Active Malware Treatment Test (February 2007)
Table of Contents:
- Introduction
- Test Results and Awards
Introduction
The antivirus industry of today devotes much effort to preventing malware infections. Various proactive technologies are developed and tested, new threat response times decrease, and detection rates increase. At the same time, the rate at which new kinds of and modifications to malicious programs appear is also rapidly increasing. As a result, no antivirus vendor can guarantee 100% protection to users. Malware infections are still quite common, and very few Internet users have not dealt with a virus at least once.
To make matters worse, virus writers keep perfecting their software. Some malicious programs are very hard to remove from the computer, because they use various methods to mask their presence in the system (including via rootkits) and to avoid detection and removal by antivirus programs.
What can be done if a computer is infected? Will an existing antivirus product cope with the problem or will it be necessary to install a competitor’s product?
In this test we analyzed the ability of popular antivirus programs to treat active malware -- when a malicious program has been executed and installed on a computer and may be using various methods to prevent detection and removal by antivirus solutions.
Antivirus products from 15 vendors were tested, including Avast!, AVG, AVZ, Avira, BitDefender, Eset, F-Secure, McAfee, Panda Software, Sophos, Symantec, Trend Micro, VirusBlokAda, Dr. Web, and Kaspersky Lab.
Testing was conducted using the following malicious programs (the names are shown according to the classification used by Kaspersky Lab) selected in accordance with the criteria described above:
- Adware.Win32.Look2me
- Adware.Win32.NewDotNet
- Backdoor.Win32.Haxdoor
- Trojan-Proxy.Win32.Xorpix
- Email-Worm.Win32.Scano
- Email-Worm.Win32.Bagle
- Trojan-PSW.Win32.LdPinch
- Worm.Win32.Feebs
- Trojan-Clicker.Win32.Costrat
- Trojan-Spy.Win32.Goldun
Testing of the ability of antivirus products to treat active malware was conducted strictly in accordance with the methodology described above.
Test Results and Awards
Table 1: Results of active malware treatment by different antivirus products
| Antivirus \ Malware | Adware.Win32. Look2me | Adware. Win32.New DotNet | Backdoor. Win32.Haxdoor | Trojan-Proxy. Win32.Xorpix | Email-Worm. Win32.Scano |
| Avast! Professional Edition 4.7 | + | - | - | - | - |
| AVG Anti-Virus PE 7.5 | - | - | - | - | - |
| Avira AntiVir СE 7.0 | - | - | - | - | - |
| AVZ 4.21 * | - | - | + | - | - |
| BitDefender Antivirus 10 | - | + | + | - | - |
| Dr.Web Anti-Virus 4.33 | - | - | + | - | - |
| Eset NOD32 Antivirus 2.7 | - | - | + | - | - |
| F-Secure Anti-Virus 2007 | - | - | - | - | - |
| Kaspersky Anti-Virus 6.0 | + | + | + | + | + |
| McAfee VirusScan 2007 | - | + | - | - | - |
| Panda Antivirus 2007 | + | - | + | - | - |
| Sophos Anti-Virus 6.0 | - | + | - | - | - |
| Norton AntiVirus 2007 | + | + | - | + | - |
| Trend Micro PC-Cillin 2007 | - | + | - | - | - |
| VBA32 Antivirus 3.11 | - | - | - | - | - |
Table 2: Results of active infection treatment by different antivirus products (continued)
| Antivirus \ Malware | Email-Worm. Win32.Bagle | Trojan-PSW. Win32.LdPinch | Worm.Win32. Feebs | Trojan-Clicker. Win32.Costrat | Trojan-Spy. Win32.Goldun |
| Avast! Professional Edition 4.7 | + | + | - | - | + |
| AVG Anti-Virus PE 7.5 | + | + | - | - | + |
| Avira AntiVir СE 7.0 | + | + | + | - | - |
| AVZ 4.21 * | + | + | - | + | - |
| BitDefender Antivirus 10 | + | + | + | - | - |
| Dr.Web Anti-Virus 4.33 | + | + | - | - | - |
| Eset NOD32 Antivirus 2.7 | + | + | + | - | + |
| F-Secure Anti-Virus 2007 | + | + | + | - | - |
| Kaspersky Anti-Virus 6.0 | + | + | - | - | - |
| McAfee VirusScan 2007 | + | + | + | - | - |
| Panda Antivirus 2007 | + | + | - | - | - |
| Sophos Anti-Virus 6.0 | + | + | + | - | + |
| Norton AntiVirus 2007 | + | + | + | + | + |
| Trend Micro PC-Cillin 2007 | + | + | - | - | - |
| VBA32 Antivirus 3.11 | + | + | + | - | - |
+ The antivirus solution successfully removed the active infection, and the system was restored (or was not damaged).
- The antivirus solution failed to remove the active infection or the system’s integrity was seriously damaged.
Table 3: Test Summary
| Award |
Products |
| 1st place | Norton AntiVirus 2007 (80%) |
| 2nd place |
Kaspersky Anti-Virus 6.0 (70%) |
| 3rd place |
BitDefender Antivirus 10 (50%) Eset NOD32 Antivirus 2.7 (50%) Sophos Anti-Virus 6.0 (50%) |
| Other results | Avast! Professional Edition 4.7 (40%) AVZ 4.21 (40%) McAfee VirusScan 2007 (40%) Panda Antivirus 2007 (40%) AVG Anti-Virus PE 7.5 (30%) Avira AntiVir СE 7.0 (30%) Dr.Web Anti-Virus 4.33 (30%) F-Secure Anti-Virus 2007 (30%) Trend Micro PC-Cillin 2007 (30%) VBA32 Antivirus 3.11 (30%) |
| * AVZ is a system analysis utility, which includes malicious program detection and removal functionality. However, it is not a fully functional antivirus solution. In the test, it was used as an antivirus scanner. | |
Only two of the 15 products tested demonstrated acceptable results in the treatment of active malware: Norton AntiVirus 2007 and Kaspersky Anti-Virus 6.0.
An additional three antivirus products, namely, Eset NOD32 Antivirus, Sophos Anti-Virus and BitDefender Antivirus, demonstrated mediocre results. The remaining antivirus solutions performed poorly. These products can by no means be relied upon to effectively combat today’s virus threats.
For detailed test results, including the information on the disinfection of specific viruses, and to verify the calculations used to determine the test results, please download the complete results below in Microsoft Excel format.
- Login to post comments
