Anti-Malware.ru, an independent analytical organization that focuses on information security software, announces the publication of its latest annual report “Analysis of the Russian antivirus protection market 2007-2008”

The final figures for the Russian antivirus software market in 2008 amounted to$210 million, which represents an increase of 57% compared to the last year. Though the growth rate of the market becomes slower (94% last year), it remains rather high.

Kaspersky Lab continues to lead the Russian market, with sales of $98 million and a market share of 46.6% in 2008. This result was achieved primarily due to the success of the company in retail: last year Kaspersky Lab presented a new version of products for home users. Good results are also shown in SMB and government segments.

Eset got the second place with sales volume of $43 million and with a market share of 20.5%), due to the great results in retail that is approximately 50% of all their sales volume. Moreover, Eset continues to actively develop the partner system and to carry out an aggressive marketing policy.

The third position on the market is occupied by Symantec with sales volume of $31 million. Its market share decreased from 18.4% to 14.7% in 2008. The company received most of its profits from enterprise segment, but it wasn’t successful in retail as Kaspersky Lab or Eset.

The market share of Trend Micro continues to decrease in 2008. The reason for that lies in internal problems of the company’s exclusive distributor in Russia, and in a lowering of the attractiveness of the company’s products for its partners. McAfee has the similar problems in Russia. The situation was about to change in 2008 — McAfee has opened an official representative office in Russia, but it has not still effected on the market.

Panda Security closes the list of the main players on the Russian antivirus market with the share of the market of approximately 1.5%. The share of this company is decreasing from year to year. The rest of the players have shares not exceeding the 1% barrier and therefore they are not included in the detailed analysis.

Overall, the top three companies (Kaspersky Lab, Eset and Symantec) together earned $172 million, accounting for 82% of total antivirus software sales in Russia. This fact points to a virtual monopoly of the market by those vendors, which push out of the market the other players.

It is expected, that the market growth will be much slower than it was during the last several years because of the global economic crisis in 2009 — it will hardly exceed 30%. The Anti-Malware Test Lab experts forecast that sales volumes of antivirus software will reach $270 million in Russia in 2009.

“In spite of the global economy recession, the antivirus market will continue to grow. We believe that antivirus software is one of the key IT services for any business and people don’t save money on IT security even in tough economic times. Those vendors, who sell mostly to large enterprises, will be in much better position this year than companies focused on retail and SMB. In our opinion the IT security budgets in businesses will not be considerably cut this year, while consumers will tend to save on such things as software”, said Sergey Ilyin, Managing partner of Anti-Malware.ru.

Serious efforts of the antivirus industry are focused on proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are still unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.

It should be noted that proactive technologies encompass a wide range of concepts and approaches, and it is impossible to take all of them into account within a single test. In this test we will only compare the heuristic components of antivirus protection (heuristic + generic detection, i.e., extended signatures), without taking into account an analysis of system events (behavior blockers or HIPS).

The results of the test make it possible to conclude how effective a heuristic analyzer is and in which antivirus product this component works better.

As an addendum, a final measurement of the detection level for the collection of malware samples was performed on the updated antivirus software a week after the main test. As a result, the quality of detection for new viruses, as well as the effectiveness of the classical signature-based method of each antivirus program was ascertained in addition to their heuristics.

• Methodology used in testing of proactive antivirus protection »
• Analysis of the test results and awards

Key results of the testing (detection – false alarm)

Award	Products
Gold Proactive Protection Award Download GIF image (500х500px)	Kaspersky Anti-Virus 2009 (61% - 0.01%) Eset Nod32 Anti-Virus 3.0 (61% - 0.02%) BitDefender Antivirus 2009 (60% - 0.04%)
Silver Proactive Protection Award Download GIF image (500х500px)	Avira AntiVir Premium 8.2 (71% - 0.13%) Dr.Web 5.0 (61% - 0.2%) AVG Anti-Virus 8.0 (58% - 0.02%) Avast! Professional Edition 4.8 (53% - 0.03%) Norton Anti-Virus 2009 (52% - 0%) VBA32 Antivirus 3.12 (45% - 0.07%) F-Secure Anti-Virus 2009 (44% - 0.03%)
Bronze Proactive Protection Award Download GIF image (500х500px)	Panda Antivirus 2009 (38% - 0.02%) Trend Micro Internet Security 2009 (37% - 0.04%) Agnitum Outpost Anti-Virus Pro 2009 (33% - 0.07%)
Failed	Sophos Anti-Virus 7.0 (61% - 2.24%)

 Key results from the proactive antivirus protection test in HTML»

Complete results for each antivirus product are available only in HTML (click on the link above).

Take a good look at the results of any antivirus product protection quality test and you are unlikely to see a result of 100% in the test charts. Even the best antivirus solutions are sometimes unable to detect a malicious program the moment it enters a computer. This is hardly surprising, since in recent years the growth in the number of viruses and the speed with which they spread has resembled an avalanche.

But don’t panic – today’s antivirus programs have a variety of tools for combating malicious programs even in the event that they have made their way on to your computer. Keep in mind, though, that malicious programs are good at masking their presence on your system, making the antivirus program’s job even harder.

This is not the first time the Anti-Malware Test Lab has tested antivirus products for their ability to combat malicious programs in just this kind of situation, when they have already penetrated your computer and started their activity, while masking their presence on the system. Will antivirus solutions be able to detect and remove the malicious program without disrupting the system’s operation? This test will show how popular antivirus products cope with this difficult task.

• Methodology used in testing antiviruses for the treatment of active infections »
• Analysis of testing results and awards»

Testing results (October, 2008)

Key results of the testing of antivirus products for the treatment of active infections in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complete testing results in PDF format »

Complete testing results in Microsoft Excel format »

Polymorphic malicious programs (also referred to hereafter as viruses) are capable of completely mutating with every new infection, generating multiple samples of themselves.

When scanning files on a computer using the traditional method, antivirus products search for specific traces of a virus – a signature. If the code of a virus that has been assigned a signature is modified, it will no longer be possible to detect it using that signature. A polymorphic virus is capable of performing such modifications to any of its parts.

As a rule, detecting polymorphic viruses makes use of a detection algorithm that is specially developed for each individual virus. The aim of this test is to assess the quality of the special algorithm function in various antivirus products.

Moreover, because polymorphic viruses are the most difficult viruses to detect, the ability to do so reflects the level of professionalism of an antivirus product’s developers. They not only have to analyze the complex variants of the viruses but also develop a reliable procedure and methodology to ensure 100% detection rates.

• Methodology used in testing of polymorphic virus detection »
• Composition of polymorphic virus samples for antivirus detection testing »
• Analysis of testing results and awards»

Latest test results (28/02/2008)

Award	Products
Download GIF image (500х500px)	Avira Antivir Personal Edition Classic 7.06 (31 out of 33 points) F-Secure Anti-Virus 2008 (31 out of 33) Kaspersky Anti-Virus 7.0 (31 out of 33)
Download GIF image (500х500px)	Avast Professional Edition 4.7 (25 out of 33) AVG Anti-Virus Professional Edition 7.5 (22 out of 33) DrWeb 4.44 (21 out of 33) ESET Nod32 Antivirus 3.0 (20 out of 33)
Download GIF image (500х500px)	Microsoft Windows Live OneCare 2.0 Pre-Release (19 out of 33) Trend Micro Antivirus plus Antispyware 2008 (18 out of 33) Symantec Anti-Virus 2008 (17 out of 33) BitDefender Anti-Virus 2008 (16 out of 33) Agnitum Outpost Security Suite Pro 2008 (15 out of 33) Sophos Anti-Virus 7.0 (14 out of 33) Panda Antivirus 2008 (14 out of 33) VBA32 Workstation 3.12.6 (14 out of 33)
Failed	McAfee VirusScan 2008 (11 out of 33)

 Key results from the testing of antivirus software for the detection of polymorphic viruse in HTML»

Complete results for each antivirus product are available only in HTML (click on the link above).

It has become increasingly popular for virus writers to make use of rootkit technologies. The reason for this is obvious – they make it possible to hide malicious programs and their components from PC users and antivirus programs. Numerous source codes for ready-made rootkits can be found on the Internet, which inevitably leads to their widespread use in various Trojans or spy programs (spyware/adware, keyloggers, etc.)

There are numerous specialized anti-rootkit products available for the detection and removal of these types of malicious programs. Furthermore, many antivirus developers state that their products include a function to detect active rootkits. 

The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.

It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.

• Methodology used in this antivirus/anti-rootkit software testing »
• Selection of malware and proof-of-concept rootkits for this testing »
• Analysis of testing results and awards»

Summary of anti-rootkit testing results (24/01/2008)

Award	Products
Gold Anti-Rootkit Protection Award Download GIF image (500х500px)	Rootkit Unhooker 3.7 (7.5 out of 8 points) GMER 1.0 (7 out of 8) Kaspersky Anti-Virus 7.0 (6.5 out of 8) Avira Rootkit Detection 1.0 (6.5 out of 8)
Silver Anti-Rootkit Protection Award Download GIF image (500х500px)	AVG Anti-Rootkit 1.1 (5.5 out of 8) Panda AntiRootkit 1.08 (5.5 out of 8) Sophos Anti-Rootkit 1.3.1 (5.5 out of 8) Dr.Web 4.44 (5 out of 8) Trend Micro RootkitBuster 1. (5 out of 8)
Bronze Anti-Rootkit Protection Award Download GIF image (500х500px)	Symantec Anti-Virus 2008 (4.5 out of 8) F-Secure Anti-Virus 2008 (4 out of 8) McAfee Rootkit Detective 1.1 (3.5 out of 8)
Failed	BitDefender Antivirus 2008 (3 out of 8) McAfee VirusScan Plus 2008 (1.5 out of 8) ESET NOD32 Anti-Virus 3.0 (1 out of 8) Trend Micro Antivirus plus Antispyware 2008 (1 out of 8)

Key test results for detection and removal of rootkits by antivirus/anti-rootkit software in HTML»

Complete results for each antivirus product are available only in PDF or Microsoft Excel format:

Complite testing results in PDF format »

Rootkits description in PDF format »

Complete testing results in Microsoft Excel format »