Methodology used in testing of polymorphic virus detection

The test was performed on a specially-prepared VMware GSX Server platform. A “clean” virtual machine with a Microsoft Windows XP SP2 operating system was cloned for each antivirus product.

The following antivirus programs were tested:

  1. Agnitum Outpost Security Suite Pro 2008 (VirusBuster)
  2. Avast Professional Edition 4.7
  3. AVG Anti-Virus Professional Edition 7.5
  4. Avira Antivir Personal Edition Classic 7.06
  5. BitDefender Anti-Virus 2008
  6. DrWeb 4.44
  7. Eset Nod32 Antivirus 3.0
  8. F-Secure Anti-Virus 2008
  9. Kaspersky Anti-Virus 7.0
  10. McAfee VirusScan 2008
  11. Microsoft Windows Live OneCare 2.0 Pre-Release
  12. Panda Antivirus 2008
  13. Sophos Anti-Virus 7.0
  14. Symantec Anti-Virus 2008
  15. Trend Micro Antivirus plus Antispyware 2008
  16. VBA32 Workstation 3.12.6

All of the actions recommended by the installation programs (e.g., system restart, updating, etc.) were performed. The antivirus program default settings were not altered after installation. The only exception was when the “scan all files” option had to be activated in the settings.

Testing stages:

  1. Virtual machine switched on;
  2. On-demand scan of malware samples (set to automatically delete/quarantine detected objects);
  3. Undetected malware samples counted after scan.

Each antivirus program was allocated a dedicated clean virtual machine (step 1). A copy of the sample collection of malicious programs was made for each antivirus product (step 2).