Anti-rootkit tests

Testing of anti-rootkit software for the detection and removal of rootkits III

In these days, rootkit technologies are gaining more and more popularity with virus writers. The cause for this is quite obvious: they make it possible to hide malware and its components from PC users and antivirus programs. You can find the source codes for ready-made rootkits easily in the Internet free access that inevitably brings about widespread of this technology in various Trojan software or spywares.

Rootkit (from the English root kit) is software for hiding the malefactor’s or malware presence traces in the system. Rootkit technologies allow the malware to hide its activity in the victim’s computer by disguising the files, processes as well as its presence in the system.

A lot of specialized software products known as anti-rootkits exist for malware detecting and removing.

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the InternetWide-spread ITW malware testing gives us a good idea of how well the antirootkit software under analysis can cope with well-known rootkits.

It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.

Key results of the testing

Award Products

Gold Anti-Rootkit Protection Award

Download GIF image (500х500px)

GMER 1.0.15.15281 (10,5 из 12 баллов)
VBA32 Antirootkit 3.12 (beta) (10 из 12 баллов)


Silver Anti-Rootkit Protection Award

Download GIF image (500х500px)

RootRepeal 1.3.5 (9 из 12 баллов)
Online Solutions Autorun Manager 5.0.11922.0 (8 из 12 баллов)
XueTr 1.0.2.0 (8 из 12 баллов)
Rootkit Unhooker 3.8.386.589 (7,5 из 12 баллов)
KernelDetective 1.3.1 (7,5 из 12 баллов)


Bronze Anti-Rootkit Protection Award

Download GIF image (500х500px)

SysReveal 1.0.0.27 (6,5 из 12 баллов)
Sophos Anti-Rootkit 1.5.0 (6 из 12 баллов)

 

Failed

 

Trend Micro RootkitBuster 2.80 (3 из 12 баллов)
Eset SysInspector 1.2.012.0 (2,5 из 12 баллов)
Panda Anti-Rootkit 1.0.8.0 (1,5 из 12 баллов)

 

Key test results for detection and removal of rootkits by anti-rootkit software in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complite testing results in PDF format »

Complete testing results in Microsoft Excel format »

Testing of antivirus/anti-rootkit software for the detection and removal of rootkits II

It has become increasingly popular for virus writers to make use of rootkit technologies. The reason for this is obvious – they make it possible to hide malicious programs and their components from PC users and antivirus programs. Numerous source codes for ready-made rootkits can be found on the Internet, which inevitably leads to their widespread use in various Trojans or spy programs (spyware/adware, keyloggers, etc.)

There are numerous specialized anti-rootkit products available for the detection and removal of these types of malicious programs. Furthermore, many antivirus developers state that their products include a function to detect active rootkits. 

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.

It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.

Summary of anti-rootkit testing results (24/01/2008)

Award Products

Gold Anti-Rootkit Protection Award

Download GIF image (500х500px)

Rootkit Unhooker 3.7 (7.5 out of 8 points)
GMER 1.0 (7 out of 8)
Kaspersky Anti-Virus 7.0 (6.5 out of 8)
Avira Rootkit Detection 1.0 (6.5 out of 8) 


Silver Anti-Rootkit Protection Award

Download GIF image (500х500px)

AVG Anti-Rootkit 1.1 (5.5 out of 8)
Panda AntiRootkit 1.08 (5.5 out of 8)
Sophos Anti-Rootkit 1.3.1 (5.5 out of 8)
Dr.Web 4.44 (5 out of 8)
Trend Micro RootkitBuster 1. (5 out of 8)


Bronze Anti-Rootkit Protection Award

Download GIF image (500х500px)

Symantec Anti-Virus 2008 (4.5 out of 8)
F-Secure Anti-Virus 2008 (4 out of 8)
McAfee Rootkit Detective 1.1 (3.5 out of 8) 

 

Failed

 

BitDefender Antivirus 2008 (3 out of 8)
McAfee VirusScan Plus 2008 (1.5 out of 8)
ESET NOD32 Anti-Virus 3.0 (1 out of 8)
Trend Micro Antivirus plus Antispyware 2008 (1 out of 8)

Key test results for detection and removal of rootkits by antivirus/anti-rootkit software in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complite testing results in PDF format »

Rootkits description in PDF format »

Complete testing results in Microsoft Excel format »

Anti-rootkit software testing on the detection and removal of malware

Testing of anti-rootkit software on the detection and removal of malicious programs.

Rootkit technologies have become increasingly popular with virus writers. The reason for this is obvious: they conceal malicious programs and their components from PC users and antivirus programs. The source code for some rootkits can be found on the Internet, inevitably resulting in the use of rootkit technology in various Trojans and spy programs (spyware / adware, keyloggers, etc.).

There are a large number of dedicated software products (anti-rootkit solutions) that are designed to detect and remove such kinds of malicious programs.

The purpose of this test is to analyze the ability of the most popular anti-rootkit products to detect and remove malicious programs actively distributed over the Internet (“in the wild” samples) that take advantage of rootkit technology. 

It should be noted that anti-rootkit software is usually tested on various test or proof of concept rootkits, while testing on widespread in the wild samples is what provides the most valuable information.


Summary of anti-rootkit testing results (March 14, 2007) 

Award
Products
Excellent
9 out of 9
Antivir Rootkit 1.0 Beta 3
AVG Antirootkit 1.1 Beta
Trend Micro RootkitBuster 1.6 Beta
Good
8 out of 9
McAfee Rootkit Detective 1.0 Beta
Rootkit Unhooker 3.2
F-Secure BlackLight 2.2 Beta
Sophos Anti-Rootkit 1.2
AVZ 4.23*
Poor results Gmer 1.0 (6 out of 9)
Bitdefender Antirootkit 1.2 Beta 2 (6 out of 9)
UnHackMe 4.0 (2 out of 9)
* AVZ is a system analysis utility, which includes malicious program detection and removal functionality.

Main results of the testing of anti-rootkit software for the detection and removal of malware in HTML»

 
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Summary of testing results in PDF format »

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Syndicate content