Kaspersky (Server) Anti-Spam: No Longer the Underdog; More Top Dog.

There’s an old Russian saying: As you start the New Year – that’s how you’ll spend the rest of it.

And this year started rather well for us: First, we were awarded Product of the Year by the Austrian testing lab AV-Comparatives; second, we broke the record on the number of points from Germany’s AV-Test.org; and third, we secured the top grade from Virus Bulletin in the UK. But after that pleasant start to the year things just got better, with the number of medals on our lapel going up and up and up! There were top marks in comparative testing of our proactive protection by Matousec; we were No. 1 in testing of our Application Control function by West Coast Labs; and we also secured excellent results in testing of our mobile security product (pdf) by PCSL. But we didn’t stop at serial-wins with our personal products; we also tore up the competition with our corporate ones; for example, in the August round of testing by AV-Test.org both KIS and KES were awarded 17 and 16 points, respectively – both higher than all the other competing solutions.

So, as you can see, in the first eight months of 2012 we’ve had rather a lot of good news. But never enough good news for me to forget to praise our ever faithful and pioneering AV lab (which praise I think it appreciates – so expect more victorious bulletins from the malware front soon!).

On this backdrop of positivity and optimism, the more deeper-delving observer might remark, “ok, your antivirus technologies come top-of-the-class across-the-board, but what about your NON-antivirus technologies – the important whistles and bells that add to a solution’s completeness and thus overall usefulness – like for example anti-spam?” All-righty: that’s what I’ll address in this post.

Just recently the results of Virus Bulletin’s VBSpam testing were released in which our new Kaspersky Linux Mail Security (KLMS) – unexpectedly for our competitors but quite expectedly for us – was among the winners – actually second – with an outstanding result of a 93.93% spam catch rate and 0.01% false positives. “Who wants to come second?” might come the refrain from those used to nothing but first place for KL. But in answer I’d say, “I do!” Here’s why…

VBSpam Comparison Chart

It’s not for nothing I write outstanding in italics…

First, this truly is an outstanding result for us. KLMS’s forerunner – KAS – wavered somewhere around the middle rankings in its three years of taking part in the VBSpam testing (which today is one of the world’s best specialized tests) – with an average ranking of 12th out of 20. But in July 2012 along came KLMS – taking fourth place straight off!

Second, this is an outstanding result for an in-house server-based (as opposed to hosted) anti-spam. This is because hosted solutions have a technical advantage (they get the full contents of e-mails; server anti-spam only gets checksums and meta-data) and therefore they traditionally take the top scores in tests. Now, figuratively, the technological tussle for leadership between server and hosted anti-spams can be compared to the duel between brains and brawn in getting the upper hand in combat. Hosted anti-spam develops detection using extensive statistical methods (brawn), while server anti-spam needs to work a lot smarter (brains) to come up with new technologies. And what we demonstrated in this testing is that the brainy – not brawny – approach can win through if done properly: KLMS was the only non-hosted anti-spam in the top-five. Yee-ha!

So how did we pull off such an “unexpected” amazing victory?

As already touched upon, it all came down to crafty technologies. In early 2012 I wrote about two of them: Content Reputation and the Enforced Anti-Spam Updates Service (also known as Möbius). Due to the former, an e-mail that is flagged as suspicious “in the cloud” stays suspended in KLMS’s local quarantine. In the meantime our spam analysts check this suspicious e-mail to confirm or reject the spam “reputation”, and if necessary filter the spam before it gets to the inbox of the user. In turn, Möbius provides almost real-time updates of anti-spam signatures: the time between their development in the anti-spam lab and their being activated in the product is less than one minute!

But KLMS has many more useful features that allowed us to make the leap ahead of KAS. We also optimized the processes of the anti-spam lab itself – “sharpening” the routing of spam flows for processing and prioritization of the most significant.

A logical question (or three) can arise here: since hosted solutions are so advantageous, why put all that effort into developing a server solution? Why not just accept the status quo of hosted being the leader and stick with it? Wouldn’t it be simpler to just develop your own hosted solution or buy someone else’s?

“Simpler”? Sitting under a palm tree and sipping a cocktail is simpler. It’s also lazy, no matter how pleasant :)

First, we’re a technology-driven company. That means we have the brains to come up with the technological “filling” of our products. Besides, the majority of well-publicized takeovers of other companies and attempts at integration of the latters’ operations into the existing technological architecture finish either in complete fiasco or several years of… transfusing blood of one group into a patient with a different group! The end result is of course quite easily predictable. And the bigger the acquisition the more likely the possibility of a mega foul-up. In the field of security, reliability and fault tolerance are the be-all-and-end-all: without them: FAIL. So to risk the security of our customers by performing some kind of corporate circus act is something we’re hardly planning on doing in a hurry.

Second, though in principle we aren’t against licensing others’ technologies or acquiring other companies, we would only do so in exceptional cases, and only regarding technologies of a secondary nature – while we continue to develop our own primary ones, and only after real careful analysis of complement-ability and integration-ability. And it would also be preferable for a technology to be at the start-up stage, with those responsible for it being really talented folks ready to continue their careers in the company.

Third, as I’ve already written here, without our own anti-spam expertise it’s difficult to fight malware optimally, and as a result, fight cyber threats on the whole.

And finally, returning to the question of the duel between in-house server-based and hosted concepts of anti-spam. The majority of large customers in principle don’t like the latter variant. The main reason for this is that large companies are understandably concerned about the confidentiality of data that leaves their network for processing outside. In-house server solutions deal with these issues in one fell swoop. And now (as shown in tests) server solutions are fully competitive on both protection and performance!

Details about KLMS and our anti-spam technologies can be found here.

PS: I just received this … eh, spam from anti-spammers Mailshell, which came third in the recent anti-spam test. What can I say? Congratulations!

MailShell Spam

Comments 1 Leave a note


    Reblogged this on hackafrica.

Trackbacks 3

A race against the spammers | Virus / malware / hacking / security news

一周网络负面新闻:2014年6月30日 | Nota Bene | Eugene Kaspersky Official Blog China

暗黒面のサイバー関連ニュース – 2014年6月30日付 | Nota Bene | Eugene Kaspersky Official Blog in Japanese

Leave a note