世界著名防火墙最新测评报告的详细解读KIS篇(,原版翻译）

govyvy

世界著名防火墙最新测评报告的详细解读KIS篇(,原版翻译）

来自：MACD论坛(bbs.macd.cn) 作者：govyvy 浏览：1928 回复：1

感谢大家有兴趣浏览这篇翻译的文字，我想先说明一下：该篇文章取自www.matousec.com，由于该公司是专业的安全性产品评估测试公司，因此其发表的结论性报告有一定的参考价值，同时该公司还是一家测试并出售Bug产品的商业公司，其对送测安全类产品的标准相当的严格，评论近乎严苛，所以不管您是哪款防火墙产品的拥护者，阅读本文请以平和的心态面对，说到底，防火墙的实际应用和实验室测试还是有比较大的区别，一款产品是否好用，只有使用者心里最清楚，世界上没有完美的防火墙，只有最适合自己的防火请，发表这些文字只是希望对大家在选择该类产品时提供必要的参考资料。原文地址http://www.matousec.com/projects/windows-personal-firewall-analysis/Kaspersky-Internet-Security-6.0.2.614/，感兴趣的朋友可以浏览。

中间插一句，翻译matousec.com的测试报告不下7篇了，第一次看见这个网站对某一防火墙采取了正面肯定多于负面评价的报告，不由感叹，还是老毛子的功力深厚啊！以下是摘录的两句该网站对KIS的总评：“Kaspersky Internet Security 6.0.2.614 is clearly the best product among those we have already tested.卡巴斯基互联网安全套装v6.0.2.614无疑是我们已经测试的所有产品中最出色的产品。”“Kaspersky Internet Security is the only product we can recommend to end-users nowadays.卡巴斯基互联网安全套装是现今我们唯一向最终用户推荐的产品。”

Kaspersky Internet Security 6.0.2.614 - Review

Kaspersky Internet Security is a mature security software that also includes personal firewall features. Kaspersky Internet Security benefits from its multilayered security design and although this design is not bulletproof, it is one of the best that are available today. This software also offers pleasant and well arranged user interface. So, even if not perfectly secure, we can recommend Kaspersky Internet Security to end users.

卡巴斯基互联网安全套装6.0.2.614 – 概览

卡巴斯基互联网安全套装（以下简称KIS）是一款同时包含个人防火墙功能的成熟的安全软件。KIS的成功得益于其多层次的安全设计，尽管这项设计并非无懈可击，但确实是当今最佳的安全设计之一。这个软件同样拥有令人舒服且设计合理的用户界面，因此，即使其在安全性方面不能做到尽善尽美，我们也很乐意向最终用户推荐卡巴斯基网络安全套装。

Tested version

We have tested Kaspersky Internet Security version 6.0.2.614 because its vendor, Kaspersky Lab, have discontinued the development of its stand-alone personal firewall product called Kaspersky Anti-Hacker long time ago. However, we have installed and tested only the minimal core of KIS, which includes anti-virus, and personal firewall components.

The vendor provided us a licence for the purpose of our testing. Such a licence is usually available for $59.95 and includes one year of updates. The two years licence costs $95.92.

测试版本

由于KIS的开发者卡巴斯基实验室早就终止继续研发被称为“卡巴斯基黑客防护”的独立的个人防火墙产品，我们选择了KIS6.0.2.614作为测试的对象。（尽管KIS具有强大的综合防护能力），我们仅仅选择了包括其病毒防护以及个人防火墙组件在内的核心进行最小化安装。

开发者为我们此次测评提供了使用授权。通常情况下，一个包含一年更新服务的授权码价值59.95美金，二年有效的授权码需要花费95.92美金。

Installation and initialization

The downloadable version of Kaspersky Internet Security is delivered in 22 MB self-extracting executable. This size is reasonable for a security suite that includes anti-spam, anti-spy, anti-virus and personal firewall components. Just after you choose an installation folder, you are asked to choose the installation type. Complete installation, Custom installation and Anti-virus features only are offered choices. We chose Custom installation to be able not to install Anti-spam, Anti-spy, on access File Anti-Virus, Mail Anti-Virus and Web Anti-Virus. The only components we installed were core components, Proactive Defense and Anti-Hacker FireWall. Keep this in the mind while reading this review because some information like hardware requirements might be different if you install other components too. After you choose the type of the installation, you are asked whether you want to enable Self-Defense before the raw installation. This is probably an attempt to protect the installation process against possible malware attacks. We left this option enabled. The next step is the raw installation of files, services and drivers, this takes no more than a few minutes.

The post-installation configuration is done via Initial Setup Wizard. This wizard is started as soon as the first part of the installation is finished. At first, you are asked to activate your licence and even trial licences have to be activated if you want to have an access to security updates. The next step is quite important. You are asked to choose whether you want to enable only Basic protection, which is selected by default and recommended for most users, or Interactive protection, which is recommended for experienced users. We strongly recommend you to choose Interactive protection, because if you choose Basic protection the system will not be fully protected. We chose the better protection and also enabled Application Integrity Control, which is disabled by default. The configuration of automatic updates follows. You can also perform an update in this step, this can take a few more minutes. Then you can configure regular anti-virus scans and in the next window you can enable a password protection of your settings. To achieve the best security settings, we recommend you to enable the password protection even if you are the only user of your computer. You can also choose which parts of the settings will be protected by the selected password.

The last part of the installation is the configuration of additional protection and network related settings. In this part, KIS automatically initializes its internal database of programs that are allowed to access the Internet and recognizes the network interfaces in your computer. You can always modify the settings that were configured automatically. The last step is to restart your computer. After the reboot, you are advised to perform a full anti-virus scan of your computer.

The installation process is pleasant and quite easy and fast even for common users. To achieve the highest level of security KIS can offer, you have to slightly modify the predefined options during the post-installation configuration. KIS received no penalty for the installation process.

安装与初始化

下载下来的KIS是一个22M的自解压的可执行文件。这样的体积对于一款包含垃圾邮件防护、间谍程式防护、病毒防护以及个人防火墙组件的安全套装产品来说是合理的。在选择完程式的安装路径后，您会被询问选择安装方式，选项包含完全安装、自定义安装以及仅安装病毒防护组件。我们选择了自定义安装，这样就不会被安装垃圾邮件防护、间谍程式防护等组件，并剔除了病毒防护文件、邮件病毒防护文件以及网页病毒防护文件。我们只安装了最核心的组件：前摄防护以及反黑客防火墙。请务必在阅读本报告时关注这个前提，因为当您选择安装了其他组件的时候，一些诸如硬件要求的信息也会相应发生变化。选择好安装类别后，您会被询问是否选择在原始安装开始前启用自我防护功能。这可能是一种为防止安装过程中遭受恶意攻击而采取的措施。我们启动了这个功能，接下来就是文件、服务以及驱动的原是安装，需要花费几分钟的时间。

安装后的设置是通过安装初始化向导进行的。这个向导在第一部分安装完毕后就立刻开始执行，首先，如果您想要获得产品的跟新，您会被要求激活您的授权（包括体验授权码）。下一步非常重要，您将被询问是否仅希望启用基础防护，这个选项是默认选项并且是KIS向大多数使用者推荐的选项；或者启动互动防护，一个适合高级用户使用的选项。我们强烈推荐您选择互动防护，因为您的系统在基础防护下得不到全面的防护。我们选择了更高级别的防护，同时也启用了默认关闭的应用程序全面控制功能，接下来就是对自动更新进行设置。您也可以在这一步开始执行更新，这需要花费好几分钟。之后您可以设置定期病毒扫描，并且在下一个窗口您可以通过设置密码来保存您的设置。为了获得最佳的安全防护效果，即便您是计算机的唯一使用者，我们也建议您设置密码保护。您还可以选择需要密码保护的部分进行设置。

安装的最后以部分是对一些附加防护功能以及网络相关部分进行设置。在这一部分，KIS会自动对被允许连接到互联网的程序的内部数据库进行初始化，并识别您计算机是上的网络界面。您也可以修改那些自动设置好的规则。最后就是重新启动电脑，重启后，您将被建议对机器进行一次全面的病毒防护扫描。

安装过程让人感觉愉悦，即便对初级用户，安装也会显得游刃有余。为了获得KIS所能提供的安全防护的最高水准，您必须在安装后的设置过程中对一些预设选项进行微调。KIS不对安装过程（的任何意外）负责。

Hardware requirements

Our installation of Kaspersky Internet Security took about 27 MB on the hard disk and about 15 MB in the RAM. These values would be reasonable even if KIS was only a personal firewall software, but its core also includes the anti-virus, and so these values are better than good. On the other hand, it reduces the performance to about 73% in average. This number was highly affected probably by Registry Guard component, because we have measured much lower performance during extensive work with the system registry. As mentioned above, these values can be different if you install more of KIS components. The hardware requirements of KIS are no problem for today's computers.

硬件要求

安装KIS需要占据27M的硬盘空间以及大约15M的内存。即便KIS只是一款个人防火墙软件，上述指标也是合理的，更何况它还包含了病毒防护的核心功能，所以这些指标是很出色的。另一方面，运行KIS的电脑其效率一般只能达到原来的73%,这个数值很大程度上是受到注册表防护组件的影响，因为我们在利用系统注册表进行的扩展评测时所测量到的效率值非常低。如前所述，这些数值在您安装更多组件的情况下会有不同。以现在计算机的配置来看，完全能够达到KIS的硬件要求。

Common behaviour and control

The user interface of Kaspersky Internet Security is well-developed and nice. It fully supports the internal architecture based on many separate, but well connected, smaller components. The main window is divided into three parts. The first one is a structured menu, in which you select what do you want to work with in the main part of the window. If you select Protection, you will be informed about the current state of the security on your computer. You can get more information about the state of each component you have installed by clicking on it in the menu. If anything in the security system needs your attention you can see it in the third part of the main window, which is a small information box. In such case, you are also informed via on screen notifications, so you do not have to open the user interface everytime. KIS is not intrusive with its notifications if you do not want it to be. You can precisely configure, which notifications you are interested in and which does not bother you at all. The next item in the menu is Scan. This is devoted to anti-virus scanning of your computer. You can start custom scans of your disks, single folders or critical areas of your system. The last item in the menu is Service, where you can check your current product version, the exact time and date of your last updates and also the state of your licence. You can also run updates from here, view security reports or contact KIS support.

Configuration of all settings is made in a separate window. Settings of personal firewall features can be changed in Proactive Defense and Anti-Hacker submenus. Proactive defense is divided into four categories as in the post-installation configuration wizard. Be sure to have enabled at least the first three modules called Application Activity Analyzer, Application Integrity Control and Registry Guard. If you use Microsoft Office, you can find Office Guard useful too. Application Activity Analyzer monitors the behavior of all processes in the system. Application Integrity Control is something like the component control that you can find in many other personal firewalls. Registry Guard monitors the access to system registry and alerts when a critical part of registry is to be changed. The most of the features these components provide are highly configurable, which comes handy if you have a harmless application that behaves uncommonly, you can easily add it to the trusted zone and you will not be notified about its activities any more. The Anti-Hacker component is the firewall itself. KIS offers five modes of firewall from Allow All to Block All. At the beginning, Training Mode may be the best choice, in which a prompt appears if any application attempts to connect to the network or the Internet. The detailed configuration allows you to view and change the list of applications that are allowed or blocked to establish network connections. You can also configure the access to single TCP and UDP ports as well as to configure other protocols. The last features related to personal firewall security can be found in the Service menu. You should have Self-Defense enabled here and you can also set your password here. Not only if you administer more desktop computers with KIS installed, you can find useful a possibility to save and load the configuration to or from the file.

The tray icon offers a fast access to both main and settings windows and to Network Monitor. You can also quickly block all the network traffic, run anti-virus scan, perform an update as well as pause or disable the whole KIS protection from the tray icon popup menu.

The only problem we have found in the common behaviour and control was missing help. For example, in Proactive Defense alerts in case of suspicious driver installation you can click on the name of the event and instead of getting some detailed information, your browser is opened on a page that says "Can't find virus record". This is an issue of many of alerts from various components and can be very unpleasant for basic users. This is why the Easy of use for Kaspersky Internet Security is on 95%.

习惯性应用和控制

KIS的用户界面相当完善和美观，完全支持基于许多小巧独立但却完美结合的组件所搭建起来的内部架构。主窗口被划分为三个部分：第一部分是结构菜单，在这里您可以通过选择一些功能进行操作。如果您选择了保护功能，KIS将告诉您有关您的计算机安全现状的信息，通过点击这个菜单上的对应功能键，您还可以获得关于您已经安装了的各个组件的更多的信息。安全信息提请您注意的信息可以在主窗口的第三部分查看，这是一个很小的信息搜集箱。同时您还将从屏幕的通知栏中获得安全警告，因此您不需要每次都开启用户界面。在您不需要的时候，KIS的通知信息不会强制性的介入（您的工作）。通过精确设置，您可以获得您感兴趣的信息，同时摒除无关信息对您的干扰。菜单的第二项是扫描，主要是对计算机是系统进行的病毒防护扫描。您还可以自定义扫描的对象，如硬盘分区、单一文件夹或系统的关键区域。菜单的最后项目是服务，在这部分，您可以确认产品版本，上次更新的准确日期以及您的授权情况。这里同样提供自动更新、安全报告以及支持帮助等服务。

对所有设置的定义是在一个独立的窗口进行的，对个人防火墙功能的设置需要在前摄防御以及黑客防护的下级菜单中实现。和在安装后的设置向导中一样，前摄防御被划分为四个目录。请确保至少启动了第一批的三种模式，分别称作：应用程序活动分析器、应用程序全面控制、注册表防卫。如果您还使用微软的Office软件，您还可以发现可以使用Office防护功能。应用程序活动分析器对系统中的所有进程进行监控，应用程序全面控制是一个类似于在许多防火墙中常见的组件控制功能，注册表防护对注册表通路进行监视并在系统注册表的关键部分被修改时发出警报。这些组件所能实现的最大特点就是高度的可设置性，这种（可设置性）的便利之处在于当您计算机上的一个非恶意应用程序在进行（不为防火墙规则容许的）非常操作时，您可以很方便的把这个程序添加到可信任区域，从而避免了一再的被防火墙警告的烦恼。黑客防护组件就是防火墙本身。KIS为防火墙设置了从全部允许到全部阻止的5级防护模式。杜宇初学者，学习模式也许是最佳选择，当应用程序企图连接局域网或互联网时，会有提示提请注意。细节化设置允许您查看并更改罗列有被允许或被阻止建立网络连接的应用程序清单。您同样可以定义通往TCP和UDP端口的路径以及定义其他的通信协议。最后一个功能可以服务菜单中查看，和个人防火墙的安全性有关。您应该在这部分启动自我防护功能，同时还可以设置保护密码。这种为设置提供保存并可以与文件进行加载与接收的可行性并不仅在您管理更多的安装KIS的台式计算机的时候才能感受的到。

系统托盘图标提供了快速访问主界面、设置界面以及网络监视器的捷径。您同样可以通过这个快捷图标的弹出式菜单快速关闭所有的网络通信，运行病毒防护扫描程序，开启更新服务以及暂停或禁用整个KIS的系统防护。

在习惯性应用和控制环节的测试中，我们发现的唯一问题是缺少帮助说明。比如如果有可疑的驱动执行安装，前摄防御将发出警报，您可以点击“事件名称”代替“查找详情”，您的浏览器将打开一个标有“找不到病毒记录”字样的页面。KIS多类组件的警告中都存在这个问题，对初级用户来说，这让人很不愉快。这也是为什么KIS在易用性方面获得95%分的原因。

Security

On one hand, we were quite surprised that Kaspersky Internet Security suffers from a number of security related problems that should not appear in the software like this. KIS makes an impression of a mature product, whose developers should be aware of problems and vulnerabilities that commonly affect security software. On the other hand, the security design is quite a good one. The system of separate but well connected components forms a multilayered security design. This means that even if some part of protection is bypassed it usually does not imply that all the security mechanisms are bypassed and the attacker is not able to take a full control of the system. In spite of this, there still exist several ways how to bypass the protection of KIS completely.

KIS implements a very interesting security related feature called Rollback. The Application Activity Analyzer component closely tracks the actions of any programs that runs in the system. If the application is to make something dangerous, the prompt appears. The users are able to check the list of all actions the application made and base their decision on this information too. Moreover, if the dangerous action is blocked, Rollback can be performed, which means that all tracked activities like registry modifications, new file creations etc. are reverted by KIS back to the state before the blocked application started.

The tested version of KIS has a very good anti-leak protection, Windows messaging oriented attacks seem to be a problem for KIS today. To achieve mentioned very good leak-testing results it is necessary to properly configure the security settings. We have been informed that future versions of KIS will fight possible leaks even better.
In spite of all problems we have identified during our analysis, we can say that KIS offers a solid protection and we can recommend this product to users that demand high level of security. No, KIS is not a perfectly secure or bulletproof solution, there are still quite many ways how its protection can be bypassed, but among the competitive products KIS is one of the best. And because of its good security and overall design, it can be relatively easy for the vendor of KIS to improve this product to put the bar even higher. You can see the public information about bugs we found in Kaspersky Internet Security in the following sections below.

安全性

一方面，我们为KIS存在许多这类软件不应该有的安全类相关问题而惊奇。KIS一直给人以成熟的安全产品的印象，它的开发者应该对那些经常性会对安全类软件产生影响的问题和弱点有清醒的认识。另一方面，KIS的安全设计真的非常出色。独立的系统加上被完备连接的组件，构成了这个多层次的安全设计架构。这意味着即便防护系统的某部分被绕过，但这通常并不意味着所有的安全机制被突破，攻击者依然不能完全掌控系统。尽管如此，实际上还是存在着几种能够完全绕过KIS防护的方法。

KIS有一个非常有趣的安全类功能叫做“返回术”。应用程序活动分析器组件能仔细的捕捉任何在系统中运作的程序的痕迹。如果某个应用程序企图进行一些危险性的活动，用户将被提醒。用户还可以通过一张列有该应用程序所有活动的清单进行确认并把这些信息作为自己决策的依据。此外，如果危险性活动被阻止了，“返回术”就会发生效力，也就是说所有的被捕捉的行为，如更改注册表，创建新文件等都将被KIS恢复到这个被阻止的应用程序活动前的状态。

接受测试的KIS的版本具有非常出色的漏洞防护功能。现在看来窗口报文定向攻击似乎是KIS的一个问题。为获得漏洞防护测试的出色成绩，有必要对KIS进行合理的安全设置。我们被开发者告示未来版本的KIS将在对付可能的漏洞方面表现的更加出色。

尽管在测试中我们发现了KIS的很多问题，但是我们认为KIS能够提供稳固的防护体系，因此我们推荐对安全性要求较高的用户使用该产品。当然，KIS还不能算是完美的安全或“防弹”方案，依然有许多能够绕过其防守的方法，但是在同类的竞争产品中，KIS无疑是最出色的。并且基于其出色的安全而全面的设计，KIS的开发者能够相对容易的对KIS进行改进从而将安全壁垒提升至更高的水平。您可以在下面的章节浏览到我们在对KIS进行测试的过程中所发现的BUG的公开信息。

Open private bugs

The following list contains open bugs that are private. This means that their names, descriptions, testing methods and testing programs are not available for free. You can buy private information about a single bug or you can buy the full analysis. The following list is sorted by the bug penalty, the higher penalty means the more dangerous bug.

开放的隐私信息Bug

下面的列表列出的是开放的具有隐私性质的Bug，也就是说表上的每一个Bug的名称、描述、测试方式、测试项目都不是免费使用的。您可以选择购买单个Bug的分析信息或者购买全套的分析信息。列表按照Bug的危害性进行了归类分级，级别越高意味着这个Bug的危害性越高。（略掉细节，仅仅罗列Bug名称和危害等级）

BUG00013P006KA                     BUG00018P006KA
Risk:Critical bugs（关键性BUG）     Risk:Critical bugs（关键性BUG）

BUG00019P006KA                     BUG00012P006KA
Risk:Critical bugs（关键性BUG）       Risk:Critical bugs（关键性BUG）

BUG00015P006KA                       BUG00016P006KA
Risk:Critical bugs（关键性BUG）       Risk:Critical bugs（关键性BUG）

BUG00017P006KA                       BUG00007P006KA
Risk:Critical bugs（关键性BUG）       Risk:Serious bugs（严重性BUG）

BUG00009P006KA                       BUG00006P006KA
Risk:Serious bugs（严重性BUG）       Risk:Minor bugs（微小型BUG）

BUG00000P006KA                       BUG00001P006KA
Risk:Serious bugs（严重性BUG）       Risk:Serious bugs（严重性BUG）           

BUG00002P006KA                       BUG00003P006KA
Risk:Serious bugs（严重性BUG）       Risk:Serious bugs（严重性BUG）

BUG00004P006KA                       BUG00005P006KA
Risk:Serious bugs（严重性BUG）       Risk:Serious bugs（严重性BUG）


原帖转自绅博论坛

[ 本帖最后由 govyvy 于 2007-10-21 16:18 编辑 ]

govyvy

注意这些评测是～年初进行的～不代表该软件的实际使用水准～

[ 本帖最后由 govyvy 于 2007-10-21 16:32 编辑 ]