Effectiveness of Kaspersky Lab’s Whitelisting Technology Confirmed in First Testing

20 Dec 2011
Comparative Tests, Product news

checkmark_platinum_product_award.jpgKaspersky Lab announces that the results of the first testing of its whitelisting technology (a security system based on a database of clean and trusted software) have been published by West Coast Labs, the research laboratory that conducted the testing. The testing is the first of its kind ever to have been conducted by an independent authoritative research institution. The universal testing methodology used in analyzing and assessing the effectiveness of this technology was also an industry first. The efficiency and diverse functionality of Kaspersky Lab’s Whitelist technology was confirmed with West Coast Labs’ Platinum Product Award.

Three other well-known companies in the IT security market that offer their customers (including large security software vendors) protection technology based on whitelist databases on a commercial basis were invited to take part in the testing; however, all three – Harris Corporation (formerly SignaCert), Lumension, and Bit9 – turned down the invitation.

The testing investigated such parameters as: coverage of clean software (the number of legitimate programs Kaspersky Lab knows about); the completeness of the database (the quantity and quality of data on all files); the speed of a response to an inquiry; the correctness of information supplied from the database; database update speed; data processing speed; the number of false positives/negatives; and other functions and services that come as part of the whole whitelisting package.

Adequacy of the information contained in the database to enable a full-fledged “default deny” regime was also analyzed. Unlike the widely-used “default allow” scenario (in which all programs are allowed apart from known malicious and inappropriate and thus banned ones), default deny (preventing any program from being run that isn’t clearly legitimate and/or appropriate and thus allowed) affords a more secure form of protection.

Besides developing the test methodology, West Coast Labs also developed a collection of 843,000 different file types for the investigation. Besides both regular corporate and consumer software, also included were games, popular files from online download portals, codecs, etc. More than 20,000 samples of malicious software were also used in the study.

The results of the testing of Kaspersky Lab’s whitelisting database – which contains data on more than 300 million unique clean files – prove its high degree of effectiveness. Thus, in the test on coverage of the database, it received an overall result of 94% (for corporate software) and 93% (for consumer software). Specifically, in the test of “knowledge” of regional corporate software in both North and South America together, and also in the Asia-Pacific region, the technology was awarded 98% and 99%, respectively. For the response speed test, the average time to reply to a client inquiry sent to the whitelisting database was a mere 0.02 seconds. Lastly, no false positive detections (incorrect verdicts about clean programs as malicious) were recorded during the test. In its analysis of the whitelisting database’s suitability for establishing a default-deny mode, West Coast Labs determined that Kaspersky Lab’s technology supports such a regime completely, after evaluating the possibility of prohibiting the running of all files except those that are included in Windows distribution disks, including hardware drivers.

It is worth mentioning that a default-deny scenario in Kaspersky Lab’s corporate solution – Kaspersky Endpoint Security 8 for Windows – can be implemented even without a connection to the cloud-based whitelist – through the flexible categorization rules in Application Control. However, to ensure maximum reliability of this extremely important work regime, Kaspersky Lab also covers all the necessary software in the cloud-based whitelisting database.

Commenting on the testing, Vladimir Zapolyansky, Head of Independent Software Vendor Relationships at Kaspersky Lab, said: “Though there are many players in the market of security technologies that use whitelisting, before the testing conducted by West Coast Labs there had been no established universal method for assessing the effectiveness of such systems. However, such technologies as whitelisting and Application Control have brought us a vital new model of protection which genuinely raises the overall level of security. We are confident in our approach to whitelisting, and were not afraid to have our technology tested, unlike some of our competitors. Now, both existing and potential users of our solutions who may be curious about the true worth of whitelisting and Application Control technologies have access to this detailed analysis of the operation of Kaspersky Lab’s database of legitimate software - analysis that objectively proves its effectiveness.”

The full report on West Coast Labs’ testing and the results can be found here. To learn more about Kaspersky Lab’s Whitelist and Application Control technologies, visit the Whitelist Security Approach Portal at http://whitelist.kaspersky.com/.

© 1997 – 2014 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software