Independent project of testing anti-malware solutions.

Antivirus product self-protection test II

Online criminal activities are gaining momentum faster than ever. Both the rate at which new types and modifications of malicious programs appear and the complexity of malware are on the rise. Cybercriminals use increasingly sophisticated methods, including masking the presence of a malicious program in the system, compression, encryption and incapacitating antivirus solutions.

Social engineering techniques make it easy to entice users to download and launch malicious programs as yet unknown by antivirus solutions. In such cases, in order to gain complete and uninterrupted control over the system, malicious programs search for an antivirus program, firewall or other protective solution in order to disrupt its operation.

Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.

In the test described below, we analyzed the self-protection capabilities of antivirus solutions that run under Windows XP SP3 and Windows 7 x86. Self-protection from the following types of attacks was analyzed:

  1. Modification of file and registry key access permissions.
  2. Modification / removal of modules.
  3. Deletion of antivirus databases.
  4. Modification / deletion of important registry keys.
  5. Process termination.
  6. Modification of processes / code.
  7. Driver unloading.

Antivirus product self-protection testing methodology »

Analysis of self-protection test results and awards »

Test results (September 28, 2010)

Award Products
Gold Self-Protection Award
Platinum Self-Protection Award
Download GIF image (500х500px)
Kaspersky Internet Security 2011 (100%)
DrWeb Security Space 6.0 (99%)

Gold Self-Protection Award

Gold Self-Protection Award
Download GIF image (500х500px)

Online Solutions Security Suite 1.5 (97%)
Outpost Security Suite Pro 2010 (97%)
Norton Internet Security 2010 (91%)
Avast! Internet Security 5.0 (91%)
Comodo Internet Security 4.1 (89%)
Avira Premium Security Suite 10.0 (88%)
BitDefender Internet Security 2011 (86%)
ZoneAlarm Internet Security Suite 2010 (86%)

Silver Self-Protection Award

Silver Self-Protection Award
Download GIF image (500х500px)

Eset Smart Security 4.2 (76%)
Panda Internet Security 2011 (70%)
G DATA Internet Security 2011 (70%)
McAfee Internet Security 2010 (63%)

Bronze Self-Protection Award

Bronze Self-Protection Award
Download GIF image (500х500px)

AVG Internet Security 9.0 (59%)
F-Secure Internet Security 2010 (57%)
VBA32 Personal 3.12 (55%)
Trend Micro Internet Security 2010 (50%)
PC Tools Internet Security 2010 (49%)
Failed Microsoft Security Essentials 1.0 (29%)

 

Key results of the testing of antivirus products in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Testing of parental controls (test I)

Our test was the first in the world to check how really effective are these popular filters in protecting children from unwelcome Internet-sites. The test results must help parents to choose the best and most qualitative protection for their children familiarizing with the global network.
It is worth mentioning that we did not compare the products functions, any settings and functions availability in this test. We checked the filters performance only based on the assumption that a child has Internet access and parental control is customized in accordance with the manufacturer’s recommendations.

Key results of the testing

Award Products
Gold Parental Control Award
Gold Parental Control Award 

Kaspersky PURE (96%)

Silver Parental Control Award
Silver Parental Control Award 

Panda Internet Security 2010 (87%)
Avira Premium Security Suite 10 (85%)

Bronze Parental Control Award
Bronze Parental ControlAward

Dr.Web Security Space 6.0 (82%)

Failed

Microsoft Windows Live Family Safety (77%)
McAfee Internet Security 2010 (74%)
Trend Micro Internet Security 2010 (65%)
F-Secure Internet Security 2010 (57%)
BitDefender Internet Security 2010 (54%)
Norton Internet Security 2010 (24%)

 

Key results for parental control test in HTML»


Testing of anti-rootkit software for the detection and removal of rootkits III

In these days, rootkit technologies are gaining more and more popularity with virus writers. The cause for this is quite obvious: they make it possible to hide malware and its components from PC users and antivirus programs. You can find the source codes for ready-made rootkits easily in the Internet free access that inevitably brings about widespread of this technology in various Trojan software or spywares.

Rootkit (from the English root kit) is software for hiding the malefactor’s or malware presence traces in the system. Rootkit technologies allow the malware to hide its activity in the victim’s computer by disguising the files, processes as well as its presence in the system.

A lot of specialized software products known as anti-rootkits exist for malware detecting and removing.

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the InternetWide-spread ITW malware testing gives us a good idea of how well the antirootkit software under analysis can cope with well-known rootkits.

It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.

Key results of the testing

Award Products

Gold Anti-Rootkit Protection Award

Download GIF image (500х500px)

GMER 1.0.15.15281 (10,5 из 12 баллов)
VBA32 Antirootkit 3.12 (beta) (10 из 12 баллов)


Silver Anti-Rootkit Protection Award

Download GIF image (500х500px)

RootRepeal 1.3.5 (9 из 12 баллов)
Online Solutions Autorun Manager 5.0.11922.0 (8 из 12 баллов)
XueTr 1.0.2.0 (8 из 12 баллов)
Rootkit Unhooker 3.8.386.589 (7,5 из 12 баллов)
KernelDetective 1.3.1 (7,5 из 12 баллов)


Bronze Anti-Rootkit Protection Award

Download GIF image (500х500px)

SysReveal 1.0.0.27 (6,5 из 12 баллов)
Sophos Anti-Rootkit 1.5.0 (6 из 12 баллов)

 

Failed

 

Trend Micro RootkitBuster 2.80 (3 из 12 баллов)
Eset SysInspector 1.2.012.0 (2,5 из 12 баллов)
Panda Anti-Rootkit 1.0.8.0 (1,5 из 12 баллов)

 

Key test results for detection and removal of rootkits by anti-rootkit software in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complite testing results in PDF format »

Complete testing results in Microsoft Excel format »

Testing of antiviruses for the treatment of active infections IV

Thousands of new malware samples appear on the Internet every day. Virus-writers invent more and more new methods to prevent detecting and removing malware code from the system such as using rootkit-technology masking. No antivirus can guarantee 100% protection of your computer under such conditions that is why an ordinary user will always run into a risk of infection even if he has an antivirus protection installed.

In many cases, a malware let into your computer can stay unnoticed for quite a log time even if an antivirus is installed. In this case, a user will have a false feeling of protection as his antivirus will not alarm any danger while the malefactors will be collecting confidential information or use his computer capacities with the help of their active malware application. If also often happens that an antivirus detects a malware but cannot delete it that makes the user apply for technical support or remove infection by himself using some extra tools.

Antivirus vendors can protect their customers developing malware detection and removing technologies. But practice proves that only some of them pay due attention to this protection aspect.

The objective of this test is to check personal antiviruses for their capacity to detect and remove malware successfully (without interfering with operation system operability) after it penetrated into your computer, started acting and hid its activity.

Methodology used for testing antiviruses for the treatment of active infections »
Analysis of test results and awards »

Contents:
- Introduction
- Comparison of healing possibilities
- Final test results and awards
- Analysis of changes as compared to the previous tests

Key results of the testing

Gold Malware Treatment Award
Gold Malware Treatment Award

Dr.Web Anti-Virus 5.00 (81%)
Kaspersky Anti-Virus 2010 (81%)

Silver Malware Treatment Award
Silver Malware Treatment Award

Avast! Professional Edition 4.8 (63%)
Microsoft Security Essentials 1.0 (63%)

Bronze Malware Treatment Award
Bronze Malware Treatment Award

Norton AntiVirus 2010 (56%)
F-Secure Anti-Virus 2010 (44%)

Failed

Panda Antivirus 2010 (38%)
AVG Anti-Virus & Anti-Spyware 9.0 (31%)
Avira AntiVir PE Premium 9.0 (31%)
Sophos Anti-Virus 9.0 (31%)
Trend Micro Antivirus plus Antispyware 2010 (31%)
BitDefender Antivirus 2010 (25%)
Eset NOD32 Antivirus 4.0 (25%)
McAfee VirusScan Plus 2010 (19%)
Comodo Antivirus 3.13 (13%)
Outpost Antivirus Pro 2009 (13%)
VBA32 Antivirus 3.12 (6%)

Key results of the testing of antivirus products for the treatment of active infections in HTML»

 

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Antivirus performance test I

Antivirus performance is the most important characteristic for most users as well as the quality of protection itself. This characteristic is the one that both home users and corporate customers pay their attention to when buying an antivirus. Nobody needs powerful but too resource-intensive protection with which you just cannot use your computer for doing what you would like to.

If the protection quality is very hard to evaluate all by yourself it is quite easy to notice immediately when the operating system and other programs slowdown or file copying and web-pages downloading "hang up". A reliable and practically unnoticeable antivirus is the biggest dream of every usual user.

The objective of this test is to show how personal antivirus software influences the typical operations performed by the user, slows down its work and utilizes the system resources. 

While performing the tests, we measured and compared parameters having a direct influence on the user's perception of antivirus performance, namely:

  1. Operation system boot time.
  2. Memory & CPU used by antivirus software.
  3. File copying performance (on-access antivirus scanner performance testing).
  4. Scan speed (on-demand antivirus scanner performance testing).
  5. Boot time for the five most popular office applications.

The test results give a clear idea of the performance of antivirus represented in the market. Having compared this information with Anti-Malware.ru test results, every user can make an informed choice in favor of this or that antivirus solution.

Methodology used for antivirus performance testing »
Analysis of the test results and awards »

Contents:
- Introduction
- Antivirus effect on the operation system boot time
- Antivirus resource-intensiveness comparison
- On-access antivirus scanner performance comparison
- On-demand antivirus scanner performance comparison
- Antivirus performance comparison for office applications

Key results of the testing

  Award

The fastest antivirus on-access scanners The fastest antivirus   on-demand scanners The fastest office application antivirus scanners
Platinum Award Platinum Performance Award On-Access Scanning
Avast
Platinum Performance Award On-Demand Scanning
Avira
Platinum Performance Award Office Software
-
Gold Award Gold Performance Award On-Access Scanning
Avira
Norton
BitDefender
Sophos
AVG
Kaspersky
Panda 
Gold Performance Award On-Demand Scanning
Kaspersky
Norton
BitDefender
F-Secure
Outpost
Gold Performance Award Office Software
BitDefender
Avira
McAfee
Microsoft
Eset
Avast
AVG
Silver Award Silver Performance Award On-Access Scanning
Trend Micro
F-Secure
Outpost
Silver Performance Award On-Demand Scanning
Trend Micro
Avast
Sophos
AVG
Panda
Silver Performance Award Office Software
Dr.Web
VirusBlokAda
Sophos
Bronze Award Bronze Performance Award On-Access Scanning
Eset
Bronze Performance Award On-Demand Scanning
McAfee
VirusBlokAda
Eset
Bronze Performance Award Office Software
Outpost
Panda
No award
McAfee
Microsoft
Dr.Web
VirusBlokAda
Microsoft
Dr.Web
Kaspersky
Norton
F-Secure
Trend Micro

 Key results from the antivirus antivirus preformance test in HTML»

Complete results for each antivirus product are available only in Microsoft Excel format:

Complete testing results in Microsoft Excel format »

Testing of antivirus software for the detection of Zero-day threats (test I)

Many antivirus malware protection tests performed round the world were criticized by professionals as they considered them synthetic and far from reality. The first and the main claim was that only some antivirus protection components (such as classical signature detect or heuristics) are tested during the file collection test launch. At the same time, no contribution of other technologies (such as behavioral analysis, HIPS or reputation services, firewall/IDS, HTTP on-the-fly traffic, etc.) is taken into consideration.

The second sound reason is that a real user does not store and launch any old malware on its hard drive. As a rule, only Zero-day samples penetrate there and no antivirus can protect against them.

The work efficiency can also to some extent depend on the penetration method as some antivirus software can eliminate the infection threat at the stage of malware script launch at the web-page, others do that during loaders activation downloaded with exploit, and the third ones do it even later, with the installed malware start.

In this test we analyzed the complex antivirus protection effectiveness to Zero-day malware spread via websites.

We collected links to infected websites from different sources. As a rule, everyone can come across such links in search engines, E-mail, ICQ, Skype and other instant messengers or social networks.

Key results of the testing

Award Products
Platinum Zero-day Protection Award
Platinum Zero-day
Protection Award
DefenseWall 2.56

Gold Zero-day Protection Award
Gold Zero-day
Protection Award

Kaspersky Internet Security 2010
Comodo Internet Security 3.9
Trend Micro Internet Security 2009
Silver Zero-day Protection Award
Silver Zero-day
Protection Award 
Sophos Anti-Virus 7.6
Safe'n'Sec Personal 3.5
Avira Premium Security Suite 9.0
Norton Internet Security   2009
Avast Antivirus Professional 4.8

Bronze Zero-day Protection Award
Bronze Zero-day
Protection Award

Eset Smart Security 4.0
AVG Internet Security 8.5
Microsoft Security Essential 1.0
G-DATA Internet Security  2010

 

Failed

 

F-Secure Internet Security 2009
McAfee Internet Security Suite 13
Outpost Security Suite 2009
Panda Internet Security 2010
BitDefender Internet Security 2009
Dr.Web Security Space 5.0

Key results from the antivirus antivirus preformance test in HTML»

Syndicate content