We received more accolades in late August, and we would like to take a moment to share them. The new version of Kaspersky Internet Security received the highest Advanced+ award as a result of the anti-phishing technology test conducted by AV-Comparatives. The Kaspersky Lab solution did not produce a single false positive and successfully blocked 98% of phishing URLs, allowing it to stay well ahead of competitors.
Kaspersky Internet Security is a consumer product, not business-oriented. However, it’s worth noting because it’s about a certain technology’s performance, not the specific product: It is Kaspersky Lab’s anti-phishing that has topped the competition.
Zero false positives
AV-Comparatives method of assessment focuses on false positives, or, rather, the lack of them. 10 different products from different vendors are tested simultaneously in a simulation that replicates typical web browsing conditions.
The AV-Comparatives experts selected 245 URLs from a collection of addresses of phishing sites, all of them active at the time of testing, unique, and most importantly, designed to steal confidential information such as credit card numbers, financial and bank service accounts, passwords to access email, social networking sites and online games, etc. In other words, they were all posing a real-world threat.
To eliminate the effect of the time factor, all products were tested simultaneously (because the longer a phishing URL is active, the more likely that it will be listed in the database of malicious sites).
As a result, Kaspersky Internet Security is reported to have blocked 98% of dangerous links, beating the nearest competitor by 6%.
A mandatory requirement to get the Advanced+ certificate in this test was to produce no false positives while checking 500 legitimate banking sites. Kaspersky Internet Security demonstrated superior results in this test.
Phishing: a real problem
Phishing has become a major threat for both home users and enterprises, as it is a “proven” way to extract certain sensitive information from victims, be those credentials to bank accounts or some secret private data.
Most phishing attacks involve creating a copy of a web page frequented by the victims. The copy can be placed on a domain similar to the original and various means can be used to lure the user to visit it and enter their credentials.
To lure users to the fake site, criminals actively deploy social engineering and psychological techniques. Usually, attackers try to generate interest by offering users (usually via messages in email, social networking sites or IM such as Skype) pseudo-secret or sensational information, or, if it is a narrowly targeted attack, some data ostensibly pertaining to their professional interests. Recent, a multitude of APTs use this trick.
Fraudsters employ hundreds of tricks to conceal their efforts to steal credentials. Some of them make it almost impossible to tell a fake site from the original, so that even the most attentive and threat-aware users may fall prey.
According to statistics from the Kaspersky Security Network, in the first half of 2015 alone, the Kaspersky Lab anti-phishing system was triggered 80 million times on the computers of Kaspersky Lab products users.
This scope clearly shows the problem is very real. Moreover, phishing has long gone commercial with black market dealers offering phishing attack services and even entire phishing campaigns. Also, there are many ready solutions on the Web.
Catchin’ the phish
The anti-phishing module implemented in Kaspersky Lab’s solutions combines three methods of detection:
- Sites are checked by the product’s local anti-phishing databases on the user’s device;
Sites are checked by cloud databases located on the Kaspersky Security Network;
This may sound a bit too technical, but essentially the potentially dangerous resources and links are checked against the local database on phishing sites, which is updated constantly, and the Kaspersky Security Network, which has a unique base of SSL certificates corresponding to domain names. Heuristic analysis helps to recognize a phishing webpage even if it’s not yet
featured in these databases, which is extremely handy in cases of narrowly targeted attacks.
More information on Kaspersky Anti-Phishing Technology, as well as the products where it is implemented is available here.