Kaspersky Anti-Hacker review: Kaspersky Anti-Hacker

Antivirus vendor Kaspersky Labs now offers a personal firewall called Anti-Hacker. It has the basics to keep PCs safe from most attacks and is easy to use, with core components that home users need, such as the ability to stealth or hide your PC from malicious intruders, application rules that let you decide which apps connect to the Net, and an intrusion-detection system that can sniff out some of the more common types of assaults. Unfortunately, it lacks the sophistication to adapt to new break-in techniques. Worse, its technical support stinks. For a standalone personal firewall that's both easy to use and sophisticated enough to stop new attacks, choose ZoneAlarm instead. Anti-Hacker exists only as a $40 download--there's no boxed version. Unfortunately, the file is large, more than 9MB, so anyone connecting via dial-up might have trouble. It took us nearly a half hour to retrieve the file at a speed of 56Kbps.

To install it, you'll need a key code file, which is sent via separate e-mail; the rest is automatic. You do have to reboot the PC once. From then on, Anti-Hacker works like ZoneAlarm Pro and other personal firewalls: When any Windows app tries to connect to the Internet, Anti-Hacker pops up an alert, asks if it's OK by you, and lets you say yea or nay or create a custom rule on the fly.

The interface consists of a number of screens. Click the small icons atop the Anti-Hacker interface to bring them to the front. By default, the opening screen shows a slider that sets the security level (from Allow All to Block All, with Low, Medium, and High in between). Unfortunately, the other available screens--such as the application and packet-filtering rules you've created or the ports currently open--pop up as new windows, something we always hate because it clutters up the monitor.

Like other firewalls, Anti-Hacker sniffs for applications accessing the Internet or a local network (although most of us probably don't face internal attacks from, say, family members on our home network). Programs you've allowed access can connect; those you haven't, cannot. It's pretty simple.

Anti-Hacker also hides the ports of your PC so that potential malicious hackers, who use extremely fast port scanners to find vulnerable systems, won't even be able to find your machine. Unfortunately, Anti-Hacker doesn't enable this important feature by default; instead, you must click a small box on the opening screen, which also displays a security slider. Plus, Anti-Hacker's help file regarding the stealth mode is written in extremely dense terms, making it hard to know whether you should turn it on (you should). Instead, Kaspersky should enable this important feature by default.

While it's running, Anti-Hacker scans your machine for Internet-bound applications and builds access rules for them automatically. Sadly, Anti-Hacker monitors only a limited number of applications. When we installed it on our system, it found Internet Explorer, Microsoft Outlook, and Outlook Express. That's it. For every other Net-enabled app, we had to handle the warning dialog pop-up and tell Anti-Hacker what we wanted to do. That's a hassle.

Anti-Hacker includes the ability to detect changed application files. It's smart enough to recognize whether an application trying to access the Internet is the real deal, not a disguised or altered file. ZoneAlarm Pro includes this feature as well.



Anti-Hacker boasts an intrusion-detection system that sniffs incoming and outgoing data packets for seven types of suspicious activities. For example, Anti-Hacker looks for the ping of death--an Internet control message packet (ICMP) larger than 64K--and the scanning of transmission control protocol (TCP) ports. However, Anti-Hacker doesn't have the ability to look for other types of attacks as do some other firewalls, such as Norton Personal Firewall. Bottom line: If you're the victim of sophisticated attacks, this firewall could fail you.

Anti-Hacker is suited only for advanced users who know what they're doing--those who can perform tasks such as generating custom rules for applications. It also lets you specify what types of data protocols an application can transmit--from HTTP to FTP--using a simple checklist and click-the-link motif to fill in such info as the remote machine's address or the port you want to use. But the tasks are not easy to pull off, so beginners should steer clear.

We noticed one big problem when we started playing with application rules. Even after we disabled, then removed entirely, rules for apps such as Internet Explorer and Outlook, they still went online and still worked. Not good, not good at all. More distressing, however, is the inability of Anti-Hacker to update itself to take into account future attack styles. At least, Norton Personal Firewall regularly updates itself to cover this possibility.

We ran Anti-Hacker against Steve Gibson's ShieldsUp port tester. In stealth mode, our PC was invisible to the world, which is good.

ShieldsUp port probe Port 21-FTP Port 23-Telnet Port 25-SMTP Port 79-Finger Port 80-HTTP Port 110-POP3 Port 113-IDENT Port 135-RPC

Kaspersky Anti-Hacker Stealth Stealth Stealth Stealth Stealth Stealth Stealth Stealth

ShieldsUp port probe Port 139-NetBIOS Port 143-IMAP Port 443-HTTPS Port 445-MSFT DS Port 5000 UPnP LeakTest

Kaspersky Anti-Hacker Stealth Stealth Stealth Stealth Stealth Passed

We began with IP Agent, a free utility provided by ShieldsUp that determines the test machine's current IP address, then contacts the ShieldsUp Web site to begin testing.

Next, the Port Probe utility tested our system's defense against Internet port scanners. The test originates from the ShieldsUp server and attempts to establish standard TCP/IP (Internet) connections on a handful of commonly exploited Internet service ports on the test computer.

Using ShieldsUp, each port gives one of the three following results:

Stealth: This result means that the probe was not able to find this particular port on your computer. This is the most secure result.

Closed: This shows that the probe was able to detect this particular port on your computer but that the connection was refused.

Open: This result means that the port is actively advertising its presence on the Internet. Port scanners will have no trouble finding it.

More information on these tests and what the results mean can be found at ShieldsUp. Find more information about how we test firewalls at CNET Labs.

Kaspersky Anti-Hacker includes a built-in help file that is clear, though the Russian-to-English translation isn't always precise. Most questions by first-time firewall users will be answered here. That's lucky since the rest of Kaspersky's support is puny.

Telephone and e-mail support for Anti-Hacker is weak. Fortunately, the built-in help file within Anti-Hacker is first class.

The company provides e-mail support, but the link is buried deep inside the Kaspersky Web site in the support section, under General Support Information. Kaspersky also provides an online database, but we searched through it half a dozen different ways and didn't come up with a single reference to Anti-Hacker.

Although you can phone Kaspersky technical support, it's a phone call to Moscow--not Idaho, Russia--and it's not toll-free. The hours are weekdays from 10 a.m. to 6:30 p.m. Moscow time, which is 11 p.m. to 7:30 a.m. PT. That's handy--not. Worse, if you decide to actually call and manage to get through, support is able to answer only questions about installation or configuration settings.