Kaspersky Anti-Virus for Mac full review
Kaspersky Anti-Virus (KAV) for Mac is an antivirus-only package – that is, it offers no additional firewall, weblink screening, system resource monitoring or personal identity data safeguards, as you’ll find in the company’s Windows antivirus product and more comprehensive security suite. Additionally, while Windows antivirus programs often add heuristic testing to snag as-yet-unrecognised threats based on their dynamic behaviour, the program’s recognition of Mac malware is focused on signature recognition.
Given its reduced feature set, we wonder why KAV for Mac has such a high retail price of £40 – the same as Kaspersky’s complete internet security suite for Windows. Nevertheless, the scope of KAV for Mac is relatively wide. It checks for definition updates every 30 minutes (adjustable in the preferences pane), and has safeguards to prevent removal by a hostile agent. The depth of scanning can be tweaked, and the program creates comprehensive logs. Its update downloading is also compatible with the use of proxy servers.
On first installation, KAV downloads an update of the latest virus definitions from Kaspersky’s servers, after which it’s ready to execute its first scan.
The interface is a simple floating window with a large green circular porthole to the right, which changes colour to an ominous yellow when it detects a possible threat. Clicking the magnifying glass button offers a choice of three scan modes.
The Quick Scan feature scours all files within specific directories deemed more sensitive to malware on the system’s hard drive, such as /Documents, /Downloads, and /Library/StartUp Items.
The program compares scanned files’ signatures against a list of known malware. This list includes a very small number of objects for OS X (around 40 at time of press), but the threat database also includes over 3 million definitions from the Windows threat landscape.
And this explains a more pertinent need for antivirus software such as KAV for Mac: to screen malware that’s harmless to a Mac user, but which could prove ruinous if passed on to a Windows-using colleague. Or indeed to a Mac with Windows installed on a Boot Camp partition, or under virtualisation with VMware, VirtualBox or Parallels.
The Full Scan feature looks through the contents of all connected hard drives. In our tests on a MacBook Pro with an 80 per cent-full 500GB hard drive, the Quick Scan took around 4 hours to complete, while the Full Scan took closer to 6 hours.
As well as on-demand and scheduled scans, the app will also screen new files as they arrive on the system, either downloaded over the internet or from external media. Even copying a file from one location on the drive to another set the program into action.
Scans are said to include a search within compressed .zip files as well as .rar, .arj, .cab, .lha, .jar, and .ice archive files. It can’t scan .iso and .dmg files and therefore will not detect malware inside password-protected .dmg file.
Over the teething troubles
After some show-stopping teething troubles with the initial release of the product last October (including random crashes and over 150 per cent CPU usage), Kaspersky issued an update in January that allowed the software to scan with crucially lower system resources. We saw typical CPU usage pegged at around 20-30 per cent for manual background scans, with the system remaining responsive all the while, but we saw spikes exceeding 80 per cent CPU use.
At all other times, the program sat in the background consuming around 3-5 per cent CPU. At no point could we verify Kaspersky’s claim of “consuming less than 1 per cent of processing power”.
Missing from the original release of KAV for Mac, but now appearing with more recent updates, are definitions to flag the presence of commercial keyloggers. While not malware in the sense of causing direct damage to the system, they may be operating without the active user’s knowledge.
You’ll need to tick ‘Potentially dangerous software (riskware)’ from the Threats tab in Preferences if you want to be alerted to the presence of such bugging software. But even then, we found it would miss some keyloggers we had installed on our test machine.