Monthly Archives: July 2011

Test Drive – Major Brands’ Security Suites

Computer Security

As mentioned in my most recent article, I recently put together a computer with the exclusive purpose of being a test machine, a guinea pig to evaluate software and so forth. Well, I’m glad to report that I’ve been busy testing away. In fact I tested all the major brands’ top security suites, the test consisting of installing it in my test machine, visiting known malicious websites that have malware in it and will try to infect the computer that visits them, and observing detection and handling effectiveness of the security program in such environment. Here’s a summary of my test results, in no particular order:

Panda Global Protection 2012:

What a disappointment. It was doing so well in the beginning when visiting malicious websites… and then it let one through. And then tried to contain the infection… and failed.

Simple operations like decompressing some files became 5 times slower than with other protection suites.

Norton Internet Security 2011:

It was doing so well… on downloading any files it automatically scans them and labels them as safe or a risk and handles accordingly. But while doing my standard test, at about the 5th round, it let a malicious one right through… some ransomware, no less. It was game over. So 1 out of 10 or so is not too bad. I wouldn’t say crap, but can’t give a thumbs up either. Best to stay away probably.

AVG Internet Security 2011:

What a disappointment. Or not really. I didn’t have a good impression of AVG despite its popularity, based on the amount of computers I’ve had to disinfect that were being “protected” by it. Like Norton, it used to be good years ago but not anymore. At the first TWO attempts to visit malicious websites, it succumbed. Crap, like I thought. Stay away from it, or walk away if you have it.

BitDefender Total Security 2011:

Fail. At the first attempt to download a malicious file and run it, it allowed it. Then the firewall, which I had set to explicitly alert of any outbound connection attempts (such as the ones that infected programs will attempt to establish in order to “phone home”) alerted me that the program in question was trying to access the internet, but the scan engine had adjudicated that it was not malicious and therefore legit! This is what happens when you depend on a signature-based scan engine. Anyways, fail.

ESET Smart Security 4:

Another failure. Detected some, missed others, had to be bailed out with a good on-demand scanner that found what ESET had missed. Firewall also feels a little quirky if put in interactive mode.

Zone Alarm Internet Security Suite:

Well, we seem to be having a bad day in cyber-security world, aren’t we? I had a lot of hope in Zone Alarm, but nooooo. To its credit, it started pretty well. The first attempt to infect the computer was not caught when downloading a malicious file, or even trying to open it (although it did prevent a malicious change to the system by alerting and giving the option to allow or deny it) but an on-demand scan of the downloaded malicious file was met with a labeling of malicious. However a couple of samples later, it simply failed to detect or stop  a trojan infection aptly named “Zeus”. An on-demand scan yielded no results. Some people swear by Zone Alarm. I can’t say I recommend it.

VIPRE Antivirus Premium:

A small  letdown. Not because VIPRE didn’t perform well compared to others – in fact it was the best among the ones tested in this article – but because I had the highest hopes for it. It is in fact my current choice of antivirus for my own computer. But alas… when testing it, on the very first malicious link, let’s be honest, it did detect that the website itself was malicious, thanks to its web filter module. But when I disabled it to see what the scan engine and real-time protection modules could do, they both failed. A malicious file was downloaded to my computer, and neither downloading it nor opening it was met with any protest from the real-time protection module. Then did an on-demand scan of the file and again, nothing malicious found. But truth be told, that malicious file would not have been accessed if the web filter was on. So I continued testing. Second round, same exact thing. Oh well, at least without crippling any active modules, VIPRE did come out on top.  More than what can be said of the rest test programs in this article.

Trend Micro Titanium 2011:

It was a joke 4 years ago when I first used it, and it still is. First attempt at a malicious website, Trend Micro got caught flat-footed. Didn’t do anything. The Windows 7 firewall blocked an outgoing connection attempt and Trend Micro’s suite didn’t even know what was going on. Fail.

McAfee Total Protection 2011:

McAfee’s detection rate and general effectiveness has been such a joke in recent years, I wasn’t even going to test the 2011 Total Protection suite. But then I thought, let’s be impartial and have no preconceived ideas, may be they finally got it right… I was wrong. Or right, depending how you look at it. Let’s just say when I first installed it and attempted to visit the first few malicious links, McAfee actually detected, neutralized and destroyed them. But by the 4th and 5th, it was same ol’ McAfee, oblivious to the infections affecting the computer. So scratch that one as well.

 

Conclusion:

in these recent tests, only Kaspersky Internet Security 2012 and VIPRE Antivirus Premium survived unscathed. Kudos to the respective software makers.

Something better than just all the Security Suites tested is what it would take to be reasonably safe in today’s computer world.  As I said in my pivotal article of 2 years ago, most of these security suites would have withstood the test attack if used in conjunction with AppGuard by Blue Ridge Networks in the 4-prong model described in the article. The fact that the model is still valid 2 years later, in such a dynamic subject like computer security, speaks for itself.

Not for Beginners – Error When Creating System Image in Windows 7

Not for beginners, Technical Tips

This article is above the usual level I write for in this blog, but I feel it needs to be written and at the moment can’t find a particular forum to write it in, so here it is.

Windows 7 has, under Backup and Restore in the control panel, the built-in ability to create an image of your hard disk. That means it takes a snapshot of your operating system, all the files you have, etc. in a compressed file that can be used at a later point to restore the computer to the state it was in when the image was created. This is not dissimilar to the contents of the “recovery partition” many computers come with these days. It goes one step further than System Restore in that it is a complete image of the computer’s hard disk, or one of its partitions.

I have, in my test machine, a 1.5 Tb hard disk. Because it’s a test machine, I wanted to use the image creation ability of Windows 7 so I didn’t have to re-install the operating system from scratch every time I wanted to take the computer back to its original configuration, or an earlier configuration in general, after testing some new software (especially malware protection software). So I created the main partition where the operating system is, and then 5 additional partitions, one physical and 4 logical, to accommodate up to 5 images of the main partition. So 7 partitions total: the main partition, 5 additional ones, and the small, system-reserved, 100 Mb partition Windows 7 creates when installing.

Everything was going according to plan. I created the first image right after installing the OS and the MoBo drivers, second one after installing all Windows updates and Windows XP mode, etc. A total of 5 different images at different stages of the system. But after restoring several times, when I tried to re-create the most recent image after making a small modification, I got an error stating that the image could not be created because there wasn’t enough space, as you can see here:

 

 

 

Careful readers will notice the syntax mistake (“Make sure that, for all volumes to be backup up…”). But anyways, the important datum is, I did have more than enough space in the destination partition, so what’s up? I googled and found the answer: somehow the system reserved partition, the 100 Mb one, had decreased in available space, and now it only had about 30 Mb free. Per the message above, partitions with less than 500 Mb need to have at least 50 Mb of free space. So now I know what the error’s cause is. But how do I resolve it without deleting that partition?

I could try assigning the partition a letter and then accessing it, try to change permissions so I could delete files, etc. But which files to delete? Generally speaking deleting files from a system reserved partition is not a good idea.

The answer is simple, in my case anyways. I had the earlier images and I had the original Windows 7 DVD, and that’s all I needed. I booted from the DVD, deleted the reserved small partition, reinstalled Windows 7 from scratch (at which point it created a new system reserved partition) and then once install was complete, I restored the latest image available for the main partition. Then made the small tweaks I wanted to save and created a new image. Worked like a charm. The newly created small reserved partition was now more than 50 Mb free so no more error message when creating the system image.

HTH.

Update:

Found this when searching again for the error code:

“A Workaround Without Repartitioning:

When trying to make a system image of Windows 7, I got error 0x80780119.  After searching this thread (plus others), I found my 100 MB System Reserved partition had grown a large USN journal.  I assigned it drive letter F:\.

Fsutil usn queryjournal F:

Then I ran this command to clear and disable the USN journal on my System Reserved partition:

fsutil usn deletejournal /N /D F:

This freed 48 MB.  The USN journal on my System Reserved partition remained disabled after a reboot, which I verified by re-running the query.  Subsequently, I was able to make a system image without error.”

Link for above workaround: http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/fce6950d-c06d-4dd0-a850-67022db4fe04/

While the above might have worked for some, if the space used by the USN journal is not enough to give the partition at least 50 Mb of free space, the workaround won’t work.

It’s probably better to create a new primary partition and make it the system volume, as covered in the above thread, that is:

1.       Choose where you want to have your system volume. Few things you need to keep in mind:

a.        System volume can only be created on a primary partition of MBR disk.
b.       If system volume & boot volume are together, then BitLocker feature cannot be used to encrypt volumes on your machine.

2.       Suggest creating a new volume (say F:) on the same disk that contains the boot partition of size of about 490 MB (be careful to keep it less than 500 MB).

3.       Assuming Windows 7 is installed on C: on your machine. From an elevated command-prompt run: bcdboot.exe C:\Windows /s F:

4.       From elevated command-prompt run: DISKPART

5.       From the disk part command-prompt:
DISKPART> select volume F
DISKPART> active

6. Restart

 Notice that the original posting in the forum thread has the command in step 3 as “bcdboot.exe /s C:\Windows /s F:”. That’s incorrect, the first “/s” switch should not be there.

Note: If you follow the above steps you will loose the ability to boot into the recovery environment from your hard disk, i.e. the “Repair your computer” option, normally on top when trying to boot into safe mode, will not be there anymore. Since one can either 1) use the original Windows 7 DVD or 2) Use a recovery disk created at the time the system image was created to get into the this recovery environment, this is not a big deal. But you should aware of it, so that you can at least create a recovery disk if you don’t have it and don’t have an original Windows 7 DVD. However, when I followed these steps, I was able to have the bigger system volume AND the Repair Your computer option at F8:

1. Export the BCD store. From an elevated command prompt do bcdedit /export [filename] 

2. Do the steps 1-6 above. Notice there is no repair option at F8.

3. Import the BCD store, from an elevated command prompt with bcdedit /import [filename]

4. Restart.

5. Conditional: When restarting if you notice an error that won’t allow you to boot, that looks like this:

If and only if you see an error like that, insert the Windows 7 DVD and get to the Repair my computer section. Choosing that will automatically detect, make repairs and restart (This error message may specifically occur if afterwards you delete the original 100 Mb partition, even though it’s not the active partition anymore. You don’t need to delete it. And you can always revert to using it as the active partition).

6. You will notice you have the new bigger system volume as the active one AND F8 at booting includes the Repair my computer option.

This is what the BCD store looked like originally:

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7378d097-b723-11e0-a59f-c12e7e982394}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7378d099-b723-11e0-a59f-c12e7e982394}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7378d097-b723-11e0-a59f-c12e7e982394}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {7378d099-b723-11e0-a59f-c12e7e982394}
device                  ramdisk=[C:]\Recovery\7378d099-b723-11e0-a59f-c12e7e982394\Winre.wim,{7378d09a-b723-11e0-a59f-c12e7e982394}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7378d099-b723-11e0-a59f-c12e7e982394\Winre.wim,{7378d09a-b723-11e0-a59f-c12e7e982394}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7378d097-b723-11e0-a59f-c12e7e982394}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7378d09a-b723-11e0-a59f-c12e7e982394}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7378d099-b723-11e0-a59f-c12e7e982394\boot.sdi

This is what it looked like after changing the active partition to the bigger system volume and restarting:

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=D:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
resumeobject            {d8d48f96-b71d-11e0-b6d6-a887e08237b0}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \windows
resumeobject            {d8d48f96-b71d-11e0-b6d6-a887e08237b0}
nx                      OptIn
detecthal               Yes

Resume from Hibernate
---------------------
identifier              {d8d48f96-b71d-11e0-b6d6-a887e08237b0}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=D:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-us
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}


This is what it looked like after importing the original BCD store and restarting:


Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=F:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7378d097-b723-11e0-a59f-c12e7e982394}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7378d099-b723-11e0-a59f-c12e7e982394}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7378d097-b723-11e0-a59f-c12e7e982394}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {7378d099-b723-11e0-a59f-c12e7e982394}
device                  ramdisk=[C:]\Recovery\7378d099-b723-11e0-a59f-c12e7e982394\Winre.wim,{7378d09a-b723-11e0-a59f-c12e7e982394}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7378d099-b723-11e0-a59f-c12e7e982394\Winre.wim,{7378d09a-b723-11e0-a59f-c12e7e982394}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7378d097-b723-11e0-a59f-c12e7e982394}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=F:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7378d09a-b723-11e0-a59f-c12e7e982394}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7378d099-b723-11e0-a59f-c12e7e982394\boot.sdi


Finally this is what it looked like when I deleted the original partition, restarted, repaired it with the Win 7 DVD and restarted again:


 Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=D:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
default                 {current}
displayorder            {current}
timeout                 30

Windows Boot Loader
-------------------
identifier              {7378d098-b723-11e0-a59f-c12e7e982394}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7378d099-b723-11e0-a59f-c12e7e982394}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7378d097-b723-11e0-a59f-c12e7e982394}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {7378d099-b723-11e0-a59f-c12e7e982394}
device                  ramdisk=[C:]\Recovery\7378d099-b723-11e0-a59f-c12e7e982394\Winre.wim,{7378d09a-b723-11e0-a59f-c12e7e982394}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7378d099-b723-11e0-a59f-c12e7e982394\Winre.wim,{7378d09a-b723-11e0-a59f-c12e7e982394}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (recovered)
locale                  en-US
recoverysequence        {7378d099-b723-11e0-a59f-c12e7e982394}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4d416039-b722-11e0-8d65-806e6f6e6963}

Resume from Hibernate
---------------------
identifier              {4d416039-b722-11e0-8d65-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional (recovered)
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {7378d097-b723-11e0-a59f-c12e7e982394}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=D:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7378d09a-b723-11e0-a59f-c12e7e982394}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7378d099-b723-11e0-a59f-c12e7e982394\boot.sdi


Edit: 10/12/2013: OR, you can simply install something like Mini Tool Partition Wizard, and extend the System reserved partition. I did that today, took me 2 minutes. Expanded a 500 MB to 1 GB, I don’t care about space in that computer that much, and it allowed me to save an image.

	

	
	


							


	

		
				

			Testing Security Software
		

		
		

			Computer Security, Technical Tips					

	


		

		
I’ve never been a computer builder particularly. Mind you, I like to specify what my computers have as far as configuration, but I like them built and ready to use when I get them. I don’t build computers for others either. But all that doesn’t mean I cannot build one, and to prove it to myself I recently bought all the necessary components to put a desktop computer together. And put it together I did.


Although that pet project did serve the purpose stated above, the real reason I got it was to have one dedicated machine just for testing purposes. So it’s completely rigged to be able to install test programs, reproduce problems clients might have with their computers, generally mess around with it and then bring it back to its initial state and start over.


With all the newly acquired latitude this new machine gave me, I set out to try a few security suites I’ve always wanted to test-drive. After trying a few, I had to stop for a moment and stare in awe at one of them: Kaspersky Internet Security 2012. Not a typo, it is 2012. I know you must be thinking, how can I test next year’s version? Well, for one, it is normally released before the end of the preceding year. But truth be told, it has actually not been released yet. It will be released in the US in about a month. But that didn’t stop me from getting a hold of a copy and taking it out for a spin.


So, back to KIS 2012.  I performed the standard test of visiting a dozen or so malicious websites (that if you’re not properly protected or don’t know what you’re doing will result in an infected computer). For the most part, KIS’ web filter component did not even allow the web browser to access the malicious links, and the one that the web filter did let go through, resulted in a download of a malicious program. Uh-oh.


Emulating a not-too-wise user, I opened the program and that program created another one and tried to plant itself in the computer (a trojan). I say tried, because then the active protection component stopped it, deleted the downloaded program, rolled back the actions the malicious program had done, and basically thwarted the infection attempt like it was nothing. So at the end the score was like KIS: 12, the bad guys of the Internet: 0. That’s pretty impressive.


KIS 2012 also comes with an anti-spam module that integrates with your email program. I tested it with a “honeypot” (spam trap) email address I have that catches dozens of spam emails every day. Without changing anything in the anti-spam default settings, KIS easily detected and correctly labeled most of the spam.


The only thing I was not able to test was how KIS 2012 behaves with an old, slow computer. Because the test machine is everything but. Otherwise I’d say as far as performance, interface simplicity and so forth, I didn’t have any complaints.


I’ll probably be writing more articles on reviews of other security products in the near future, while laughing at the hackers’ attempts to infect my test machine. So stay tuned for upcoming reviews.