The following 11 dedicated products for the detection and removal of programs that conceal their presence in the system (rootkits) were tested:
The anti-rootkit products were tested on the following malicious programs selected according to the criteria described above:
The names of the malicious programs used in this report are based on the Kaspersky Lab classification; alternative names used by other vendors can be found in the detailed testing report.
Testing of the ability of anti-rootkit programs to detect and remove malicious programs was conducted strictly in accordance with the methodology described above.
Table 1: Results of testing for malicious program detection and removal by anti-rootkit solutions
Anti-rootkit solution |
Successfully detected and removed | Rootkit not detected or removal failed | |
Completely removed | Traces of infection remaining* | ||
Antivir Rootkit 1.0.1.12 Beta3 | 7 | 2 | 0 |
AVG Antirootkit 1.1.0.29 Beta | 6 | 3 | 0 |
AVZ 4.23 ** | 4 | 4 | 1 |
Bitdefender Antirootkit 1.2.0.0 Beta2 | 1 | 5 | 3 |
F-Secure BlackLight 2.2.1055 Beta | 6 | 2 | 1 |
Gmer 1.0.12.12027 | 1 | 5 | 3 |
McAfee Rootkit Detective 1.0.0.41 Beta | 7 | 1 | 1 |
Rootkit Unhooker 3.20.130.388 | 7 | 1 | 1 |
Sophos Anti-Rootkit 1.2.2 | 6 | 2 | 1 |
Trend Micro RootkitBuster 1.6.0.1055 Beta | 5 | 4 | 0 |
UnHackMe 4.0 | 0 | 2 | 7 |
Table 2: Summary of anti-rootkit testing results
Award | Products |
Excellent 9 out of 9 |
Antivir Rootkit 1.0 Beta 3 AVG Antirootkit 1.1 Beta Trend Micro RootkitBuster 1.6 Beta |
Good 8 out of 9 |
McAfee Rootkit Detective 1.0 Beta Rootkit Unhooker 3.2 F-Secure BlackLight 2.2 Beta Sophos Anti-Rootkit 1.2 AVZ 4.23 |
Poor results: | Gmer 1.0 (6 out of 9) Bitdefender Antirootkit 1.2 Beta2 (6 out of 9) UnHackMe 4.0 (2 out of 9) |
Table 3: Summary of anti-rootkit testing results (released products only)
Award |
Products |
Good 8 out of 9 |
Rootkit Unhooker 3.2 Sophos Anti-Rootkit 1.2 AVZ 4.23 |
Poor results: | Gmer 1.0 (6 out of 9) UnHackMe 4.0 (2 out of 9) |
Almost all of the anti-rootkit solutions tested, with the exception of Gmer, Bitdefender Antirootkit and UnHackMe, demonstrated excellent or good results and can be successfully used to detect and remove malicious programs that use rootkit technologies to conceal their presence in the system.
It should be noted that some anti-rootkit solutions had problems removing (or renaming) the files detected and protecting their own processes. The principal reason for this is that, in addition to rootkit technologies, virus writers use other methods to protect their malicious programs. For example, Worm.Win32.Feebs.gt creates a hidden process that it uses as bait. When an anti-rootkit solution attempts to open this process, the worm terminates the anti-rootkit program’s process. Another widely used method is opening malicious program files with protected access rights.
The three best products based on the test results were Antivir Rootkit, AVG Antirootkit and Trend Micro RootkitBuster. All three products are currently in beta testing. Among those products which have already been commercially released, the best results were achieved by Rootkit Unhooker, Sophos Anti-Rootkit and AVZ.
For detailed test results, including information on the removal of specific viruses, and to verify the calculations used to determine the test results, please download the complete results in Microsoft Excel format.
Attachment | Size |
---|---|
Complete testing results in Microsoft Excel format » | 48 KB |
Summary of testing results in PDF format » | 14.62 KB |
Complete testing results in PDF format » | 25.55 KB |
Recent comments
49 weeks 1 day ago
2 years 1 week ago
2 years 2 weeks ago
2 years 5 weeks ago
2 years 15 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 34 weeks ago
2 years 45 weeks ago