Kaspersky Lab

Facts

Kaspersky Lab vs. McAfee

Kaspersky Lab: Principal facts

    

Kaspersky Lab is a private company founded in 1991.  Eugene Kaspersky, one of its founders, has combated viruses since 1989. The group of antivirus software developers headed by him has existed for 18 years.  

The company currently focuses on the development of solutions that provide protection from malicious software, spam and hacker attacks.  

The company has more than 700 employees in offices across the globe. 

Local offices exist in 11 countries, including China, France, Germany, Japan, Korea, the UK and the US. 

Extensive partner network: more than 500 companies in over 60 countries. 

McAfee: Principal facts

McAfee was founded in 1989 by John McAfee.  The company’s headquarters is in Santa Clara, CA, USA.  In 1997, McAfee merged with Network General (a developer of network monitoring and management tools) to form Network Associates.

In 2004, the company launched a restructuring program. It sold off Magic Solutions and Sniffer, reverted back to McAfee and re-focused on security technologies. 

McAfee purchased rather than developed most of its security technologies.  Specifically, it became a player in the antivirus market after acquiring  S&S International (which developed antivirus products under the Dr. Solomon brand).  

In 2006, top managers of McAfee were implicated in a fraud scandal. The company’s president, Kevin Weiss, was fired and its CEO and Chairman George Samenuk retired.  In early 2007, the former McAfee general counsel Kent Roberts was indicted by a federal grand jury on charges of fraudulent stock-option grant deals.

Independent Assessment of the Companies’ Market Position

In 2006, Kaspersky Lab received the Frost & Sullivan Growth Strategy Leadership Award for the highest growth rate on the antivirus market

Antivirus vendor revenue growth in 2004-2005 (estimate by IDC & Gartner)

9%

17%

9%15%

63%

20%20%

41%

27%

13% 14%12%

24%

43%

13%

95%

11%18%

0%

20%

40%

60%

80%

100%

Kaspersky F-Secure Panda McAfee Sophos S ym antec Norm an Trend Mic ro Total

ID C Gartner

The Kaspersky VirusLab is located in a single research center in Moscow. This makes it possible to train new analysts and share expert knowledge with minimal delays.

The system for collecting malicious program samples is geographically distributed, with honeypots placed in numerous locations, enabling analysts to receive samples almost as soon as after they appear “in the wild”.

Kaspersky Lab uses unique tools to automate the collection and processing of malicious program samples. It takes just a few minutes to analyze malware samples and add their signatures to antivirus databases.

Updates are tested automatically. Performing multiple operations in parallel accelerates the update testing process, which takes less than an hour.

A broad range of proactive technologies developed by the company enable Kaspersky Lab products to detect most threats even BEFORE their signatures are released.

Technologies: Kaspersky Lab’s VirusLab

Technologies: Kaspersky Lab’s SpamLab

A team of professional linguists

Spam is analyzed 24 / 7 / 365

a network of spam traps across the world (“exposed” mailboxes on public mail servers)

mass mailing detection system

volume of information analyzed: 100,000–150,000 spam messages every day

Algorithms for linguistic analysis are continually improved and updated

It takes just a few minutes to add a spam signature to the database

Clients receive updates in real time (using the UDS technology)

Technologies: McAfee Avert Labs

McAfee Avert Labs is a research lab with 20 offices in 14 countries and more than 100 analysts

The lab works 24 / 7 / 365

The lab’s work covers all aspects of corporate IT security, both internal and external (including phishing attacks and mobile threats):

• analysis of malicious code

• antivirus research

• prevention of various types of attacks

• searching for and the analysis of vulnerabilities

Technologies: McAfee Avert Labs

According to the company, McAfee Avert Labs updates for its antivirus products occur at a frequency of 1 update per week or (in emergency situations) 1 update per day

The average new virus response time (the time it takes to develop a virus signature and include it in a product update) is 3-4 hours; development of a disinfection module (for file recovery after an infection) takes 24 hours on average. 

A sad fact from history:

“An error in McAfee's virus definition file released Friday morning caused the company's consumer and enterprise antivirus products to flag Microsoft's Excel, as well as other applications on users' PCs, as a virus called W95/CTX…”

Source: CNET News.com, March 10, 2006

And here is what results of independent analyses show…

Technologies: Malicious program detection

Overall detection of malicious programs

98,96%

97,89%

94,88%

91,63%

50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100%

AV-Comparatives.org

AV-Test.org

Kaspersky McAfee

Technologies: Malicious program detection

Detection of malicious software in archives and compressed files(Source: AV-Test.org)   

96%

100%

74%

83%

50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100%

in compressed files

in archives

McAfee Kaspersky

Technologies: Response time

New threat response times(Source: AV-test.org)

0-2 hours

8-10 hours

0 2 4 6 8 10

Kaspersky

McAfee

risk zone (period before updates are released)

period during which updates are released

Technologies: Update frequency

Number of malicious program database updates per month(Source: AV-Test.org )

23

615

0 100 200 300 400 500 600 700

McAfee

Kaspersky

Technologies: Effectiveness of the personal firewall

Personal firewall scores in "leak tests"

7950

2325

0 1500 3000 4500 6000 7500 9000

Kaspersky

McAfee

Source: matousec.com

These companies have integrated Kaspersky Lab antivirus technologies into their solutions

Products: Integrated protection for PCs

Features Kaspersky Internet Security McAfee Internet Security Suite

Treatment of an active infection*  –

Self-defense (protection from attempts by malicious programs to disable the antivirus solution)**

–

Proactive protection (heuristic / behavior blocker / rollback of malicious changes) / / / / –

File antivirus

Mail antivirus (POP3 / SMPT / IMAP4) / / / / –

Web antivirus (scanning of HTTP traffic) –

Treatment of files in archives ZIP, ARJ, CAB, RAR, LHA ZIP

Detection of rootkits

Protection from spyware

Protection from network attacks (firewall / IDS) / /

Protection from phishing / spam / unwanted advertising / / / /

Protection of confidential data

Parental control

Support for creating an emergency recovery disk to recover the computer from infections –

*Anti-Malware.ru**PC Professionell

Products: Scanning speed and impact on system performance

Unlike  on-demand  scanning,  the  antivirus  monitor  remains  resident  in  RAM.    Therefore,  it  is  especially  important  for  users  how much the antivirus monitor when scanning files increases the time required to open and close these files

On-access overhead on executable and system files (in seconds)

12,59

16,39

42,67

96,66

135,36

180,47

71,75

74,63

116,44

0 40 80 120 160 200

Avas t!

Kas pers ky

N OD32

Micros oft

Sym antec/N orton

C A

McAfee

AVG

Sophos

Source: V irus Bulle tin

Products: Scanning speed and impact on system performance

On-access overhead on archive files (in seconds)

0.66

1.31

2.81

3.27

4.47

8.50

9.86

9.08

5.80

0 2 4 6 8 10 12

Kaspersky

Avast!

AVG

NOD32

Symantec/Norton

CA

Sophos

Microsoft

McAfee

Source: Virus Bulletin

Products: Scanning speed and impact on system performance

On-access overhead on media files and documents (in seconds)

5.23

12.80

21.52

22.87

32.88

34.38

34.41

45.42

17.55

0 10 20 30 40 50

Kaspersky

Symantec/Norton

Avast!

McAfee

NOD32

AVG

Sophos

CA

Microsoft

Source: Virus Bulletin

Products: Scanning speed and impact on system performance

Experts from CNET Labs analyzed the impact of running an on-demand scan on the time it takes users to perform standard operations (such as converting music and video files).  Kaspersky Lab products have a minimum impact on system performance.  

Effect of the antivirus solution on system performance (time in seconds required to perform standard operations while on-demand

scanning is running)

174

162

234

194

196

296

206

208

0 50 100 150 200 250 300

AVG

BitDefender

Symantec/Norton

CA

McAfee

NOD32

Kaspersky

No antivirus

Source: CNET Labs

Products: Integrated protection of all nodes on the corporate network

Products Kaspersky Lab McAfee

Protection of workstations

Microsoft  Windows Workstation + +

Linux Workstation + +

Apple Macintosh Workstation* – +

Protection of file servers

Microsoft Windows + +

Linux + +

FreeBSD/OpenBSD + –

Novell Netware + +

Sun Solaris*  – +

Microsoft SharePoint* – +

* The demand for these solutions is limited

The myth that McAfee’s product line is much more extensive than the Kaspersky Lab product line remains nothing but a myth

Products: Integrated protection of all nodes on the corporate network

Products Kaspersky Lab McAfee

Protection of smartphones and PDAs

Symbian OS + +

Windows Mobile + +

Palm OS + +

Protection of mail systems

Standalone solution for mail protection that does not require integration with the mail systems installed on the corporate network

+ +

Microsoft Exchange + +

Lotus Domino + +

Sendmail + –

Qmail + –

Postfix + –

Exim + –

Clearswift MIMEsweeper + +

Products: Integrated protection of all nodes on the corporate network

Products Kaspersky Lab McAfee

Protection for Internet gateways

Standalone solution for the protection of the Internet traffic requiring no integration with the gateway and proxy servers installed on the corporate network

+* – Appliance only

Protection solution integrated with the proxy server via the ICAP protocol + –

Appliance only

Microsoft ISA Server + +

CheckPoint FireWall-1 (CVP) + –

Appliances

Kaspersky Lab solutions are integrated into appliances from Blue Coat Systems, 

Borderware, Juniper Networks, SonicWall,  ZyXEL etc.

McAfee offers its own appliance solutions

Administration system (management of protection)

+ +

*A combination of Kaspersky Anti-Virus for Proxy Server and the free Squid Proxy Server with support for the ICAP protocol provides a customer with a standalone solution for the protection of HTTP and FTP traffic at the gateway level.

Products: Effective integrated protection in a single product for workstations

Kaspersky Anti-Virus

for Windows Workstations

McAfee VirusScan Enterprise

1. File antivirus  2. Mail antivirus  3. Protection from spyware and adware4. Protection from network attacks (IDS)  5. Firewall 6. Cisco NAC support

7. Installation on an infected computer and treatment of an active infection*

8. Self-defense (protection from attempts by malicious programs to disable the antivirus solution)**

9. Proactive protection (behavior blocker) with system recovery

10. Web antivirus (on-the-fly scanning of Internet traffic)

11. Protection from spam, phishing and unwanted advertising

?*Anti-Malware.ru, February  2007**PC Professionell, August  2006

Products: A fully functional security management tool

FeaturesKaspersky

Administration Kit McAfee ePolicy

Orchestrator 3.6.0Scanning of the network for new and unprotected computers (via IP subnetwork / Active Directory / Windows Network)

+ / + / + – / + / +

Automatic installation of antivirus applications on new  computers on the network + –

Support for an unlimited number of levels in the administrative server hierarchy + –

Auditing of administrator actions + –

Multicasts as a method of update distribution + –

Support for intermediate update distribution centers + –

Additional policy for mobile users + –

Companies that have acknowledged the advantages of Kaspersky Lab products

I.NET S.p.a., Italy T-Mobile, Czech Republic  Rectorat Amiens, France University of Western Australia Bancaja Group, Spain Tatneft’, Russia VimpelCom, Russia Central Bank of Russia and others

Deutscher Bundestag, Germany International Atomic Energy 

Agency (IAEA) Retarus, Germany Government Development 

Bank, Malaysia Ministry of Equipment, France Conseil Général 92, France M&G Finanziaria Industriale, 

Italy Ministry of Labor and Social 

Affairs, Czech Republic

You can find the list of McAfee customers on the company’s website.  We are confident that the comparison will be to our advantage.

Why do you need these facts?

To make the right choice!