The industry has recently witnessed a shift in emphasis to so-called proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are as yet unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.
In this test we analyzed the ability of popular antivirus programs to treat active malware -- when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
Malware-writers often use packers (or couple of packers) to impede detection of their "creations" for anti-virus engines. This fact forces antivirus developers to provide operational packers support to make av-engines more powerful for recognizing known malwares under new variants of packers. So, our test will show which AV companies attend to packers support and which not.
Comparative testing of 21 popular firewalls to check the quality of protection from attacks, coming from inside the system. In the test we checked the protection on 64 specially developed utilities, checking the protection of processes from quitting, protection from standard outbound attacks, protection from non-standard leaks and protection from non-standard techniques of penetration inside the kernel-mode.