Recent Test Results of Security Software

Antivirus test - Operation system boot time The objective of this test is to show how personal antivirus software influences the typical operations performed by the user, slows down its work and utilizes the system resources. 

Эффективность различных антивирусов против новейших угрозIn this test we analyzed the complex antivirus protection effectiveness to Zero-day malware spread via websites.

Changes in the heuristics effectivenessSerious efforts of the antivirus industry are focused on proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are still unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.

Figure 2 Changes in active infection treatment capabilities of antivirus productsThis is not the first time the Anti-Malware Test Lab has tested antivirus products for their ability to combat malicious programs, when they have already penetrated into operating system, started their activity and hid their presence. Will antivirus solutions be able to detect and remove the malicious program without disrupting the system’s operation? This test will show how popular antivirus products cope with this difficult task.

Diagram 3: Protection against the Twido virus family

The polymorphic malicious software (known also as polymorphic file-infectors or polymorphic viruses) is the variant of traditional file-infectors unlike to other file-infectors, the polymorphic viruses use different code-techniques to generate new mutations and make their detection hard for anti-viruses. The practice shows, that not only the ability to cure is important, but the correct detection too. Our test will give the answer how modern anti-virus solutions are able to protect user in case of polymorphic virus infections.

The industry has recently witnessed a shift in emphasis to so-called proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are as yet unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.

In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.

Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.

The purpose of this test is to analyze the ability of the most popular stand-alone anti-rootkit products to detect and remove malicious programs, actively distributed over the Internet (“In The Wild” samples) in their active state, that take advantage of rootkit technology.