Serious efforts of the antivirus industry are focused on proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are still unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
This is not the first time the Anti-Malware Test Lab has tested antivirus products for their ability to combat malicious programs, when they have already penetrated into operating system, started their activity and hid their presence. Will antivirus solutions be able to detect and remove the malicious program without disrupting the system’s operation? This test will show how popular antivirus products cope with this difficult task.
The polymorphic malicious software (known also as polymorphic file-infectors or polymorphic viruses) is the variant of traditional file-infectors unlike to other file-infectors, the polymorphic viruses use different code-techniques to generate new mutations and make their detection hard for anti-viruses. The practice shows, that not only the ability to cure is important, but the correct detection too. Our test will give the answer how modern anti-virus solutions are able to protect user in case of polymorphic virus infections.
The industry has recently witnessed a shift in emphasis to so-called proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are as yet unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.
In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.
The purpose of this test is to analyze the ability of the most popular stand-alone anti-rootkit products to detect and remove malicious programs, actively distributed over the Internet (“In The Wild” samples) in their active state, that take advantage of rootkit technology.
Comparative testing of 21 popular firewalls to check the quality of protection from attacks, coming from inside the system. In the test we checked the protection on 64 specially developed utilities, checking the protection of processes from quitting, protection from standard outbound attacks, protection from non-standard leaks and protection from non-standard techniques of penetration inside the kernel-mode.