentium 4 Processor 1.3 GHz or higher; At least 256 MB available RAM; recommended 512 MB available RAM; At least 200 MB free disk space; At least 100 MB free disk space for temporary files; At least 55 MB disk space on each IBM Lotus Domino server partition. Less frequent updates to antivirus databases (only several times a week)
The product does not appear to have been recently upgraded. No support for Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition. No support for Lotus Notes/Domino 7.x During filtration, the file type is defined by its extension, which can very easily be falsified. Antivirus databases are only updated once a day.
Support for all contemporary platforms (including IBM Lotus Domino 7.x). Attachment type is defined according to its internal structure. This makes it pointless to fake or distort an extension.
Descriptions for filtering attachments are decided by extension, which could have been tampered with or falsified. Antivirus databases are updated only once a week. No support for Windows Server 2003 Standard Edition or Windows Server 2003 Enterprise Edition No support for Lotus Notes/Domino 7.x.
Attachment type is defined according to its internal structure. This makes it pointless to fake or distort an extension.
Support for all contemporary platforms (including IBM Lotus Domino 7.x).
Support
for
clusters
already
84
Confidential
cluster servers or IBM Lotus Domino 7.x Updates to antivirus databases are made several times a day according to information from the company.
Pricing policy
Prices vary significantly according to the geographical location where the product is purchased. However, it is possible to identify a unified tendency in the pricing policy for Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino. It is clear from the figures provided below that Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino has the lowest price compared to products from our main competitors. Comparison of the price of Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino with competitor products in Western Europe
Trend Micro Scan Symantec Mail Security Mail for Lotus Notes 5.0 for Domino 3.0 19.00 34. 90 36.43 >=50 18.00 31.68 34.40 >=100 17.00 31.68 34.40 >=150 16.00 28.56 32.26 >=250 15.00 26.41 (up to 750) 30.45 >=500 24.97 (up to 1000) 14.00 28.43 >=1000 Note: all prices are from February 2006 (for a years subscription) and are in euros.
Number of licenses
Licensing
Licensing Options
Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is licensed according to the number of users. A profile is created for each user, which includes a mailbox, and permission to store information on the storage server, etc. There is no limit to the number of storage servers that are protected.
85
Confidential
Enterprise License Kaspersky Anti-Virus Business Optimal Mail protection, Enterprise License Kaspersky Anti-Virus Business Business Optimal Multi-tier Protection Enterprise License Kaspersky Anti-Virus Business Business Optimal Key Component Protection Elite Enterprise License.
86
Confidential
Sales information
What is Kaspersky Antivirus for Microsoft Exchange Server 2000/2003
Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 (further Kaspersky Antivirus 5.5) ensures detection of viruses, malicious codes and riskware in outgoing, incoming, internal and kept on the server mail messages in personal and public folders.
Kaspersky Antivirus for Firewall (Microsoft ISA Server, CheckPoint Firewall) Kaspersky Security for PDA, and Kaspersky Administration Kit for centralized management of Kaspersky Security and other products of Kaspersky Lab.
Russia, CIS and Baltic States: SOHO SOHO Enterprise MailServer Enterprise Enterprise Enterprise Other price-lists: Small Business Pack Small Business Pack Enterprise License Enterprise License Enterprise License Protection Elite Enterprise License. Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Mail Protection Multi-tier Protection Mail Protection Multi-tier Protection Key Component License Pack Kaspersky Antivirus Business Optimal Multi Pack Network Protection Mail Protection Corporate Mail Protection Corporate network Protection Suite Corporate Suite Mail protection Anti-Virus BO for Windows Workstation / FileServer / MailServer Anti-Virus BO Suite Workstation / FileServer /
89
Confidential
Scalability / performance
Load Optimization
Panda ExchangeSecure Antivirus F-Secure Anti-Virus MS Exchange, version 6.4 Symantec and Sophos companies offer solutions that combine antiviral protection and content filtering.
27
90
Confidential
Sophos PureMessage for Windows/ Exchange, version 2.0 Symantec Mail Security for MS Exchange, version 4.6
91
Confidential
Kaspersky Remote management and configuration Additional administrative tool A possibility to run several anti-virus kernels at the same time Real-time protection from viruses Antiviral scan on-demand Ability to perform heuristic analysis Detection of script-viruses (VB Script, JavaScript, Java, ActiveX) Detection of macro-viruses Filtration according to the format of enclosed files Prevention of virus outbreaks Quarantine for suspicious and infected mails Support of Exchange server clusters + + + + + + + + + + + Possible in case of identical set up of the nodes + + + + +
McAfee +
TrendMicro + Control + + + + + + + + -
Panda +
F-Secure
TrendMicro Manager + + + + + + +
F-Secure Manager + + + + + + + +
Policy
Acquisition of statistics Display of information about system state Reports generation E-mailing of reports
+ + + +
+ + + +
+ + + -
+ + + -
92
about
As seen from the table, antivirus products for Microsoft Exchange protection offer practically the same functionality.
93
Confidential
Trend Micro
Sophos
Panda 45.68 45.68 45.68 45.68 43.39 41.23 37.11 37.11 33.39 28.39 28.39 24.13
F-Secure
23.75 23.75 23.75 19.49 15.46 13.48 13.48 11.89 10.93 10.93 10.34
On the following diagram dependence of product pricing from number of users is shown Prices for competitive products
90 80 70 60 50 40 30 20 10 0
5-9 10-14 15-19 20-24 25-49 50-99 100149 150249 250499 500749 750999
Kas pers ky
Sym antec
McAfee
TrendMicro
Sophos
Panda
28 29
All prices are in US dollars, not including taxes, for one-year license in EU For TrendMicro prices are recalculated from EURO to USD at the rate 1,215 94
Product features
In this section main features of the product are described and additional facts and explanations are given which will allow, when necessary, to give more detailed and competent answers for potential clients questions, without reviewing documentation and other sources of information about the products. Application features are combined into functional groups. The information available to users from the datasheet is given on the left column, in the right more detailed information.
Antivirus scan of object; If the whole message or a part of it is infected, it processes a detected object in accordance with specified settings; Before deletion a copy of the object can be put into the backup storage. While scanning and disinfecting, antivirus databases are used which contain signatures of the known at the scan moment viruses (more than 167 000 entries as of April 200630. The program supports more than 450 different packers, installers and archivers (more than 1200 modifications as of April 2006) which provides easy detection of viruses in archived files. Antivirus databases are updated every hour. When needed extra urgent updates are released. Messages and the content of public folders stored on the server can be rescanned using the last version of antivirus databases (if background scan of storages is on). The scan is performed in background mode and can be started automatically with the update of databases or according to schedule or manually. If background scan is disabled, messages stored on the server are scanned only on demand of the user. Thus, user always receives messages scanned with the latest databases version, not depending on the time of message delivery on the server. Objects which Kaspersky Antivirus 5.5 detects in mail traffic on protected server are categorized by selection of one of the two possible levels of antivirus protection: Standard antivirus protection. Protection from all known at the present time malicious programs. This mode is selected by default. Extended antivirus protection. Protection from riskware is added. Such programs can reveal themselves by the following: Personal and confidential data drain, e.g. access passwords or credit card information Appearance of advertisements in the browser in the form of popup windows, start up page changes, etc; Spontaneous changes of properties of the browser unknown to the user; Installation of computer programs unknown to the user; Internet connection without knowledge of the user;
Detection of riskware. In the extended mode of antivirus protection the application can detect and disinfect not only unambiguously malicious but also potentially dangerous software (riskware) advertising programs (adware), programs for information steal (spyware), programs for automatic dialing (dialers) and other utilities that can be used by fraudsters.
Deceleration of internet connection and general slow down of computer work due to latent functioning of spyware Automatic dial up of telephone numbers through modem, huge telephone bills, etc.
30
95
Confidential
Administrator sets threshold of virus activity maximum number of detection events during specified amount of time. If virus activity exceeds specified threshold, a notification will be sent (through mail or by means of Net Send in local network). The following events are tracked: Infected object detected. Suspicious object detected. Damaged object detected. Same virus is detected several times. In case of virus outbreak administrator can start antiviral scan, run antivirus databases update or change protection mode of application by raising the level of protection from standard to extended or redundant. Later on the object from backup storage can be deleted or restored in order to get the information contained in the object or to rescan it with updated version of antivirus database. Besides, suspicious objects, containing modification of the known virus or unknown virus, can be sent to Kaspersky Lab for investigation. In this case a consequent rescan of this object with updated database will allow to disinfect it and save the integrity of its data. In the backup storage objects are kept in the encrypted form which avoids the risk of infection (objects are inaccessible without decoding). The backup storage can be limited by size (in MB) or by time of storage. Location of object in the backup storage can be carried out with the help of several search parameters: object status (several values can be chosen); name of the object; message sender; message recipient; subject of message; time interval when message was sent.
Backup copying. Application makes backup copies of messages before antivirus processing or deletion, which allows recovering of important information if necessary.
Configurable filters make locating original copies of specific objects easier
Performance optimization
Selecting objects for scan.
To minimize the load on the server during scan you can limit number of scanned objects and time of one object processing. Limitations can be applied for traffic scan and for background scan of designated storage area. Object of a certain type can be excluded from scanning: archives, all containers exceeding specified nesting level, files according to mask (e.g., *.txt), files according to the types (e.g., graphical files). In that way, only potentially risky objects will be scanned
Configuration modes, Mode for automatic configuration of operation efficiency includes the depending on the server load. following parameters:
Application offers a choice between three modes for automatic configuration of operation efficiency depending on the mail flow. Manual configuration allows to specify the fixed number of scanning threads in which objects are scanned, the number of anti-virus kernels running at the same time, and to specify whether the application must scan objects in RAM without first saving these objects in the temporary folder. Small e-mail flow (approximately 1-2 messages per hour in one mailbox) intended for conditions with large number of mailboxes on the server, but relatively small mail streams in each of them Intensive e-mail flow (more than 10-15 messages per hour for one mailbox) suits the situation when the number of mailboxes is not large but mail stream going through server into each of them is intensive. Medium e-mail flow mode corresponds with situation of even mail streams distribution. By default application conducts object scan in three threads. Microsoft recommends that the value of this setting equals (2 x number of processors + 1). The number of instances of the anti-virus kernels running at the same time is set to 4 by default. Kaspersky AntiVirus can scan objects not exceeding specified size
96
Confidential
(by default up to 1MB) in RAM without first saving these objects in the temporary folder.
Administration
Centralized administration
Configuration and administration of the application are performed through one administration console built into Microsoft Management Console (MMC) handy and familiar to Administrator management tool. Using , administrator can centrally do the following: add/delete new Exchange-servers into the list of servers, available for administration from console connect to/disconnect administration from server available for
create notification templates to notify users about detected suspicious and infected objects and report templates generate reports according to the specified template configure search parameters for location of objects in backup storage create and configure criteria for detection of virus outbreaks retrieve original copy of the object from backup or send it for investigation to Kaspersky Lab.
The default browser is used for viewing reports of antivirus scan of the server. Application contains default report templates; administrator can create his own templates as well. By default reports for the last 30 days are generated on the 1st day of each month. Administrator can configure period, frequency, time of creation and means of notification (store the reports on the hard disk or send them by e-mail) while creating own templates of reports. Kaspersky Antivirus allows registering events in its own log in Windows event system. Logging level can be selected from the five preset levels of diagnostics. Kaspersky Antivirus allows to conduct full diagnostics of its operation and register detected events in Windows event log and its own logs. Details level of information in the logs depends on configuration of application.
Default configuration at the Preliminary configured parameters include the following: installation.
After installation application starts to operate with a set of parameters the main part of which is set by default and is optimal, recommended by specialists of Kaspersky Lab. This allows to start using the application without time consuming configurations.
Antivirus checks mail flow for the presence of all known at the scan time malicious programs (standard level of antivirus protection).
Antivirus protects all public folders, all Exchange-server storages and all users on the mail server. Scanning of all new incoming messages on Exchange-server is performed in the following way: After detection of infected object application stores its original copy (attachment or message body) in the backup storage, makes an attempt to cure the object, if disinfection is not possible application deletes the object and replaces it with a text file notification. After detection of suspicious object application stores its original copy (attachment or message body) in the backup storage. After detection of protected or damaged object application stores its original copy (attachment or message body) in the backup storage. Background scan of mailbox and public folder storages is
97 Confidential
disabled Mail streams routed through Exchange-server are not scanned. Antivirus databases update is done every hour through Internet from Kaspersky Lab HTTP and FTP update servers. Administrator is not notified about detection of infected or suspicious objects. Virus outbreak is defined as following condition: detection of infected objects 5 times during the day. Administrator is not notified. Report for the last 30 days about the status of antivirus protection system is generated on the first day of each month.
98
Confidential
Sales Information
What is Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition?
Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition is a software solution that provides antivirus protection for files sent to the local network via the Microsoft Internet Security and Acceleration Server. The program uses a number of filters for intercepting HTTP and FTP data, configuration tools and a management console.
99
License Periods
Licenses for Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition can be purchased for a period of 1 or 2 years from Kaspersky Lab partners. The following services are available to registered users during the license period: round-the-clock technical support by telephone and email on issues related to installing, configuring and using the product; regular antivirus database updates; free product updates; information on the release of new Kaspersky Lab products and notification of new viruses appearing globally (these services are provided to those who sign up for Kaspersky Lab news updates).
Enterprise Licenses Kaspersky Anti-Virus Business Optimal Protection KAV BO Suite Workstation / FileServer License
Enterprise Licenses Kaspersky Anti-Virus Business Optimal Multi-tier Protection KAV BO Suite. Workstation / FileServer /MailServer License Enterprise Licenses Kaspersky Anti-Virus Business Optimal Multi-tier Protection KAV BO Suite Workstation / FileServer / MailServer / Gateway License Enterprise Licenses Component Protection Enterprise Licenses Component Protection License Kaspersky Anti-Virus Business Optimal KAV BO Suite MailServer / Gateway License Key
Kaspersky Anti-Virus Business Optimal Key KAV BO Suite FileServer / MailServer / Gateway
100
Confidential
Solid value
Ease of installation
Convenient administration
Stability
101
Confidential
Product Prices Number of users 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-749 750-999 More than 1,000 Kaspersky 14,00 13,50 13,00 12,50 12,00 11,50 11,00 10,50 10,00 10,00 9,00 250 users - 2250 500 users - 4050 25 users - 350 50 users 625 100 users -1075 25 users 317.6 (usd 412.5) 50 users 596.75 (usd 775) 100 users 1001 (usd 1300) GFI BitDefender 10 users -138.6 ( usd 108)
Prices are stated in Euro exclusive of VAT (for April, 2006). BitDefender prices are converted form usd using exchange rate stated on www. oanda.com GFI prices do not include Software Maintenance, equal to 20% of the product price.
102
Confidential
Scanning of HTTP traffic Scanning of FTP traffic Scanning of FTP over HTTP traffic Creating and managing user groups Web filtering. Support for restricting Internet access of employees Some file types are excluded from filtering based on their extensions (GIF, JPG, etc.) Some file types are excluded from filtering based on file content (internal format) List of trusted sites: a list of websites the content of which does not require antivirus scanning. This feature helps increase the solutions performance Several antivirus engines can run in parallel Remote management using proprietary tools Using MMC
103
Logs are recorded in the event log Logs are recorded in individual files Statistics Windows counters displaying statistics Displays user warnings Via the browser Warnings displayed via SNMP are used for
104
Confidential
Antivirus protection
Antivirus scanning.
Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition scans all data transferred via the Microsoft ISA Server 2004 and removes all types of viruses. Objects scanned by the solution include archived and compressed files in over 1,200 formats. Data in ZIP, CAB, RAR and ARJ archives can be disinfected. A unique heuristic analyzer detects unknown viruses as well. Antivirus databases containing descriptions of known viruses (about 167,000 as of February 200631) and a heuristic analyzer capable of detecting even the newest viruses are used for scanning and disinfecting objects. The program supports over 450 different executable file compression utilities, installers and archivers (a total of over 1,200 modifications as of February 2006), enabling it to detect viruses and malware in archived file formats. Kaspersky Labs antivirus databases are updated hourly. Emergency updates are released as necessary during epidemics and outbreaks.
Protection against The types of objects that Kaspersky Anti-Virus for Microsoft ISA potentially hostile software. Server 2004 Standard Edition can detect in the data stream are
In the extended antivirus protection mode the solution can detect and remove not only malicious programs, but also potentially hostile programs (riskware), advertising programs (adware), programs designed to collect information (spyware), programs that automatically establish dialup connections with pay sites (dialers) and other utilities that cybercriminals may use.
determined by the choice of one of the three possible levels of antivirus protection: - Standard databases (viruses only). Antivirus databases containing detailed descriptions of all existing viruses and methods of their detection and treatment. These are the antivirus databases used by default. - Extended databases (viruses + riskware). Antivirus databases that contain information about viruses and riskware programs. Such programs contain vulnerabilities that can be used for hacker attacks, access by unauthorized programs, etc. SuperSecure databases (viruses + riskware, spyware, adware). These are the most complete antivirus databases. In addition to the information described above, they also contain descriptions of programs used to collect information on remote computers (spyware) and programs for displaying advertising (adware).
The administrator can exclude certain file formats from the list of objects to be scanned, for example, graphic files, which are not likely to contain viruses.
Trusted server parameters can be set in one of four ways: the server domain name; the server IP address; the subnet; an IP address range.
administrator can create groups of Microsoft ISA Server users and apply individual data processing rules to each group, defining specific restriction levels based on the companys security policy and employee needs.
policies can be applied. Each client can be a member of one or more groups. A client can be defined using an IP address or a group of IP addresses. Clients defined by specific IP addresses can be computers with network services installed and permanent IP addresses e.g., mail servers. For network clients which do not have a permanent IP address, one client defined by a subnet address and mask can be created. A policy can be defined for each group of clients. A group cannot have more than one policy.
Performance Optimization
Launching several copies of By default, when the application starts, four copies of the antivirus the antivirus engine. engine are launched and work in parallel. From 1 to 32 copies of the
Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition is capable of scanning large volumes of data without reducing the ISA Servers performance. antivirus engine can be configured to run at the same time, although we recommend that four copies of the engine run for each physical processor.
Setting transmission The default settings are optimal for most configurations. However, parameters for the data being the administrator can configure the product based on the companys scanned. The administrator can specific requirements. The administrator can set the following
set the maximum time during which a data packet can be scanned before it is delivered to the user, the maximum interval in seconds between data transmissions and the amount of data accumulated by the solution for analysis and scanning and not sent to the user before such analysis and scanning is completed. parameters: the number of queued objects cached in memory; buffer size for cached objects (KB); the number of antivirus engines running simultaneously; and, the number of antivirus engine copies reserved for scanning the so-called fast objects. ("Fast" objects are those objects in the HTTP traffic which meet the following criteria: text files smaller than 2 MB; graphic files smaller than 2 MB; and; other objects (excluding executable files) smaller than 256 KB.) The size of the queue of objects to be scanned. This field defines the maximum number of objects that can be simultaneously located in the queue for antivirus scanning. Queue sizes from one to 16,383 objects can be set. Maximum scan time in seconds. This field defines the maximum time allowed for scanning an object. If an object can not be scanned during that time, it will be categorized as uninfected and sent to the client requesting it. The administrator can restore the default parameters at any time.
Administration
Remote management.
The administrator can configure antivirus scanning parameters using Microsoft Management Console. The administrator can create user groups, define security policies for the groups created, configure and view reports, install license keys, update antivirus databases, etc. Security policies may include restrictions on downloading files of certain type, size, etc.
Notification and reporting For Kaspersky Anti-Virus there are also a number of events that system. ISA Server Alerts, a require the immediate response of the system administrator, such as
system tool built into the ISA Server, provides various methods of notifying the administrator of critical events that occur in the The License Is Expiring. The list of such events is added to the existing ISA Server Alerts list immediately after the application is installed on the server. The administrator can configure the method
106
Confidential
operation of Kaspersky Anti-Virus installed on the ISA Server. All important messages concerning the operation of Kaspersky AntiVirus are also recorded in the Windows log system. Furthermore, Kaspersky AntiVirus for Microsoft ISA Server 2004 Standard Edition allows for the complete diagnosis of its performance on any of the Microsoft ISA Servers on which it is installed and records results in the relevant logs.
of notification for each event, including recording the event in the system log, email notification, etc. During installation of Kaspersky Anti-Virus a separate log is created in the Windows log system. Kaspersky Anti-Virus diagnostic logs include data on the applications operation for a specific date with the given level of detail, as well as information on any malicious objects detected. The administrator can configure the level of detail for the information recorded in these logs. All messages created by Kaspersky Anti-Virus are categorized based on the events that initiate them. The level of detail can be configured, from recording no information or principal events only to recording all information, including debugging. The administrator can restore default parameter values at any moment.
107
Confidential