Anti-rootkit tests
Testing of antivirus/anti-rootkit software for the detection and removal of rootkits II
Thu, 01/24/2008 - 09:43 — EditorIt has become increasingly popular for virus writers to make use of rootkit technologies. The reason for this is obvious – they make it possible to hide malicious programs and their components from PC users and antivirus programs. Numerous source codes for ready-made rootkits can be found on the Internet, which inevitably leads to their widespread use in various Trojans or spy programs (spyware/adware, keyloggers, etc.)
There are numerous specialized anti-rootkit products available for the detection and removal of these types of malicious programs. Furthermore, many antivirus developers state that their products include a function to detect active rootkits.
The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.
It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.
- Methodology used in this antivirus/anti-rootkit software testing »
- Selection of malware and proof-of-concept rootkits for this testing »
- Analysis of testing results and awards»
Summary of anti-rootkit testing results (24/01/2008)
| Award | Products |
 Gold Anti-Rootkit Protection Award |
Rootkit Unhooker 3.7 (7.5 out of 8 points) |
 Silver Anti-Rootkit Protection Award |
AVG Anti-Rootkit 1.1 (5.5 out of 8) |
 Bronze Anti-Rootkit Protection Award |
Symantec Anti-Virus 2008 (4.5 out of 8) |
|
Failed
|
BitDefender Antivirus 2008 (3 out of 8) |
Key test results for detection and removal of rootkits by antivirus/anti-rootkit software in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Complite testing results in PDF format »
Anti-rootkit software testing on the detection and removal of malware
Fri, 03/30/2007 - 13:47 — Sergey IlyinTesting of anti-rootkit software on the detection and removal of malicious programs.
Rootkit technologies have become increasingly popular with virus writers. The reason for this is obvious: they conceal malicious programs and their components from PC users and antivirus programs. The source code for some rootkits can be found on the Internet, inevitably resulting in the use of rootkit technology in various Trojans and spy programs (spyware / adware, keyloggers, etc.).
There are a large number of dedicated software products (anti-rootkit solutions) that are designed to detect and remove such kinds of malicious programs.
The purpose of this test is to analyze the ability of the most popular anti-rootkit products to detect and remove malicious programs actively distributed over the Internet (“in the wild” samples) that take advantage of rootkit technology.
It should be noted that anti-rootkit software is usually tested on various test or proof of concept rootkits, while testing on widespread in the wild samples is what provides the most valuable information.
- Methodology used in anti-rootkit software testing for the detection and removal of malware »
- Selection of malicious programs for the testing of anti-rootkit software for the detection and removal of malware »
Summary of anti-rootkit testing results (March 14, 2007)
| Award |
Products |
| Excellent 9 out of 9 |
Antivir Rootkit 1.0 Beta 3 AVG Antirootkit 1.1 Beta Trend Micro RootkitBuster 1.6 Beta |
| Good 8 out of 9 |
McAfee Rootkit Detective 1.0 Beta Rootkit Unhooker 3.2 F-Secure BlackLight 2.2 Beta Sophos Anti-Rootkit 1.2 AVZ 4.23* |
| Poor results | Gmer 1.0 (6 out of 9) Bitdefender Antirootkit 1.2 Beta 2 (6 out of 9) UnHackMe 4.0 (2 out of 9) |
| * AVZ is a system analysis utility, which includes malicious program detection and removal functionality. | |
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Summary of testing results in PDF format »
Search
User login
Poll
Recent blog posts
- Russian antivirus market continues to grow
- VoIP hackers strike Perth business
- Will EDoS be the next DDoS?
- Why you should not use ‘OR 1=1’ when testing for SQL injection
- 12 security suites tested and 12 security suites fail
- I lost my login, and we are starting a new company too
- Turbo-charged wireless hacks threaten networks
- Russia’s antivirus market doubles in size
- Eset vs. Anti-Malware.ru
- Regarding rumors about my affiliation with antivirus vendors
Strategic partners
Recent comments
33 weeks 4 days ago
43 weeks 5 days ago
47 weeks 1 day ago
47 weeks 1 day ago
47 weeks 1 day ago
1 year 10 weeks ago
1 year 20 weeks ago
1 year 23 weeks ago
1 year 23 weeks ago
1 year 31 weeks ago