Independent project of testing anti-malware solutions.

Antivirus self-protection test under x64 platform

It is not a rare case when malicious programs have functionality aimed at overriding or disrupting operation of the system’s antivirus protection. Thus contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools.

In this test we examine the self-protection capabilities of complex Internet Security antivirus products against possible malware attacks. This was the first time we tested the software under Windows 7 x64. As before all tests were carried out with local admin privileges on the following levels:

  1. Modification of file and registry key access permissions.
  2. Modification / removal of modules.
  3. Deletion of antivirus databases.
  4. Modification / deletion of important registry keys.
  5. Process termination.
  6. Modification of processes / code.
  7. Driver unloading.

In addition, taking into account the test results of September 2010, we analyzed differences in self-protection performance of antivirus products under Windows 7 x86 and x64.

Antivirus product self-protection testing methodology »

Analysis of self-protection test results and awards »

Основные результаты тестирования

Platinum Self-Protection Award
Platinum Self-Protection Award
Download GIF image (500х500px)

Kaspersky Internet Security 2011 (100%)

Gold Self-Protection Award
Gold Self-Protection Award
Download GIF image (500х500px)

ZoneAlarm Internet Security Suite 2010 (97%)
Dr.Web Security Space 6.0 (94%)
Comodo Internet Security 5.0  (92%)
Outpost Security Suite Pro 2010 (7,0) (92%)
Norton Internet Security 2011 (91%)
BitDefender Internet Security 2011 (89%)
Trend Micro Titanium Internet Security 2011 (86%)
Avast! Internet Security 5 (83%)

Silver Self-Protection Award
Silver Self-Protection Award
Download GIF image (500х500px)

AVG Internet Security 2011 (77%)
G DATA Internet Security 2011 (73%)
Avira Premium Security Suite 10.0 (67%)
McAfee Internet Security 2011 (65 %)
Panda Internet Security 2011 (65%)
F-Secure Internet Security 2011 (64%)

Bronze Self-Protection Award
Bronze Self-Protection Award
Download GIF image (500х500px)

Eset Smart Security 4.2 (59%)
PC Tools Internet Security 2011 (59%)
Emsisoft Anti-Malware 5.0 (52%)
VBA32 Personal 3.12 (45%)

Failed

Microsoft Security Essentials 1.0 (30%)

Key results of the testing of antivirus products in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in Microsoft Excel format »

Antivirus product self-protection test II

Online criminal activities are gaining momentum faster than ever. Both the rate at which new types and modifications of malicious programs appear and the complexity of malware are on the rise. Cybercriminals use increasingly sophisticated methods, including masking the presence of a malicious program in the system, compression, encryption and incapacitating antivirus solutions.

Social engineering techniques make it easy to entice users to download and launch malicious programs as yet unknown by antivirus solutions. In such cases, in order to gain complete and uninterrupted control over the system, malicious programs search for an antivirus program, firewall or other protective solution in order to disrupt its operation.

Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.

In the test described below, we analyzed the self-protection capabilities of antivirus solutions that run under Windows XP SP3 and Windows 7 x86. Self-protection from the following types of attacks was analyzed:

  1. Modification of file and registry key access permissions.
  2. Modification / removal of modules.
  3. Deletion of antivirus databases.
  4. Modification / deletion of important registry keys.
  5. Process termination.
  6. Modification of processes / code.
  7. Driver unloading.

Antivirus product self-protection testing methodology »

Analysis of self-protection test results and awards »

Test results (September 28, 2010)

Award Products
Gold Self-Protection Award
Platinum Self-Protection Award
Download GIF image (500х500px)
Kaspersky Internet Security 2011 (100%)
DrWeb Security Space 6.0 (99%)

Gold Self-Protection Award

Gold Self-Protection Award
Download GIF image (500х500px)

Online Solutions Security Suite 1.5 (97%)
Outpost Security Suite Pro 2010 (97%)
Norton Internet Security 2010 (91%)
Avast! Internet Security 5.0 (91%)
Comodo Internet Security 4.1 (89%)
Avira Premium Security Suite 10.0 (88%)
BitDefender Internet Security 2011 (86%)
ZoneAlarm Internet Security Suite 2010 (86%)

Silver Self-Protection Award

Silver Self-Protection Award
Download GIF image (500х500px)

Eset Smart Security 4.2 (76%)
Panda Internet Security 2011 (70%)
G DATA Internet Security 2011 (70%)
McAfee Internet Security 2010 (63%)

Bronze Self-Protection Award

Bronze Self-Protection Award
Download GIF image (500х500px)

AVG Internet Security 9.0 (59%)
F-Secure Internet Security 2010 (57%)
VBA32 Personal 3.12 (55%)
Trend Micro Internet Security 2010 (50%)
PC Tools Internet Security 2010 (49%)
Failed Microsoft Security Essentials 1.0 (29%)

 

Key results of the testing of antivirus products in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Testing of parental controls (test I)

Our test was the first in the world to check how really effective are these popular filters in protecting children from unwelcome Internet-sites. The test results must help parents to choose the best and most qualitative protection for their children familiarizing with the global network.
It is worth mentioning that we did not compare the products functions, any settings and functions availability in this test. We checked the filters performance only based on the assumption that a child has Internet access and parental control is customized in accordance with the manufacturer’s recommendations.

Key results of the testing

Award Products
Gold Parental Control Award
Gold Parental Control Award 

Kaspersky PURE (96%)

Silver Parental Control Award
Silver Parental Control Award 

Panda Internet Security 2010 (87%)
Avira Premium Security Suite 10 (85%)

Bronze Parental Control Award
Bronze Parental ControlAward

Dr.Web Security Space 6.0 (82%)

Failed

Microsoft Windows Live Family Safety (77%)
McAfee Internet Security 2010 (74%)
Trend Micro Internet Security 2010 (65%)
F-Secure Internet Security 2010 (57%)
BitDefender Internet Security 2010 (54%)
Norton Internet Security 2010 (24%)

 

Key results for parental control test in HTML»


Testing of anti-rootkit software for the detection and removal of rootkits III

In these days, rootkit technologies are gaining more and more popularity with virus writers. The cause for this is quite obvious: they make it possible to hide malware and its components from PC users and antivirus programs. You can find the source codes for ready-made rootkits easily in the Internet free access that inevitably brings about widespread of this technology in various Trojan software or spywares.

Rootkit (from the English root kit) is software for hiding the malefactor’s or malware presence traces in the system. Rootkit technologies allow the malware to hide its activity in the victim’s computer by disguising the files, processes as well as its presence in the system.

A lot of specialized software products known as anti-rootkits exist for malware detecting and removing.

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the InternetWide-spread ITW malware testing gives us a good idea of how well the antirootkit software under analysis can cope with well-known rootkits.

It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.

Key results of the testing

Award Products

Gold Anti-Rootkit Protection Award

Download GIF image (500х500px)

GMER 1.0.15.15281 (10,5 из 12 баллов)
VBA32 Antirootkit 3.12 (beta) (10 из 12 баллов)


Silver Anti-Rootkit Protection Award

Download GIF image (500х500px)

RootRepeal 1.3.5 (9 из 12 баллов)
Online Solutions Autorun Manager 5.0.11922.0 (8 из 12 баллов)
XueTr 1.0.2.0 (8 из 12 баллов)
Rootkit Unhooker 3.8.386.589 (7,5 из 12 баллов)
KernelDetective 1.3.1 (7,5 из 12 баллов)


Bronze Anti-Rootkit Protection Award

Download GIF image (500х500px)

SysReveal 1.0.0.27 (6,5 из 12 баллов)
Sophos Anti-Rootkit 1.5.0 (6 из 12 баллов)

 

Failed

 

Trend Micro RootkitBuster 2.80 (3 из 12 баллов)
Eset SysInspector 1.2.012.0 (2,5 из 12 баллов)
Panda Anti-Rootkit 1.0.8.0 (1,5 из 12 баллов)

 

Key test results for detection and removal of rootkits by anti-rootkit software in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complite testing results in PDF format »

Complete testing results in Microsoft Excel format »

Testing of antiviruses for the treatment of active infections IV

Thousands of new malware samples appear on the Internet every day. Virus-writers invent more and more new methods to prevent detecting and removing malware code from the system such as using rootkit-technology masking. No antivirus can guarantee 100% protection of your computer under such conditions that is why an ordinary user will always run into a risk of infection even if he has an antivirus protection installed.

In many cases, a malware let into your computer can stay unnoticed for quite a log time even if an antivirus is installed. In this case, a user will have a false feeling of protection as his antivirus will not alarm any danger while the malefactors will be collecting confidential information or use his computer capacities with the help of their active malware application. If also often happens that an antivirus detects a malware but cannot delete it that makes the user apply for technical support or remove infection by himself using some extra tools.

Antivirus vendors can protect their customers developing malware detection and removing technologies. But practice proves that only some of them pay due attention to this protection aspect.

The objective of this test is to check personal antiviruses for their capacity to detect and remove malware successfully (without interfering with operation system operability) after it penetrated into your computer, started acting and hid its activity.

Methodology used for testing antiviruses for the treatment of active infections »
Analysis of test results and awards »

Contents:
- Introduction
- Comparison of healing possibilities
- Final test results and awards
- Analysis of changes as compared to the previous tests

Key results of the testing

Gold Malware Treatment Award
Gold Malware Treatment Award

Dr.Web Anti-Virus 5.00 (81%)
Kaspersky Anti-Virus 2010 (81%)

Silver Malware Treatment Award
Silver Malware Treatment Award

Avast! Professional Edition 4.8 (63%)
Microsoft Security Essentials 1.0 (63%)

Bronze Malware Treatment Award
Bronze Malware Treatment Award

Norton AntiVirus 2010 (56%)
F-Secure Anti-Virus 2010 (44%)

Failed

Panda Antivirus 2010 (38%)
AVG Anti-Virus & Anti-Spyware 9.0 (31%)
Avira AntiVir PE Premium 9.0 (31%)
Sophos Anti-Virus 9.0 (31%)
Trend Micro Antivirus plus Antispyware 2010 (31%)
BitDefender Antivirus 2010 (25%)
Eset NOD32 Antivirus 4.0 (25%)
McAfee VirusScan Plus 2010 (19%)
Comodo Antivirus 3.13 (13%)
Outpost Antivirus Pro 2009 (13%)
VBA32 Antivirus 3.12 (6%)

Key results of the testing of antivirus products for the treatment of active infections in HTML»

 

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Antivirus performance test I

Antivirus performance is the most important characteristic for most users as well as the quality of protection itself. This characteristic is the one that both home users and corporate customers pay their attention to when buying an antivirus. Nobody needs powerful but too resource-intensive protection with which you just cannot use your computer for doing what you would like to.

If the protection quality is very hard to evaluate all by yourself it is quite easy to notice immediately when the operating system and other programs slowdown or file copying and web-pages downloading "hang up". A reliable and practically unnoticeable antivirus is the biggest dream of every usual user.

The objective of this test is to show how personal antivirus software influences the typical operations performed by the user, slows down its work and utilizes the system resources. 

While performing the tests, we measured and compared parameters having a direct influence on the user's perception of antivirus performance, namely:

  1. Operation system boot time.
  2. Memory & CPU used by antivirus software.
  3. File copying performance (on-access antivirus scanner performance testing).
  4. Scan speed (on-demand antivirus scanner performance testing).
  5. Boot time for the five most popular office applications.

The test results give a clear idea of the performance of antivirus represented in the market. Having compared this information with Anti-Malware.ru test results, every user can make an informed choice in favor of this or that antivirus solution.

Methodology used for antivirus performance testing »
Analysis of the test results and awards »

Contents:
- Introduction
- Antivirus effect on the operation system boot time
- Antivirus resource-intensiveness comparison
- On-access antivirus scanner performance comparison
- On-demand antivirus scanner performance comparison
- Antivirus performance comparison for office applications

Key results of the testing

  Award

The fastest antivirus on-access scanners The fastest antivirus   on-demand scanners The fastest office application antivirus scanners
Platinum Award Platinum Performance Award On-Access Scanning
Avast
Platinum Performance Award On-Demand Scanning
Avira
Platinum Performance Award Office Software
-
Gold Award Gold Performance Award On-Access Scanning
Avira
Norton
BitDefender
Sophos
AVG
Kaspersky
Panda 
Gold Performance Award On-Demand Scanning
Kaspersky
Norton
BitDefender
F-Secure
Outpost
Gold Performance Award Office Software
BitDefender
Avira
McAfee
Microsoft
Eset
Avast
AVG
Silver Award Silver Performance Award On-Access Scanning
Trend Micro
F-Secure
Outpost
Silver Performance Award On-Demand Scanning
Trend Micro
Avast
Sophos
AVG
Panda
Silver Performance Award Office Software
Dr.Web
VirusBlokAda
Sophos
Bronze Award Bronze Performance Award On-Access Scanning
Eset
Bronze Performance Award On-Demand Scanning
McAfee
VirusBlokAda
Eset
Bronze Performance Award Office Software
Outpost
Panda
No award
McAfee
Microsoft
Dr.Web
VirusBlokAda
Microsoft
Dr.Web
Kaspersky
Norton
F-Secure
Trend Micro

 Key results from the antivirus antivirus preformance test in HTML»

Complete results for each antivirus product are available only in Microsoft Excel format:

Complete testing results in Microsoft Excel format »

Syndicate content