Thousands of new malware samples appear on the Internet every day. Virus-writers invent more and more new methods to prevent detecting and removing malware code from the system such as using rootkit-technology masking. No antivirus can guarantee 100% protection of your computer under such conditions that is why an ordinary user will always run into a risk of infection even if he has an antivirus protection installed.

In many cases, a malware let into your computer can stay unnoticed for quite a log time even if an antivirus is installed. In this case, a user will have a false feeling of protection as his antivirus will not alarm any danger while the malefactors will be collecting confidential information or use his computer capacities with the help of their active malware application. If also often happens that an antivirus detects a malware but cannot delete it that makes the user apply for technical support or remove infection by himself using some extra tools.

Antivirus vendors can protect their customers developing malware detection and removing technologies. But practice proves that only some of them pay due attention to this protection aspect.

The objective of this test is to check personal antiviruses for their capacity to detect and remove malware successfully (without interfering with operation system operability) after it penetrated into your computer, started acting and hid its activity.

Methodology used for testing antiviruses for the treatment of active infections »
Analysis of test results and awards »

Contents:
- Introduction
- Comparison of healing possibilities
- Final test results and awards
- Analysis of changes as compared to the previous tests

Key results of the testing

Key results of the testing of antivirus products for the treatment of active infections in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Take a good look at the results of any antivirus product protection quality test and you are unlikely to see a result of 100% in the test charts. Even the best antivirus solutions are sometimes unable to detect a malicious program the moment it enters a computer. This is hardly surprising, since in recent years the growth in the number of viruses and the speed with which they spread has resembled an avalanche.

But don’t panic – today’s antivirus programs have a variety of tools for combating malicious programs even in the event that they have made their way on to your computer. Keep in mind, though, that malicious programs are good at masking their presence on your system, making the antivirus program’s job even harder.

This is not the first time the Anti-Malware Test Lab has tested antivirus products for their ability to combat malicious programs in just this kind of situation, when they have already penetrated your computer and started their activity, while masking their presence on the system. Will antivirus solutions be able to detect and remove the malicious program without disrupting the system’s operation? This test will show how popular antivirus products cope with this difficult task.

• Methodology used in testing antiviruses for the treatment of active infections »
• Analysis of testing results and awards»

Testing results (October, 2008)

Key results of the testing of antivirus products for the treatment of active infections in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

The antivirus industry of today devotes much effort to preventing virus infections. Various proactive technologies are developed and tested, new threat response times decrease, and detection rates increase. At the same time, the rate at which new kinds of and modifications to malicious programs appear is also rapidly increasing. As a result, no antivirus vendor can guarantee 100% protection to users. Malware infections are still quite common, and very few Internet users have not dealt with a virus at least once.

To make matters worse, virus writers keep perfecting their software. Some malicious programs are very hard to remove from the computer, because they use various methods to mask their presence in the system (including via rootkits) and to avoid detection and removal by antivirus programs.

What can be done if a computer is infected? Will an existing antivirus product cope with the problem or will it be necessary to install a competitor’s product?

In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.

Testing results (September, 2007)

Award	Products
Gold Malware Treatment Award Download GIF image (500х500px)	Dr.Web Anti-Virus 4.44 Beta (82%)
Silver Malware Treatment Award Download GIF image (500х500px)	Kaspersky Anti-Virus 7.0 (71%) Symantec Norton AntiVirus 2007 (71%)
Bronze Malware Treatment Award Download GIF image (500х500px)	Panda Antivirus 2008 (59%) Avast! Professional Edition 4.7.1029 (53%) AVG Anti-Virus 7.5 (47%)
Poor results	McAfee VirusScan 2007 (29%) Trend Micro Internet Security 2007 (29%) Avira AntiVir PE Premium 7.0 (24%) F-Secure Anti-Virus 2007 7.0 (18%) Eset NOD32 Antivirus 2.7 (18%) Sophos Anti-Virus 6.5 (18%) Dr.Web Anti-Virus 4.33 (12%) BitDefender Antivirus 10 (6%) VBA32 Antivirus 3.12 (6%)

Key results of the testing of antivirus products for the treatment of active infections in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

The antivirus industry of today devotes much effort to preventing virus infections. Various proactive technologies are developed and tested, new threat response times decrease, and detection rates increase. At the same time, the rate at which new kinds of and modifications to malicious programs appear is also rapidly increasing. As a result, no antivirus vendor can guarantee 100% protection to users. Malware infections are still quite common, and very few Internet users have not dealt with a virus at least once.

To make matters worse, virus writers keep perfecting their software. Some malicious programs are very hard to remove from the computer, because they use various methods to mask their presence in the system (including via rootkits) and to avoid detection and removal by antivirus programs.

What can be done if a computer is infected? Will an existing antivirus product cope with the problem or will it be necessary to install a competitor’s product?

In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.

Testing results (February 11, 2007)

Main results of the testing of antivirus products for the treatment of active infections in HTML»

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »