Awards Guide for Zero-Day Threats Protection Test (November 2009)

Submitted by Editor on Fri, 11/13/2009 - 10:09

When clicking the potentially dangerous web-page links, we fixed all the testing system changes and messages from installed HIPS and antivirus software.

When opening the dangerous link, the system infection could be stopped at one of the following stages:

Exploit detecting (malware script) on an opened web-page or web-page blocking by an anti-fishing module.
Detecting exploits (special program used to download malware, such as Trojans, into the victim's computer) by a web-antivirus or a file antivirus.
Malware detecting during its installation (as a rule, by behavioral analysis).
Warning the user about a potentially dangerous site or file on the basis of its rating in reputational services (In-The-Cloud).

With any of the variants given above, an antivirus receives one point for infection prevention. No distinction was made as from the user's point of view it does not matter on what stage and which component stopped the infection threat. The most important thing is that it was stopped. If an infection was not prevented partially due to an antivirus, it got zero points.

In fact this scoring method means the following: 1 point is awarded if infection was detected in any form including suspicious activity (and infection was stopped if the user chose the correct action in a dialogue box informing about a danger detected, infection prevention, potentially dangerous application download, file changing detected, etc). In other cases 0 points were awarded.

It is worth mentioning that a malware could be detected in some cases after file monitor of firewall/IDS infection and the antivirus did not manage to cope with it. In this case, this antivirus won 0 points as it did not manage to protect your computer from infection.

HIPS applications were estimated according to the same principle as antiviruses. They won 1 point as soon as they detected any malware or suspicious activity and stopped infection.

Awards

We calculated the points total for every antivirus or HIPS-products tested and their percent of maximum possible (36 points). As a result, the best products won corresponding awards if the following conditions were observed:

Download GIF image (500х500px)	Platinum Zero-day Protection Award is awarded if an antivirus detected over 95% of Zero-day malware.
Download GIF image (500х500px)	Gold Zero-day Protection Award is awarded if an antivirus detected over 80% of Zero-day malware.
Download GIF image (500х500px)	Silver Zero-day Protection Award is awarded if an antivirus detected over 60% of Zero-day malware.
Download GIF image (500х500px)	Bronze Zero-day Protection Award is awarded if an antivirus detected over 40% of Zero-day malware.