Polymorphic malicious programs (also referred to hereafter as viruses) are capable of completely mutating with every new infection, generating multiple samples of themselves.
When scanning files on a computer using the traditional method, antivirus products search for specific traces of a virus – a signature. If the code of a virus that has been assigned a signature is modified, it will no longer be possible to detect it using that signature. A polymorphic virus is capable of performing such modifications to any of its parts.
As a rule, detecting polymorphic viruses makes use of a detection algorithm that is specially developed for each individual virus. The aim of this test is to assess the quality of the special algorithm function in various antivirus products.
Moreover, because polymorphic viruses are the most difficult viruses to detect, the ability to do so reflects the level of professionalism of an antivirus product’s developers. They not only have to analyze the complex variants of the viruses but also develop a reliable procedure and methodology to ensure 100% detection rates.
Latest test results (28/02/2008)
Award | Products |
Avira Antivir Personal Edition Classic 7.06 |
|
Avast Professional Edition 4.7 (25 out of 33) |
|
|
Microsoft Windows Live OneCare 2.0 Pre-Release |
Failed
|
McAfee VirusScan 2008 (11 out of 33) |
Key results from the testing of antivirus software for the detection of polymorphic viruse in HTML»
Complete results for each antivirus product are available only in HTML (click on the link above).
The industry has recently witnessed a shift in emphasis to so-called proactive methods of antivirus protection, which allow antivirus software to combat malicious programs that have undergone modifications and those that are as yet unknown. This development trend is the most promising on the market and almost every developer likes to emphasize just how good their proactive defense is.
There are even attempts to contrast the newer proactive technologies with the older reactive technologies that use signature-based methods to detect malware and that require continuous and rapid updates of antivirus databases.
The concept of proactive protection is, of course, extremely attractive: a virus hasn’t even appeared and already there is protection against it. But the question arises as to just how effective these technologies are.
It should be noted that proactive technologies encompass a broad range of concepts and approaches, and including them all within the framework of a single test is simply not feasible. In this test we will only compare the heuristic components of antivirus protection (heuristic + generic detection, i.e., extended signatures), without taking into account an analysis of system events (behavior blockers or HIPS).
The results of the test make it possible to say how effective a heuristic analyzer is and in which antivirus product this component performs the best.
As an addendum, a final measurement of the detection level for the collection of malware samples was performed on the updated antivirus software a week after the main test. As a result, the quality of detection for new viruses, as well as the effectiveness of the classical signature-based method of each antivirus program was ascertained in addition to their heuristics.
Latest test results (14/01/2008)
Award | Products |
![]() Gold Proactive Protection Award Download GIF image (500х500px) |
Avira AntiVir Personal Edition Premium 7.0 (71%) BitDefender Antivirus 2008 (65%) |
ESET NOD32 Anti-Virus 3.0 (59%) Dr.Web 4.44 (57%) Sophos Anti-Virus 7.0 (56%) Avast! Professional Edition 4.7 (52%) VBA32 Antivirus 3.12 (48%) Kaspersky Anti-Virus 7.0 (45%) McAfee VirusScan Plus 2008 (43%) |
|
|
Symantec Anti-Virus 2008 (38%) AVG Anti-Virus Professional Edition 7.5 (37%) F-Secure Anti-Virus 2008 (36%) Trend Micro Antivirus plus Antispyware 2008 (30%) Panda Antivirus 2008 (20%) |
Failed
|
Agnitum Outpost Security Suite 2008 (12%) |
Key results from the proactive antivirus protection test in HTML»
Complete results for each antivirus product are available only in HTML (click on the link above).
The antivirus industry of today devotes much effort to preventing virus infections. Various proactive technologies are developed and tested, new threat response times decrease, and detection rates increase. At the same time, the rate at which new kinds of and modifications to malicious programs appear is also rapidly increasing. As a result, no antivirus vendor can guarantee 100% protection to users. Malware infections are still quite common, and very few Internet users have not dealt with a virus at least once.
To make matters worse, virus writers keep perfecting their software. Some malicious programs are very hard to remove from the computer, because they use various methods to mask their presence in the system (including via rootkits) and to avoid detection and removal by antivirus programs.
What can be done if a computer is infected? Will an existing antivirus product cope with the problem or will it be necessary to install a competitor’s product?
In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
Testing results (September, 2007)
Award | Products |
![]() Gold Malware Treatment Award |
Dr.Web Anti-Virus 4.44 Beta (82%) |
![]() Silver Malware Treatment Award Download GIF image (500х500px) |
Kaspersky Anti-Virus 7.0 (71%) Symantec Norton AntiVirus 2007 (71%) |
![]() Bronze Malware Treatment Award Download GIF image (500х500px) |
Panda Antivirus 2008 (59%) Avast! Professional Edition 4.7.1029 (53%) AVG Anti-Virus 7.5 (47%) |
Poor results | McAfee VirusScan 2007 (29%) Trend Micro Internet Security 2007 (29%) Avira AntiVir PE Premium 7.0 (24%) F-Secure Anti-Virus 2007 7.0 (18%) Eset NOD32 Antivirus 2.7 (18%) Sophos Anti-Virus 6.5 (18%) Dr.Web Anti-Virus 4.33 (12%) BitDefender Antivirus 10 (6%) VBA32 Antivirus 3.12 (6%) |
Key results of the testing of antivirus products for the treatment of active infections in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Online criminal activities are gaining momentum faster than ever. Both the rate at which new types and modifications of malicious programs appear and the complexity of malware are on the rise. Cybercriminals use increasingly sophisticated methods, including masking the presence of a malicious program in the system, compression, encryption and incapacitating antivirus solutions.
Social engineering techniques make it easy to entice users to download and launch malicious programs as yet unknown by antivirus solutions. In such cases, in order to gain complete and uninterrupted control over the system, malicious programs search for an antivirus program, firewall or other protective solution in order to disrupt its operation.
Consequently, contemporary antivirus products should be able to resist such attempts, that is, they should include self-protection functionality. This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools after receiving the appropriate antivirus database updates.
In the test described below, we analyzed the self-protection capabilities of antivirus solutions that run under Microsoft Windows XP with Service Pack 2. Self-protection from the following types of attacks was analyzed:
Antivirus product self-protection testing methodology »
Analysis of self-protection test results and awards »
Test results (September 11, 2007)
Award | Products |
Gold Self-Protection Award |
Kaspersky Internet Security 7.0 (97%) |
Silver Self-Protection Award |
VBA32 Antivirus 3.11 (71%) Symantec Internet Security 2007 (71%) F-Secure Internet Security 2007 (61%) |
Bronze Self-Protection Award |
ZoneAlarm Internet Security 7.0 (58%) Panda Internet Security 2007 (48%) McAfee Internet Security 2007 (47%) ESET Smart Security 3.0 Beta (44%) Trend Micro PC-Cillin 2007 (42%) |
Failed | Avast! Professional Edition 4.7 (33%) Avira Premium Security Suite 7.0 (33%) Sophos Anti-Virus 6.0 (33%) DrWeb 4.44 (32%) Microsoft Windows Live OneCare 1.6 (32%) BitDefender Internet Security 10 (30%) |
Key results of the testing of antivirus products in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
The antivirus industry of today devotes much effort to preventing virus infections. Various proactive technologies are developed and tested, new threat response times decrease, and detection rates increase. At the same time, the rate at which new kinds of and modifications to malicious programs appear is also rapidly increasing. As a result, no antivirus vendor can guarantee 100% protection to users. Malware infections are still quite common, and very few Internet users have not dealt with a virus at least once.
To make matters worse, virus writers keep perfecting their software. Some malicious programs are very hard to remove from the computer, because they use various methods to mask their presence in the system (including via rootkits) and to avoid detection and removal by antivirus programs.
What can be done if a computer is infected? Will an existing antivirus product cope with the problem or will it be necessary to install a competitor’s product?
In this test, we analyzed the ability of popular antivirus programs to treat active infections -- that is, when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
Testing results (February 11, 2007)
Award | Products |
1st place | Norton AntiVirus 2007 (80%) |
2nd place |
Kaspersky Anti-Virus 6.0 (70%) |
3rd place |
Avast! Professional Edition 4.7 (50%) Eset NOD32 Antivirus 2.7 (50%) Sophos Anti-Virus 6.0 (50%) BitDefender Antivirus 10 (50%) AVZ 4.21 (50%) |
Poor results | AVG Anti-Virus PE 7.5 (40%) McAfee VirusScan 2007 (40%) Panda Antivirus 2007 (40%) Avira AntiVir СE 7.0 (30%) Dr.Web Anti-Virus 4.33 (30%) F-Secure Anti-Virus 2007 (30%) Trend Micro PC-Cillin 2007 (30%) VBA32 Antivirus 3.11 (30%) |
* AVZ is a system analysis utility, which includes malicious program detection and removal functionality. However, it is not a fully functional antivirus solution. In the test, it was used as an antivirus scanner. |
Main results of the testing of antivirus products for the treatment of active infections in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Complete testing results in PDF format »
Complete testing results in Microsoft Excel format »
To ensure that the methodology and meaning of the results of this test are fully understood, we recommend reading about the concepts and principles underlying the operation of antivirus programs and compression utilities. Links to the relevant materials are provided below:
Testing Results (August 15, 2006)
Award | Products |
![]() Gold Packers Support |
F-Secure Anti-Virus 2006 (81%)* Kaspersky Anti-Virus 6.0 (81%) |
![]() Silver Packers Support |
BitDefender 9 Professional Plus (76%) Dr. Web Anti-Virus 4.33 (76%) |
![]() Bronze Packers Support |
Eset NOD32 Antivirus 2.5 (57%) |
Failed the test: | AVG Anti-Virus 7.1 (10%) Avira AntiVir PE 7.0 (10%) CA eTrust EZ Antivirus r8 (10%) Clam AntiVirus 0.88 (10%) McAfee VirusScan 2006 (10%) avast! Professional Edition 4.7 (5%) Panda Platinum Internet Security 2006 (5%) Sophos Anti-Virus 6.0 (5%) Norton AntiVirus 2006 (5%) VBA32 Antivirus 3.11 (5%) Trend Micro PC-Cillin 2006 (0%) UNA 1.8 (0%) |
* F-Secure Anti-Virus 2006 uses an antivirus engine licensed from Kaspersky Lab. | |
** The test was conducted using the latest versions of the following compression utilities: ACProtect, ASPack, ASProtect, Dropper, EXECryptor, ExeStealth, FSG, MEW, Morphine, NsPack, Obsidium, ORiEN, Packman, PECompact2, PESpin, Petite, Private exe Protector, UPX, WinUpack, yoda's Cryptor, yoda's Protector. |
Key results of our testing for packer support on different antivirus products in HTML»
Complete results for each antivirus product are available only in PDF or Microsoft Excel format:
Complete testing results in PDF format »
Complete testing results in Microsoft Excel format »
Recent comments
49 weeks 1 day ago
2 years 1 week ago
2 years 2 weeks ago
2 years 5 weeks ago
2 years 15 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 34 weeks ago
2 years 45 weeks ago