In its default configuration Kaspersky does all it can to handle application control without bothering the user. For example, I didn't have any trouble running a never-before-seen browser utility I wrote myself – the firewall granted Internet access but marked the program "low restricted."
When I tried a collection of leak tests (programs designed to subvert program control) it was a different story. Kaspersky categorized some as untrusted, so they didn't run at all. The others fell in to the low or high restricted category, and restrictions prevented them from breaking through program control. That's impressive!
A rootkit detection utility I rely on uses rootkit-like technology to get a handle on the actual rootkits. This naturally caused Kaspersky to flag it as dangerous, but that's reasonable. I chose to allow the action and, the utility worked fine.
Next I installed twenty PCMag utilities, most chosen because they reach deeply into the OS and might mistakenly be considered dangerous. Before doing so I turned off "select action automatically," so I could see what happened. Most of them installed and ran without incident. Five got a popup warning; in each case I chose to restrict the program's actions. One just didn't work with restrictions in place and another couldn't set itself to run at startup. But all the rest worked fine and loosening the restrictions allowed the others to work.
The application control system seems good at hindering actual bad programs and leaving good programs alone. If you find that one of your programs doesn't seem to work quite right, check its status in the application control list and, if necessary, lift some restrictions.—Next: Malware Protection Helped by Firewall
source pcmag.com
When I tried a collection of leak tests (programs designed to subvert program control) it was a different story. Kaspersky categorized some as untrusted, so they didn't run at all. The others fell in to the low or high restricted category, and restrictions prevented them from breaking through program control. That's impressive!
A rootkit detection utility I rely on uses rootkit-like technology to get a handle on the actual rootkits. This naturally caused Kaspersky to flag it as dangerous, but that's reasonable. I chose to allow the action and, the utility worked fine.
Next I installed twenty PCMag utilities, most chosen because they reach deeply into the OS and might mistakenly be considered dangerous. Before doing so I turned off "select action automatically," so I could see what happened. Most of them installed and ran without incident. Five got a popup warning; in each case I chose to restrict the program's actions. One just didn't work with restrictions in place and another couldn't set itself to run at startup. But all the rest worked fine and loosening the restrictions allowed the others to work.
The application control system seems good at hindering actual bad programs and leaving good programs alone. If you find that one of your programs doesn't seem to work quite right, check its status in the application control list and, if necessary, lift some restrictions.—Next: Malware Protection Helped by Firewall
source pcmag.com
No comments:
Post a Comment