Sunteți pe pagina 1din 107

Kaspersky Lab Sales References Catalogue

Kaspersky Anti-Virus 6.0.........................................................................................................................................3 Kaspersky Internet Security 6.0 ............................................................................................................................10 Kaspersky Administration Kit................................................................................................................................21 Kaspersky Security................................................................................................................................................31 for Microsoft Exchange Server 2003 ......................................................................................................................31 Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition.........................................................42 Kaspersky Mail Gateway .......................................................................................................................................52 Kaspersky Anti-Virus for Windows Workstations ...............................................................................................62 Kaspersky Anti-Virus for Linux File Server.........................................................................................................73 Kaspersky Anti-Virus for Lotus Notes/Domino ...................................................................................................78 Kaspersky Anti-Virus.............................................................................................................................................87 for Microsoft Exchange Server 2000/2003 .............................................................................................................87 Kaspersky Anti-Virus for .......................................................................................................................................99 Microsoft ISA Server 2004 Standard Edition .........................................................................................................99

Kaspersky Anti-Virus 6.0


What kind of protection does Kaspersky Anti-Virus offer?
Kaspersky Anti-Virus 6.0 protects PCs operating under Microsoft Windows from all types of malicious programs, including viruses, Trojans, worms and rootkits. The product combines reactive protection methods (as used in Kaspersky Anti-Virus 5.0) with the newest proactive technologies.

Which product should I choose Kaspersky Internet Security 6.0 or Kaspersky Anti-Virus 6.0?
The range of threats on the Internet today is quite diverse and only by taking a combined approach can users be sure that their computers are fully protected. There are two main choices for users: Using several separate security products (from one or several vendors): each product specializes in protecting the computer from one type of threat. An example of this approach would include installing Kaspersky Anti-Virus 6.0 + firewall + anti-spyware software solution + other programs Using a single integrated product: deploying an all-in-one solution that protects against all types of Internet threats, i.e., Kaspersky Internet Security 6.0 There is no best way that can be recommended across the board to all users. Each user must choose the approach that best meets their individual needs. Generally, Kaspersky Anti-Virus 6.0 can be used in conjunction with personal firewalls and antispam products from other vendors, while Kaspersky Internet Security 6.0 provides comprehensive integrated protection1 for the PC. The table below provides a comparison of the features available in Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.

Protection component

Kaspersky Anti-Virus 6.0

Kaspersky Internet Security 6.0

File antivirus protection Mail antivirus protection Internet antivirus protection Proactive protection (behavior blocker + anti-rootkit + registry monitor + scanning of VBA macros) Anti-hacker (firewall + Intrusion Detection System + list of trusted networks) Anti-phishing, anti-banner, anti-adware, anti-dialer Antispam -

By integrated protection, we mean a solution that protects computers from all known types of threats to computers (such as viruses, hacker attacks, spyware and spam), as well as from phishing attacks and undesirable Internet content.

New features
Faster scanning speeds. Version 6.0 products incorporate iSwift technology, which significantly accelerates the operation speed of the whole solution. Reduced update sizes. The download process has been optimized to significantly decrease the size of updates (on average around 20 times). Scan suspension. On demand scanning tasks are automatically suspended during periods of increased user activity. The program frees up resources for use for other applications so that the users work is not slowed down. Scanning of network traffic (POP3, SMTP, IMAP, HTTP, NNTP). Kaspersky Anti-Virus 6.0 processes all incoming and outgoing email on the fly, as well as any files and web pages downloaded from the Internet. Application integrity control. The program protects applications such as Microsoft Internet Explorer from infiltration by malicious code. Control over hidden processes. This function is aimed at combating attempts by malicious code to hide itself in the operating system (by using rootkits). System restore. The program removes malicious objects from the operating system and also rolls back any changes made by it in the operating system. Spyware and adware are processed in the same way. New user interface. This new interface makes maintaining full control over PC security easy, while at the same time offering advanced users versatile settings for fine-tuning the program. Support for laptop users. Kaspersky Anti-Virus 6.0 is compatible with the economy mode on laptops which conserve battery power.

Improved performance in version 6.0 products


The product features a whole range of technologies and settings that accelerate performance and provide optimal use of system resources without sacrificing the quality of detection.

Capability Scanning of only new and modified files

Description Only new and modified files are scanned for viruses thanks to the addition of iChecker and iSwift technologies. System resources are not wasted on repeat scans of files that have not changed since the last antivirus scan. The beauty of this is that the longer the program is used, the fewer files it has to scan. During periods of increased user activity, antivirus scanning is suspended so that system resources are available for other programs and processes. This means that the antivirus program does not slow the users work down. Users have the option of configuring the program to scan only potentially infected files. There are certain types of files that viruses simply cannot infect, since they do not contain any kickoff points or hooks for the virus. Files in the .txt format are a typical example. On-the-fly scanning can be used for detecting malicious code in Internet traffic. When a file is downloaded from the Internet, the program scans each portion of the file as it is copied to the computer. Using this method of scanning users receive scanned objects faster. A scan task can be launched for critical areas of the computer only (that is, system memory, startup objects, disk boot sectors, Windows system catalogs and system32). Infections in these areas cause the most damage to computers. Any active viruses in the system can be quickly detected without having to launch a full system scan of the computer. Users can maintain a list of trusted applications that can be safely excluded from scanning and analysis.
4

Scan suspension

Scanning of only potentially infected files

On-the-fly scanning of Internet traffic

Scanning of critical areas of the computer

Choice of trusted applications

Kaspersky Anti-Virus: Comparison of Versions 5.0 and 6.0


Capability Kaspers ky AntiVirus 5.0 Kaspers ky AntiVirus 6.0

Real-time antivirus scanning for email and working online Antivirus scanning on demand or on schedule SafeStream technology for faster scanning Protection from viruses, Trojans and worms Protection from spyware and adware Scanning and treatment of archive files Blocks dangerous macros in Microsoft Office documents Proactive protection from the latest and unknown malicious programs Scans only files that have been created or modified since the last scan Scan suspension during periods of increased user activity Automatic hourly updates to antivirus databases Support for Intel Centrino mobile technology Choice of skins for the graphic user interface -2 -

Competitive advantages
Kaspersky Anti-Virus 6.0 has a number of advantages over other solutions on the market: High-quality antivirus technology. Kaspersky Anti-Virus 6.0 offers the highest virus detection rates, the fastest response time to new threats (as confirmed by independent tests), support for the largest number of archived and compressed file formats (over 1,200) and treatment in ZIP, ARJ, CAB, RAR and LHA archive formats. Powerful proactive protection. Proactive protection comprises a heuristic engine, behavior blocker, application and Windows registry integrity control and a rollback function for malicious changes. Fast performance. iSwift and iChecker technologies make it possible to limit scanning only to new and modified files, or only potentially dangerous objects. They also ensure balance between scanning speed
2

This function is available only with Kaspersky Anti-Virus Personal Pro.

and the quality of detection. Scan suspension during periods of increased user activity further helps reduce the load on resources. Self-protection. Unique to Kaspersky Anti-Virus 6.0, this mechanism allows the product to protect itself against malicious programs. Small updates. Incremental database updates result in faster performance and more economical use of Internet traffic. Flexible settings. A broad range of settings are available for advanced users to fine-tune the program. A full comparison of Kaspersky Anti-Virus 6.0 and competitor products is provided in Survey of Personal Products for Protection of Microsoft Windows, which will be available on the Kaspersky Lab Partner Extranet shortly: https://www.kaspersky.com/index.html. The document provides a comparison of the following products: Norton AntiVirus 2006 (Symantec) McAfee VirusScan 2006 8.0 (McAfee) Dr. Web Antivirus v. 4.33 (Doctor Web) NOD32 v.2.5 (Eset) Panda Titanium 2006 (Panda Software) BitDefender 9 Standard (BitDefender) The document also includes a section explaining why some functions available in competitor products have not been implemented in Kaspersky Anti-Virus 6.0.

How Kaspersky Anti-Virus 6.0 interacts with other installed programs

Progra m type Previous versions of Kaspers ky Lab personal products

Description of interaction

During installation, the program automatically searches for any other Kaspersky Lab personal products on the computer and deletes them. A list of all of these personal products can be found in the release notes in the distribution package at: ftp://ftp.kaspersky.com/products/release/ Users of Kaspersky Anti-Virus Personal or Kaspersky Personal Pro installed on their PCs are encouraged to save the license key before the program is deleted. It can then be used as a key for Kaspersky Anti-Virus 6.0. During installation, the program automatically searches for other antivirus products on the computer that may cause conflicts on the system. The user will be given the option of deleting any such programs. A list of applications that would need to be deleted during the installation process is available in the product release notes at ftp://ftp.kaspersky.com/products/release/. The product is designed to work correctly with most commonly available firewalls. The product is designed to work correctly with most commonly available mail programs including Microsoft Outlook Express, Microsoft Outlook, Thunderbird, Eudora, The Bat!, Netscape and IncrediMail.

Antivirus program s from other vendors

Firewalls

Mail program s

Internet The product is designed to work correctly with most commonly available browsers Internet browsers including Internet Explorer, Opera and Firefox.

The product is also designed to work correctly with instant messaging services (for example, Windows Messenger and Yahoo! Messenger).

Licensing
The licensing scheme follows a simple formula: 1 license = 1 license key. Each license key is unique. No more than two copies of a program sharing the same license key can be installed on a local network3. Users only have access to technical support services after they have activated the program. The activation process involves installing a license key. Without a license key the program will not work! If the product is bought from a retail outlet, the activation code is written on the envelope containing the disk that contains the distribution package. If the product is bought online, the activation code is sent via email. All users are provided with instructions on how to activate the product (in the box for retail customers and via email for online customers). Licenses are available for limited periods 1 or 2 years. In some sales territories, licenses are also available for 3 years. More detailed information is given in the Home User section of the Kaspersky Lab price list. During the license period, registered users have access to the following services: Round-the-clock technical support related to the installation, configuration or use of the product; Regular updates to signature databases, program modules and other updateable program components; Free upgrades to new versions of the product; Information about the release of new software products from Kaspersky Lab and new viruses (this service is available to subscribers to the Kaspersky Lab News Agent). More information on verifying user status, different types of license keys, managing license keys and a comparison table showing the compatibility of license keys in 5.0 and 6.0 products are available on the Kaspersky Lab Partner Extranet at: https://www.kaspersky.com/index.html.

Upgrading Previous Versions of Kaspersky Lab Personal Products


The conditions of upgrading to Kaspersky Anti-Virus 6.0 for users of the following personal products depend upon the number of products used and the subscription (license) status: Kaspersky Anti-Virus 5.0 Personal Kaspersky Anti-Virus 5.0 Personal Pro Kaspersky Personal Security Suite. Further details are available on the Kaspersky Lab website http://www.kaspersky.com/upgrade.

Current product KAV 5.0 KAV 5.0 Pro KPSS KAV 5.0 KAV 5.0 Pro KPSS

Subscription Status Effective Free-of-charge.

Upgrading Conditions

The license period for KAV 6.0 is limited to the license period of the current product.

Expired

1-year license, retail: KAV 6.0 can be purchased at a 30% discount from the price listed. 2-year license, retail: KAV 6.0 can be purchased at a 130% from the 1 year price listed 1-year license, online: KAV 6.0 can be purchased at a 30% discount from the price list 2-year license, online

We do not state this directly to customers. For users upgrading from version 5.0 products, there is no limit to the number of copies of a product that can be installed on a local network.

KAV 6.0 can be purchased at a 70% from the 1 year price listed KAV 5.0 Pro + KAH KAV 5.0 + KAH Expired
5 4

Effective

Free-of-charge. The license period for KAV 6.0 is limited to the product license period which expires first (or at the earlier date). 1-year license, retail: KAV 6.0 can be purchased at a 30% discount from the price listed. 2-year license, retail: KAV 6.0 can be purchased at a 130% from the 1 year price listed 1-year license, online: KAV 6.0 can be purchased at a 30% discount from the price list 2-year license, online KAV 6.0 can be purchased at a 70% from the 1 year price listed

KAV 5.0 or Pro + KAH

Support
During the license period, registered users have access to round-the-clock technical support related to installation, activation, set up and use of a software product. Links to online support services are provided on the program interface (Support User forum FAQ Comments about program operation. Service):

4 5

For both products For both products

Kaspersky Internet Security 6.0


What kind of protection does Kaspersky Internet Security offer?
Kaspersky Internet Security is a fully integrated solution that protects PCs operating under Microsoft Windows from contemporary Internet threats: viruses, hackers, spam and spyware.

Which product should I choose Kaspersky Internet Security or Kaspersky Anti-Virus?


The range of threats on the Internet today is quite diverse and only by taking a combined approach can users be sure that their computers are fully protected. There are two main choices for users: Using several separate security products (from one or several vendors): each product specializes in protecting the computer from one type of threat. An example of this approach would include installing Kaspersky Anti-Virus 6.0 + firewall + anti-spyware software solution + other programs Using a single integrated product: deploying an all-in-one solution that protects against all types of Internet threats, i.e. Kaspersky Internet Security 6.0 There is no best way that can be recommended across the board to all users. Each user must choose the approach that best meets their individual needs. Generally, Kaspersky Anti-Virus 6.0 can be used in conjunction with personal firewalls and antispam products from other vendors, while Kaspersky Internet Security 6.0 provides comprehensive integrated protection6 for the PC. The table below provides a comparison of the features available in Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.

Protection component

Kaspersky Anti-Virus 6.0

Kaspers ky Internet Security 6.0

File antivirus protection Mail antivirus protection Internet antivirus protection Proactive protection (behavior blocker + anti-rootkit + registry monitor + scanning of VBA macros) Anti-hacker (firewall + Intrusion Detection System + list of trusted networks) Anti-phishing, anti-banner, antiadware, anti-dialer Antispam -

By integrated protection, we mean a solution that protects computers from all known types of threats to computers (such as viruses, hacker attacks, spyware and spam), as well as from phishing attacks and undesirable Internet content. 10

Advantages of Kaspersky Internet Security over separate products


Instead of using Kaspersky Internet Security 6.0, users can build a computer security system out of standalone products: antivirus protection, a firewall, anti-spyware protection and spam detection. However, Kaspersky Internet Security 6.0 has a number of advantages over using separate products. For example, Kaspersky Internet Security 6.0 guarantees integrated protection for PCs without system conflicts. It is economical in its use of system resources and offers fast performance. This is all thanks to the seamless integration of all program components, which provides a single interception point for sending data for analysis.

Improved performance in version 6.0 products


The product features a whole range of technologies and settings that accelerate performance and provide optimal use of system resources without sacrificing the quality of detection.

Capab ility Scanni ng of only new and modifie d files

Description

Only new and modified files are scanned for viruses thanks to the addition of iChecker and iSwift technologies. System resources are not wasted on repeat scans of files that have not changed since the last antivirus scan. The beauty of this is that the longer the program is used, the fewer files it has to scan.

Scan During periods of increased user activity, antivirus scanning is suspended so that suspen system resources are available for other programs and processes. This means that sion the antivirus program does not slow the users work down.

Scanni ng of only potenti ally infecte d files Onthe-fly scanni ng of Interne t traffic Scanni ng of critical areas of the compu ter Choice of trusted applica tions Userdesign ated areas for realtime antiviru s scanni

Users have the option of configuring the program to scan only potentially infected files. There are certain types of files that viruses simply cannot infect, since they do not contain any kickoff points or hooks for the virus. Files in the txt. format are a typical example.

On-the-fly scanning can be used for detecting malicious code in Internet traffic. When a file is downloaded from the Internet, the program scans each portion of the file as it is copied to the computer. Using this method of scanning users receive scanned objects faster.

A scan task can be launched for critical areas of the computer only (that is, system memory, startup objects, disk boot sectors, Windows system catalogs and system32). Infections in these areas cause the most damage to computers. Any active viruses in the system can thus be quickly detected without having to launch a full system scan of the computer. Users can maintain a list of trusted applications that can be safely excluded from scanning and analysis.

The program scans all files the moment they are opened: including objects on any hard, removable and network disks that are connected to the computer. The user can also select individual catalogs, disks or files for scanning in real time.

ng

Comparison of Kaspersky Internet Security and Kaspersky Personal Security Suite


Capability Kaspers ky Persona l Security Suite Kaspersky Internet Security 6.0

Real-time antivirus scanning for email and working online Antivirus scanning on demand or on schedule Protection from viruses, Trojans and worms Protection from spyware and adware Blocks dangerous macros in Microsoft Office documents Proactive protection from the latest and previously unknown malicious programs Blocks dangerous scripts on web pages Blocks popup windows and advertising banners Personal firewall Stealth mode for working online Intrusion Detection System Pre-installed application rules Protection from spam Preview of messages before they are downloaded from the mail server Spam filtration based on analysis of email headers Protection from phishing attacks -7

This function was previously available in Kaspersky Anti-Virus Personal Pro.

Scans only files that have been created or modified since the last scan Scan suspension during periods of increased user activity Automatic hourly updates to antivirus databases Support for Intel Centrino mobile technology Choice of skins for the graphic user interface

Comparison of the firewall in Kaspersky Internet Security and Kaspersky Anti-Hacker


Functionality / Capability Kaspe Kaspersky Anti-Hacker rsky Intern et Securi ty Description

Filtration at the application level Filtration at the network packet level

Analysis of network activity for applications such as Internet browsers, mail programs, etc. Analysis of TCP/IP network packets transferred or received via the network card or modem. The program runs an event log of all events connected with network activity. This technology makes the computer invisible to outside users. It effectively prevents all types of DoS (Denial of Service) attacks. 5 3 These flexible settings allow users to choose their security level: anywhere between complete suspension of the protection to forbidding all network
1

Event log

Stealth mode

Number of pre-installed operation modes for the firewall

activity. The firewall tracks any attempts to send data out from the computer (for example, through a Trojan program), preventing information theft. Pre-installed application rules >250 An extended set of preinstalled rules for computer software and widely used applications (for example, Microsoft Outlook, Winamp, Internet Explorer, Firefox) saves time necessary for program set up. Templates make it easier and quicker to create rules for widely used applications such as mail clients, Internet browsers, download managers, FTP clients, Telnet clients and clock synchronizers. Training mode can be used to automatically create rules for applications that do not already have pre-defined rules. The Intrusion Detection System monitors any network activity characteristic of a hacker attack. The program prevents hacker attacks by blocking connections from the hackers computer. The firewall settings depend on the type of network the computer is connected to. When a new network connection is created, the user can choose and save a security level for it: Internet, Intranet or a trusted network (most convenient for mobile users).

Rule templates for different types of network applications

Training mode

Intrusion Detection System

Security profiles for different types of networks, including Wi-Fi

Stateful firewall module

This module provides dynamic packet filtering, examining data in the IP header and how the TCP connection was initiated. Dynamic filtering has a number of advantages over traditional statistical filtering: it offers more indepth analysis for IP packets, flexible filtration rules and an overall better level of protection.

Competitive Advantages
Kaspersky Internet Security has a number of advantages over other solutions on the market: Integrated protection. The components of Kaspersky Internet Security 6.0 share a unified operating logic, and have a single traffic interception and scanning point. This eliminates conflicts between components, improves the products performance and reduces its size. The size of the programs distribution package, the amount of RAM used and the hard disk space required by the program are thus smaller. High-quality antivirus technology. Kaspersky Internet Security offers: the best virus detection rates; the fastest response time to new threats (as confirmed by independent tests); support for the largest number of archived and compressed file formats (over 1,200) and treatment in ZIP, ARJ, CAB, RAR and LHA archive formats. Powerful proactive protection. Kaspersky Internet Security includes a heuristic engine, behavior blocker, application and Windows registry integrity control and a rollback function for malicious changes. Fast performance. iSwift and iChecker technologies make it possible to limit scanning only to new and modified files, or only potentially dangerous objects. They also ensure a balance between scanning speed and the quality of detection. Scan suspension during periods of increased user activity further helps reduce the load on resources. Fully functional firewall. This feature includes pre-installed rules for over 250 of the most well known applications. Versatile spam protection. A self-training module learns to detect spam for each individual mailbox without downloading updates. Protection from phishing. Kaspersky Internet Security uses antispam technology to detect phishing messages and links to phishing sites. Small updates. Incremental database updates + no updates for the antispam protection = faster performance and more economical use of Internet traffic. Flexible setting. A broad range of settings are available for advanced users to fine-tune the program. A full comparison of Kaspersky Internet Security and competitor products is provided in Survey of Personal Products for the Integrated Protection of Microsoft Windows, which is available on the Kaspersky Lab Partner Extranet: https://www.kaspersky.com/index.html The document provides a comparison of the following products: Norton Internet Security 2006 (Symantec) McAfee Internet Security Suite 2006 8.0 (McAfee) Trend Micro PC-cillin Internet Security 2006 (Trend Micro)

F-Secure Internet Security 2006 (F-Secure) Panda Internet Security 2006 (Panda Software) BitDefender Internet Security 9 (BitDefender). The document also includes a section explaining why some functions available in competitor products have not been implemented in Kaspersky Internet Security.

How Kaspersky Internet Security interacts with other installed programs


Program type Previous versions of Kaspersky Lab personal products Description of interaction During installation, the program automatically searches for any other Kaspersky Lab personal products on the computer and deletes them. A list of all these personal products can be found in the release notes in the distribution package at: ftp://ftp.kaspersky.com/products/release/. It is recommended that users with Kaspersky Anti-Virus Personal or Kaspersky Personal Pro installed on their PCs save the license key before the program is deleted. It can then be used as a key for Kaspersky Internet Security 6.0. Antivir us progra ms from other vendor s Firewal ls During installation, the program automatically searches for other antivirus products on the computer that may cause conflicts on the system. The user will be given the option of deleting any such programs. A list of applications that would need to be deleted during the installation process is available in the product release notes at ftp://ftp.kaspersky.com/products/release/.

The product is designed to work correctly with most commonly available firewalls. During installation of a Kaspersky Lab product comprising the Anti-Hacker component, users are given the option of turning off any active Microsoft Windows firewall. If the user chooses to keep the Microsoft Windows firewall running, Anti-Hacker will not be activated, in order to avoid system conflicts. The product is designed to work correctly with most commonly available mail programs: Outlook Express, Microsoft Outlook, Thunderbird, Eudora, The Bat!, Netscape and IncrediMail. The product is designed to work correctly with most commonly available Internet browsers: Internet Explorer, Opera and Firefox.

Mail progra ms Interne t browse rs

The product is also designed to work correctly with instant messaging services (for example, Windows Messenger and Yahoo! Messenger).

Licensing
The licensing scheme follows a simple formula: 1 license = 1 key (in the form of a file). Each license key is unique. No more than two copies of a program sharing the same license key can be installed on a local network8. Users only have access to technical support services after they have activated the program. The activation process involves installing a license key. Without a license key the program will not work! If the product is bought from a retail outlet, the activation code is written on the envelope containing the disk that contains
We do not state this directly to customers. For users upgrading from version 5.0 products, there is no limit to the number of copies of a product that can be installed on a local network.
8

the distribution package. If the product is bought online, the activation code is sent by email. All users are provided with instructions on how to activate the product (in the box for retail customers and by email for Internet customers). Licenses are available for limited periods 1 or 2 years. In some sales territories, licenses are also available for 3 years. More detailed information is given in the Home User section of the Kaspersky Lab price list. During the license period, registered users have access to the following services: Round-the-clock technical support related to the installation, configuration or use of the product; Regular updates to signature databases, program modules and other updateable program components; Free upgrades to new versions of the product; Information about the release of new software products from Kaspersky Lab and new viruses (this service is available to subscribers to the Kaspersky Lab News Agent). More information on verifying user status, different types of license keys, managing license keys and a comparison table showing the compatibility of license keys in 5.0 and 6.0 products are available on the Kaspersky Lab Partner Extranet at: https://www.kaspersky.com/index.html.

Upgrading Previous Versions of Kaspersky Lab Personal Products


The conditions of upgrading to Kaspersky Anti-Virus 6.0 (KAV 6.0) for users of the following personal products depend upon the number of products used and the subscription (license) status: Kaspersky Anti-Virus 5.0 Personal (KAV 5.0) Kaspersky Anti-Virus 5.0 Personal Pro (KAV 5.0 Pro) Kaspersky Personal Security Suite (KPSS). The most common upgrading options are summarized in the table below.
Current product KPSS KAV 5.0 Pro KAV 5.0 KAH KAV 5.0 KAV 5.0 Pro KAH KPSS 1-year license, online: KIS 6.0 can be purchased at a 30% discount from the price list 2-year license, online KIS 6.0 can be purchased at a 70% from the 1 year price listed KAV 5.0 + KAH KAV 5.0 Pro + KAH KAV 5.0 or Pro + KAH Expired
10

Subscription Status Effective Free-of-charge

Upgrade Conditions

The license period for KIS 6.0 is limited to the license period of the current product. Effective KIS 6.0 can be purchased at a 30% discount from the price listed.

Expired

1-year license, retail: KIS 6.0 can be purchased at a 30% discount from the price list 2-year license, retail: KIS 6.0 can be purchased at a 130% from the 1 year price listed

Effective

Free-of-charge The license period for KIS 6.0 is limited to the product license period which expires first (or at the earlier date). 1-year license, retail: KIS 6.0 can be purchased at a 30% discount from the price list

For both products For both products

10

2-year license, retail: KIS 6.0 can be purchased at a 130% from the 1 year price listed 1-year license, online: KIS 6.0 can be purchased at a 30% discount from the price list 2-year license, online KIS 6.0 can be purchased at a 70% from the 1 year price listed

Support
During the license period, registered users have access to round-the-clock technical support related to installation, activation, set up and use of a software product. Links to online support services are provided on the program interface (Support Service): User forum FAQ Comments about program operation

Kaspersky Administration Kit


Purpose of the document
Target audience
This sales reference is intended for sales staff from Kaspersky Lab local offices and commercial partners of the company. This document is available on the Kaspersky Lab Partner Extranet in the section devoted to Kaspersky Administration Kit. This document is for internal use only and should not be made available to end users.

Purpose
This document contains all of the information required by sales staff to promote the product and answer questions from potential customers.

Layout
The first part of the document contains sales information about the product: the target customer, its position in the Kaspersky Lab product line, new features, sales points and licensing options. The second part of the document provides information on product functions, including the information that is available to end users in the data sheets and additional technical information.

Sales information
Why centralized administration is essential
A centralized administration tool provides a convenient way to implement and manage an antivirus protection system that is made up of several antivirus products. It also makes it possible to enforce a unified security policy and provides a central point of control over all antivirus products on the network. Simply installing an antivirus program on each computer is not enough to ensure that the whole network is fully and dependably protected from viruses. There will always be the risk or end users interfering with the antivirus program (for instance, turning off the antivirus protection or making changes to the settings/schedule for updates). A centralized system for administering antivirus software should be installed both on workstations and corporate servers. The system administrator can then configure specific parameters and privileges for the antivirus program, ensure that antivirus databases and program modules are up-to-date and respond appropriately to critical events, etc.

Overview of Kaspersky Administration Kit


Kaspersky Administration Kit is a powerful and flexible tool for creating a unified antivirus protection system based on Kaspersky Lab solutions. This solution is designed for networks of any size and complexity. It provides centralized management for antivirus protection even on the most complex networks that have tens of thousands of nodes and support remote offices and laptop users. Using this product, system administrators can remotely and centrally: install/uninstall antivirus programs; configure antivirus programs; update antivirus databases and program modules; manage license keys; and, receive information about the performance of the antivirus protection via a system of notifications and reports.

21

Product philosophy
Kaspersky Administration Kit was developed with the following principles in mind (for more detailed information, see the Product Functions section: Universality and scalability: the product is suitable for networks of any size or complexity Management from a single location: all tasks can be completed from the system administrators workstation Complete control: centralized storage of all parameters for antivirus solutions and instant alerts about events. No interruption to the end users work: installation and configuration of the product can be carried out remotely. Secure administration: system administration audit, data exchange between the administrative server and the client via a secure SSL connection. Convenient administration: the product can be administered via the Microsoft Management Console (MMC).

Kaspersky Administration Kit components


Kaspersky Administration Kit incorporates the following components: Administrative server the main component in Kaspersky Administration Kit. This component makes it possible to remotely install/uninstall products and licenses, save and change settings for products, monitor the antivirus protection, update antivirus databases and program modules, log events, send out notifications and create reports. Administrative agent this component should be installed on all workstations on the network. The administrative agent receives settings and antivirus database/program module updates from the administrative server. Administration console this interface provides access to all of the functions of the administration server. The console works as part of the Microsoft Management Console.

Additionally, Kaspersky Administration Kit requires a database for processing data related to product settings, events, etc. Kaspersky Administration Kit is compatible with Microsoft SQL Server, Microsoft SQL Server Desktop Engine (MSDE) and Microsoft SQL Server 2005 Express Edition.

New in this version


The latest version of Kaspersky Administration Kit was created by some of the worlds most talented and experienced software developers. Comments and requests from users of previous versions played a key role in developing the new version. Kaspersky Administration Kit version 5.0 (Maintenance Pack 3) contains over 70 revisions and new inclusions, as well as corrections of faults found in the previous version. Here are just a few examples: Integration with Kaspersky Anti-Virus for Microsoft ISA Server 2004 Enterprise Edition; Creation of a logical network using the directory service, Active Directory, and a range of IP addresses; Central quarantine and backup storage; Full support for laptop users; and, Summary reports on the status of the antivirus protection. This version of the program is generally more user-friendly and offers greater security for the antivirus program; support for Microsoft SQL Server has been extended; tools for installing antivirus programs and delivering updates have been improved and the option of rolling back antivirus databases has been added. Detailed descriptions of these functions are given in the New Features section.

Products that can be administered via Kaspersky Administration Kit


Kaspersky Administration Kit can be used to manage the following products: Kaspersky Anti-Virus for Windows Workstations Kaspersky Anti-Virus for Windows File Servers Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition Kaspersky Security for Microsoft Exchange Server 2003. Kaspersky Anti-Virus for Microsoft Exchange Server 2003.

Kaspersky Anti-Virus for Microsoft Exchange Server 2000. Work is currently underway to add support for Kaspersky Anti-Virus for Microsoft ISA Server 2004.

Why is a centralized administration system so essential?


A single point of control over settings for all antivirus products on the network (using security policies) prevents end users from interfering with application settings and undermining the overall security of the network. Fast, centralized deployment of antivirus solutions across the whole network. Instant and regular updates of programs and antivirus databases across all workstations on the network. Summary reports on the performance of all antivirus programs on the network. Planning of timely and appropriate responses to threats (virus epidemics, hacker attacks, etc.). A single management point to save time spent on maintaining antivirus programs.

What does Kaspersky Administration Kit offer?


There is no limit to the number of administrative workstations. Support for administrative group hierarchies at any nesting level. Administration via the Microsoft Management Console (extension module). Flexible and centralized administration: settings for individual computers, administrative groups and arbitrary groups of computers on the logical network. Tasks implemented automatically (on schedule) or manually. Non-stop monitoring of the programs operation. Information about events on client computers is immediately sent to the administration server (it is possible to have a permanent connection between the client and the server for this). Secure connection between the server and clients (SSL). Remote and centralized installation of Kaspersky Lab applications on client computers. The system administrator can intervene in situations on a client computer from the administrative workstation (for example, by treating infected objects on the computer). Backup copies of data can be created using the klbackup utility. Several system administrators can work with the same resources at once. Remote installation of Kaspersky Lab applications, default settings for administrative servers, and a wizard for automatic distribution of updates. Option of creating report templates. Automatic creation of a logical network using a structure of domains and work groups for Windows networks. Support for permanent connections with client computers and administrative servers (up to several hundred). Search for a computer on a logical network by parameters (network, application, computer status, antivirus protection) and the results can be exported to a file. Scalability and high performance. Kaspersky Administration Kit supports hierarchical servers and administration groups to provide administration for thousands of client computers. The product can be used on networks built on complex architecture and topologies (dedicated lines, VPN, firewalls, proxies) and supports laptops and offline computers.

Advantages of Kaspersky Administration Kit for Different Target Customers


Benefits for business Available for free
Kaspersky Administration Kit is available free-of-charge and does not require any financial outlay. The product can be downloaded directly from the Kaspersky Lab server. Even if the number of computers on the network increases, technical support staff do not need to devote more time to maintaining antivirus products. Using Kaspersky Administration Kit, system administrators
2

Lightens the workload for technical staff

can create a security policy that allows them to remotely deploy antivirus solutions and schedule tasks. Kaspersky Administration Kit allows system administrators to deploy, configure and maintain antivirus product on the network remotely without having to disturb end users work. Antivirus protection should operate on workstations completely unnoticed by the end user.

Minimizes disruption to end users

Benefits for IT specialists


Kaspersky Administration Kit can be used to administer a network from several administrative workstations. There is no limit to the number of administrative workstations. The system administrator can delegate administrative duties to other administrative staff, while still having full access to Kaspersky Administration Kit on his/her own workstation. During installation, Kaspersky Administration Kit automatically creates a logical network for administration that is structured on domains and work groups on the Windows network. This saves the system administrator time in setting up the product. Moreover, wizards make installing, configuring and using the product fast and simple. Kaspersky Administration Kit can be used to install Kaspersky Lab applications on client computers remotely and centrally. A special agent can even be installed remotely on client computers. It is possible to create backup copies of all databases and settings for Kaspersky Administration Kit, which saves time if the necessity arises to reinstall the system. Kaspersky Administration Kit collects statistics about all Kaspersky Lab products operating on the network. System administrators can monitor the applications and create reports using these statistics. It is possible to create summary reports on all applications or more detailed reports on individual groups of computers. Kaspersky Administration Kit can be used to administer antivirus solutions on complex networks of any configuration. Communication between administrative servers and clients is still possible when using a dedicated line, VPN (virtual private connection), firewalls and proxy servers. The program supports laptops and offline computers.

Simplicity and convenience

Easy installation

Remote installation of antivirus applications

Simple to reinstall

Graphic reports

Flexibility

Licensing
Kaspersky Administration Kit is distributed for free-of-charge and does not require a license.

Support
Registered users of Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite are entitled to free technical support for Kaspersky Administration Kit. During the license subscription period, registered users receive: Round-the-clock technical support for all questions related to the installation, configuration and use of the product; Regular updates to antivirus and antispam databases; New versions of the product; Information about the release of new software products from Kaspersky Lab and virus alerts (available to subscribers to the Kaspersky Lab News Agent).

Upgrading from previous versions of the product


Kaspersky Administration Kit 5.x works completely independently from Kaspersky Administration Kit 4.x. The version 5.0 administration system can only be used to manage version 5.0 products, and version 4.0 can only be used for version 4.0 products. Both versions of Kaspersky Administration Kit will work at the same time on the network.

Position in the pricelists


This product is not included in Kaspersky Lab product pricelists since it is offered as a free addition to any of the products that make up Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite.

Training
Kaspersky Lab offers training programs and certificates for using Kaspersky Administration Kit. Users from English-speaking countries can write to edu@kaspersky.com for further information. The course teaches system administrators how to implement and maintain Kaspersky Lab antivirus products.

Functions
Main functions
This section provides sales staff with a one-stop information resource to help them provide complete and accurate information to potential clients. Individual features have been grouped by function. In the column on the left is information available to users from the product leaflet; in the column on the right more detailed information.

Capabilities/Functions Main features

Description

Universality and Scalability

Kaspersky Administration Kit can be used to administer antivirus solutions on complex networks of any configuration. Communication between administrative servers and clients is still possible when using a dedicated line, VPN (virtual private connection), firewalls and proxy servers. The program supports server hierarchies at any nesting level. Moreover, Kaspersky Administration Kit makes it possible to serve tens of thousands of client computers from a single administrative server. The system administrator can resolve all issues related to the management of the antivirus protection from his/her workstation: Build a logical network and install antivirus programs Configure group (for computers within a single administrative group) and individual (for separate computers) work parameters for antivirus applications. Update antivirus databases and program modules Monitor antivirus protection systems Respond to critical situations. Data between the administrative server and client computers (including laptops) is regularly synchronized to ensure:

Central Administration

Constant Control

Guaranteed delivery of security policies (settings) and tasks to server clients. If a computer is turned off or disconnected, this data is delivered as soon as the computer registers on the network again.
2

The administrator receives information about any incidents on the network even when s/he is not present in the office (by pager or mobile). Low-hassle for end users The system administrator can deploy and maintain the antivirus protection system remotely without having to disrupt end users work. Installation, configuration and operation of antivirus protection on workstations need not disrupt or distract end users. Kaspersky Administration Kit ensures a high level of security for the system by: Clearly defining administrators the roles and privileges work (to of system the

Auditing system administrators requirements of an internal audit) System Security

satisfy

Transferring data between nodes on the managed network via a secure SSL connection (for example, to deliver security policies, tasks, updates and information about events to the client server). Permission to make changes to local application settings is limited and antivirus programs operate in non-interactive mode to reduce the risk of end users making dangerous changes during critical events. Kaspersky Administration Kit is a robust and highly functional tool that is at the same time easy to administer: All administration is carried out via the Microsoft Management Console (MMC), which is a familiar tool for most system administrators.

Convenient Administration

System administrators can quickly master the product, learn how to configure and use the program, using the wizards Administrators can make backup copies of all the databases and settings for Kaspersky Administration Kit, which saves time if the system needs to be later reinstalled. Color-coded graphic reports are easily understandable at a glance and are informative enough to be used as official reports to the company. Remote installation Antivirus products can be installed remotely from the system administrators workplace using any of the available methods for Windows operating systems, both forced installation and launch scenario. The system administrator can create an installation package (application distribution package, license key and responses to typical questions that arise during installation). Kaspersky Administration Kit installs applications on remote computers in non-interactive mode. All of the computers on the network can be divided into groups to simplify administration. Groups are formed to reflect the hierarchical structure of the network. Administrative groups can be created either manually or automatically using the structure of the physical network, Active Directory catalogue service or IP addresses. Kaspersky Administration Kit regularly reviews the network, adding new computers to the structure, deleting inactive computers and keeping the network up to date. Centralized management

Support for different installation methods

Automatic creation and maintenance of server hierarchies and administrative groups

Kaspersky Lab antivirus products are managed on the network using a system of security policies and tasks. The security policy for an administrative group defines the main work parameters for each application installed on computers within the group and privileges for Centralized application settings changing them. It is also possible to define work parameters for each application by creating and launching tasks for computers across administrative groups. It is not necessary for each individual computer to connect to the Kaspersky Lab server to receive updates. Kaspersky Administration Automatic updates to antivirus Kit regularly receives updates for antivirus applications and can databases and program modules automatically deliver them to all computers on the network (regardless of how the network is configured). Antivirus protection on laptops can be kept fully up-to-date, even when there is no connection with the administrative server (when an employee is traveling, for instance). Updates can be downloaded Full Support for Laptops directly from the Internet and all data (security policies and tasks from the server; events from the client) can be synchronized as soon as the laptop registers on the home network. Monitoring antivirus protection Kaspersky Administration Kit can be used to plan the networks reaction should certain types of events occur too often. For example, the system can send notifications to the administrator by email or by Options for Responding to using NetSend, launch the program (by sending messages by pager Incidents or mobile phone), use a more stringent security policy or perform an emergency update of antivirus databases. A backup folder for copies of infected files and a quarantine folder for suspicious objects are organized in the form of a distributed database Centralized storage for suspicious with centralized administration. Objects can be saved to local storage, and infected objects which end users cannot access, while the system administrator can retrieve any information from them. Statistics about the operation of all Kaspersky Lab programs installed on the network are available in a central database, which makes it easy to check that the applications are working properly and to create reports. Administrators can obtain summary reports on the program's overall operation, as well as detailed reports for individual groups on the corporate network. The system administrator can use the graphic HTML reports and Windows Event Log to monitor the performance of antivirus protection. Reports are automatically created at set intervals and sent to the system administrator. The report can be saved to disk or distributed via email. In-depth Reports By default, a browser is installed to the system for viewing reports. Kaspersky Security additionally allows events to be logged in their own catalogue using the Windows system log. There are 5 pre-installed diagnostic levels that determine the amount and depth of information appropriate for the log.

Graphic Reports on Antivirus Protection

New capabilities
New functions / enhanced functions Description

Building a logical network based on Active Directory

A logical network can be created on the basis of the Active Directory. The system administrator does not have to rebuild the logical network from the beginning in order to create administrative groups.

Building a logical network based on IP addresses

Computers can be divided into administrative groups according to IP addresses. A backup folder for copies of infected files and a quarantine folder for suspicious objects are organized in the form of a distributed database with centralized administration. Objects can be saved to local storage, which end users cannot access, while the system administrator can retrieve any information from them. There are a number of benefits to storing objects locally rather than in a distributed and centralized storage location on the server. It not only saves disk space on the server, but also makes it possible to retrieve objects from quarantine (particularly important for laptop users, who may not always be connected to the server). New algorithms compress traffic transmitted between the administrative server and client computers which reduces the volume of data by 10 times on average. This also increases the number of client computers that can be supported by one administrative server a huge advantage for organizations that use IT channels with low throughput or are geographically dispersed. System administrators can evaluate antivirus protection and the overall security of the network at a glance using color-coded graphic reports. The reports can be printed out and presented in evaluation reports on the IT department. The application includes a selection of wizards, such as the Quick Start Wizard, which simplify administrative tasks. A new, more user-friendly interface makes it possible to automatically update the network, scan the network to detect new computers, or remove inactive computers, quickly locate computers on the network, obtain advice on checking the use of macros and add commentaries for client machines, etc. Administering antivirus protection on laptops: When the laptop is disconnected from the administrative server, antivirus database updates can be downloaded directly from an alternative source on the Internet. Users receive all security policies and tasks assigned to them by the administrator.

Centralized quarantine and backup storage for suspicious and infected objects

Extended scalability

Monitoring the status of corporate antivirus protection

Greater convenience

Extended support for laptops

All events on client laptops are logged and information is sent to the administrative server: data is synchronized with the administrative server as soon as the laptop registers on the home network. Up-to-date information about computers on the network: Kaspersky Administration Kit regularly conducts a scan of the network to stay updated on which computers are present on the network. Computers that remain disconnected from the network for a specified length of time are automatically deleted from the network. Administrating antivirus protection has been made more secure thanks to the introduction of a system for auditing system administrators work, a branched system for access to the administrative server and support for data exchange between the administrative server and clients via a secure SSL connection (Secure Sockets Layer).

More secure administration

Defining responses to specified events

The system administrator can define how Kaspersky Administration Kit will respond to specified types of events (for example, the detection of viruses). Excessive numbers of such events triggers a response from Kaspersky Administration Kit. The application can respond by sending alerts via email and/or NetSend, launching an application (by sending a notification to a pager or mobile), raising the security level, launching a full system scan or an emergency update to antivirus databases, etc. The system administrator can thus plan a response to emergency situations in advance and be assured that the antivirus protection will respond appropriately. When creating a remote installation package for antivirus applications, the system administrator can also configure notifications for users asking them to restart their machines and/or informing them of a forced restart to their machines. Installation of antivirus protection is thus guaranteed and intervention from the end user ruled out. This capability allows system administrators to retrieve objects that have been mistakenly labeled as suspicious and placed in the quarantine folder. Unlike competitor administration systems, Kaspersky Administration Kit stores suspicious objects on the client computer and not on the server Support for case sensitive and authentication modes for both Microsoft Windows and the SQL server. The system administrator can create installation packages that contain application distributives, installation scenarios (user replies to questions during installation) and a licensing key. This makes it possible to install a wide range of applications in silent mode (non-interactive mode) without disturbing the end user. The system administrator can install and maintain antivirus programs on client computers outside working hours (on schedule) to avoid disruption to the end user. Kaspersky Administration Kit offers a choice of methods for updating antivirus databases on client computers: Updates can be downloaded from a shared folder on the administrative server. This is the most widely used, but far from the most convenient method. This is a slow method of delivery and is complicated by the fact that some computers on the network may be using Linux operating systems or old versions of Windows (for example, Windows 95).

Improved installation and updating for antivirus applications

Improved system for rolling back antivirus databases Extended Support for Microsoft SQL Server Remote installation of Kaspersky Lab applications and other applications in silent mode. Remote startup of client computers (Wake-onLAN)

Methods for delivering updates to client computers

Updates can be delivered via the FTP or HTTP server, which is much faster but requires installing and configuring a separate update server. Delivery of updates using the network agent. Kaspersky Lab strongly encourages users to update antivirus databases using the network agent, since this provides fast delivery, does not depend upon the operating system installed on the client machine and does not require installing and configuring separate servers. The network agent is included in the package for Kaspersky Administration Kit and can be installed on all computers centrally. Kaspersky Administration Kit delivers updates to client computers in pushmode as soon as updates are received from Kaspersky Lab servers in order to minimize the time computers are left vulnerable to new threats.

Backup copies of databases, settings and the administrative servers certificate

The klbackup utility can be used to store all databases and settings for the administrative server. If the server for some reason disappears from the network, a new server can be built within minutes with the same settings and in tune with the logical structure of the network. Backup copies of settings can be made during the installation of Kaspersky Administration Kit.
2

Creating multiple security policies for one application

The system administrator can create several security policies (settings for applications on computers in administrative groups and permission rules for them) and can specify stricter security policies during virus epidemics and other specified events.

Kaspersky Security for Microsoft Exchange Server 2003


Purpose of the document
This document is intended for Kaspersky Lab local offices and partners. Sales managers should use it as the principal source of information when answering product-related questions from potential customers. In this document, we aim to provide reliable and up-to-date information about our product and its functions, clarify its position in the Kaspersky Lab product line, outline its advantages for various potential clients, provide a comparison with rival solutions and give information on licensing alternatives.

Sales Information
What is Kaspersky Security for Microsoft Exchange Server 2003?
Kaspersky Security for Microsoft Exchange Server 2003 provides comprehensive antivirus protection for all incoming and outgoing email messages, and for messages stored on the server and in shared folders. The product uses intelligent spam detection technology from Kaspersky Lab combined with Microsoft technology.

What is new in the product?


Kaspersky Security for Microsoft Exchange Server 2003 offers protection against unwanted correspondence (e.g., spam), in contrast to Kaspersky Anti-Virus for Microsoft Exchange Server 2000/2003. This product only supports Microsoft Exchange Server 2003, because unwanted correspondence is filtered both by Kaspersky Security and by Microsofts built-in anti-spam mechanism -- Spam Confidence Level Infrastructure (SCLI). This mechanism was introduced in Microsoft Exchange Server 2003 only.

Position in the Kaspersky Lab product line


Kaspersky Security for Microsoft Exchange Server 2003 belongs to the Windows product line for business users. It is designed for use on dedicated Exchange servers (or cluster servers). If the server is used as a file server or a print server, it is also highly recommended to install Kaspersky AntiVirus for Windows File Server for full server protection. We recommend that organizations using a front end/back end server configuration install Kaspersky Security for Exchange Server 2003 to the front end, and Kaspersky Anti-Virus for Microsoft Exchange Server 2000/2003 to the back end. This configuration ensures the most reliable protection against malicious code for mail servers. It is essential to install an antivirus solution on the back end of the server to prevent malicious code entering the mail storage facility through the corporate mail gateway when users receive messages from web-based mail services (e.g., via www.yandex.ru and www.yahoo.com). Kaspersky Lab strongly recommends that all network nodes be protected. The following products are useful for creating an integrated system of defense (depending on the presence of nodes on the network or the type of nodes present): Kaspersky Anti-Virus for Workstations (for Windows or Linux) Kaspersky Anti-Virus for File Servers (for Novell Netware, Linux / Unix, Samba) Kaspersky Anti-Virus for Firewalls (for Microsoft ISA Server, CheckPoint Firewall) Kaspersky Administration Kit can also be recommended for the centralized management of Kaspersky Security for Microsoft Exchange Server 2003.

Deployment notes
Kaspersky Security for Microsoft Exchange Server 2003 comprises two main components: a security server and a management console, which can be installed separately. The security server should be installed on every Microsoft Exchange Server, while the management console only needs to be installed on the administrators workstation. If cluster servers are used, then Kaspersky Security for Microsoft Exchange Server 2003 should be installed on each Microsoft Exchange Server that constitutes a node in the cluster. If a client has already installed Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003, then it is possible to update it to Kaspersky Security 5.5 for Microsoft Exchange Server 2003.

Licensing and pricing


Licensing options
Kaspersky Security for Microsoft Exchange 2003 is licensed per mailbox. The option of choosing storage is only available to users of Microsoft Exchange Server Enterprise Edition, so users of Microsoft Exchange Server Standard Edition and Small Business Server are advised to obtain the same number of licenses as the number of existing mailboxes. In any event, the overall number of protected mailboxes should not exceed the number of licenses.

License validity periods


Licenses for Kaspersky Security for Microsoft Exchange can be obtained for periods of up to 1, 2 or 3 years from our partners or from the Kaspersky Lab eStore. During the license period registered users receive the following services: Round-the-clock technical support on all questions related to installation, set up and usage of the program; Regular updates to the antivirus and anti-spam databases; Updated versions of the product; Information about the release of new Kaspersky Lab products and alerts regarding the appearance of new viruses (this service is available to subscribers of the Kaspersky Lab News Agent).

Updating older versions of the product


Users of older versions of our Microsoft Exchange antivirus products can upgrade to Kaspersky Security for Microsoft Exchange Server at a discounted price. During the validity period of the current license. The cost of upgrading from Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003 and from Kaspersky Anti-Virus 4.5 for Microsoft Exchange Server 2000/2003 to Kaspersky Security for Microsoft Exchange Server 2003 is the difference in price between the two products minus a 30% discount. After the validity period for the license has lapsed. Users can upgrade from Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003 and from Kaspersky Anti-Virus 4.5 for Microsoft Exchange Server 2000/2003 to Kaspersky Security for Microsoft Exchange Server for the price of renewing the old version minus a discount of 30%. Keep in mind that with Kaspersky Security for Microsoft Exchange Server it is not possible to choose individual mailboxes for protection (as it was in Kaspersky Anti-Virus 4.5 for Microsoft Exchange Server 2000/2003), i.e. the quantity of licenses needed equals to the quantity of mailboxes in the storage of Microsoft Exchange Server.

Where to look for the product in the price lists


Enterprise license Kaspersky Anti-Virus Business Optimal Combined security solutions Elite enterprise license.

Advantages of our solution: Sales Points


Advantages for managers Integrated solution for protection against viruses and spam Kaspersky Security for Microsoft Exchange Server 2003 is an integrated security solution that prevents both malicious code and spam from reaching the network via SMTP mail protocol. Cutting-edge technology gives optimal protection against viruses and spam. Alongside tried and tested antivirus technology that provides one of the highest level of detection of malicious code, the product also uses the intelligent SpamTest technology for recognizing unwanted correspondence. The product works together with Microsoft Exchange 2003 and MS Outlook 2003 to provide higher level of spam recognition. The cost of obtaining the product is among the lowest on the market. Moreover, the license includes subscription to regular updates to the antivirus and spam signature databases, as well as free technical support and updated versions of the product. Advantages for IT specialists Supports cluster technology Kaspersky Security for Microsoft Exchange Server supports cluster technology to a limited extent -- that is the product must be installed on every node of the cluster. Kaspersky Security for Microsoft Exchange Server can simultaneously analyze several objects at a time, depending upon how many copies of the antivirus kernel are launched and operating on the system. Using this mode of analysis means that objects can be analyzed in the memory without saving them in a temporary folder on the hard disk. The setting parameters allow up to 8 objects with a size of up to 1 MB to be processed at a time in the memory without using the disk subsystem. The system administrator can choose one of three possible levels of antivirus protection: standard, extended or superfluous, and is thus able to limit the types of malicious code detected. Certain types of objects can also be excluded from the antivirus analysis, so that only potentially dangerous objects are scanned. Installation and set up of the antivirus program and spam protection can be carried out on a single interface. Kaspersky Lab recommends the default program settings as the optimal settings and the program is ready for use immediately after installation.

Cutting-edge technology

Two-tier spam filtration system Low total cost of ownership (TCO)

Scalability11 and Efficiency

Application Fine-Tuning

Simple to install and configure

11

The antivirus module only.

How our product compares to rival products: Functionality and price


In this section we have compiled a list of products from various manufacturers12, which also protect Microsoft Exchange Servers. Below is a table listing the functions that are common to all products and a comparison table showing features in the Kaspersky Lab product. There is also a section comparing the cost of each of the different products. The following products are viable alternatives to Kaspersky Security for Microsoft Exchange Server: Symantec Mail Security for Microsoft Exchange, Version 4.6 McAfee GroupShield for Microsoft Exchange, Version 6.0 Trend Micro ScanMail Suite for Microsoft Exchange, Version 7.0 Sophos PureMessage for Windows / Exchange, Version 2.0 Panda ExchangeSecure Antivirus F-Secure Anti-Virus for Microsoft Exchange, Version 6.4 + Spam Control. Virtually all of these products have the following features: A management console for administration The capability to administer several products through one central management tool Virus protection in real time Antivirus scanning on demand Heuristic analysis for new viruses, which signatures are not in the database yet. Spam filtration using heuristic analysis Spam filtration according attachment file type Automatic and manual updates to the database Sending blocked messages to a quarantine folder Providing statistics on the programs operation Providing information about the current status of the program Generation and export of reports Notification of incidents and events Filtration of messages by lists of IP addresses, DNSBL, blacklists and white lists is possible if Microsoft Exchange Server 2003 and Microsoft Outlook 2003 are properly tuned. The following table shows the relative advantages of Kaspersky Security for Microsoft Exchange Server over other solutions:

12

Figures from October 2005.

Symantec

Kaspersk y

Product features/advantages for the user

Supports cluster technology (Microsoft Windows 2000 Advanced Server Clusters or Windows 2003 Clusters) Detects spy ware and other potentially dangerous malware (e.g., adware, dialers, hacking & remote access tools, etc.), as well as other malicious programs. Filters spam by checking the formal attributes of the message (analyzing the email or IP address and message headings) Detects spam containing images / blocks spam in image format Checks for spam in attached files / blocks spam sent in attachments and not in the main message Filters spam by checking URL-links in the letter / Includes a mode for processing modified spam messages / blocks modified spam Can categorize messages as possible spam / prevents important information being lost Periodic updates to the antivirus database / more frequent updates of the database reduce the time users are unprotected from new threats Periodic updates to the anti-spam database / more frequent updates to the anti-spam database block new types of spam Prevents virus epidemics / Reacts to virus epidemics onthe-fly

+13

+14

+ +15 +16 + + + Hourly

+ + + + Hourly

+ + +

+ + + +

+ + + + No data Every day -

Once a Every day month Several times a No data wk As new Every threats day appear

Every 20 mins

Every 510 mins

13 14 15 16

Also possible for identical node setups. Fully GSG Technology In TXT, HTML, DOC, RTF formats.

No data Every day 3

F-Secure + + -

Sophos

McAfee

Panda

Trend Micro

Price Comparison17 Number of users 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-999 More than 1000 Kaspersk y $38,00 $34,00 $31,00 $27,50 $24,00 $22,50 $21,00 $19,50 $18,00 $16,75 Symante c $69,82 $69,82 $69,82 $62,58 $58,94 $55,58 $55,58 $50,60 $44,76 $41,08 McAfee $55,35 $55,35 $55,35 $44,90 $44,28 $44,28 $44,28 $43,67 $39,36 $37,52 Trend Micro $44,28 $44,28 $44,28 $41,70 $39,03 $35,42 $35,42 $31,94 $29,52 $27,92 Sophos $80,70 $62,80 $62,80 $49,30 $40,40 $32,30 $32,30 $26,90 $26,90 $26,90 Panda $45,68 $45,68 $45,68 $43,39 $41,23 $37,11 $37,11 $33,39 $28,39 $24,13 F-Secure $32,33 $32,33 $32,33 $27,61 $23,11 $20,41 $20,41 $17,79 $16,12 $15,16

The following graph shows the comparative prices of the products according to the number of users. Comparison Prices for Products

$90.00 $80.00 $70.00 $60.00 Cost of license $50.00 $40.00 $30.00 $20.00 $10.00 $0.00 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-999 More than 1000 Kaspersky Symantec McAfee Trend Micro Sophos Panda F-Secure

Number of users

17

All prices are given in US dollars, include taxes and are for a one-year license within the EU (figures from August 2005).

Advantages of Kaspersky Anti-Spam


The main advantages of the Kaspersky Lab antispam solution over products from other retailers: 1. Spam appears in many forms making it impossible to find a universal method of combating it. For this reason Kaspersky Lab does not rely on a single anti-spam method, but constantly redefines what constitutes a spam message using a combination of the following methods: Filtration based on checking formal attributes (message headings, DNSBL lists and blacklists/white lists) Analysis of message elements using linguistic heuristics (lists of words and word combinations that are characteristic of spam) Checking messages for signatures (spam templates) in the regularly updated database from the anti-spam laboratory. A facility for detecting graphic spam (GSG) 2. Our anti-spam laboratory is constantly processing and adding new spam templates to our databases. 3. The Kaspersky Lab solution is notable for its consistently high performance. Our products are equally effective for both small businesses and corporations that receive large amounts of messages. For example, one of our clients, Mail.ru, processes over 25 million messages (that is, 500 GB of traffic) a day. The main advantages of the Kaspersky Lab solution over The Apache SpamAssassin Project open source solution: Free technical support. A clear and informative interface makes administration easier. Automatic updates to the antivirus database ensure faster reaction than manual updates. Automatic updates to the database save the network administrator time, since the product does not require continual maintenance. Automatic installation means the product is operable immediately after installation. Installation does not require specialist knowledge or involve the time-consuming task of setting up user group rules. Technical improvements have been made to the product making operation speed much faster. Unwanted correspondence is automatically deleted, rather than simply being marked as spam and delivered to the user (however, it is possible to restore deleted spam messages from the quarantine folder).

Overview of Product functions


In this section we describe the programs main functions and give further information that can help in providing full and accurate answers to questions from potential clients, without having to search for through piles of documents or product information sheets. Product functions are grouped together according to the task that they fulfill. The left-hand column provides information that would be available to the client from the product leaflet, while on the right we have added more detailed information.

Spam Protection
Intelligent technology detecting spam for Several anti-spam techniques are combined to achieve extremely
high detection rates with a minimum of false positives. Firstly, the formal attributes of a message are analyzed according to lists of email and IP addresses, message headers and size. Filtration is also based on blacklists and white lists compiled by the system administrator. Mail can be filtered according to lists of RBL services (widely accessible and constantly growing lists of IP addresses and open-relays which are publicly known as spam sources), but only if this is enabled on the Spam Confidence Level Infrastructure (SCLI) on Microsoft Exchange Server 2003. Analyzing formal attributes of email makes it possible to filter spam in any language.

The application checks all messages that reach the Exchange Server via an SMTP protocol. When detecting characteristics of spam, it analyzes the formal attributes of the mail (email and IP addresses, the size of the message, message headings). It also applies intelligent technology to analyze the content of the message and any attachments, and can scan graphic signatures to detect spam that contains images.

Secondly, the program analyzes content: theme, the message body and any attachments in plain text, HTML, Microsoft Word and RTF formats, searching for words and word combinations typical of spam (around 53,000), text signatures (around 2500) and graphic signatures (around 6000) 18. Content analysis of messages can be carried out in Russian, English, German, French and Spanish. The database is updated every 20 minutes. The administrator can use Microsoft Exchange to make lists of users authorized to send mass mailings.

Blocking mass mailings


This product prevents any unauthorized use of the mail server by detecting and blocking attempts to distribute mass mail from computers within the organization. Only those users who have authorization from the network administrator can dispatch mass mailings.

18

This information is accurate as of August 2005.

Classifying messages
The administrator can set different rules for each category of unwanted mail and prevent the loss of important information. Messages that are pure spam can be blocked, suspicious messages sent to the junk mail folder, and formal notifications (for example, confirming dispatch or receipt of messages) can be sent to the incoming mail folder.

Messages, which the spam filter has not classified as spam, are sent to user inboxes as normal. The remaining messages that have, for one reason or another, been classified as spam are divided into the following categories: Spam (automatically deleted) Suspicious messages (automatically transferred to the junk mail folder). Formal notifications (automatically sent to the incoming mail folder) Indecent messages (automatically withheld from end users inboxes)

Virus Protection
Real-time scanning
The program scans for and removes all types of viruses, worms, Trojans and other malicious programs from incoming and outgoing mail, including attachments in nearly any format. In addition, the system administrator can enable antivirus scanning of passthrough mail traffic routed through the Exchange server. . Kaspersky Security for Microsoft Exchange Server 2003 Carries out antivirus analyses If all or part of a message is infected, then the object is processed according to the program settings Copies of the object can be saved in the quarantine folder Antivirus analysis and treatment are carried out using the antivirus database, which contains all signatures known at the time of the scan (more than 140,000 definitions as of the beginning of October 2005), as well as heuristic analysis, which is capable of detecting new viruses that have not yet been given a signature. The program supports more than 450 different file utility packages, installers and archivers (more than 1200 versions as of June 2005). This enables us to easily locate viruses in archived files. The Kaspersky Lab antivirus database is updated every hour. Messages and shared folders on the server are regularly re-scanned using the latest version of the antivirus database (when background mode is enabled). Analysis in background mode can be conducted automatically, when the antivirus database is updated, on schedule or manually. If background mode is disabled then messages stored on the server will be scanned using the latest version of the antivirus database when the user opens them. The user always receives messages that have been scanned with the most up-to-date version of the database, regardless of when the server originally received the message. The categories of objects that Kaspersky Security for Microsoft Exchange Server 2003 searches for in mail on the server depend upon which of the two possible levels of antivirus protection is enabled. Standard antivirus protection protects against all malicious programs known at the time of scanning. This is the default mode. Enhanced antivirus protection. Increased protection against potentially harmful programs, such as ad ware, dialers, and spy ware (programs that automatically download files, keyboard spies, programs for cracking passwords and programs for remote management).

On demand and on schedule background scanning


The application scans folders and messages stored on the server in the background, ensuring that all objects are processed using the latest version of the antivirus databases without any noticeable increase in server load.

Detection of potentially hostile programs


When using the extended antivirus databases, the application can detect and remove not only known malicious software, but potentially hostile programs as well. These include programs that display advertising, data collection programs, dialer programs for automatically establishing connections with pay sites and other utilities that can be used by cybercriminals for their purposes.

Virus outbreak prevention


The application can monitor virus activity and detect outbreaks, allowing the system administrator to take response measures quickly: e.g., launch a scanning task, update databases or increase the systems level of protection. The administrator can be notified of outbreaks by email and, on a local area network, using the Net Send tool.

The system administrator sets the threshold for virus activity: that is, the maximum number of events of a specified type registered within a limited time frame. If virus activity exceeds this level then notification is sent (via email and/or using NetSend on local networks). The following types of events are monitored: Infected object found. Suspicious object found. Dangerous object found Same virus found on several occasions. When a virus epidemic has been discovered, antivirus scanning can be initiated, the antivirus database updated or the application mode raised from standard to enhanced or extra. Before an infected object or message containing spam is treated, deleted or blocked, an initial copy can be saved in the quarantine folder. The object can later be deleted, restored for the purpose of obtaining information from it, or analyzed using an updated version of the antivirus database. Moreover, suspicious objects that contain variations on known viruses, or codes from unknown viruses, can be sent to the Kaspersky Lab Virus Lab for further analysis. A subsequent analysis of the object with the latest version of the database allows it to be treated or the information saved. A suspicious object is saved in the quarantine folder as a cipher to prevent the risk of infection (the object is only accessible by decoding it). The volume of information in the quarantine folder is limited by the size of the quarantine folder (in megabytes) or by the length of time it can be saved. Search for objects in the quarantine folder can be undertaken using a number of parameters: the objects status (several can be chosen), objects name, sender, recipient, theme and when the message was sent.

Backup copying
Before deleting messages, the application saves backup copies, making it possible to restore important information if attempts to cure an object resulted in failure or if a message was erroneously categorized as spam. A broad range of search parameters can be used to make finding objects in the backup storage easier.

Administration
Fine Tuning
The administrator can configure the program based on the organizations security policy and hardware capabilities, e.g., select the types of malicious and potentially hostile programs to be detected by choosing standard or extended antivirus databases; adjust the applications performance depending on the mail traffic and the number of users; and, scan only potentially hostile objects by disabling scanning of certain file types. The products performance depends partly on the settings chosen. For example, the administrator can choose one of three levels of protection: standard, extended or superfluous. See the section entitled Detecting potentially harmful programs for further details. Certain types of objects can also be excluded from antivirus scanning so that only potentially harmful objects are processed. The administrator can exclude all archives, folders with higher nesting levels, masked files (for example, *.txt) and graphic files. There are three auto-setup modes: For small volumes of mail traffic (around 1-2 messages an hour to every mailbox), when there are a large number of mail servers on the server, but the mail traffic from each of them is insignificant. For large volumes of mail traffic (from 10-15 messages an hour to every mail box), when there are relatively few mail boxes, but each mailbox receives a large number of messages. Medium mode is for when there is an even flow of messages through mailboxes on the server. Kaspersky Security for Microsoft Exchange Server 2003 can analyze objects in the operational memory without saving them in the temporary folder in advance, as long as they do not exceed a given size (by default this is 1 MB). This enables the program to work
4

faster.

Database updates
The antivirus database can be updated on demand or automatically on schedule from Kaspersky Lab Internet servers or from the companys local servers, which are specified by the administrator. Some modules of the antivirus engine and linguistic analyzer can also be updated together with the databases. Antivirus and spam recognition databases can be updated separately

After files have been copied from an update source, the application automatically runs the updated databases and uses it to scan mail for viruses and spam. If the local network is based on a sufficiently complicated structure, then we recommend downloading updates from the Kaspersky Lab server every 20 minutes, so they can be held in a shared folder on the server for local computers to copy updates from. If Kaspersky Administration Kit is installed, updates can be held temporarily in a designated folder, which then serves as the source for updating Kaspersky Security for Microsoft Exchange Server 2003.

Detailed reports
The system administrator can control the operation of the application and the antivirus protection status using descriptive HTML reports or by viewing the Windows event log. The system administrator configures the frequency with which reports are generated and the information to be included in reports. A report can be stored on the hard drive or sent via email.

Administrators can create reports using built-in templates with the required level of detail. Separate reports are issued for antivirus analysis and spam analysis. By default reports are issued on the first day of the month, and cover the last 30 days. When creating templates for reports, administrators can adjust the time period for which data is given, the frequency and time taken to compile reports, as well as how they are received (stored on the disk or via email). Kaspersky Security for Microsoft Exchange Server 2003 can also be set to register certain kinds of events in the Windows system log. The volume and detail entered in the log can be set at one of 5 levels of diagnosis. Administrators can use the administration console: To add or remove new Microsoft Exchange Servers from the list of servers available for managing the console To connect or disconnect from the server available for managing the console To create templates for informing users of new suspicious or infected objects and templates for reports For compiling reports according to a preferred template To set the parameters for locating objects in the quarantine folder To create and set criteria for defining a virus epidemic To obtain copies of objects in the quarantine folder or send them on for analysis to the Kaspersky Lab Virus Laboratory

Centralized administration
The application is configured and administered via the administration console built into Microsoft Management Console (MMC), a convenient management tool familiar to the administrator, or using Kaspersky Administration Kit, which can also be used to administer other Kaspersky Lab products.

Fast installation
The interactive installation and configuration mode used by the program by default is appropriate for most systems, making it possible to begin normal operation of the program without spending much time on installation and configuration.

Immediately after installation the application is fully operable and parameters that are automatically installed are the settings recommended by Kaspersky Lab.

Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition

Purpose of this Document


The purpose of this document is to provide partners and members of sales departments with information on the product and its functions, indicate its position in the Kaspersky Lab product line, describe the products advantages for different customer categories and provide information on licensing.

What is Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition?
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition is a software solution that scans files entering the network via the Microsoft Internet Security and Acceleration Server. The program consists of a set of filters which receive data transmitted via HTTP and FTP protocols, a system for configuring the applications settings and a management console.

Position in Kaspersky Lab Product Line


Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition belongs to the category of products for SMB and corporate users.

Whats New in the Product


Kaspersky Anti-Virus 5.6 for Microsoft ISA Server 2000 Enterprise Edition is the first version of the Kaspersky Lab product for Microsoft ISA Server 2000 Enterprise Edition. Its principal difference from Kaspersky Anti-Virus 5.1 for Microsoft ISA Server 2000 Standard Edition is that this application is intended for Microsoft ISA Servers operating as server array members. The program provides centralized control of parameters for all servers in the array and centralized updates to antivirus databases. Kaspersky Anti-Virus 5.6 for Microsoft ISA Server 2000 Enterprise Edition also supports standalone Microsoft ISA Servers. However, in this case using Kaspersky Anti-Virus 5.1 for Microsoft ISA Server is recommended.

Features
This section describes the products principal features and provides additional information that will help answer questions from potential customers more completely and professionally. The applications features are grouped by function. In the left column, the description of a function available from Kaspersky Labs marketing materials appears; on the right, additional information for sales managers is provided.

Comprehensive protection against viruses and malicious code ntivirus scanning. Kaspersky AntiVirus for Microsoft ISA Server 2000 scans all data transferred via the Microsoft ISA Server and removes all types of viruses. Objects scanned by the solution include archived and compressed files in over 1200 formats. Data in ZIP, CAB, RAR and ARJ archives can be disinfected. A unique

etails and facts. Antivirus databases containing descriptions of known


viruses (about 114,000 as of August 2005) and a heuristic analyzer capable of detecting even the newest viruses are used for scanning and disinfecting objects. The program supports over 450 different executable file compression utilities, installers and archivers (a total of over 1200 modifications as of June 2005), enabling it to detect viruses and malware in archived file formats. Kaspersky Labs antivirus databases are updated hourly. Emergency updates are released as necessary during epidemics and outbreaks.

heuristic analyzer detects unknown viruses as well.

otection against potentially hostile software. This solution provides


protection not only against malicious programs, but against potentially hostile programs as well. These include utilities for remotely monitoring and controlling victim computers (spyware), programs that automatically establish modem connections with pay sites (dialers), programs that display obscene content (pornware), etc. Such software can be detected by scanning using the extended antivirus databases.

Details and facts. Spyware programs manifest their presence


on the system in the following ways theft of confidential and personal data -- e.g., website or Internet connection passwords or credit card information; advertising in browser windows, various pop-up windows, changed browser start-up page, etc.; changes in browser settings made without the users knowledge; installation of programs on the computer without the users knowledge; use of the Internet connection without the users knowledge; slower Internet connections and general slow-down in the computers performance due to hidden operations of spyware programs; and, automatic dialing of telephone numbers using the modem resulting in larger telephone bills, etc. Such programs can penetrate a computer during data downloads via email and during installation of certain utilities. tentially hostile programs can be detected and neutralized using the extended databases by selecting the extended databases option in the

antivirus settings window.

utomatic detection of Microsoft ISA Server mode of operation. When


Kaspersky Anti-Virus is installed, the ISA Servers current mode (Firewall, Proxy, Integrated) is automatically detected. Depending upon the server mode, different sets of data filters are installed (HTTP and FTP filters or the web filter).

Details and facts: The ISA Server has three modes of operation:
Firewall, Proxy and Integrated. In Firewall mode, the ISA Server protects internal network communications from various types of Internet-borne threats by using various tools, such as IP packet filters, web filters, and application filters. In this mode, the caching of transmitted information is disabled. In Proxy mode, ISA Server acts as a cache server that routes requests and plans data loading for efficient processing of subsequent client requests. In this mode, the ISA Server does not protect the internal network. In Integrated mode, all features of the firewall and cache server are available. Additionally, in this mode, the ISA Server operates as both Proxy and Firewall. The table below shows which filters are installed for each of the three ISA Server operating modes.

Filter FTP filter Web filter HTTP filter

Proxy Yes

Firewall Yes Yes19 Yes

Integrated Yes Yes

dditional filtering parameters By file type. The etails and facts. The administrator can exclude certain file formats from the administrator can define the list of objects to be scanned, for example, graphic files, which are not likely types of objects that will not to contain viruses. be scanned for viruses, helping reduce ISA Server load.
administrator can define the list of trusted servers. Data transferred via these servers is not scanned for viruses. The more servers included on the trusted server list, the less Kaspersky Anti-Virus interferes with data requested by users.

Trusted servers. The system etails and facts. Trusted server parameters can be set in one of four ways:
the server domain name; the server IP address; the subnet; an IP address range.

By

user group. The etails and facts. Each group consists of internal network clients to whom administrator can create the same policies can be applied. Each client can be a member of one or groups of ISA Server users more groups. A client can be defined using an IP address or a group of IP and apply individual data addresses. Clients defined by specific IP addresses can be computers with processing rules to each network services installed and/or permanent IP addresses e.g., mail

19

The filter is disabled upon installation.

group, defining specific restriction levels based on the companys security policy and employee needs.

servers. For network clients which do not have a permanent IP address, one client defined by a subnet address and mask can be created. A policy can be defined for each group of clients. cannot have more than one policy. A group

ptimizing the applications performance The product has been certified by Microsoft for compatibility with Microsoft ISA Server Optimization for Intel Xeon. Based on the
results of optimization, Kaspersky Anti-Virus for Microsoft ISA Server has been granted the Intel Xeon logo.

Details and facts. This is Kaspersky Labs first product for


servers certified by Microsoft. The products reliability and stability have been confirmed.

Details and facts.

Based on test results, optimization has helped reduce the following parameters:

processor time required to process a fixed set of files reduced by 66%; the number of input-output operations reduced by 30%; and, the amount of data written/read reduced by 17% As a result: the performance of Kaspersky Anti-Virus is higher than the performance of the ISA Server the presence of malicious code is issued faster than the Microsoft ISA Server provides a new object for scanning. When using the server on an Intel Xeon-based computer attempts to create load under which our server becomes a bottleneck failed.

Launching several copies of the antivirus engine.


Kaspersky Anti-Virus for Microsoft ISA Server is capable of scanning large volumes of data without reducing the ISA Servers performance.

Details and facts. By default, when Kaspersky Anti-Virus


starts, four copies of the antivirus engine are launched and work in parallel. Up to 32 copies of the antivirus engine can be configured to run at the same time, although we recommend that four copies of the engine run for each physical processor.

Setting transmission parameters for the data being scanned. The


administrator can set the maximum time during which a data packet can be scanned before it is delivered to the user, the maximum interval in seconds between data transmissions and the amount of data accumulated by Kaspersky Anti-Virus for analysis and scanning and not sent to the user before such analysis and scanning is completed.

Details and facts. The default settings are optimal for most
configurations. However, the administrator can configure the product based on the companys specific requirements. The administrator can set the following parameters: the number of queued objects cached in memory; buffer size for cached objects (KB); the number of antivirus engines running simultaneously; and, the number of antivirus engine instances reserved for scanning some categories of HTTP traffic (the so-called fast traffic). The following types of objects can be classified as HTTP traffic fast objects: text files smaller than 2 MB; graphic files smaller than 2 MB; and, other objects (excluding executable files) smaller than 256

KB. The size of the queue of objects to be scanned. This field defines the maximum number of objects that can be simultaneously located in the queue for antivirus scanning. Queue sizes from one to 16,383 objects can be set. Maximum scan time in seconds. This field defines the maximum time allowed for scanning an object. If an object could not be scanned during that time, it will be categorized as uninfected and sent to the client requesting it.

The administrator can restore the default values of parameters at any time.

exible management and administration Administration based on Details and facts. The administrator does not need to configure each Settings configured on one node will be array rules. Antivirus server individually.
settings can be configured automatically applied to all array members. on one of the arrays members.

Remote

management. Details and facts. Kaspersky Anti-Virus for Microsoft ISA Server
can be managed using the Kaspersky Administration Kit or the Microsoft Management Console. Differences between security policies for different user groups may include restrictions related to downloading files of certain types, sizes, etc.

Using either of the centralized management tools, the administrator can configure antivirus scanning parameters, create user groups based on various criteria, define security policies for these groups, configure reporting parameters and generate reports, install license keys, update antivirus databases, etc.

Notification and reporting system. ISA Server


Alerts, a system tool built into the ISA Server, provides various methods of notifying the administrator of critical events that occur in the operation of Kaspersky Anti-Virus installed on the ISA Server. All important messages concerning the operation of Kaspersky Anti-Virus are also recorded in the Windows log system. Furthermore, Kaspersky Anti-Virus allows for the complete diagnosis of its performance on any of the Microsoft ISA Servers on which it is installed and records results in the

Details and facts. For Kaspersky Anti-Virus there are also a


number of events that require the immediate response of the system administrator, such as The License Is Expiring. The list of such events is added to the existing ISA Server Alerts list immediately after the application is installed on the server. The administrator can configure the method of notification for each event, including recording the event in the system log, email notification, etc. During installation of Kaspersky Anti-Virus a separate log is created in the Windows log system. Kaspersky Anti-Virus diagnostic logs include data on the applications operation for a specific date with the given level of detail, as well as information on any malicious objects detected. The administrator can configure how detailed the information recorded in these logs is. All messages created by Kaspersky Anti-Virus are categorized based on the events that initiate them. The level of detail can be configured, from recording no information or principal events only to recording all information, including debugging. The administrator can restore default parameter values at any

relevant logs.

moment.

The Products Advantages for the Customer (Sales Points)


Business Benefits Reliable protection against viruses and spyware based on the use of advanced technologies
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition offers reliable protection against viruses and spyware owing to the use of cutting-edge technologies. The solution is based on Kaspersky Labs antivirus engine offering malicious program detection rates that are among the industrys highest.

Solid value

No additional product needs to be purchased in order to manage Kaspersky AntiVirus for Microsoft ISA Server 2000 Enterprise Edition. All administration functions can be performed via Microsoft Management Console or Kaspersky Administration Kit, which is supplied free-of-charge. Purchase of a license for Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition includes not only the right to use the product and subscription to regular updates to antivirus databases and product components, but also free new versions of the program and round-the-clock technical support via telephone or email in several languages.

Benefits for IT-professional

Convenient administration

Configuration of antivirus protection policies and administration of the server array is performed centrally from any computer with Microsoft Management Console or Kaspersky Administration Kit installed. Kaspersky Administration Kit, unlike many other vendors proprietary administration modules, can be used to set antivirus protection policies for the entire ISA server array.

Server load optimization

Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition offers a broad range of capabilities related to configuring filtering parameters and transferring scanned data to users, helping reduce the lSA Servers load. Optimization for Intel Xeon processors used in dual-processor systems and support to launch several copies of the antivirus engine allow the solution to process large volumes of data without reducing the ISA Servers performance.

Ease of installation

Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition integrates into the ISA Server, automatically detecting its current mode of operation and setting its parameters depending on the ISA Servers mode.

Advantages Compared to Alternative Solutions


Alternative solutions for the comprehensive protection of Microsoft ISA Server, which the customer may consider (as of Septembert 2005) include Symantec AntiVirus for Microsoft ISA Server 4.3 for Windows, BitDefender for MS ISA Server 2.0, Trend Micro InterScan WebProtect for MS ISA Server 3.1, McAfee SecurityShield for Microsoft ISA Server 1.0, and GFI WebMonitor for ISA Server.

Price Comparison
Number of licenses 10-24 25-49 Kaspersky 13.50 12.50 11.50 (100149) 11.00 (150249) 10.50 10.00 9.00 McAfee 16.63 15.80 13.64 12.14 10.65 9.31 Trend Micro 26-50 51-100 Number of licenses 15.96 14.28 10.98 10.10 9.55

100-249

251-500

250-499 500-999 1000+

501-750 751-1000

Prices are stated in euro () exclusive of VAT

Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition HTTP traffic scanning. Support for scanning traffic transmitted via HTTP protocol, which is used for viewing web pages. FTP traffic scanning. Support for scanning traffic transmitted via FTP protocol, which is used for transferring files from the Internet Scanning of FTP over HTTP traffic. Support for scanning FTP traffic transferred via the HTTP protocol (FTP over HTTP) for downloading files from websites Additional filtering parameters for SMTP

Symantec AntiVirus for Microsoft ISA Server 4.3 for Windows

BitDefender for MS ISA Server 2.0

Trend Micro InterScan WebProtect for MS ISA Server 3.1

Panda ISA Secure


Compatible with BitDefender for Mail Servers (WIN SMTP Proxy

Message size Message header Attachment name Attachment size

Message header Attachment name Attachment file type

Creating and managing user groups Additional filtering parameters

For complex files: File size in bytes Nesting level For all files: By file extension

By file extension By MIME type

?
By file extension By MIME type

By file extension

Compressed files

Trusted server list Remote management tools

MMC Kspersky Administration Kit

_
MMC Web- based interface

MMC

Web- based interface IIS required on the machine with the product

Panda AdminSecure

Application has its own logs

(+ logs
recorded in Windows Application Event)

(+ logs (+ logs (+ logs


recorded in Windows Application Event) recorded in Windows Application Event) recorded in Windows Application Event)

Support for arrays Optimization for Intel Xeon Microsoft Certification Notification tools


ISA Server Alerts using SMTP

_ _ _
ISA Server Alerts using SNMP, SMTP

_ _ _
ISA Server Alerts using SMTP

_ _ _
SMTP

_ _ _
SMTP, network broadcast

Licensing
Licensing of Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition is based on the number of workstations and file servers using Microsoft ISA Server to acces the Internet. Each license type is acquired for a certain limited period of time (one, two or three years from the date of purchase). During the term of the license, registered users can receive the following services: round-the-clock technical support via telephone and email on issues related to installing, configuring and using the software product; hourly antivirus database updates and updates of the content filtering database every twenty minutes; program module updates; free new versions of the product; and, information on the release of new Kaspersky Lab software products and notification of new viruses appearing globally (these services are provided to those who sign up to Kaspersky Lab news updates).

51

Kaspersky Mail Gateway


Target Audience of This Document
This documents target audience includes Kaspersky Lab partners and Kaspersky Lab sales department staff. This document is intended for internal use only.

Purpose of This Document


The purpose of this document is to provide partners and sales department staff with reliable and up-to-date information about the product and its functionality, indicate its position in the Kaspersky Lab product line, describe the products advantages for different target audiences, compare it with alternative solutions produced by competitors and provide information about available licensing schemes. This document is intended as the principal source of information about the product, to be used by sales managers to answer potential customers questions.

What is Kaspersky Mail Gateway


Kaspersky Mail Gateway is a versatile solution that provides full-scale protection for mail system users against viruses and unwanted email (e.g., spam). The application scans email messages for viruses and other malicious and potentially hostile programs and performs centralized filtering of the email traffic to identify spam before each message is delivered to the end recipients mailbox.

Whats New in the Product


Compared to Kaspersky SMTP-Gateway version 5.5, protection of corporate email system users against unsolicited emails (spam) has been added in Kaspersky Mail Gateway 5.5.

The Products Position in the Kaspersky Lab Product Line


Kaspersky Mail Gateway 5.5 belongs to the group of Linux / Unix products developed for corporate clients. Kaspersky Lab strongly recommends protecting all nodes of a corporate network. The following products are also recommended to customers in order to create a full-scale protection system (depending upon the presence of specific network node types): Kaspersky Anti-Virus for Workstations (Windows and/or Linux) Kaspersky Anti-Virus for File Servers (Windows, Novell Netware, Linux / Unix, and/or Samba) Kaspersky Anti-Virus for Firewall (MS ISA Server and CheckPoint Firewall) Kaspersky Security for PDAs Kaspersky Administraton Kit.

Positioning
The main product selling points are as follows: integrated protection against viruses and spam available in a single product, with installation, setup and management via a single interface; the highest malicious program detection rate among Linux-based solutions (based on independent testing results, see Attachment 1); the product provides an additional protective buffer, because it is installed BETWEEN the corporate network and the Internet; the product is easy to install as there is no need to integrate it into the existing mail system; the product combines well with other vendors antivirus solutions if they are used on other network nodes (workstations, file servers, mail servers, etc.).

52

Alternative Kaspersky Lab Solutions for Mail Protection


When recommending Kaspersky Mail Gateway 5.5 to a customer, issues that need to be taken into account are the existing mail server type, whether an antivirus solution is already installed and the customers wishes regarding integrated or standalone operation of the antivirus program and the spam filter (i.e., on the same computer with the mail server or on a separate server). The following table provides possible choices between solutions for corporate mail protection against viruses and spam based on these factors. An antivirus solution for mail is installed Mail server type Any type of mail server

Type of installation Antivirus and spam filter on one server BUT separate from the mail server Antivirus and spam filter on one server, on the same machine with the mail server Antivirus on a separate server, spam filter on the same computer with the mail server Antivirus and spam filter on different servers Antivirus and spam filter on one server BUT separate from the mail server Antivirus and spam filter on one server, on the same machine with the mail server Antivirus and spam filter on different servers

Recommended choices / advantages Kaspersky Mail Gateway 5.5 Low cost Kaspersky Mail Gateway 5.5 Low cost

No

Linux / Unix

MS Exchange for Lotus Notes / Domino Any type of mail server

Kaspersky SMTP Gateway 5.5 for Linux / Unix on the Internet gateway & Kaspersky Anti-Spam Enterprise Edition on the mail server Antivirus and spam filtering are separated and run on different servers Kaspersky Anti-Virus for the relevant mail server (MS Exchange, Lotus Notes / Domino) & Kaspersky Anti-Spam Enterprise Edition on a separate Linux / Unix server Kaspersky Mail Gateway 5.5 Additional antivirus protection plus anti-spam protection Kaspersky Anti-Spam Enterprise Edition Protection of mail against spam as well as viruses Kaspersky Anti-Spam Enterprise Edition on a separate Linux / Unix server Protection of mail against spam as well as viruses

Yes, on the mail server

Linux / Unix MS Exchange for Lotus Notes / Domino

The Products Functionality


This section describes the programs main features and provides additional facts and comments that will help answer potential customers questions more accurately and in greater detail. Individual features have been grouped by function. In the left column, information available to users from the products datasheet appears, and in the right column, more detailed information is provided.

Integrated protection against viruses and spam


Antivirus scanning.
Kaspersky Mail Gateway scans for and removes all types of viruses, and malicious and potentially hostile programs (e.g.m adware, spyware, etc.) in all incoming and outgoing email messages, including attachments in most format. Scanning and disinfection is carried out using antivirus databases containing descriptions of known viruses at the time of scanning (134,803 records as of August 12 200520), as well as the heuristic analyzer, which is capable of detecting the newest viruses. The program supports over 450 different executable file compression utilities, installers and archivers (a total of over 1200 modifications as of June 2005), enabling it to detect viruses in archived files. Kaspersky Labs antivirus databases are updated hourly. High spam detection rates with minimal false-positive rates are achieved by combining different methods of fighting spam. First, mail traffic filtering is performed based on formal attributes, including email and IP addresses recognized as sources of spam and included in publicly available or administrator-defined lists of rules for message headers. Secondly, the program analyzes the contents of the Subject field, message body and attachments in plain text, HTML, Microsoft Word or RTF formats using keywords and word combinations from the Kaspersky Lab database which are typical of spam messages (about 53,000 entries), as well as samples of entire spam messages (about 2,500 samples) and graphical signatures (about 6,000)21. Formal methods can be used to filter spam in any language. Methods of linguistic analysis can be used to fight spam in Russian, English, German and Spanish. The database is updated every 20 minutes. Notification templates are defined by the administrator. They can contain text in the native language of a mail system user. The application can check whether the syntax of the notification templates is correct, making the administrators work easier. Additional information can also be added to email messages. For example, the following information can be added to message headers: the applications version, the date of the latest update of antivirus databases, time of scan and scan result. Any text defined in accordance with the security policy or other rules of the organization can be added to message bodies.

Spam filtering.
The application scans mail traffic for spam based on filtering by formal attributes and analysis of message contents and attachments using intelligent technologies based on special graphical signatures for detecting spam in the form of images.

User notification.
If a suspicious or infected object is detected, the system administrator, sender and recipient of the message receive a notification, the contents, format and language of which is defined by the system administrator. If a message is categorized as spam, it can be blocked, sent to a quarantine folder or delivered to the recipient with a special tag in message header.

20 21

Up-to-date information is published on http://www.kaspersky.com/avupdates Information on anti-spam databases as of early August 2005

Quarantine.
Infected and suspicious objects detected in mail traffic and messages identified as spam can be moved to a quarantine folder. The administrator can view or delete messages in the quarantine folder or forward them to the recipient.

The application can be configured to select messages having a specific status after scanning for viruses and spam and save them in a quarantine folder. In particular, messages identified as spam or probable spam and messages containing infected, suspicious or damaged objects can be saved in the quarantine folder. The application can be set up to either block or deliver copies messages that have been saved in the quarantine folder. The system administrator can at any time view the contents of the quarantine folder, delete messages from it or send a message to an end recipient.

Additional message filtering capabilities


Email messages often contain objects that are likely to contain viruses, The application can be configured such as .exe files. Mail traffic filtering can be organized in such a way to filter mail traffic by attachment as to store objects containing .exe files in a separate folder. At the name and file type, helping to same time, there are files that cannot be infected and these can be immediately identify objects that excluded from antivirus scanning to reduce server load. This is true, are likely to contain viruses and for example, of text files (plain text). use a different set of processing rules for such messages. By user group. The administrator can create groups of mail system users and apply individual message processing rules to each group by defining limitations in accordance with the security policy and employee needs.

By attachment type

Data integrity
Message archives.
The administrator can maintain archives of received and/or sent messages if this is required by the companys security policy. A special utility manages objects in incoming/outgoing message archives, i.e., the administrator can view the entire contents of an archive or information about specific messages, delete all messages or a specific message from the archive, or send specific messages in the archive to initial recipients.

Protection of the server against unauthorized access


The system administrator can restrict SMTP connections, thereby configuring the application to prevent DoS attacks and the use of the server by third parties for launching unauthorized mass mailings. In some cases, this helps reduce server load and increase the processing speed of mail traffic. Restrictions help fight some types of virus outbreaks and denial-ofservice (DoS) hacker attacks, when the mail server may be blocked or slowed down by large volumes of unwanted incoming traffic. For example, the administrator can limit the number of messages sent and received at the same time, the number of objects being scanned for viruses simultaneously or the number of recipients a message can have to prevent mass mailing of a message, etc.

Flexible management and administration


Remote administration.
Kaspersky Mail Gateway can be managed remotely from the web browser using the Webmin program, which can also be used to regulate access rights to the application. The application can also be configured traditionally, using the configuration file. Webmin is a program that simplifies administration of a Linux / Unix system, which may be important for system administrators who lack extensive experience working with these operating systems.

Configuration optimization

of

and By default, mail messages will be processed based on the rules the specified in the configuration file that is included with the application
5

application.
Depending on mail traffic volume and the stringency of the companys security policy, the administrator can change the applications operating parameters, from maximum system performance to maximum user protection. The administrator can also configure various timeouts for message sending and/or receiving, manage the applications queue and limit the number of objects that can be scanned simultaneously in the background mode.

distribution package. Kaspersky Lab regards this as the optimal operating mode for the application. Rules define which objects will be scanned by the application and how stringently, which actions will be performed on these objects, etc. The administrator can alter the way the application operates by changing message processing rules. The administrator can also use a special utility to manage the applications queue (the queue of messages intended for antivirus processing or anti-spam scanning): view the contents of the queue or information about specific messages in the queue, delete all messages or a specific message from the queue, and/or send all or selected messages bypassing the queue.

Configuration of updates.
The antivirus database can be updated on demand or automatically on schedule from Kaspersky Lab servers on the Internet or from local servers specified by the administrator. Some modules of the antivirus engine and the linguistic analyzer are updated as well.

A special updating component, keepup2date, which is included with the application, is used to update antivirus and content filtering databases. Databases are updated from dedicated Kaspersky Lab servers. If the local network has a sufficiently complex structure, we recommend that updates be downloaded from Kaspersky Lab update servers every 20 minutes and placed in a network folder. Local computers on the network should be configured to copy databases from that folder. Depending on the level of detail specified for a report on the applications performance, it can contain information on critical errors, errors that occurred when scanning objects, license key expiry, the absence of free space on the hard drive, the path to the configuration file, the areas to be scanned, etc. For each object scanned the report may contain sender and recipient email addresses, the IP address of the host from which the message was received, the list of detected viruses, the status after antivirus scanning and processing by the spam filter.

Graphical reports
The Webmin program includes the option to view virus activity for given time periods in graphical form. Data on the types of viruses detected during antivirus scans can also be viewed. In addition, the administrator can receive detailed information on the programs status and operation by using a broad range of reports with the desired level of detail.

The Products Sales Points


The principal characteristic of this product is that it can be installed on a separate server and does not require integration into the existing mail system, making it possible to avoid changing a customers system which has been debugged and time-tested. Therefore, the choice of Kaspersky Mail Gateway is an easy step towards the multi-vendor approach to protecting a companys information that is often adopted nowadays. Benefits from the managers standpoint Kaspersky Mail Gateway ensures reliable protection against viruses and spam by using advanced technologies. The product is based on the Kaspersky Anti-Virus engine offering malicious program detection rates that are among the industrys highest and the SpamTest technology which uses cutting-edge methods to fight spam. The applications normal operation does not require the purchase of a powerful server or expensive software licenses. The hardware requirements are not high and the software required Linux / Unix class operating systems is free-of-charge. The total cost of ownership of Kaspersky Mail Gateway is among the lowest on the market, owing to the flexible licensing policy of Kaspersky Lab. The license includes not only subscription to regular antivirus database updates and technical support in several languages, but free new versions of the program as well. Benefits from the IT specialists viewpoint Integrated standalone security solution providing protection against viruses and spam No dependence on the platform and existing mail server type Kaspersky Mail Gateway is an integrated security solution: the product protects mail system users against both viruses and spam. A single interface is used to install the anti-virus filter and the anti-spam protection. Because the solution operates on a standalone basis, there is no need to worry about the inter-operability of the mail server and Kaspersky Mail Gateway. Kaspersky Mail Gateway does not depend on the platform and existing mail server type, making the solution versatile. The Kaspersky Lab product works well in combination with most mail systems, including MS Exchange, Lotus Notes, Sendmail, Qmail, etc. Kaspersky Mail Gateway is a fully functional mail router, and therefore it does not need to be integrated into the existing mail system. The programs installation and setup take minimal time and do not require extensive experience of using Linux / Unix systems.

Reliable protection against viruses and spam

Low non-recurring costs of implementation

Low total cost of ownership

Easy installation

Advantages over Alternative Solutions


The table below lists alternative solutions designed to protect the corporate mail gateway against viruses and spam that the customer may consider (information dated August 2005) and specifies their shortcomings compared to our solution. Shortcomings of competing solutions No version for Linux / Unix. Less frequent antivirus database updates (weekly). Advantages of Kaspersky Mail Gateway Support for filtering graphical spam and attachments in TXT, HTML, DOC and RTF formats. A state-of-the-art product providing integrated protection, equally effective against viruses and spam.

Symantec Mail Security for SMTP 4.1

McAfee WebShield SMTP 4.5 No version for Linux / Unix. A rather old version (2000), the latest update was released in 2004.

Poor anti-spam functionality: no signature (sample) -based filtering, no filtering based on heuristic methods (word and word combination samples), no filtering by URLs contained in messages, no selection of spam filtering profiles (by stringency). Less frequent antivirus database updates (daily) and antispam database updates (monthly). Trend Micro InterScan Messaging Security Suite 5.5 The Linux version requires installing and configuring a Postfix mail server, making product deployment more difficult. No support for Russian language spam filtering, no filtering of graphical spam, no filtering by URLs contained in messages. Less frequent antivirus database updates (several times a week). The highest price among similar products (see diagram). A PostgreSQL or CBD database needs to be additionally installed. No support for filtering spam in Russian. Less frequent antivirus database updates (as new threats appear) and anti-spam databases (daily). A limited range of anti-spam tools: no filtering based on formal attributes, signatures (samples), attachment file types (extensions), no choice of spam filtering profiles (by stringency). Less frequent antivirus database updates (daily). Higher price. A separate product, F-Secure Spam Control, needs to be purchased for protection against spam. Spam is sorted at the mail client level, not the server level. Less frequent antivirus database updates (daily). Easy installation and setup. Support for filtering spam in Russian, graphical spam, and attachments in TXT, HTML, DOC and RTF formats.

Sophos PureMessage 5.0 Low total cost of ownership. Support for filtering spam in Russian, graphical spam, and attachments in TXT, HTML, DOC and RTF formats

BitDefender SMTP Proxy (Linux) 1.6 Support for filtering spam in Russian, graphical spam, and attachments in TXT, HTML, DOC and RTF formats.

F-Secure Internet Gatekeeper 6.4 & F-Secure Spam Control Integrated protection against viruses and spam in one product. Centralized filtering of spam at the server level.

Price comparison table for similar products22

Number of licenses 5 - 10 11 - 25 26 - 50 51 - 100 101 - 150 151 - 250 251 - 500 501 - 750 751 - 1000 1000 1999 >2000

Kaspersk y n/a 14.50 13.00 12.50 11.30 10.50 9.70 8.10 8.10 6.50 6.50

Symantec n/a 10.42 10.00 10.00 8.91 8.91 8.43 7.89 7.89 7.89 6.80

McAfee n/a 19.66 15.94 15.74 13.77 13.77 13.38 12.20 12.20 11.40 8.06

Trend Micro n/a 38.40 34.06 30.47 26.54 26.54 23.42 21.54 20.38 20.38 20.38

Sophos 107.60 62.80 49.30 40.40 32.30 32.30 26.90 26.90 26.90 26.90 26.90

BitDefend er 24.90 22.48 19.90 17.50 n/a n/a n/a n/a n/a n/a n/a

F-Secure n/a 28.03 23.55 19.29 16.94 16.94 14.84 13.52 13.52 12.75 12.75

110 100 90 80
Symantec McAfee Trend Micro Sophos BitDefender

Price in USD

70 60 50 40 30 20 10 0 5 - 10 11-25 26-50 51-100 101-150 151-250 251-500 501-750

Kaspersky F-Secure

751-1000 1000-1999

Over 2000

Number of licenses

All prices are in US dollars, inclusive of taxes, for a one-year license for sale within EU territory (information accurate as of June 2005). For Symantec Mail Security for SMTP, the price specified is valid for the US market and may be slightly lower than European prices. 5

22

Deployment Scenarios and Their Advantages


Depending on the structure of a specific network, the following deployment scenarios are possible for Kaspersky Mail Gateway: 1. Installation of the application between the corporate network and the external network in the buffer zone at the organizations perimeter. 2. Installation of the application within the organizations mail system. In each of the above cases the application can be installed either on the same server with the mail system or on a dedicated server. Note. The application does not include an MDA (Mail Delivery Agent). Therefore, either deployment scenario should include a mail server (MS Exchange, Lotus Notes, Sendmail, Qmail, etc.), delivering emails to local users. The principal advantage of installing the application at the organizations perimeter is higher performance of the system as a whole due to minimization of the number of email transfer cycles. In this deployment scenario the existing mail server is not connected to the Internet, providing additional data protection. The advantage of installing the application inside the mail system is that no one in the external network can obtain data from the application installed on the server and its parameters. Also, when the application is installed inside the mail system on a dedicated server, the load can be distributed among several servers performing antivirus scanning.

Licensing
The licensing policy for Kaspersky Mail Gateway offers a choice of two licensing options: 1.
By the number of users protected.

Licensed users are those who send and receive messages which have been scanned by the antivirus engine and the spam filter and did not contain viruses or spam. Hence, the list of users being protected is dynamic (the presence or absence of a user on the list depends on their mail activity) and its size is limited to the number specified in the license. The customer needs to develop a list of addresses (including aliases) that will be covered by antivirus protection and spam filtering.

2.

By volume of mail traffic processed (MB/day). The license key is issued for a certain number of megabytes of incoming and outgoing mail traffic per day. Only uninfected messages and messages not categorized as spam are taken into consideration. Infected messages are scanned but not included into the calculation of the proportion of licensed volume used. Messages received after the licensed limit is exceeded are scanned in the demo mode (i.e., a message is forwarded to the recipient regardless of scan results).

Each type of license can be purchased for a specific limited time period (one, two or three years from the date of purchase) as part of the Business Optimal (by the number of users protected) or Corporate Suite package. The following services are available to registered users of the program during the license term: round-the-clock technical support on issues related to installation, configuration and operating the product; hourly antivirus database updates and updates of the content filtering database released every twenty minutes; new versions of the software product; information on the release of new Kaspersky Lab software products and notification of new viruses appearing globally (these services are provided to users who have subscribed to Kaspersky Lab news).

Attachment 1. Detection Quality. Independent Test Results


In April 2005, Kaspersky Anti-Virus was again awarded the VB100% award for the quality of virus detection on the Red Hat Linux 9 platform. The comparative test was carried out on 17 antivirus products developed by different vendors. Unlike the majority of test participants, Kaspersky Anti-Virus detected all the viruses in the test collection. Participants of the testing also included products by Trend Micro, McAfee, ESET, F-Secure, Doctor WEB and others. During the period from 1998 to June 2005, Kaspersky Lab products have received 27 VB100% awards. Note. Virus Bulletin, a British magazine founded in 1998, regularly performs independent testing of antivirus products and awards the VB100% award based on test results. This award is generally accepted as a quality mark of antivirus protection and indicates that an antivirus program has identified all viruses from the test collection. The quality of antivirus solutions is tested both in real time (on access) and on demand. Also (and just important), the program should not identify any uninfected files as infected (that is, false alarms or false positives). The test collection includes viruses that pose the greatest threat to the user at the time of testing (In the Wild List).

Kaspersky Anti-Virus for Windows Workstations


Purpose of the document
This document is intended for Kaspersky Lab partners and sales staff. Sales Managers can use it as the principal information resource when addressing questions from potential customers. In this document, we aim to provide the most reliable and current information about our product and its functions, its position in the Kaspersky Lab product line, and the available licensing options. We also aim to clarify the advantages of the product for each type of user and show how the product compares with competitor solutions.

Sales Information
What is Kaspersky Anti-Virus for Windows Workstations?
Kaspersky Anti-Virus 5.0 for Windows Workstations protects workstations from viruses, malicious code and potentially dangerous programs by scanning all data entering the computer via information sharing tools, email and Internet traffic.

New features in the product


New features in Kaspersky Anti-Virus for Windows Workstations Version 5.0 include: Three levels of antivirus protection with predefined settings: Maximum Protection, Recommended Protection and Maximum Speed. The option of scanning and processing potentially dangerous objects in real-time or on demand. Treatment for files in ZIP, ARJ, CAB, RAR, ICE and LHA formats. Antivirus scanning of SMTP and POP3 email traffic sent via any mail client and treatment of Microsoft Outlook and Microsoft Outlook Express mail databases. Installation using any centralized software installation system that supports distribution in the MSI format (including via the Active Directory Server) Protection from network attacks and the option of operating in Stealth Mode. Automatic search for the least busy server when downloading updates to speed up the process. Moreover, if the Internet connection is lost or interrupted, only those parts that are missing are downloaded on a connection is re-established. Updates can now be stored on local sources. Scan suspension during periods of increased computer activity Quarantine folder for storing copies of suspicious or infected objects before they are processed or deleted. Simplified processes for working with the quarantine folder, including time limits for the storage of objects in quarantine. Objects can be sent from the user interface to the Kaspersky Virus Lab for further analysis. Import/export of Kaspersky Anti-Virus for Windows Workstations settings. Option of compiling lists of processes/applications and file operations that are not be affected by Kaspersky Anti-Virus for Windows Workstations in real-time. Option of downloading full or partial updates, and updates for all Kaspersky Lab products or only for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 5.0 for Windows File Servers. Password protection to prevent removal of the antivirus solution from the computer.

62

Position in the Kaspersky Lab product line


Kaspersky Anti-Virus for Windows Workstations Version 5.0 is expressly intended for use on workstations operating under the Windows operating systems for home users. It is essential that all nodes on a network be covered by antivirus protection. The following products can be recommended to clients to complete their protection: Kaspersky Anti-Virus for Workstations (Windows and/or Linux) Kaspersky Anti-Virus for File Servers (Novell Netware, Linux/Unix, Samba) Kaspersky Anti-Virus for Firewalls (Microsoft ISA Server, CheckPoint Firewall) Kaspersky Security for PDA, Kaspersky Administration Kit provides centralized administration of enterprise level antivirus systems based on Kaspersky Lab products.

Licensing and pricing


Types of licenses
Kaspersky Anti-Virus for Windows Workstations is licensed based on the number of workstations upon which the product is installed.

License subscription periods


Licenses for Kaspersky Anti-Virus cover one, two or three years, and are available from our partners or from the Kaspersky Lab eStore. During the subscription period, registered users can take advantage of the following services: Round-the-clock technical support on all questions related to installation, set up and operation of the program; Regular updates of antivirus databases; New product versions; and, Notification of the release of new Kaspersky Lab products and warnings about new viruses (this service is available to subscribers to the Kaspersky Lab News Agent).

Upgrading from earlier product versions


For users who are still subscribed to a previous version of Kaspersky Anti-Virus for Windows Workstations, upgrading to version 5.0 is free-of-charge.

63

Confidential

Position of the Product in Price Lists


In the Russian Federation, the CIS and the Baltic States, the following options are available: Small Business Pack Small Business Pack Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Protects mail systems ultilevel protection Protects mail systems ultilevel protection

Medium Business License Medium Business License Corporate License Corporate License

Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal


Kaspersky Corporate Suite Kaspersky Corporate Suite

Protects mail systems ultilevel protection

For customers in all other countries, the following options are available: Small Business Pack Small Business Pack Enterprise License Enterprise License Enterprise License Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Mail protection Multi-tier protection Mail protection Multi-tier protection Key component protection

Sales Points
Benefits for managers Kaspersky Anti-Virus for Windows Workstations relies upon advanced technologies that provide reliable protection from viruses and potentially harmful programs. The product integrates the Kaspersky Anti-Virus Engine, which is renowned for industry leading detection rates of malicious code. Ownership of Kaspersky Anti-Virus for Windows Workstations includes use of the product, subscription to regular updates of antivirus databases and program components, free upgrades to new product versions and round-the-clock technical support in several languages (by phone or email). Benefits for IT specialists Predefined settings Kaspersky Anti-Virus for Windows Workstations has three pre-defined settings that provide the most suitable protection for typical work scenarios, thus helping reduce time spent on setting up the system.

Reliable protection from viruses and potentially harmful programs

Low Total Cost of Ownership

Easy installation and administration

Kaspersky Administration Kit can be used to remotely install, configure and monitor Kaspersky Anti-Virus for Windows Workstations. The option of creating group tasks helps minimize time spent on implementing antivirus protection on the network.

Comparison with Competitor Products: Functionality and price


The main alternatives to Kaspersky Anti-Virus for Windows Workstations are:
64 Confidential

Symantec AntiVirus Corporate Edition McAfee VirusScan Trend Micro OfficeScan Corporate Edition F-Secure Anti-Virus for Workstations Panda ClientShield Sophos Anti-Virus

This section provides a comparison of the functionality and pricing of Kaspersky Anti-Virus for Windows Workstations with alternative antivirus products.

65

Confidential

Kaspersky AntiVirus Virus detection signatures using virus

Symantec

McAfee

TrendMicro

Panda

F-Secure

Sophos

(Script
Checker)


ZIP, CAB and some other compressed files


PkLite, LZexe, MS Compressed, Ice, Cryptcom, Com2Exe, Diet, Teledisk and several other compressed files, ARC, ARJ, CAB, LHA/LZH, ZIP, RAR, TAR


ZIP, CAB, ARJ and other compressed files (up to 20 nesting levels)


ZIP, TAR, ARJ and several others)


ZIP, TAR, ARJ, LZH, RAR, CAB, BZ2. GZ, JAR, TGZ


ZIP, TAR, CAB, GZIP, RAR ARJ, PKLite, LZEXE, Diet and several other compressed files

Virus detection using heuristic analysis Multiple antivirus engines Detection of potentially harmful programs (e.g., adware, spyware, etc.) Detection of script viruses (VB Script, JavaScript, Java, ActiveX) Integrated firewall On-the-fly detection of script viruses (before they are downloaded or saved to disk) Scanning of archived compressed files and

(over 1,200 formats for compressed files)

66

Treatment for archived compressed files.

and

ZIP, CAB, ARJ, RAR, ICE, LHA

ZIP, CAB
(MAPI based email, Lotus Notes)

(MAPI based email, Microsoft Outlook, Lotus Notes)

ZIP, ARJ

Scanning of incoming mail traffic (POP3 protocol)

Scanning of outgoing mail traffic (SMTP protocol)

(MAPI based email, Lotus Notes)

(MAPI based email, Microsoft Outlook, Lotus Notes)

Scanning of mail databases

(Microsoft Outlook, Microsoft Outlook Express)

(Microsoft Outlook)

(Microsoft
Outlook, Microsoft Outlook Express)

(Microsoft Outlook Express) -

Detection of macro viruses (in Microsoft Office documents) Proactive protection for office applications (behavior blocker) Quarantine storage for infected and suspicious objects Backup storage for copies of infected files

67

Confidential

Scanning for viruses already in the system upon installation Option to exclude files and directories from scanning Option to exclude file types based on extension from scanning Option to specify file types by extension to be scanned Remote installation administration / administration tool Event logs, statistics Optimized for reduced energy consumption on laptops Option to define the periodicity for launching antivirus databases and an

(Kaspersky
Administration Kit)

(Anti-Virus
Management Server)

(McAfee
ePolicy Orchestrator)

(TrendMicro Control Manager) Several times per week

(Panda AdminSecure Several times per day

(F-Secure Policy Manager Console) Every day

(SAVAdmin)


Every 20 minutes


Every week

Every day

Several times per day

68

Confidential

Prices of competing products Kaspersky AntiVirus TrendMicro


23

Number of users 5-9 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-749 750-999 1000 or more

Panda 44.95

28 25.50 22.50 20 17 14.50 12.50 10.80 9.50 9.50 9.00 Prices of competing products 25.86 23.14 20.16 20.16 17.80 16.36 15.47 15.47

44.95 44.95 44.95 42.70 40.57 38.54 38.54 36.61 32.95 32.95 29.66

50 45 40 35 30 25 20 15 10 5 0 5-9 10-14 15-19 20-24 25-49 50-99 100149 TrendMicro 150249 250499 Panda 500749 750999 1000

Kaspersky

69

Functions
This section provides sales staff with a one-stop information resource to help them give complete and accurate information to potential clients. Product features are grouped together according to function. The left-hand column provides information for customers, while the right-hand column contains more detailed information.

Integrated Protection for Workstations


Antivirus scanning
The application scans all files as soon as they are downloaded, created or copied. Incoming and outgoing email messages and mail databases are also scanned for viruses. The solution supports scanning of archived and compressed files in more than 1,300 formats, as well as treatment of files in ZIP, CAB, RAR ARJ ICE and LHA formats. Antivirus scanning can be carried out automatically or on demand. The antivirus databases used to scan and treat files contain all known signatures (over 167,000. as of February 200624), as well as heuristic analysis for detecting as yet unknown viruses. The program is capable of scanning over 450 different types of file packing utilities, installers and archivers (over 1,300 as of February 2006). The antivirus database is updated hourly and emergency updates are released as necessary.

Protection for email


Kaspersky Anti-Virus for Windows Workstations automatically scans all incoming and outgoing mail messages for viruses and treats any infected incoming messages. The program can recognize email from all mail clients and treat Microsoft Outlook and Microsoft Outlook Express mail databases.

Kaspersky Anti-Virus for Windows Workstations checks mail for viruses by: Intercepting all incoming and outgoing email sent via SMTP and POP3 protocols (on any mail client) Intercepting incoming and outgoing email in Microsoft Outlook (sent via any protocol) The program scans message bodies and attached objects (at any nesting level). The options for processing suspicious and infected objects are: Treatment (any objects that cannot be treated are deleted); Quarantine storage for suspicious objects; and, Removal. Copies are saved in the backup storage area.

Protection Attacks

from

Hacker
In cases where a user does not already have a firewall installed, these components can fulfill the core functions of a firewall. The application repels network attacks that can potentially shut down computer operability. In Stealth Mode, any vulnerable ports on a computer, which could be used as channels for such attacks, are made invisible.

Network attacks are repelled and using the Stealth Mode renders any vulnerable ports invisible to other users. When a computer lacks a firewall, this component can act as base-level protection for the workstation.

Quarantine for suspicious Infected objects (or copies of infected objects) are saved in encrypted form in the backup folder. System administrators can later and infected objects. delete objects from backup storage; retrieve data from them or reCopies of infected files can be stored in the backup folder and suspicious objects to the quarantine folder. These objects are inaccessible to users, but accessible to system administrators for the purpose of data retrieval. Both folders are
24

scan using a later version of the antivirus database. Suspicious objects can be transferred to the quarantine folder and, if necessary, sent to Kaspersky Lab for further investigation. Rescanning objects using a later version of the antivirus database can sometimes make it possible to treat objects or retrieve data from them. For this reason, each time it is updated, the program re-scans all objects in the quarantine folder.

The latest information can be found at http://www.kaspersky.com/avupdates

70

Confidential

part of a centrally administered database.

Storing suspicious or infected objects locally is a much better option than storing them centrally on the server. It both saves disk space on the server and makes it easier to retrieve objects from quarantine (this is especially important for laptop users who are not always connected to the central administration server). Analysis of VB Script and Java Script macro commands is carried out in real-time. Script viruses can be written in any of a number of script languages (such as VB Script, Java Script, BAT and PHP). They can either infect other script programs (Microsoft Windows or Linux command and server files) or form part of a combined virus attack. If such files can execute scripts, they can infect files in other formats (for example, HTML). Macro viruses can be located in Microsoft Office file formats and usually transmit code to files as they are being edited.

Protection from script viruses and macro viruses.


The application prevents malicious code from being deployed by analyzing VB Script and Java Script macro commands before they are executed.

Optimized performance
Trusted applications / processes. Excluding file
activity of trusted applications from the scanning process significantly accelerates overall operation speed and allows for more flexible use of computer resources. System administrators can define lists of trusted processes and applications that are not a potential source of danger. In practice, this significantly increases the operating speed of applications that work at a very active level (for example, with the computers hard disk). Such applications include backup copy programs, databases and defragmentation programs on the hard disk.

Administration and reporting


Centralized administration.
Kaspersky Administration Kit can be used to install and administer the program. Using this program, system administrators can set the parameters for work groups and individual computers, receive reports, install license keys and update antivirus databases. Using Kaspersky Administration Kit, system administrators can: remotely install Kaspersky Anti-Virus Workstations on individual machines. create local, group and global system tasks. configure settings (for individual nodes, as well as for groups of computers). configure and update antivirus databases and Kaspersky Anti-Virus for Windows Workstations components. launch on demand antivirus scanning. configure and view reports about the operation of the antivirus protection. view information about license keys. for Windows

Choice of Installation Methods


System administrators can install the application using any system of centralized software installation that supports the MSI format (including via the Active Directory Server).

System administrators can now choose the most convenient method for centrally installing Kaspersky Anti-Virus for Windows Workstations to individual machines. The distributive of the program is accessible in the MSI format, which is presently the standard format for Windows operating systems

Notification and reporting


With Kaspersky Administration Kit, system administrators can list

Kaspersky Administration Kit accumulates statistical information on all installations, allowing system administrators to monitor the performance of applications and compile reports. Reports can give general information on the overall operation of

71

Confidential

events that will automatically trigger notification if they occur on any of the network nodes -- e.g., detection of a virus or incomplete updating of antivirus databases. Kaspersky Anti-Virus for Windows Workstations gives system administrators the option of defining which details of system performance will be shown in event reports.

applications, or more detailed information about individual work groups and networks. Reports produced using Kaspersky Administration Kit allow system administrators to evaluate their security system and take any measures that are necessary to correct its operation. Reports can also be used to summarize the results of the IT departments work over any given time period.

72

Confidential

Kaspersky Anti-Virus for Linux File Server


Target Audience and Purpose of This Document
This document is intended for Kaspersky Lab partners and sales staff, and is for internal use only. We aim to provide the most reliable and up-to-date information about our product and its functions, its position in the Kaspersky Lab product line, and the available licensing options. We also aim to clarify the advantages of the product for each type of user and show how the product compares with competitor solutions. This document is intended as the principal source of information to be used by sales managers as reference material for answering questions from potential customers.

Sales Information
What Is Kaspersky Anti-Virus for Linux File Server?
Kaspersky Anti-Virus for Linux File Servers is a two-tier antivirus solution for workstations and all types of file servers. Due to integration with the operating system the solution provides real-time monitoring of operations resulting in file modification. The program also scans the file system, removable media devices and individual files on demand or on schedule.

Whats New in the Product


New features in Kaspersky Anti-Virus for Linux File Server 5.5 compared to version 5.0 include an on access protection module (Monitor) capable of protecting practically any file storage are in real-time against viruses and other malicious programs.

Position in the Kaspersky Lab product line


Kaspersky Anti-Virus for Linux File Server is designed to protect file storage areas and is part of the Kaspersky Linux Security package. The product is an ideal solution for protecting file storage areas that use HTTP, FTP, NFS and other protocols. If the file server used by a customer is a Samba Server, then sales managers are encouraged to recommend Kaspersky Anti-Virus for Samba Server. Kaspersky Lab strongly recommends protecting all nodes of the corporate network. The following products are recommended to ensure comprehensive network protection (depending upon the types of nodes present): Kaspersky Anti-Virus for Workstations (Windows and/or Linux) Kaspersky Anti-Virus for File Servers (Novell Netware, Linux, Samba) Kaspersky Anti-Virus for Firewalls (Microsoft ISA Server, CheckPoint Firewall, Linux Proxy Server).

Deployment of the Application


Kaspersky Anti-Virus for Linux File Server includes the following main components: On access module that monitors file access. The on access scanner includes a kernel module that intercepts file access requests; On demand module (command line scanner) that can be used to scan entire file systems or individual folders or files; The keepup2date module that updates antivirus databases.

73

Licensing
Types of Licensing
Kaspersky Anti-Virus for Linux File Server is licensed by server -- that is, a separate license must be purchased for each protected server.

Licensing Periods
Kaspersky Anti-Virus for Linux File Server can be licensed for a period of 1 or 2 years (3-year licensing is also available outside the Russian Federation). Licenses can be purchased from Kaspersky Lab partners or through the Kaspersky Lab eStore (http://www.kaspersky.com/store). Registered users receive the following services during the license period: round-the-clock technical support on installation, configuration and operation of the product; regular updates to the antivirus and antispam databases; new versions of the product; information on new Kaspersky Lab product releases and notifications of new viruses appearing globally (this service is available to users who subscribe to the Kaspersky Lab news alerts).

License Renewal
Upon expiry of the license period, the license can be extended at a cost of 70% of the new subscription price.

The Products Position on Price Lists


Enterprise license -> Kaspersky Anti-Virus Business Optimal -> File Server protection, Multi-tier protection and Key Component protection categories Elite Enterprise license

74

Confidential

Advantages of the Product for Customers (Selling Points)


Real-time protection of the system On demand scanning of the file system Kaspersky Anti-Virus for Linux File Server intercepts file system access requests, scans files accessed for the presence of malicious code, treats or deletes infected objects or isolates suspicious objects for further analysis. Kaspersky Anti-Virus for Linux File Server scans specified locations for infected and suspicious objects on schedule (or upon the administrators request). The application treats or deletes infected objects and isolates suspicious objects for further analysis. Infected, suspicious or damaged objects detected in the servers file system can be moved to the quarantine folder, where they can be further processed (e.g., treated, deleted etc.). Kaspersky Anti-Virus for Linux File Server can create copies of infected objects in backup storage prior to treatment and/or deletion to make it possible to restore such objects on demand in the event that treatment results in an error and information contained in the infected object is valuable. Kaspersky Anti-Virus for Linux File Server can be configured in a traditional way (using a configuration file) or via a web interface, which can be used by administrators who are not experienced in working with Linux, e.g., administrators of Windows systems.

Quarantine

Backup storage

Remote administration

Price Comparison with Competitor Products


This section provides a list of products by other vendors25 that customers may consider as alternative solutions for protection of their file servers. The following products are of interest to customers as alternatives to Kaspersky Anti-Virus for Linux File Server: Trend Micro Linux Protect, McAfee Linux Shield, F-Secure Linux Server Security, Bit Defender Linux File Server Protection, NOD32 for Linux File Server. Competitor Product Prices, in euro
Number of servers Kaspersky McAfee Linux F-Secure Linux Anti-Virus for Trend Protect Shield Server Linux File for File Server (Perpetual Security Server Plus License BitDefender Linux File Server Protection (Samba) NOD32 for Linux File Server (can be purchased only as part of Enterprise Edition NOD32)

Packs 1 2 3 4 5-9 10-14 15-19 20-24 25-49 50-99


25

290.00 285.00 275.00 260.00 220.00 180.00 170.00 160.00 150.00 140.00 20.33 18.75 15.50 15.50 15.50 15.00 14.50

237.50 237.50 237.50 237.50 189.50 165.00 165.00 197.00 169.00 106.50

n/a n/a n/a n/a 25.00 20.90 20.90 20.90 18.90 16.70 5 7 10 15 20 25 182.30 221.50 276.70 360.50 439.50 513.60

As of October 2005.

75

Confidential

100-149 150-249 250-499 500-749 750-999 More than 1000

135.00 130.00 126.00 124.00 124.00 122.50

16.8 16.8 15.05 13.91 13.17 per request

14.50 14.50 13.00 11.50 11.5 10.00

82.75 82.75 70.49 59.10 47.30 35.50

14.70 14.70 12.50 19.90 19.90 7.90

30 50

585.60 853.20

The prices are quoted based on published price lists. To discuss prices for ranges not included in the table, please consult the vendor or its representatives.

Functions
This section provides descriptions of the programs main features with additional facts and comments that will help to give more detailed and specific answers to questions from potential customers without having to consult product documentation or other sources of information. Features are grouped by function. The lefthand column contains information available to users from the product leaflet, while the right-hand column provides more detailed information.

Antivirus Protection
The program scans data in real-time. It intercepts all file access requests and scans the files being accessed in order to detect and remove all types of viruses, worms, Trojans and other malicious programs.

Real-time

protection.

Protection against riskware.


In the extended antivirus protection mode the application detects and removes not only malicious software but also so called riskware, such as adware, information collecting programs (spyware), automatic dialing programs that connect the user's computer to commercial Internet sites and other utilities that cybercriminals may use.

Kaspersky Anti-Virus for Linux File Server performs antivirus scanning of objects. If an object is infected, it is processed in accordance with the programs settings. Copies of objects can be saved in backup storage before they are deleted. Objects are scanned and treated using antivirus databases containing descriptions (signatures) of viruses26 known at the time of scanning and the heuristic engine capable of detecting even newer, as yet unknown viruses, signatures for which are not yet available. The program supports over 450 executable file compression utilities, installers and archivers (a total of over 1,200 modifications as of February 2006). This makes it easy for the solution to detect viruses in archived files. Kaspersky Lab antivirus databases are updated hourly. Types of objects detected are determined by the choice between two possible levels of antivirus protection: standard antivirus protection. Protection against all known malicious programs. This is the default mode. Extended antivirus protection. In addition to programs detected in the standard mode, this mode also includes protection against such potentially hostile programs as software that displays advertisements (adware), programs that automatically establish dialup connections with pay sites (dialers), programs that automatically download files, keylogging programs, passwordbreaking software, remote administration utilities and other programs that can be used by cybercriminals for their purposes.

26

Information on the number of records in the antivirus databases is updated daily and published on Kaspersky Labs website at athttp://www.kaspersky.com/avupdates

76

Confidential

Quarantine. All infected, suspicious and damaged objects found in the servers file system can be placed in a quarantine folder, where they can be further processed (e.g., disinfected, deleted, etc.).

Backup storage. The application saves copies of messages in backup storage before their antivirus processing or deletion. This makes it possible to recover important information if treatment results in an error.

The application moves all infected and suspicious objects to a dedicated quarantine storage area, from which objects can be restored if necessary. Suspicious objects can be rescanned later, using updated antivirus databases, after which a new, more accurate verdict on whether these objects are infected or clean can be reached. Subsequent scans using updated databases can also disinfect such objects without destroying the data contained in them. Suspicious objects that contain modifications of known viruses or viruses that are as yet unknown can also be sent to Kaspersky Lab for analysis. Before an infected object is treated or deleted a copy of it can be saved in backup storage. In the event of antivirus processing errors, objects can be deleted from the backup storage area or restored in order to recover information contained in them. The size of the backup storage area can be limited by size (in megabytes) or by the time period during which objects are kept there.

Administration
The antivirus database can be updated on demand or automatically on schedule from Kaspersky Lab Internet servers or from specified local servers on the company network. Updates can include upgrades to some software modules and the antivirus engine. Centralized administration. The application can be configured and administered in two ways: using a text configuration file or via a web-based interface.

Database

updates.

After all files are copied from the specified source, the application automatically loads the databases received. If the local network has a sufficiently complex structure, we recommend downloading updates from Kaspersky Lab servers every 20 minutes to a common folder on the local server. Local computers connected to the network should be configured to copy the databases from this folder.

The text configuration file gives the administrator access to all application settings. All settings have easy-to-understand names and detailed descriptions are provided. This makes it easy to configure the application even for inexperienced administrators, while experienced administrators will be able to fine-tune the program for maximum performance. For those administrators who come from Windows platforms or for those who prefer the graphic interface, Kaspersky Anti-Virus for Linux File Server offers a web-based interface that can be used to configure the application and monitor the status of all its components.

77

Confidential

Kaspersky Anti-Virus for Lotus Notes/Domino


Purpose of the Document
This document is intended for Kaspersky Lab partners and staff of Kaspersky Lab sales departments and is for internal use only. In this document, we aim to provide the most reliable and current information about our product and its functions, its position in the Kaspersky Lab product line, and the available licensing options. We also aim to clarify the advantages of the product for each type of user and show how the product compares with competitor solutions. Sales Managers should use it as the principal information resource when addressing questions from potential customers.

What is Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino?


Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is an effective and convenient solution that protects computers using IBM Lotus Domino from viruses and other types of malicious programs. The program also protects the users email, IBM Lotus databases and all traffic generated on IBM Lotus Domino servers during replication.

New Features in the Product


Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino was developed as a completely new solution, and is not simply an updated version of Kaspersky Anti-Virus 5.0 IBM Lotus Notes/Domino. One of the main aims in developing a completely new version of the product was to address some of the weak points in the previous version. For instance, problems related to the incorrect interception and processing of mail messages have been resolved; faults in the functioning of the mail system caused by license key issues have been eradicated; and, the overall performance of the solution has been greatly improved. Furthermore, Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino benefits from a comprehensive range of new features: Improved technology for intercepting email messages allows messages to be stored in the system mailbox for analysis, without being transferred to a separate folder. The process for updating antivirus databases and the antivirus engine has been improved. The procedure for installing the application on the server has been brought into line with that for installing the Windows operating systems on the server. The system for issuing reports and notifications has been enhanced. Support for clusters and distributed configurations of IBM Lotus Domino servers has been introduced. Antivirus scanning is now possible for traffic generated during replication. When changes are made to the configuration of IBM Lotus Domino on the main server, they must be replicated on all other servers. Our product analyzes the traffic generated during this process.

Position in the Kaspersky Lab Product Line


Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is a product that protects groupware servers. Groupware is technology designed to facilitate work in groups, allowing members of the group to work on common documents and coordinate business tasks. Groupware can include, for example, a mail system, databases for storing information or document circulation tools. Kaspersky Lab strongly encourages its customers to protect all nodes on a corporate network, and the following products in particular can be recommended for creating an integrated protection system (irrespective of the presence or type of nodes on the network): Kaspersky Anti-Virus for Windows Workstations and /or Kaspersky Anti-Virus for Linux Workstations Kaspersky Anti-Virus for File Servers (Windows, Novell Netware, Linux/FreeBSD, Samba) Kaspersky Anti-Virus for Mail Servers (Microsoft Exchange 2000/2003, Sendmail, Qmail, Postfix, Exim, IBM Lotus Domino) Kaspersky Anti-Virus for Firewalls (Microsoft ISA Server, CheckPoint Firewall) Kaspersky Security for PDA Kaspersky Administration Kit is also recommended as a tool for centrally administering all Kaspersky Lab applications installed on a network.

78

Product Positioning
The following advantages of Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino can be highlighted for customers:

Full and seamless integration with IBM Lotus Domino. The high quality of protection from viruses and other types of malicious programs, as confirmed in independent tests (see Appendix A). The product was expressly developed for Microsoft Windows operating systems 2000/2003, which means that administrators can install/remove the program by following the standard procedures in this operating system. The product is administered via the IBM Lotus Domino interface, which the administrator will be familiar with from working with the server solution.

Recommended combinations with other Kaspersky Lab solutions


Below we provide two examples of products that can be recommended for use with Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino. 1. Kaspersky Mail Gateway 5.5 installed on the mail gateway. This combination offers not only additional antivirus protection but also spam filtration for mail traffic. 2. Kaspersky Anti-Spam 2.0 Enterprise Edition on the mail gateway to consolidate antivirus protection with antispam protection.

Product functions
This section describes the main functions of the product, providing explanations and information to help sales staff give full and informed answers to questions from potential clients. Product features are grouped according to function.

Antivirus Protection
Antivirus scanning of IBM Lotus Domino objects A relatively wide range of IBM Lotus Domino objects are vulnerable to infection. To provide complete protection for users information, the application scans all IBM Lotus Domino objects for viruses: incoming, outgoing and internal mail messages; databases; objects exchanged between IBM Lotus Domino servers during replication; scripts specific to IBM Lotus Domino; OLE objects. Several elements of mail messages are analyzed: body of the message; all attachments in mail messages (including archives) independent of their level of nesting. All mail messages and data transferred between IBM Lotus Domino servers during replication are scanned in real time. On demand scanning for Lotus Notes/Domino databases is also available. The application offers a number of options for processing infected objects: treatment; removal; delivery to the end user without treatment.

The system administrator can set rules for processing infected objects when configuring the parameters for antivirus scanning. Before processing or deletion of infected IBM Lotus Domino objects, backup copies can be saved in the backup folder. The application scans and treats objects using antivirus databases that contain

79

Confidential

signatures for all known viruses (165,122 signatures as of February 9, 2006) and a heuristic analyzer that is capable of detecting new viruses. The program supports over 450 types of packing utilities, installers and archivers (over 1,200 modifications) for detecting viruses in archived files. Kaspersky Lab antivirus databases update hourly. Notifications Upon detection of certain types of objects (for example, infected objects) the application notifies: the server administrator (when objects with a specified status are detected both in mail messages and in databases); message sender; message recipient. The application can save data about specified types of objects in the statistic database. The system administrator can view and analyze this information. Notifications can be sent as a separate message or as part of the mail message itself (by selecting the In the message body option on the interface). The administrator can use the notification template to determine the notification procedure, format and content. When events specified in the notification template occur, the program automatically sends a notification to the administrator. The number of both incoming and outgoing messages can increase dramatically during virus epidemics (for example, if the virus starts sending copies of itself to all email addresses in the Microsoft Outlook address book). The application detects heightened virus activity on protected IBM Lotus Domino servers and sends notifications to administrators and end users. This is an extremely important aid to administrators during virus epidemics, since it helps them react promptly to emerging threats from virus attacks. The administrator can set a limit to the frequency at which mail messages are distributed (both incoming and outgoing mail). If messages begin to be distributed at a frequency above this limit, the program can block messages and send a notification to the administrator. Such notification messages contain the following information: the sender and recipient of the message (only the sender for incoming messages); frequency of messages transmitted; the limit on the frequency of messages; the time when the frequency of mail messages reached the limit. The system administrator can adjust the content and format of notifications. The system administrator can enable or disable the function for preventing epidemics and notifications about excessively frequent distribution of mail messages.

Prevention of virus epidemics

Quarantine storage

Infected objects can sometimes contain important information. Moreover, not all objects can be conclusively labeled as infected. Infected, suspicious and damaged objects can be isolated in the quarantine folder. This ensures that dangerous (or potentially dangerous) objects do not pose a risk to the rest of the system, and that the information in them is retained. The advantage is that the message itself or any important information contained in it can later be retrieved from quarantine. Messages in quarantine can also be rescanned for malicious code using later versions of the antivirus database. This means that if, at the time of being saved in quarantine, a message contained a virus, it could be detected by a later, updated version of the antivirus database. The system administrator can view the contents of the quarantine folder, delete objects form it or restore objects and forward them on to their intended recipients.

80

Confidential

Analysis of mail messages


Filtration of attachments by type Certain types of files are more vulnerable to infection than others (such as executable files). The application allows system administrators to stop messages that contain specified types of attachments from being sent to users. Attachment types are defined according to their internal structure and not by their extensions (since file extensions can easily be falsified). The application can prevent users from receiving messages that contain attachments over the size limit specified by the administrator. This capability ensures that system performance is not reduced even when processing extremely large documents. Notifications Administrators can receive email notifications of the results of content filtration. This is important in helping administrators keep their finger on the pulse of the system and effectively maintain it (by configuring the settings, etc.).

Filtration by attachment size

Advantages for large organizations


Support for cluster configurations The application automatically downloads updates to all computers upon which it is installed on the cluster. The administrator need only give a single command to update antivirus databases across all servers in the cluster. The application implements the same settings for automatic antivirus database updates for all machines on which it is installed on the cluster. Any change made to the settings for automatic antivirus database updates from the administrators interface are implemented across the whole cluster, regardless of the number of servers. With this product, administering antivirus database updates for a whole cluster demands no more of the system administrators time than for a single computer. The application automatically downloads antivirus database updates for as many computers as there are copies of the product installed on the network. The application implements the same settings for automatic updates on all machines upon which it is installed. Any changes to the settings for automatic updates made from the administrators interface are implemented on all computers with a copy of the product installed at the same time. To provide the high level of performance required by a major organization, the application can run several copies of the antivirus engine at the same time.

Support for distributed configurations

Performance

Dependability
Integrity check for antivirus databases The integrity of antivirus databases is verified each time they are updated. If an antivirus database is found to be inoperable (if the database is damaged, for instance), the application can rollback the changes made to the databases in the last update (the application automatically begins using the old version of the databases) The application does not suspend antivirus scanning of IBM Lotus Domino objects, content filtering or epidemic prevention when automatically updating antivirus databases.

Continuous antivirus scanning

81

Confidential

Flexible and convenient administration


Administration via the standard IBM Lotus Domino interface Local and remote administration The application is administered from the IBM Lotus Domino interface, which the system administrator will already be familiar with from working with the application. All of the applications functions, configuration parameters and commands can be managed both locally and from a remote administrative console. The application provides all the necessary tools for remotely administering and configuring a number of copies of the product through the administration interface. It is also possible to administer the application from the command line. All data about the applications operation is saved on the hard disk and is available at the administrators request. The administrator can receive data by email on practically any event that has occurred in the products operation. The application can download updates to antivirus databases either from servers on the Internet, or computers on the local network (local regarding the installation of the application) on which the product is installed. The choice of source for each type of database can be made from the administration interface. The administrator can set a limit on the length of time statistical data is stored. Key data about the operation of the Monitor and Scanner modules is kept in the operation log for the program. The application can be used to compile reports about the results of antivirus scanning and about mail traffic for any given time period.

Complete information Choice of sources for antivirus database updates Statistics and reporting

82

Confidential

Advantages of the product for Customers (Sales Points)


Among the products advantages, clients will particularly appreciate the fact that it integrates seamlessly with IBM Lotus Domino, offers high quality detection of malicious programs and is optimized for maximum effectiveness on large corporate networks. The product presents customers with a reliable and convenient tool for protecting computers under IBM Lotus Domino from viruses.

Benefits for Business


Reliable protection from malicious programs Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino uses a combination of advanced technologies to provide reliable protection from viruses. The product is based on the Kaspersky Anti-Virus engine, which has one of the highest detection rates of malicious programs in the world, as confirmed in independent tests. Moreover, Kaspersky Lab provides the worlds fastest reaction times to new threats, which ensures the most reliable protection for your computer. The product uses the most widely used platform in the world, the Microsoft Windows platform, so that organizations do not have to expend extra administration time and resources on migrating to another platform.

Minimal expense to implement the product

Low Total Cost of Ownership

The total cost of ownership for Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is one of the lowest on the market. The license covers not only subscription to regular antivirus database updates, but also technical support in several languages and free upgrades to new versions of the program.

Benefits for IT professionals


High quality protection from malicious code Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino provides high quality protection for networks that is able to handle any changes in the global virus situation. This is achieved using the most advanced antivirus technology combined with the fastest and most reliable delivery of antivirus database updates. Moreover, the applications optimized performance ensures that it has minimal impact on the performance of the mail system. The product includes a number of features that greatly simplify its administration and maintenance: support for cluster servers and distributed configurations, flexible user-friendly administration tools and administration via the standard IBM Lotus domino interface. Implementing the application on large-scale networks, even those with highly complex topologies, is thus greatly simplified. The product is installed using the standard installation procedure for applications on the Microsoft Windows platform.

Convenient administration and updating

Simple installation

83

Confidential

Comparison with competitor products


The table below provides information on competitor solutions that customers might consider as alternatives to Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino (information from February 2006). The advantages of the Kaspersky Lab solution over these solutions are clearly indicated below. Advantages of Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino over competitor solutions Disadvantages of the competitor product Advantages of Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino Trend Micro Scan Mail for Lotus Notes 3.0 The system requirements for the Kaspersky Lab solutions are more flexible: o Intel Pentium Processor 300 MHz or higher; o 64 MB available RAM (128 MB recommended); o 11 MB free disk space for installing the product (not allowing for the backup storage and other catalogs)

Stricter system requirements: Intel Pentium 4 Processor 1.3 GHz or higher; At least 256 MB available RAM; recommended 512 MB available RAM; At least 200 MB free disk space; At least 100 MB free disk space for temporary files; At least 55 MB disk space on each IBM Lotus Domino server partition. Less frequent updates to antivirus databases (only several times a week)

McAfee Groupshield for Lotus Notes/Domino


The product does not appear to have been recently upgraded. No support for Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition. No support for Lotus Notes/Domino 7.x During filtration, the file type is defined by its extension, which can very easily be falsified. Antivirus databases are only updated once a day.

Support for all contemporary platforms (including IBM Lotus Domino 7.x). Attachment type is defined according to its internal structure. This makes it pointless to fake or distort an extension.

Symantec Mail Security 5.0 for Domino

Descriptions for filtering attachments are decided by extension, which could have been tampered with or falsified. Antivirus databases are updated only once a week. No support for Windows Server 2003 Standard Edition or Windows Server 2003 Enterprise Edition No support for Lotus Notes/Domino 7.x.

Attachment type is defined according to its internal structure. This makes it pointless to fake or distort an extension.

Sybari's Antigen 7.5 for Lotus Notes/Domino


Support for all contemporary platforms (including IBM Lotus Domino 7.x).

Panda Domino Secure Antivirus

No announced plans to add support for

Support

for

clusters

already

84

Confidential

cluster servers or IBM Lotus Domino 7.x Updates to antivirus databases are made several times a day according to information from the company.

implemented in the product

Pricing policy
Prices vary significantly according to the geographical location where the product is purchased. However, it is possible to identify a unified tendency in the pricing policy for Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino. It is clear from the figures provided below that Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino has the lowest price compared to products from our main competitors. Comparison of the price of Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino with competitor products in Western Europe

Trend Micro Scan Symantec Mail Security Mail for Lotus Notes 5.0 for Domino 3.0 19.00 34. 90 36.43 >=50 18.00 31.68 34.40 >=100 17.00 31.68 34.40 >=150 16.00 28.56 32.26 >=250 15.00 26.41 (up to 750) 30.45 >=500 24.97 (up to 1000) 14.00 28.43 >=1000 Note: all prices are from February 2006 (for a years subscription) and are in euros.

Number of licenses

Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino

Licensing
Licensing Options
Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is licensed according to the number of users. A profile is created for each user, which includes a mailbox, and permission to store information on the storage server, etc. There is no limit to the number of storage servers that are protected.

License subscription periods


Licenses for Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino can be obtained for 1 or 2 years from Kaspersky Lab partners or from the Kaspersky Lab eStore. During the license validity period, registered users receive the following services: Round-the-clock technical support for all questions related to installation, configuration and use of the product; Regular antivirus database updates; Free upgrades to new product versions; Information on the release of new Kaspersky Lab software products and on new viruses (this service is available to users who are subscribed to the Kaspersky Lab news service).

Upgrading from previous versions of the product


During the subscription period for a previous version of the product, users can upgrade free of charge to Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino. After the subscription period for an earlier version of the product has expired, the cost upgrading to Kaspersky Anti-Virus 5.5 for Lotus Notes/Domino is equal to the price of the product in the price list minus a 30% discount.

85

Confidential

Position of the Product in the Price Lists


Enterprise License Kaspersky Anti-Virus Business Optimal Mail protection, Enterprise License Kaspersky Anti-Virus Business Business Optimal Multi-tier Protection Enterprise License Kaspersky Anti-Virus Business Business Optimal Key Component Protection Elite Enterprise License.

Appendix A. Quality of detection in Kaspersky Lab products


Between 1998 and June 2005, Kaspersky Lab products received 27 VB100% awards. Moreover, Kaspersky Lab products have consistently maintained leading detection rates of malicious programs, as confirmed by independent testing laboratories: http://avtest.org/ http://www.av-comparatives.org/ http://www.virus.gr/english/fullxml/default.asp?id=72&mnu=72 Founded in 1998, Virus Bulletin is a UK-based publication that regularly conducts independent testing of antivirus products, on the basis of which they present the VB100% award. This award is widely recognized as a stamp of quality in the antivirus field and is awarded to products that have detected all viruses in the test collection. Quality of detection is measured by a products performance in real-time scanning and on demand scanning. To receive the award, the product must not falsely attach virus status to a safe object (i.e., false positive results). The test collection includes viruses that represent the greatest threats to users at the moment of testing (viruses from the In The Wild List).

86

Confidential

Kaspersky Anti-Virus for Microsoft Exchange Server 2000/2003


Target audience and purpose of the document
Target audience of the document Kaspersky Lab partners, sales department employees. The document is for internal use only. Purpose of the document to provide partners and sales people with reliable and present-day information about the product and it's functions, to emphasize its placement in the product line of Kaspersky Lab, to describe advantages of the product for different target audiences, to compare the product with alternative solutions of competitors and to give information about ways of licensing. The document was decided as a main source of information about the product to assist a sales manager find answers for definite questions of potential clients.

Sales information
What is Kaspersky Antivirus for Microsoft Exchange Server 2000/2003
Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 (further Kaspersky Antivirus 5.5) ensures detection of viruses, malicious codes and riskware in outgoing, incoming, internal and kept on the server mail messages in personal and public folders.

Whats new in the product


The following changes took place in Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 as compared with version 4.5: - Microsoft Exchange Server 5.5 is not supported - Backup function has been added for objects before disinfection, deleting and renaming. - a function of application configuration in accordance with the number of processors on a protected server has been added. To maximize productivity of the application (to increase the number of simultaneously scanned objects) it is possible to run simultaneously several instances of anti-virus kernels - a possibility to use extended antivirus databases is added to carry out objects scan - graphical interface of the program has been brought into the line with Microsoft Management Console standards - preliminary set ups has been added at program start - a mechanism of virus outbreaks identification and notification about them has been added - a function of creating regular summary reports about the status of antivirus protection has been added - ability to notify users about detection of infected and suspicious objects and about virus outbreak threat through Net Send has been added

Place in the product line of Kaspersky Lab


Kaspersky Antivirus for Microsoft Exchange Server 2000/2003 relates to the group of Windows-products for business-users and recommended to be used on dedicated Exchange-servers (or server clusters). If the server will be used as a file server as well or print server, to provide a full protection of the server, client should be offered with Kaspersky Antivirus for Windows File Server as well. Kaspersky Lab strongly recommends protecting all computer nodes of corporate network, thus to create comprehensive anti-virus security system client can be offered the following products (depending on the types of computer nodes): Kaspersky Antivirus for Workstations (Windows and/or Linux) Kaspersky Antivirus for File Servers (Novell Netware, Linux/Unix, Samba)
87

Kaspersky Antivirus for Firewall (Microsoft ISA Server, CheckPoint Firewall) Kaspersky Security for PDA, and Kaspersky Administration Kit for centralized management of Kaspersky Security and other products of Kaspersky Lab.

Peculiarities of application deployment


Kaspersky Antivirus 5.5 consists of two components: Security Server and Administration Console, which can be installed separately. Security Server must be installed on each protected Exchange-server, Administration Console can be installed on any computer running NT-based operating system, it provides a centralized access to all managed servers from the single administrator desk. In case of using cluster, Kaspersky Antivirus 5.5 must be installed on each Exchange-server, being a cluster node. If a user has Kaspersky Antivirus 4.5 for Microsoft Exchange Server 5.5/2000/2003 installed, it must be deleted before installing version 5.5. Thus, configuration of version 4.5 cannot be automatically transferred to version 5.5.

Licensing and pricing


Types of licenses
Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 licensing is based on number of Exchange mailboxes. Protected object of mail system is a mailbox from which mail scanned by anti-virus kernels is sent and received. User should choose Exchange store, where mailboxes are protected. Because option to choose several stores is available only in Microsoft Exchange Server Enterprise Edition, for users of Microsoft Exchange Server Standard Edition and Small Business Server recommended number of licensees should agree with number of mailboxes. In any case total number of mailboxes in all protected stores should not exceed number of purchased licenses. Detailed description of licensing peculiarities of product is given in the document Principles of mail systems licensing.

Terms of license subscription


Licenses for Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 can be purchased for 1 or 2 years (outside of Russia for 3 years as well), through partners and on-line shop of Kaspersky Lab. During the license term registered users are entitled for the following services: 24x7 service on questions connected with installation, set up and maintenance of the program; Regular updates of antivirus database; Providing of new versions of the program; Informing about new products of Kaspersky Lab and notifying about new viruses appearing around the world (this service is available for users subscribed to Kaspersky Labs mailing list).

Migrating to a new product from previous versions


Migrating to version 5.5 within the bounds of subscription to a previous version is provided free of charge. Difference of version 4.5 for Microsoft Exchange Server 5.5/2000/2003 from version 5.5 is absence of key additivity. Thus if user of version 4.5 installed several keys, while migrating to version 5.5 they should be replaced by one unified key. Details of migration in such situation are described in the document Principles of mail systems licensing. It is necessary to take into account that in Kaspersky Antivirus 5.5 there is no option to choose individual mailboxes to be protected (as in version 4.5 for Microsoft Exchange Server 5.5/2000/2003), only protected storages can be selected.

Product place in pricelists


There are the following alternatives of product distribution
88 Confidential

Russia, CIS and Baltic States: SOHO SOHO Enterprise MailServer Enterprise Enterprise Enterprise Other price-lists: Small Business Pack Small Business Pack Enterprise License Enterprise License Enterprise License Protection Elite Enterprise License. Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Kaspersky Anti-Virus Business Optimal Mail Protection Multi-tier Protection Mail Protection Multi-tier Protection Key Component License Pack Kaspersky Antivirus Business Optimal Multi Pack Network Protection Mail Protection Corporate Mail Protection Corporate network Protection Suite Corporate Suite Mail protection Anti-Virus BO for Windows Workstation / FileServer / MailServer Anti-Virus BO Suite Workstation / FileServer /

Kaspersky Anti-Virus Business Optimal

89

Confidential

Benefits of the product for client (Sales Points)


Benefits from managers point of view Reliable protection from viruses and riskware
Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 provides reliable protection from viruses and riskware due to applying of advanced technologies. The heart of the product is best-of-breed Kaspersky Lab antiviral engine that provides one of the highest levels of malicious programs detection. Subscription for Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 allows user not only to use the product and update antivirus databases and application modules but also to receive new versions of the product on the toll-free basis and to get 24x7 multilingual technical support service via telephone or e-mail.

Low total cost of ownership (TCO)

Benefits from IT-specialist point of view


Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 can be easily scaled according to the number of processors on a protected server. This solution allows for simultaneous scan of several objects, a number of which depends on the number of instances of anti-virus kernels running at the same time. Scanning objects in RAM mode allows scanning objects without saving them to a temporary folder on the hard drive. Depending on the scan settings, the program can simultaneously analyze up to 8 objects of the size up to 1 MB each in the computer's RAM without using the disk subsystem. Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 has limited cluster technology support, i.e. product must be installed on each cluster node (Exchange-server). Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 possesses wide range of filter parameters and mail delivery, which allows to decrease load on the mail server. Application also provides three preconfigured performance levels to select depending on the mail traffic. Immediately after installation the product can be launched with default settings. Administrator can configure the program locally (through administration console integrated into Microsoft Management Console), and centrally (through Kaspersky Administration Kit).

Scalability / performance

Cluster technology support

Load Optimization

Simple installation and quick start

Comparison with competitive products. Features and prices


In this section a list of products of different vendors27, which can be considered by consumers as alternative solutions for Exchange-server protection, is given; common features for those products are described; a table with features that distinguish Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 from other products and pricing for abovementioned products is provided. As alternative for Kaspersky Antivirus 5.5 the following products can be of interest for consumers: McAfee GroupShield for MS Exchange, version 6.0
Trend Micro ScanMail Suite for Microsoft Exchange 7.0

Panda ExchangeSecure Antivirus F-Secure Anti-Virus MS Exchange, version 6.4 Symantec and Sophos companies offer solutions that combine antiviral protection and content filtering.
27

Information as of October 2005

90

Confidential

Sophos PureMessage for Windows/ Exchange, version 2.0 Symantec Mail Security for MS Exchange, version 4.6

91

Confidential

Kaspersky Remote management and configuration Additional administrative tool A possibility to run several anti-virus kernels at the same time Real-time protection from viruses Antiviral scan on-demand Ability to perform heuristic analysis Detection of script-viruses (VB Script, JavaScript, Java, ActiveX) Detection of macro-viruses Filtration according to the format of enclosed files Prevention of virus outbreaks Quarantine for suspicious and infected mails Support of Exchange server clusters + + + + + + + + + + + Possible in case of identical set up of the nodes + + + + +

McAfee +

TrendMicro + Control + + + + + + + + -

Panda +

F-Secure

McAfee ePolicy Orchestrator + + + + + + + Outbreak manager + -

TrendMicro Manager + + + + + + +

F-Secure Manager + + + + + + + +

Policy

+ Outbreak Alerts + + Full support

Acquisition of statistics Display of information about system state Reports generation E-mailing of reports

+ + + +

+ + + +

+ + + -

+ + + -

92

Ability to notify administrator detection of infected objects

about

As seen from the table, antivirus products for Microsoft Exchange protection offer practically the same functionality.

93

Confidential

Prices for competitive products28


Number of licenses 5-9 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-749 750-999 More than 1000 32 28 25 22 19 18 17 16 15 15 14 43.47 43.47 43.47 41.51 39.19 37.13 37.13 34.81 32.86 32.86 30.51 Kaspersky Symantec McAfee 33.21 33.21 33.21 33.21 27.06 26.45 26.45 26.45 25.83 23.37 23.37 22.14 45.3 42.4 38.37 38.37 34.7 32.09 30.31 30.31 80.7 62.8 62.8 49.3 40.40 32.30 32.30 26.90 26.90 26.90 26.90
29

Trend Micro

Sophos

Panda 45.68 45.68 45.68 45.68 43.39 41.23 37.11 37.11 33.39 28.39 28.39 24.13

F-Secure

23.75 23.75 23.75 19.49 15.46 13.48 13.48 11.89 10.93 10.93 10.34

On the following diagram dependence of product pricing from number of users is shown Prices for competitive products
90 80 70 60 50 40 30 20 10 0
5-9 10-14 15-19 20-24 25-49 50-99 100149 150249 250499 500749 750999

Kas pers ky

Sym antec

McAfee

TrendMicro

Sophos

Panda

28 29

All prices are in US dollars, not including taxes, for one-year license in EU For TrendMicro prices are recalculated from EURO to USD at the rate 1,215 94

Product features
In this section main features of the product are described and additional facts and explanations are given which will allow, when necessary, to give more detailed and competent answers for potential clients questions, without reviewing documentation and other sources of information about the products. Application features are combined into functional groups. The information available to users from the datasheet is given on the left column, in the right more detailed information.

Protection from viruses


Real time scan. The program
provides detection and disinfection of all types of viruses, worms, Trojans and other malicious programs in the flow of incoming and outgoing mail, including practically all possible attachment formats. Administrator can additionally enable antiviral scan of routed through Exchangeserver mail flow.
Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003 supports the following functions:

Antivirus scan of object; If the whole message or a part of it is infected, it processes a detected object in accordance with specified settings; Before deletion a copy of the object can be put into the backup storage. While scanning and disinfecting, antivirus databases are used which contain signatures of the known at the scan moment viruses (more than 167 000 entries as of April 200630. The program supports more than 450 different packers, installers and archivers (more than 1200 modifications as of April 2006) which provides easy detection of viruses in archived files. Antivirus databases are updated every hour. When needed extra urgent updates are released. Messages and the content of public folders stored on the server can be rescanned using the last version of antivirus databases (if background scan of storages is on). The scan is performed in background mode and can be started automatically with the update of databases or according to schedule or manually. If background scan is disabled, messages stored on the server are scanned only on demand of the user. Thus, user always receives messages scanned with the latest databases version, not depending on the time of message delivery on the server. Objects which Kaspersky Antivirus 5.5 detects in mail traffic on protected server are categorized by selection of one of the two possible levels of antivirus protection: Standard antivirus protection. Protection from all known at the present time malicious programs. This mode is selected by default. Extended antivirus protection. Protection from riskware is added. Such programs can reveal themselves by the following: Personal and confidential data drain, e.g. access passwords or credit card information Appearance of advertisements in the browser in the form of popup windows, start up page changes, etc; Spontaneous changes of properties of the browser unknown to the user; Installation of computer programs unknown to the user; Internet connection without knowledge of the user;

Background on-demand or scheduled scan. Application


scans public folders and mail stored on the server, in background mode, which guarantees processing of all objects using the most recent version of antivirus database without overloading the server.

Detection of riskware. In the extended mode of antivirus protection the application can detect and disinfect not only unambiguously malicious but also potentially dangerous software (riskware) advertising programs (adware), programs for information steal (spyware), programs for automatic dialing (dialers) and other utilities that can be used by fraudsters.

Deceleration of internet connection and general slow down of computer work due to latent functioning of spyware Automatic dial up of telephone numbers through modem, huge telephone bills, etc.

30

Present-day information is published here http://www.kaspersky.ru/avupdates

95

Confidential

Prevention of virus outbreaks. Application can keep


track of virus activity and detect virus outbreaks at early stages, which allows system administrator to take appropriate measures. Administrator can receive notifications about virus outbreaks by e-mail or in local network through Net Send.

Administrator sets threshold of virus activity maximum number of detection events during specified amount of time. If virus activity exceeds specified threshold, a notification will be sent (through mail or by means of Net Send in local network). The following events are tracked: Infected object detected. Suspicious object detected. Damaged object detected. Same virus is detected several times. In case of virus outbreak administrator can start antiviral scan, run antivirus databases update or change protection mode of application by raising the level of protection from standard to extended or redundant. Later on the object from backup storage can be deleted or restored in order to get the information contained in the object or to rescan it with updated version of antivirus database. Besides, suspicious objects, containing modification of the known virus or unknown virus, can be sent to Kaspersky Lab for investigation. In this case a consequent rescan of this object with updated database will allow to disinfect it and save the integrity of its data. In the backup storage objects are kept in the encrypted form which avoids the risk of infection (objects are inaccessible without decoding). The backup storage can be limited by size (in MB) or by time of storage. Location of object in the backup storage can be carried out with the help of several search parameters: object status (several values can be chosen); name of the object; message sender; message recipient; subject of message; time interval when message was sent.

Backup copying. Application makes backup copies of messages before antivirus processing or deletion, which allows recovering of important information if necessary.
Configurable filters make locating original copies of specific objects easier

Performance optimization
Selecting objects for scan.
To minimize the load on the server during scan you can limit number of scanned objects and time of one object processing. Limitations can be applied for traffic scan and for background scan of designated storage area. Object of a certain type can be excluded from scanning: archives, all containers exceeding specified nesting level, files according to mask (e.g., *.txt), files according to the types (e.g., graphical files). In that way, only potentially risky objects will be scanned

Configuration modes, Mode for automatic configuration of operation efficiency includes the depending on the server load. following parameters:
Application offers a choice between three modes for automatic configuration of operation efficiency depending on the mail flow. Manual configuration allows to specify the fixed number of scanning threads in which objects are scanned, the number of anti-virus kernels running at the same time, and to specify whether the application must scan objects in RAM without first saving these objects in the temporary folder. Small e-mail flow (approximately 1-2 messages per hour in one mailbox) intended for conditions with large number of mailboxes on the server, but relatively small mail streams in each of them Intensive e-mail flow (more than 10-15 messages per hour for one mailbox) suits the situation when the number of mailboxes is not large but mail stream going through server into each of them is intensive. Medium e-mail flow mode corresponds with situation of even mail streams distribution. By default application conducts object scan in three threads. Microsoft recommends that the value of this setting equals (2 x number of processors + 1). The number of instances of the anti-virus kernels running at the same time is set to 4 by default. Kaspersky AntiVirus can scan objects not exceeding specified size

96

Confidential

(by default up to 1MB) in RAM without first saving these objects in the temporary folder.

Administration
Centralized administration
Configuration and administration of the application are performed through one administration console built into Microsoft Management Console (MMC) handy and familiar to Administrator management tool. Using , administrator can centrally do the following: add/delete new Exchange-servers into the list of servers, available for administration from console connect to/disconnect administration from server available for

create notification templates to notify users about detected suspicious and infected objects and report templates generate reports according to the specified template configure search parameters for location of objects in backup storage create and configure criteria for detection of virus outbreaks retrieve original copy of the object from backup or send it for investigation to Kaspersky Lab.

Notifications and reports


Administrator is notified about all important events occurred during Kaspersky Antivirus scan through e-mail or by means of Net Send. Application allows creating detailed reports on antivirus check for any period of time. All important events about Kaspersky Antivirus operation are also stored in the Microsoft Windows event log and in the applications own logs.

The default browser is used for viewing reports of antivirus scan of the server. Application contains default report templates; administrator can create his own templates as well. By default reports for the last 30 days are generated on the 1st day of each month. Administrator can configure period, frequency, time of creation and means of notification (store the reports on the hard disk or send them by e-mail) while creating own templates of reports. Kaspersky Antivirus allows registering events in its own log in Windows event system. Logging level can be selected from the five preset levels of diagnostics. Kaspersky Antivirus allows to conduct full diagnostics of its operation and register detected events in Windows event log and its own logs. Details level of information in the logs depends on configuration of application.

Default configuration at the Preliminary configured parameters include the following: installation.
After installation application starts to operate with a set of parameters the main part of which is set by default and is optimal, recommended by specialists of Kaspersky Lab. This allows to start using the application without time consuming configurations.

Antivirus checks mail flow for the presence of all known at the scan time malicious programs (standard level of antivirus protection).

Antivirus protects all public folders, all Exchange-server storages and all users on the mail server. Scanning of all new incoming messages on Exchange-server is performed in the following way: After detection of infected object application stores its original copy (attachment or message body) in the backup storage, makes an attempt to cure the object, if disinfection is not possible application deletes the object and replaces it with a text file notification. After detection of suspicious object application stores its original copy (attachment or message body) in the backup storage. After detection of protected or damaged object application stores its original copy (attachment or message body) in the backup storage. Background scan of mailbox and public folder storages is
97 Confidential

disabled Mail streams routed through Exchange-server are not scanned. Antivirus databases update is done every hour through Internet from Kaspersky Lab HTTP and FTP update servers. Administrator is not notified about detection of infected or suspicious objects. Virus outbreak is defined as following condition: detection of infected objects 5 times during the day. Administrator is not notified. Report for the last 30 days about the status of antivirus protection system is generated on the first day of each month.

98

Confidential

Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition


Target Audience and Purpose of the Document
This document is intended for Kaspersky Lab partners and staff of Kaspersky Lab sales departments and is for internal use only. In this document, we aim to provide the most reliable and current information about our product and its functions, its position in the Kaspersky Lab product line and the available licensing options. We also aim to clarify the advantages of the product for each type of user and show how the product compares with competitor solutions. Sales managers should use it as the principal information resource when addressing questions from potential customers.

Sales Information
What is Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition?
Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition is a software solution that provides antivirus protection for files sent to the local network via the Microsoft Internet Security and Acceleration Server. The program uses a number of filters for intercepting HTTP and FTP data, configuration tools and a management console.

Position in the Kaspersky Lab product line


Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition is designed for the Microsoft Windows family of products for business users. Kaspersky Lab strongly encourages its customers to protect all nodes on a corporate network, and the following products in particular are recommended in order to create an integrated protection system (depending upon the presence and types of nodes on the network): Kaspersky Anti-Virus for Workstations (Windows and/or Linux) Kaspersky Anti-Virus for File Servers (Windows, Novell Netware, Linux/FreeBSD, Samba) Kaspersky Anti-Virus for Mail Servers (Microsoft Exchange, IBM Lotus Domino, Sendmail, Qmail, Postfix, Exim) Kaspersky Anti-Virus for Firewalls (Microsoft ISA Server, CheckPoint Firewall) Kaspersky Security for PDA. Kaspersky Administration Kit is also recommended as a tool for centrally administering all Kaspersky Lab applications installed on a network.

Deploying the application


Typically, the application and its administration component are installed on a single computer. This deployment can increase the load on the ISA server. It is therefore recommended that ISA server administrators install applications on the ISA server and their administration components on a remote computer (as a rule, the administrators workstation). To organize the operation of Kaspersky Anti-Virus for Microsoft ISA Server in this way, it needs to be installed on the ISA Server, while the administration console should be installed on the administrators workstation. The only requirement for installing the Kaspersky Anti-Virus administration console is that the administration tools for the ISA Server should be installed on the same computer.

99

Licensing and Prices


Licensing Principles
Licensing of Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition is based on the number of workstations and file servers that use the Microsoft ISA Server to access the Internet.

License Periods
Licenses for Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition can be purchased for a period of 1 or 2 years from Kaspersky Lab partners. The following services are available to registered users during the license period: round-the-clock technical support by telephone and email on issues related to installing, configuring and using the product; regular antivirus database updates; free product updates; information on the release of new Kaspersky Lab products and notification of new viruses appearing globally (these services are provided to those who sign up for Kaspersky Lab news updates).

Upgrading from previous versions of the product


Customers can upgrade to version 5.5 of Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition during the license period of Kaspersky Anti-Virus for Microsoft ISA Server 2000 Standard Edition free of charge. The license period of the new version of the product will remain the same as the license period of the customers existing version of the product. Upon expiry of subscription for Kaspersky Anti-Virus for Microsoft ISA Server 2000 Standard Edition, a customer can upgrade to version 5.5 of Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition by purchasing the product with a 30% discount off list price.

Position on the price list


All price lists, excluding Russia, CIS and the Baltic States Enterprise Licenses Protection Kaspersky Anti-Virus Business Optimal Gateway Multi-tier

Enterprise Licenses Kaspersky Anti-Virus Business Optimal Protection KAV BO Suite Workstation / FileServer License

Enterprise Licenses Kaspersky Anti-Virus Business Optimal Multi-tier Protection KAV BO Suite. Workstation / FileServer /MailServer License Enterprise Licenses Kaspersky Anti-Virus Business Optimal Multi-tier Protection KAV BO Suite Workstation / FileServer / MailServer / Gateway License Enterprise Licenses Component Protection Enterprise Licenses Component Protection License Kaspersky Anti-Virus Business Optimal KAV BO Suite MailServer / Gateway License Key

Kaspersky Anti-Virus Business Optimal Key KAV BO Suite FileServer / MailServer / Gateway

100

Confidential

The Products Advantages for the Customer (Selling Points)


Business Benefits Reliable protection against viruses and malicious code Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition provides reliable protection against viruses and spyware owing to the use of cutting-edge technologies. The solution is based on Kaspersky Labs antivirus engine which offers malicious program detection rates that are among the industrys highest. Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition can detect and remove not only malicious programs, but also potentially hostile programs (riskware), advertising programs (adware), programs that collect information (spyware), programs that automatically establish dialup connections with pay sites (dialers) and other utilities that can potentially be used by cyber criminals. No additional product needs to be purchased in order to manage Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition. All administration functions can be performed via the Microsoft Management Console. Purchase of a license for Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition includes not only the right to use the product and subscription to regular updates to the antivirus databases and product components, but also free new versions of the program and round-the-clock technical support via telephone or email in several languages. Benefits for IT professionals Server load optimization Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition offers a broad range of capabilities related to configuring filtering parameters and transferring scanned data to users, helping reduce the lSA Servers load. Support for launching several copies of the antivirus engine allows the solution to process large volumes of data without reducing the ISA Servers performance. Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition integrates into the ISA Server, automatically detecting its current mode of operation and setting its parameters depending upon the ISA Servers mode. Configuration of antivirus protection policies is performed centrally from any computer with the Microsoft Management Console installed. Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition guarantees high stability of operation. Kaspersky Anti-Virus for Microsoft ISA Server: does not cause system instability; does not damage the configuration of Microsoft ISA Server; does not limit the functionality of Microsoft ISA Server.

Protection against potentially hostile programs

Solid value

Ease of installation

Convenient administration

Stability

101

Confidential

Comparison with Competitor Products: Functionality and Prices


This section provides a list of products by different developers, which may be considered by customers as alternative solutions for the protection of Microsoft ISA Server. Information provided in this section includes functions common to all these products, a table summarizing the differences between Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition and competitor products and information about product prices. Customers may consider the following products as an alternative to Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition: BitDefender for Microsoft ISA Server 2.0 GFI WebMonitor for Microsoft ISA Server 3.0 Panda ISASecure 2004 McAfee Security Shield for Microsoft ISA Server 1.0

Product Prices Number of users 10-14 15-19 20-24 25-49 50-99 100-149 150-249 250-499 500-749 750-999 More than 1,000 Kaspersky 14,00 13,50 13,00 12,50 12,00 11,50 11,00 10,50 10,00 10,00 9,00 250 users - 2250 500 users - 4050 25 users - 350 50 users 625 100 users -1075 25 users 317.6 (usd 412.5) 50 users 596.75 (usd 775) 100 users 1001 (usd 1300) GFI BitDefender 10 users -138.6 ( usd 108)

Prices are stated in Euro exclusive of VAT (for April, 2006). BitDefender prices are converted form usd using exchange rate stated on www. oanda.com GFI prices do not include Software Maintenance, equal to 20% of the product price.

102

Confidential

Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition

BitDefender for Microsoft ISA Server 2.0

GFI WebMonitor for Microsoft ISA Server 3.0

McAfee Security Shield for Microsoft ISA Server 1.0

Panda ISASecure 2004

Scanning of HTTP traffic Scanning of FTP traffic Scanning of FTP over HTTP traffic Creating and managing user groups Web filtering. Support for restricting Internet access of employees Some file types are excluded from filtering based on their extensions (GIF, JPG, etc.) Some file types are excluded from filtering based on file content (internal format) List of trusted sites: a list of websites the content of which does not require antivirus scanning. This feature helps increase the solutions performance Several antivirus engines can run in parallel Remote management using proprietary tools Using MMC

The functionality is provided by the ISA Server

Filtering using Yahoo! SafeSearch database

Blacklists and whitelists only -

Only for HTTP traffic

Using MMC or BitDefender Enterprise Manager

Using a special webbased interface

103

Quarantine for suspicious files

Not required for stream scanning of HTTP and FTP traffic

(all files go through quarantine after being downloaded)

Logs are recorded in the event log Logs are recorded in individual files Statistics Windows counters displaying statistics Displays user warnings Via the browser Warnings displayed via SNMP are used for

Via the browser

Via McAfee Alert Manager

104

Confidential

Features of the Product


This section describes the products principal features and provides additional information that will help answer questions from potential customers more completely and professionally without referring to documentation or other sources of information about the product. The applications features are grouped by function. In the left column, the description of a function available from Kaspersky Labs marketing materials appears; on the right, additional information for sales managers is provided.

Antivirus protection
Antivirus scanning.
Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition scans all data transferred via the Microsoft ISA Server 2004 and removes all types of viruses. Objects scanned by the solution include archived and compressed files in over 1,200 formats. Data in ZIP, CAB, RAR and ARJ archives can be disinfected. A unique heuristic analyzer detects unknown viruses as well. Antivirus databases containing descriptions of known viruses (about 167,000 as of February 200631) and a heuristic analyzer capable of detecting even the newest viruses are used for scanning and disinfecting objects. The program supports over 450 different executable file compression utilities, installers and archivers (a total of over 1,200 modifications as of February 2006), enabling it to detect viruses and malware in archived file formats. Kaspersky Labs antivirus databases are updated hourly. Emergency updates are released as necessary during epidemics and outbreaks.

Protection against The types of objects that Kaspersky Anti-Virus for Microsoft ISA potentially hostile software. Server 2004 Standard Edition can detect in the data stream are
In the extended antivirus protection mode the solution can detect and remove not only malicious programs, but also potentially hostile programs (riskware), advertising programs (adware), programs designed to collect information (spyware), programs that automatically establish dialup connections with pay sites (dialers) and other utilities that cybercriminals may use.

determined by the choice of one of the three possible levels of antivirus protection: - Standard databases (viruses only). Antivirus databases containing detailed descriptions of all existing viruses and methods of their detection and treatment. These are the antivirus databases used by default. - Extended databases (viruses + riskware). Antivirus databases that contain information about viruses and riskware programs. Such programs contain vulnerabilities that can be used for hacker attacks, access by unauthorized programs, etc. SuperSecure databases (viruses + riskware, spyware, adware). These are the most complete antivirus databases. In addition to the information described above, they also contain descriptions of programs used to collect information on remote computers (spyware) and programs for displaying advertising (adware).

Additional filtering parameters


By file type. The administrator can define the types of objects that will not be scanned for viruses, helping reduce ISA Server load. Trusted servers. The system administrator can define the list of trusted servers. Data transferred via these servers is not scanned for viruses. The more servers are included on the trusted server list, the less the program interferes with data requested by users. By user group. The
31

The administrator can exclude certain file formats from the list of objects to be scanned, for example, graphic files, which are not likely to contain viruses.

Trusted server parameters can be set in one of four ways: the server domain name; the server IP address; the subnet; an IP address range.

Each group consists of internal network clients to whom the same

Current information is published on Kaspersky Labs website at http://www.kaspersky.com/avupdates. 105

administrator can create groups of Microsoft ISA Server users and apply individual data processing rules to each group, defining specific restriction levels based on the companys security policy and employee needs.

policies can be applied. Each client can be a member of one or more groups. A client can be defined using an IP address or a group of IP addresses. Clients defined by specific IP addresses can be computers with network services installed and permanent IP addresses e.g., mail servers. For network clients which do not have a permanent IP address, one client defined by a subnet address and mask can be created. A policy can be defined for each group of clients. A group cannot have more than one policy.

Performance Optimization
Launching several copies of By default, when the application starts, four copies of the antivirus the antivirus engine. engine are launched and work in parallel. From 1 to 32 copies of the
Kaspersky Anti-Virus for Microsoft ISA Server 2004 Standard Edition is capable of scanning large volumes of data without reducing the ISA Servers performance. antivirus engine can be configured to run at the same time, although we recommend that four copies of the engine run for each physical processor.

Setting transmission The default settings are optimal for most configurations. However, parameters for the data being the administrator can configure the product based on the companys scanned. The administrator can specific requirements. The administrator can set the following
set the maximum time during which a data packet can be scanned before it is delivered to the user, the maximum interval in seconds between data transmissions and the amount of data accumulated by the solution for analysis and scanning and not sent to the user before such analysis and scanning is completed. parameters: the number of queued objects cached in memory; buffer size for cached objects (KB); the number of antivirus engines running simultaneously; and, the number of antivirus engine copies reserved for scanning the so-called fast objects. ("Fast" objects are those objects in the HTTP traffic which meet the following criteria: text files smaller than 2 MB; graphic files smaller than 2 MB; and; other objects (excluding executable files) smaller than 256 KB.) The size of the queue of objects to be scanned. This field defines the maximum number of objects that can be simultaneously located in the queue for antivirus scanning. Queue sizes from one to 16,383 objects can be set. Maximum scan time in seconds. This field defines the maximum time allowed for scanning an object. If an object can not be scanned during that time, it will be categorized as uninfected and sent to the client requesting it. The administrator can restore the default parameters at any time.

Administration
Remote management.
The administrator can configure antivirus scanning parameters using Microsoft Management Console. The administrator can create user groups, define security policies for the groups created, configure and view reports, install license keys, update antivirus databases, etc. Security policies may include restrictions on downloading files of certain type, size, etc.

Notification and reporting For Kaspersky Anti-Virus there are also a number of events that system. ISA Server Alerts, a require the immediate response of the system administrator, such as
system tool built into the ISA Server, provides various methods of notifying the administrator of critical events that occur in the The License Is Expiring. The list of such events is added to the existing ISA Server Alerts list immediately after the application is installed on the server. The administrator can configure the method

106

Confidential

operation of Kaspersky Anti-Virus installed on the ISA Server. All important messages concerning the operation of Kaspersky AntiVirus are also recorded in the Windows log system. Furthermore, Kaspersky AntiVirus for Microsoft ISA Server 2004 Standard Edition allows for the complete diagnosis of its performance on any of the Microsoft ISA Servers on which it is installed and records results in the relevant logs.

of notification for each event, including recording the event in the system log, email notification, etc. During installation of Kaspersky Anti-Virus a separate log is created in the Windows log system. Kaspersky Anti-Virus diagnostic logs include data on the applications operation for a specific date with the given level of detail, as well as information on any malicious objects detected. The administrator can configure the level of detail for the information recorded in these logs. All messages created by Kaspersky Anti-Virus are categorized based on the events that initiate them. The level of detail can be configured, from recording no information or principal events only to recording all information, including debugging. The administrator can restore default parameter values at any moment.

107

Confidential