Anti-rootkit tests
Testing of anti-rootkit software for the detection and removal of rootkits III
Sun, 05/02/2010 - 19:16 — EditorIn these days, rootkit technologies are gaining more and more popularity with virus writers. The cause for this is quite obvious: they make it possible to hide malware and its components from PC users and antivirus programs. You can find the source codes for ready-made rootkits easily in the Internet free access that inevitably brings about widespread of this technology in various Trojan software or spywares.
Rootkit (from the English root kit) is software for hiding the malefactor’s or malware presence traces in the system. Rootkit technologies allow the malware to hide its activity in the victim’s computer by disguising the files, processes as well as its presence in the system.
A lot of specialized software products known as anti-rootkits exist for malware detecting and removing.
The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the InternetWide-spread ITW malware testing gives us a good idea of how well the antirootkit software under analysis can cope with well-known rootkits.
It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.
Key results of the testing
| Award | Products |
 Gold Anti-Rootkit Protection Award |
GMER 1.0.15.15281 (10,5 из 12 баллов) |
 Silver Anti-Rootkit Protection Award |
RootRepeal 1.3.5 (9 из 12 баллов) |
 Bronze Anti-Rootkit Protection Award |
SysReveal 1.0.0.27 (6,5 из 12 баллов) |
|
Failed
|
Trend Micro RootkitBuster 2.80 (3 из 12 баллов) |
Key test results for detection and removal of rootkits by anti-rootkit software in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Complite testing results in PDF format »
Complete testing results in Microsoft Excel format »
Testing of antivirus/anti-rootkit software for the detection and removal of rootkits II
Thu, 01/24/2008 - 09:43 — EditorIt has become increasingly popular for virus writers to make use of rootkit technologies. The reason for this is obvious – they make it possible to hide malicious programs and their components from PC users and antivirus programs. Numerous source codes for ready-made rootkits can be found on the Internet, which inevitably leads to their widespread use in various Trojans or spy programs (spyware/adware, keyloggers, etc.)
There are numerous specialized anti-rootkit products available for the detection and removal of these types of malicious programs. Furthermore, many antivirus developers state that their products include a function to detect active rootkits.
The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.
It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.
- Methodology used in this antivirus/anti-rootkit software testing »
- Selection of malware and proof-of-concept rootkits for this testing »
- Analysis of testing results and awards»
Summary of anti-rootkit testing results (24/01/2008)
| Award | Products |
|
Gold Anti-Rootkit Protection Award |
Rootkit Unhooker 3.7 (7.5 out of 8 points) |
|
Silver Anti-Rootkit Protection Award |
AVG Anti-Rootkit 1.1 (5.5 out of 8) |
|
Bronze Anti-Rootkit Protection Award |
Symantec Anti-Virus 2008 (4.5 out of 8) |
|
Failed
|
BitDefender Antivirus 2008 (3 out of 8) |
Key test results for detection and removal of rootkits by antivirus/anti-rootkit software in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Complite testing results in PDF format »
Anti-rootkit software testing on the detection and removal of malware
Fri, 03/30/2007 - 13:47 — Sergey IlyinTesting of anti-rootkit software on the detection and removal of malicious programs.
Rootkit technologies have become increasingly popular with virus writers. The reason for this is obvious: they conceal malicious programs and their components from PC users and antivirus programs. The source code for some rootkits can be found on the Internet, inevitably resulting in the use of rootkit technology in various Trojans and spy programs (spyware / adware, keyloggers, etc.).
There are a large number of dedicated software products (anti-rootkit solutions) that are designed to detect and remove such kinds of malicious programs.
The purpose of this test is to analyze the ability of the most popular anti-rootkit products to detect and remove malicious programs actively distributed over the Internet (“in the wild” samples) that take advantage of rootkit technology.
It should be noted that anti-rootkit software is usually tested on various test or proof of concept rootkits, while testing on widespread in the wild samples is what provides the most valuable information.
- Methodology used in anti-rootkit software testing for the detection and removal of malware »
- Selection of malicious programs for the testing of anti-rootkit software for the detection and removal of malware »
Summary of anti-rootkit testing results (March 14, 2007)
| Award |
Products |
| Excellent 9 out of 9 |
Antivir Rootkit 1.0 Beta 3 AVG Antirootkit 1.1 Beta Trend Micro RootkitBuster 1.6 Beta |
| Good 8 out of 9 |
McAfee Rootkit Detective 1.0 Beta Rootkit Unhooker 3.2 F-Secure BlackLight 2.2 Beta Sophos Anti-Rootkit 1.2 AVZ 4.23* |
| Poor results | Gmer 1.0 (6 out of 9) Bitdefender Antirootkit 1.2 Beta 2 (6 out of 9) UnHackMe 4.0 (2 out of 9) |
| * AVZ is a system analysis utility, which includes malicious program detection and removal functionality. | |
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Summary of testing results in PDF format »
Search
User login
Poll
Recent blog posts
- Russian antivirus market continues to grow
- VoIP hackers strike Perth business
- Will EDoS be the next DDoS?
- Why you should not use ‘OR 1=1’ when testing for SQL injection
- 12 security suites tested and 12 security suites fail
- I lost my login, and we are starting a new company too
- Turbo-charged wireless hacks threaten networks
- Russia’s antivirus market doubles in size
- Eset vs. Anti-Malware.ru
- Regarding rumors about my affiliation with antivirus vendors
Strategic partners
Recent comments
2 weeks 10 hours ago
1 year 6 weeks ago
1 year 7 weeks ago
1 year 10 weeks ago
1 year 20 weeks ago
1 year 24 weeks ago
1 year 24 weeks ago
1 year 24 weeks ago
1 year 39 weeks ago
1 year 50 weeks ago