In this test we analyzed the ability of popular antivirus programs to treat active malware by statement on October 2012 -- when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
When choosing a personal antivirus, protection quality is one of the main criteria. But if the results for some products are about the same by this factor, the user starts paying attention to the other characteristics of these products such as their productivity and usability.
In this test we examine the self-protection capabilities of TOP-20 most popular Internet Security antivirus products against 33 cases of possible malware attacks aimed to override or disrupt operation of the antivirus protection. This was the first time we tested the antivirus self-protection under Windows 7 x64.
Social engineering techniques make it easy to entice users to download and launch malicious programs as yet unknown by antivirus solutions. In such cases, in order to gain complete and uninterrupted control over the system, malicious programs search for an antivirus program, firewall or other protective solution in order to disrupt its operation.
Nowadays maliciousprograms increasinglyuse differentrootkittechnology tohideitself inacompromised system. This fact forces anti-virus software to evolve the detection methods of hidden objects.The purpose ofthis test isto show the ability of modern anti-virus software to neutralize rootkit-based malware.
Serious efforts of the antivirus industry are focused on proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are still unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
This is not the first time the Anti-Malware Test Lab has tested antivirus products for their ability to combat malicious programs, when they have already penetrated into operating system, started their activity and hid their presence. Will antivirus solutions be able to detect and remove the malicious program without disrupting the system’s operation? This test will show how popular antivirus products cope with this difficult task.
The polymorphic malicious software (known also as polymorphic file-infectors or polymorphic viruses) is the variant of traditional file-infectors unlike to other file-infectors, the polymorphic viruses use different code-techniques to generate new mutations and make their detection hard for anti-viruses. The practice shows, that not only the ability to cure is important, but the correct detection too. Our test will give the answer how modern anti-virus solutions are able to protect user in case of polymorphic virus infections.
Comparative testing of 21 popular firewalls to check the quality of protection from attacks, coming from inside the system. In the test we checked the protection on 64 specially developed utilities, checking the protection of processes from quitting, protection from standard outbound attacks, protection from non-standard leaks and protection from non-standard techniques of penetration inside the kernel-mode.