It is not a rare case when malicious programs have functionality aimed at overriding or disrupting operation of the system’s antivirus protection. Thus contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools.

In this test we examine the self-protection capabilities of complex Internet Security antivirus products against possible malware attacks. This was the first time we tested the software under Windows 7 x64. As before all tests were carried out with local admin privileges on the following levels:

1. Modification of file and registry key access permissions.
2. Modification / removal of modules.
3. Deletion of antivirus databases.
4. Modification / deletion of important registry keys.
5. Process termination.
6. Modification of processes / code.
7. Driver unloading.

In addition, taking into account the test results of September 2010, we analyzed differences in self-protection performance of antivirus products under Windows 7 x86 and x64.

Antivirus product self-protection testing methodology »

Analysis of self-protection test results and awards »

Основные результаты тестирования

Platinum Self-Protection Award Download GIF image (500х500px)	Kaspersky Internet Security 2011 (100%)
Gold Self-Protection Award Download GIF image (500х500px)	ZoneAlarm Internet Security Suite 2010 (97%) Dr.Web Security Space 6.0 (94%) Comodo Internet Security 5.0  (92%) Outpost Security Suite Pro 2010 (7,0) (92%) Norton Internet Security 2011 (91%) BitDefender Internet Security 2011 (89%) Trend Micro Titanium Internet Security 2011 (86%) Avast! Internet Security 5 (83%)
Silver Self-Protection Award Download GIF image (500х500px)	AVG Internet Security 2011 (77%) G DATA Internet Security 2011 (73%) Avira Premium Security Suite 10.0 (67%) McAfee Internet Security 2011 (65 %) Panda Internet Security 2011 (65%) F-Secure Internet Security 2011 (64%)
Bronze Self-Protection Award Download GIF image (500х500px)	Eset Smart Security 4.2 (59%) PC Tools Internet Security 2011 (59%) Emsisoft Anti-Malware 5.0 (52%) VBA32 Personal 3.12 (45%)
Failed	Microsoft Security Essentials 1.0 (30%)

Key results of the testing of antivirus products in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in Microsoft Excel format »

Online criminal activities are gaining momentum faster than ever. Both the rate at which new types and modifications of malicious programs appear and the complexity of malware are on the rise. Cybercriminals use increasingly sophisticated methods, including masking the presence of a malicious program in the system, compression, encryption and incapacitating antivirus solutions.

Social engineering techniques make it easy to entice users to download and launch malicious programs as yet unknown by antivirus solutions. In such cases, in order to gain complete and uninterrupted control over the system, malicious programs search for an antivirus program, firewall or other protective solution in order to disrupt its operation.

Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.

In the test described below, we analyzed the self-protection capabilities of antivirus solutions that run under Windows XP SP3 and Windows 7 x86. Self-protection from the following types of attacks was analyzed:

1. Modification of file and registry key access permissions.
2. Modification / removal of modules.
3. Deletion of antivirus databases.
4. Modification / deletion of important registry keys.
5. Process termination.
6. Modification of processes / code.
7. Driver unloading.

Antivirus product self-protection testing methodology »

Analysis of self-protection test results and awards »

Test results (September 28, 2010)

Award	Products
Platinum Self-Protection Award Download GIF image (500х500px)	Kaspersky Internet Security 2011 (100%) DrWeb Security Space 6.0 (99%)
Gold Self-Protection Award Download GIF image (500х500px)	Online Solutions Security Suite 1.5 (97%) Outpost Security Suite Pro 2010 (97%) Norton Internet Security 2010 (91%) Avast! Internet Security 5.0 (91%) Comodo Internet Security 4.1 (89%) Avira Premium Security Suite 10.0 (88%) BitDefender Internet Security 2011 (86%) ZoneAlarm Internet Security Suite 2010 (86%)
Silver Self-Protection Award Download GIF image (500х500px)	Eset Smart Security 4.2 (76%) Panda Internet Security 2011 (70%) G DATA Internet Security 2011 (70%) McAfee Internet Security 2010 (63%)
Bronze Self-Protection Award Download GIF image (500х500px)	AVG Internet Security 9.0 (59%) F-Secure Internet Security 2010 (57%) VBA32 Personal 3.12 (55%) Trend Micro Internet Security 2010 (50%) PC Tools Internet Security 2010 (49%)
Failed	Microsoft Security Essentials 1.0 (29%)

Key results of the testing of antivirus products in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Our test was the first in the world to check how really effective are these popular filters in protecting children from unwelcome Internet-sites. The test results must help parents to choose the best and most qualitative protection for their children familiarizing with the global network.
It is worth mentioning that we did not compare the products functions, any settings and functions availability in this test. We checked the filters performance only based on the assumption that a child has Internet access and parental control is customized in accordance with the manufacturer’s recommendations.

• Testing methodology »
• Testing results analysis and awards »

Key results of the testing

Award	Products
Gold Parental Control Award	Kaspersky PURE (96%)
Silver Parental Control Award	Panda Internet Security 2010 (87%) Avira Premium Security Suite 10 (85%)
Bronze Parental ControlAward	Dr.Web Security Space 6.0 (82%)
Failed	Microsoft Windows Live Family Safety (77%) McAfee Internet Security 2010 (74%) Trend Micro Internet Security 2010 (65%) F-Secure Internet Security 2010 (57%) BitDefender Internet Security 2010 (54%) Norton Internet Security 2010 (24%)

Key results for parental control test in HTML»

In these days, rootkit technologies are gaining more and more popularity with virus writers. The cause for this is quite obvious: they make it possible to hide malware and its components from PC users and antivirus programs. You can find the source codes for ready-made rootkits easily in the Internet free access that inevitably brings about widespread of this technology in various Trojan software or spywares.

Rootkit (from the English root kit) is software for hiding the malefactor’s or malware presence traces in the system. Rootkit technologies allow the malware to hide its activity in the victim’s computer by disguising the files, processes as well as its presence in the system.

A lot of specialized software products known as anti-rootkits exist for malware detecting and removing.

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the InternetWide-spread ITW malware testing gives us a good idea of how well the antirootkit software under analysis can cope with well-known rootkits.

It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.

• Testing methodology »
• Testing results analysis and awards »

Key results of the testing

Award	Products
Gold Anti-Rootkit Protection Award Download GIF image (500х500px)	GMER 1.0.15.15281 (10,5 из 12 баллов) VBA32 Antirootkit 3.12 (beta) (10 из 12 баллов)
Silver Anti-Rootkit Protection Award Download GIF image (500х500px)	RootRepeal 1.3.5 (9 из 12 баллов) Online Solutions Autorun Manager 5.0.11922.0 (8 из 12 баллов) XueTr 1.0.2.0 (8 из 12 баллов) Rootkit Unhooker 3.8.386.589 (7,5 из 12 баллов) KernelDetective 1.3.1 (7,5 из 12 баллов)
Bronze Anti-Rootkit Protection Award Download GIF image (500х500px)	SysReveal 1.0.0.27 (6,5 из 12 баллов) Sophos Anti-Rootkit 1.5.0 (6 из 12 баллов)
Failed	Trend Micro RootkitBuster 2.80 (3 из 12 баллов) Eset SysInspector 1.2.012.0 (2,5 из 12 баллов) Panda Anti-Rootkit 1.0.8.0 (1,5 из 12 баллов)

Key test results for detection and removal of rootkits by anti-rootkit software in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complite testing results in PDF format »

Complete testing results in Microsoft Excel format »

Thousands of new malware samples appear on the Internet every day. Virus-writers invent more and more new methods to prevent detecting and removing malware code from the system such as using rootkit-technology masking. No antivirus can guarantee 100% protection of your computer under such conditions that is why an ordinary user will always run into a risk of infection even if he has an antivirus protection installed.

In many cases, a malware let into your computer can stay unnoticed for quite a log time even if an antivirus is installed. In this case, a user will have a false feeling of protection as his antivirus will not alarm any danger while the malefactors will be collecting confidential information or use his computer capacities with the help of their active malware application. If also often happens that an antivirus detects a malware but cannot delete it that makes the user apply for technical support or remove infection by himself using some extra tools.

Antivirus vendors can protect their customers developing malware detection and removing technologies. But practice proves that only some of them pay due attention to this protection aspect.

The objective of this test is to check personal antiviruses for their capacity to detect and remove malware successfully (without interfering with operation system operability) after it penetrated into your computer, started acting and hid its activity.

Methodology used for testing antiviruses for the treatment of active infections »
Analysis of test results and awards »

Contents:
- Introduction
- Comparison of healing possibilities
- Final test results and awards
- Analysis of changes as compared to the previous tests

Key results of the testing

Key results of the testing of antivirus products for the treatment of active infections in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Antivirus performance is the most important characteristic for most users as well as the quality of protection itself. This characteristic is the one that both home users and corporate customers pay their attention to when buying an antivirus. Nobody needs powerful but too resource-intensive protection with which you just cannot use your computer for doing what you would like to.

If the protection quality is very hard to evaluate all by yourself it is quite easy to notice immediately when the operating system and other programs slowdown or file copying and web-pages downloading "hang up". A reliable and practically unnoticeable antivirus is the biggest dream of every usual user.

The objective of this test is to show how personal antivirus software influences the typical operations performed by the user, slows down its work and utilizes the system resources. 

While performing the tests, we measured and compared parameters having a direct influence on the user's perception of antivirus performance, namely:

1. Operation system boot time.
2. Memory & CPU used by antivirus software.
3. File copying performance (on-access antivirus scanner performance testing).
4. Scan speed (on-demand antivirus scanner performance testing).
5. Boot time for the five most popular office applications.

The test results give a clear idea of the performance of antivirus represented in the market. Having compared this information with Anti-Malware.ru test results, every user can make an informed choice in favor of this or that antivirus solution.

Methodology used for antivirus performance testing »
Analysis of the test results and awards »

Contents:
- Introduction
- Antivirus effect on the operation system boot time
- Antivirus resource-intensiveness comparison
- On-access antivirus scanner performance comparison
- On-demand antivirus scanner performance comparison
- Antivirus performance comparison for office applications

Key results of the testing

Award	The fastest antivirus on-access scanners	The fastest antivirus   on-demand scanners	The fastest office application antivirus scanners
Platinum Award	Avast	Avira	-
Gold Award	Avira Norton BitDefender Sophos AVG Kaspersky Panda	Kaspersky Norton BitDefender F-Secure Outpost	BitDefender Avira McAfee Microsoft Eset Avast AVG
Silver Award	Trend Micro F-Secure Outpost	Trend Micro Avast Sophos AVG Panda	Dr.Web VirusBlokAda Sophos
Bronze Award	Eset	McAfee VirusBlokAda Eset	Outpost Panda
No award	McAfee Microsoft Dr.Web VirusBlokAda	Microsoft Dr.Web	Kaspersky Norton F-Secure Trend Micro

 Key results from the antivirus antivirus preformance test in HTML»

Complete results for each antivirus product are available only in Microsoft Excel format:

Complete testing results in Microsoft Excel format »