Home » »

Awards Guide for Rootkits Detection and Removal Test (April 2010)

Submitted by Editor on Thu, 04/15/2010 - 19:33

As in all the previous anti-rootkits tests, their efficiency was evaluated on the basis of awarding definite points for detecting/deleting every rootkit. 

At that, the maximum for every detecting/deleting case is 1 point. We took into consideration detecting any system anomalies (with 0.5 points awarded) and a possibility for infection cleaning (0.5 points more).

 In some cases a rootkit could be deactivated by deleting a file or by deleing a register key. A deactivating method did not influence the points awarded. Anyway, in case of successful rootkit deactivation an anti-rootkit was awarded 0.5 points even if both the file and the key or only one of them was deleted.

A malware component (rootkit) copying ability was not taken into consideration but considered only as an additional characteristic of the product abilities.  

Important! An exception is made for system drivers infecting rootkits (Max++, Virus.Protector, TDL3 and z00clicker). If anti-rootkits managed to copy their infected content for analysis they were awarded 0.5 extra points (with the total of 1 point for infected content detection and deleting).

By analogue, anti-rootkits were awarded 0.5 points for MBR (Sinowal) infected file restoring (with the total of 1 point for the original MBR detection and deleting). 

When striking the balance, all the points awarded are summarized. The anti-rootkits that won the most points receive awards when meeting the following requirements:

The Platinum Anti-Rootkit Award is awarded if the product gets more than 95% of the total available points.
The Gold Anti-Rootkit Award is awarded if the product gets more than 80% of the total available points.
The Silver Anti-Rootkit Award is awarded if the product gets more than 60% of the total available points.
The Bronze Anti-Rootkit Award is awarded if the product gets more than 40% of the total available points.

If the anti-rootkit program gets less than 40% of the total available points, it failed the test.