Methodology used in testing antiviruses for the treatment of active infections II

Methodology used in testing antivirus solutions for the treatment of active infections (second test).

The test was conducted on a specially prepared workstation running under VMware GSX Server. A “clean” virtual machine running under Microsoft Windows XP Service Pack 2 was cloned for each malicious program. All Microsoft Windows patches available at the time of testing were installed. 

The following antivirus programs were tested:

  1. Avast! Professional Edition 4.7.1029
  2. AVG Anti-Virus 7.5.476
  3. Avira AntiVir PE Premium 7.0
  4. BitDefender Antivirus 10
  5. Dr.Web Anti-Virus 4.33.3
  6. Dr.Web Anti-Virus 4.44.0.8030 beta
  7. Eset NOD32 Antivirus 2.70.39
  8. F-Secure Anti-Virus 2007 7.02.395
  9. Kaspersky Anti-Virus 7.0.0.125
  10. McAfee VirusScan 2007
  11. Panda Antivirus 2008
  12. Sophos Anti-Virus 6.5.7 R2
  13. Symantec Norton AntiVirus 2007
  14. Trend Micro Internet Security 2007
  15. VBA32 Antivirus 3.12.2.2

The default settings recommended by the relevant vendors were used during the installation of the antivirus solutions on infected computers. All actions recommended by the vendors (such as rebooting the system, installing updates, etc.) were performed.

If the malicious code was not automatically detected by the antivirus solution, an on-demand scan of the folder (or folders) where the malicious program’s files were located was initiated.

Testing steps:

  1. The virtual machine was infected with a malicious program (activation of the malicious program).
  2. Verification that the virus was successfully installed and active was carried out.
  3. The infected system was rebooted multiple times.
  4.  An attempt was made to install the antivirus solution and to disinfect the system.
  5. If disinfection was successful, analysis of any remaining traces of the infection was carried out.

A dedicated clean virtual machine was used for each selected malicious program sample (step 1). After attempting to install an antivirus program and perform the disinfection, the virtual machine was restored to its initial state after step 3.