In this section, we present the results of our own analyses of IT security software. All of these tests were developed and conducted by participants of the Anti-Malware.ru project.
Many antivirus malware protection tests performed round the world were criticized by professionals as they considered them synthetic and far from reality. The first and the main claim was that only some antivirus protection components (such as classical signature detect or heuristics) are tested during the file collection test launch. At the same time, no contribution of other technologies (such as behavioral analysis, HIPS or reputation services, firewall/IDS, HTTP on-the-fly traffic, etc.) is taken into consideration.
The second sound reason is that a real user does not store and launch any old malware on its hard drive. As a rule, only Zero-day samples penetrate there and no antivirus can protect against them.
The work efficiency can also to some extent depend on the penetration method as some antivirus software can eliminate the infection threat at the stage of malware script launch at the web-page, others do that during loaders activation downloaded with exploit, and the third ones do it even later, with the installed malware start.
In this test we analyzed the complex antivirus protection effectiveness to Zero-day malware spread via websites.
We collected links to infected websites from different sources. As a rule, everyone can come across such links in search engines, E-mail, ICQ, Skype and other instant messengers or social networks.
Key results of the testing
Award | Products |
DefenseWall 2.56 | |
|
Kaspersky Internet Security 2010 Comodo Internet Security 3.9 Trend Micro Internet Security 2009 |
![]() Silver Zero-day Protection Award |
Sophos Anti-Virus 7.6 Safe'n'Sec Personal 3.5 Avira Premium Security Suite 9.0 Norton Internet Security 2009 Avast Antivirus Professional 4.8 |
|
Eset Smart Security 4.0 AVG Internet Security 8.5 Microsoft Security Essential 1.0 G-DATA Internet Security 2010 |
Failed
|
F-Secure Internet Security 2009 McAfee Internet Security Suite 13 Outpost Security Suite 2009 Panda Internet Security 2010 BitDefender Internet Security 2009 Dr.Web Security Space 5.0 |
Key results from the antivirus antivirus preformance test in HTML»
Serious efforts of the antivirus industry are focused on proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are still unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
It should be noted that proactive technologies encompass a wide range of concepts and approaches, and it is impossible to take all of them into account within a single test. In this test we will only compare the heuristic components of antivirus protection (heuristic + generic detection, i.e., extended signatures), without taking into account an analysis of system events (behavior blockers or HIPS).
The results of the test make it possible to conclude how effective a heuristic analyzer is and in which antivirus product this component works better.
As an addendum, a final measurement of the detection level for the collection of malware samples was performed on the updated antivirus software a week after the main test. As a result, the quality of detection for new viruses, as well as the effectiveness of the classical signature-based method of each antivirus program was ascertained in addition to their heuristics.
Key results of the testing (detection – false alarm)
Award | Products |
![]() Gold Proactive Protection Award Download GIF image (500х500px) |
Kaspersky Anti-Virus 2009 (61% - 0.01%) Eset Nod32 Anti-Virus 3.0 (61% - 0.02%) BitDefender Antivirus 2009 (60% - 0.04%) |
Avira AntiVir Premium 8.2 (71% - 0.13%) Dr.Web 5.0 (61% - 0.2%) AVG Anti-Virus 8.0 (58% - 0.02%) Avast! Professional Edition 4.8 (53% - 0.03%) Norton Anti-Virus 2009 (52% - 0%) VBA32 Antivirus 3.12 (45% - 0.07%) F-Secure Anti-Virus 2009 (44% - 0.03%) |
|
|
Panda Antivirus 2009 (38% - 0.02%) Trend Micro Internet Security 2009 (37% - 0.04%) Agnitum Outpost Anti-Virus Pro 2009 (33% - 0.07%) |
Failed
|
Sophos Anti-Virus 7.0 (61% - 2.24%) |
Key results from the proactive antivirus protection test in HTML»
Complete results for each antivirus product are available only in HTML (click on the link above).
Take a good look at the results of any antivirus product protection quality test and you are unlikely to see a result of 100% in the test charts. Even the best antivirus solutions are sometimes unable to detect a malicious program the moment it enters a computer. This is hardly surprising, since in recent years the growth in the number of viruses and the speed with which they spread has resembled an avalanche.
But don’t panic – today’s antivirus programs have a variety of tools for combating malicious programs even in the event that they have made their way on to your computer. Keep in mind, though, that malicious programs are good at masking their presence on your system, making the antivirus program’s job even harder.
This is not the first time the Anti-Malware Test Lab has tested antivirus products for their ability to combat malicious programs in just this kind of situation, when they have already penetrated your computer and started their activity, while masking their presence on the system. Will antivirus solutions be able to detect and remove the malicious program without disrupting the system’s operation? This test will show how popular antivirus products cope with this difficult task.
Testing results (October, 2008)
|
Dr.Web Anti-Virus 4.44 (100%) |
|
Kaspersky Anti-Virus 2009 (80%) |
|
Agnitum Outpost Antivirus Pro 6.5 (53%) |
Poor results |
BitDefender Antivirus 2009 (33%) |
Key results of the testing of antivirus products for the treatment of active infections in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Polymorphic malicious programs (also referred to hereafter as viruses) are capable of completely mutating with every new infection, generating multiple samples of themselves.
When scanning files on a computer using the traditional method, antivirus products search for specific traces of a virus – a signature. If the code of a virus that has been assigned a signature is modified, it will no longer be possible to detect it using that signature. A polymorphic virus is capable of performing such modifications to any of its parts.
As a rule, detecting polymorphic viruses makes use of a detection algorithm that is specially developed for each individual virus. The aim of this test is to assess the quality of the special algorithm function in various antivirus products.
Moreover, because polymorphic viruses are the most difficult viruses to detect, the ability to do so reflects the level of professionalism of an antivirus product’s developers. They not only have to analyze the complex variants of the viruses but also develop a reliable procedure and methodology to ensure 100% detection rates.
Latest test results (28/02/2008)
Award | Products |
Avira Antivir Personal Edition Classic 7.06 |
|
Avast Professional Edition 4.7 (25 out of 33) |
|
|
Microsoft Windows Live OneCare 2.0 Pre-Release |
Failed
|
McAfee VirusScan 2008 (11 out of 33) |
Key results from the testing of antivirus software for the detection of polymorphic viruse in HTML»
Complete results for each antivirus product are available only in HTML (click on the link above).
It has become increasingly popular for virus writers to make use of rootkit technologies. The reason for this is obvious – they make it possible to hide malicious programs and their components from PC users and antivirus programs. Numerous source codes for ready-made rootkits can be found on the Internet, which inevitably leads to their widespread use in various Trojans or spy programs (spyware/adware, keyloggers, etc.)
There are numerous specialized anti-rootkit products available for the detection and removal of these types of malicious programs. Furthermore, many antivirus developers state that their products include a function to detect active rootkits.
The aim of this test is to evaluate the ability of the most popular antivirus and anti-rootkit products to detect and remove malicious programs (‘in-the-wild’ samples) that use rootkit technologies and actively circulate over the Internet, as well as checking proactive detection capabilities to detect proof-of-concept rootkits hidden on a system.
It should be noted that although testing of in-the-wild malware samples is of real practical use, there is also a great deal of research value in ascertaining the capabilities of proactive detection when combating the hidden threat of rootkits.
Summary of anti-rootkit testing results (24/01/2008)
Award | Products |
![]() Gold Anti-Rootkit Protection Award |
Rootkit Unhooker 3.7 (7.5 out of 8 points) |
![]() Silver Anti-Rootkit Protection Award |
AVG Anti-Rootkit 1.1 (5.5 out of 8) |
![]() Bronze Anti-Rootkit Protection Award |
Symantec Anti-Virus 2008 (4.5 out of 8) |
Failed
|
BitDefender Antivirus 2008 (3 out of 8) |
Key test results for detection and removal of rootkits by antivirus/anti-rootkit software in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Complite testing results in PDF format »
The industry has recently witnessed a shift in emphasis to so-called proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are as yet unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
There are even attempts to contrast the newer proactive technologies with the older reactive technologies that use signature-based methods to detect malware and that require continuous and rapid updates of antivirus databases.
The concept of proactive protection is, of course, extremely attractive: a virus hasn’t even appeared and already there is protection against it. But the question arises as to just how effective these technologies are.
It should be noted that proactive technologies encompass a broad range of concepts and approaches, and including them all within the framework of a single test is simply not feasible. In this test we will only compare the heuristic components of antivirus protection (heuristic + generic detection, i.e., extended signatures), without taking into account an analysis of system events (behavior blockers or HIPS).
The results of the test make it possible to say how effective a heuristic analyzer is and in which antivirus product this component performs the best.
As an addendum, a final measurement of the detection level for the collection of malware samples was performed on the updated antivirus software a week after the main test. As a result, the quality of detection for new viruses, as well as the effectiveness of the classical signature-based method of each antivirus program was ascertained in addition to their heuristics.
Latest test results (14/01/2008)
Award | Products |
![]() Gold Proactive Protection Award Download GIF image (500х500px) |
Avira AntiVir Personal Edition Premium 7.0 (71%) BitDefender Antivirus 2008 (65%) |
ESET NOD32 Anti-Virus 3.0 (59%) Dr.Web 4.44 (57%) Sophos Anti-Virus 7.0 (56%) Avast! Professional Edition 4.7 (52%) VBA32 Antivirus 3.12 (48%) Kaspersky Anti-Virus 7.0 (45%) McAfee VirusScan Plus 2008 (43%) |
|
|
Symantec Anti-Virus 2008 (38%) AVG Anti-Virus Professional Edition 7.5 (37%) F-Secure Anti-Virus 2008 (36%) Trend Micro Antivirus plus Antispyware 2008 (30%) Panda Antivirus 2008 (20%) |
Failed
|
Agnitum Outpost Security Suite 2008 (12%) |
Key results from the proactive antivirus protection test in HTML»
Complete results for each antivirus product are available only in HTML (click on the link above).
Recent comments
49 weeks 1 day ago
2 years 1 week ago
2 years 2 weeks ago
2 years 5 weeks ago
2 years 15 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 34 weeks ago
2 years 45 weeks ago