Antivirus Self-Protection Test under Windows 7 x64 (January 2011)

Table of Contents:

- Introduction
- Self-Protection Test Results
- Comparison Results under Windows 7 x64 and x86

Introduction

It's not a rare case when malicious programs have functionality aimed at overriding or disrupting operation of the antivirus protection. Thus contemporary antivirus products should be able to resist such attempts (self-protection functionality). This helps them to resist even the most complicated attacks, such as when malicious programs use a variety of methods to disable protection, and remove the infection using standard tools.

In this test we examine the self-protection capabilities of complex Internet Security antivirus products against possible malware attacks. This was the first time we tested the software under Windows 7 x64.

In addition, taking into account the test results of September 2010, we analyzed differences in self-protection performance of antivirus products under Windows 7 x86 and x64.

Methodology for Antivirus Self-Protection Test »
Awards Guide of Antivirus Self-Protection Test »

We tested 20 most popular Internet Security antivirus products in their most recent versions issued by the date of the test (November 24, 2010) for Windows 7 x64. The list included:

1. Avast Internet Security 5.0.477
2. AVG Internet Security 2011 (build 1170)
3. Avira AntiVir Premium Security Suite 10.0.0.565
4. BitDefender Internet Security 2011 (Build: 14.0.23.312)
5. Comodo Internet Security 5.0.32580.1142
6. Dr.Web Security Space 6.0 (12.0.0.58851)
7. Emsisoft Anti-Malware 5.0.0.0
8. Eset Smart Security 4.2.67.10
9. F-Secure Internet Security 2011 (1.30.4220.0)
10. G DATA Internet Security 2011 (21.1.0.5)
11. Kaspersky Internet Security 2011 (11.0.2.556)
12. McAfee Internet Security 2011 
13. Microsoft Security Essentials 1.0.2498.0
14. Norton Internet Security 2011 (18.1.0.37)
15. Outpost Security Suite Pro 2010 (7.0)(3409.520.1244.401)
16. Panda Internet Security 2011(16.00.00)
17. PC Tools Internet Security 2011 (8.1.0.0.50)
18. Trend Micro Titanium Internet Security 2011 (3.0.0.1303)
19. VBA32 Personal 3.12.14.1
20. ZoneAlarm Security Suite 2010 (9.3.37.0)

In the test described below we for the first time analyzed the self-protection capabilities of antivirus solutions that run under Windows 7 x64. Self-protection from the following types of attacks was analyzed:

1. Modification of file and registry key access permissions.
2. Modification / removal of modules.
3. Deletion of antivirus databases.
4. Modification / deletion of important registry keys.
5. Process termination.
6. Modification of processes / code.
7. Driver unloading.

Each of the 33 parameters assessed in the self-protection performance test was analyzed completely in line with the described testing methodology.

Self-Protecion Test Results

In the test we assessed the antivirus self-protection capabilities in 33 test cases (for more information on each test case, please refer to the detailed test results in Excel format).

Let us have a quick look at the awards systemwe use:

1 point (+) is awarded if the self-protection system successfully blocked one attack from the list.

0.5 point (or +/-) is awarded if the product does not include complete self-protection from a specific type of attack, but retains (or automatically restores) the main functionality.

And finally, if the the product lacks self-protection from a specific type of attack and its main functionality was disabled, it was not awarded any points at all. Thus the maximum possible number of points in the test is 33.

Table 1 represents number of points gained by each product according to the number of blocked and successful attacks its self-protection system dealt with.

Table 1: Number of blocked attacks and successful attacks. Total points for products running under Windows 7 x64

Image 1: Antivirus Self-Protection  Test Results under Windows 7 x64

According to the test results most antivirus products successfully passed the test. Almost 50%, or 9 out of  20 products tested fot over the threshold of 80%.

Much poorer self-protection capabilities under Windows 7 has shown the following products: Eset Smart Security, PC Tools Internet Security, Emsisoft Anti-Malware, VBA32 Personal and Microsoft Security Essentials.

Table 2: Overall Antivirus Self-Protection  Test Results and Awards

Tested product	Award	Total score (maximum 33)	Percentage (compared to maximum)
Kaspersky Internet Security 2011	Platinum Self-Protection Award	33	100%
ZoneAlarm Internet Security Suite 2011	Gold Self-Protection Award	32	97%
DrWeb Security Space 6.0		31	94%
Comodo Internet Security 5.0		30,5	92%
Outpost Security Suite Pro 2010		30,5	92%
Norton Internet Security 2011		30	91%
BitDefender Internet Security 2011		29,5	89%
Trend Micro Titanium Internet Security 2011		28,5	86%
Avast! Internet Security 5		27,5	83%
AVG Internet Security 2011	Silver Self-Protection Award	25,5	77%
G DATA Internet Security 2011		24	73%
Avira Premium Security Suite 10.0		22	67%
McAfee Internet Security 2011		21,5	65%
Panda Internet Security 2011		21,5	65%
F-Secure Internet Security 2011		21	64%
Eset Smart Security 4.2	Bronze Self-Protection Award	19,5	59%
PC Tools Internet Security 2011		19,5	59%
Emsisoft Anti-Malware 5.0		17	52%
VBA32 Personal 3.12		15	45%
Microsoft Security Essentials 1.0	Failed	10	30%

Table 2 clearly shows that under Windows 7 x64 it is Kaspersky Internet Security 2011 which has shown the 100% antivirus self-protection performance. In the previous test under other platforms the product as well demonstrated highly effective self-protection. This product is the only one to get the highest Platinum Self-Protection Award.

From 97% to 83% of ideal performance demonstrated ZoneAlarm Internet Security Suite 2010, Dr.Web Security Space 6.0, Comodo Internet Security 5.0 , Outpost Security Suite Pro 2010, Norton Internet Security 2011, BitDefender Internet Security 2011, Trend Micro Titanium Internet Security 2011 and Avast! Internet Security 5. This octet of antivirus products got the Gold Self-Protection Award.

Notable progress is seen in self-protection capabilities of ZoneAlarm Internet Security Suite 2010 and Trend Micro Titanium Internet Security 2011, which have better protection under the x64 platform.

Considerably good results have G DATA Internet Security 2011, Avira Premium Security Suite 10, McAfee Internet Security 2011, Panda Internet Security 2011, F-Secure Internet Security 2011, all awarded with Silver Self-Protection Award.

Other anti-malware products, except for only Microsoft Security Essentials 1.0 (which is a pity!) were awarded with Bronze Self-Protection Award forsatisfactory level of their results.

Comparison Results under Windows 7 x64 and x86

Nevertheless we had to develop a new test toolkit for the x64 platform, most of test cases remained the same. Therefore we were excited to compare self-protection capabilities of the products under different versions of Windows 7.

To compare the differences in self-protection of the tested products under Windows 7 x64 and x86 we complemented the current test results with the test results as of September 2010 for the Windows 7 x86.

It is important to remember that in September we tested older versions of the products. Thus direct comparison of the results would not be fair.

Table 2: Antivirus Self-Protection Performance Levels under Windows 7 x64 and x86

The Table 2 illustrates that almost all leaders showed good self-protection performance both under Windows 7 x86 and under Windows 7 х64. However this time we tested newer versions of the antivirus products, most of them had some more points off.

Only Avira Premium Security Suite 10 and Panda Internet Security 2011 have shown poorer antivirus self-protection performance under Windows 7 x64.

Many products, especially listed in the second part of the Table 2, demonstrated better self-protection capabilities under Windows 7 x64, which we tend to interpret as the result of more recent and updated versions of the products tested under the platform. The best progress was shown by ZoneAlarm, Trend Micro, AVG and F-Secure.

Download detailed results in Excel for each product to have a complete view of the test and make sure the total scores were calculated correctly.

Ilya Shabanov, Managing Partner at Anti-Malware.ru:

“Launching the test – the first of this kind under Windows 7 x64 – I was rather pessimistic about its outcome. That is why I am truly surprised and excited to say there are 1 platinum and 8 gold awards! Apparently software vendors are aware of the growing popularity of 64-bite platforms and accept no compromise between their products time of development (or porting to the platform) and the level of end user security. There are certain drawbacks, however overall performance of the products under the x64 platform can be called very good.

This test required serious preparatory work, which made us change the schedule several times and remake all the test toolkit to use it with the 64-bite platform. However the result and its quality are worth the effort. The future belongs to 64-bite platforms and we are sure we will make such tests from time to time.”

Vyacheslav Kopeitsev, Test Engineer at Anti-Malware.ru:

“The test results we have got are much better that those we expected to get. This means anti-malware vendors take notice of the growing popularity of Windows 7 x64. However most vendors still are quite reckless when it comes to process protection for GUI processes. It is important to understand that users tend to interpret lack of visible operation activity as no protective activity at all, while it is not always the same thing. Trying to make a prediction for the future self-protection test results under Windows 7 x64, I would say the results will only get better.”