Anti-Malware Test Lab tasted fifteen of the most popular antivirus programs, including:

1. Avast! Professional Edition 4. 7
2. Avira Premium Security Suite 7.0
3. BitDefender Internet Security 10
4. DrWeb 4.44
5. ESET Smart Security 3.0
6. F-Secure Internet Security 2007
7. Kaspersky Internet Security 7.0
8. McAfee Internet Security 2007
9. Microsoft Windows Live OneCare 1.6
10. Panda Internet Security 2007
11. Sophos Anti-Virus 6.0
12. Symantec Internet Security 2007
13. Trend Micro PC-Cillin 2007
14. VBA32 Antivirus 3.11
15. ZoneAlarm Internet Security 7.0

The antivirus product self-protection test was conducted on products running under Microsoft Windows XP with Service Pack 2 for the following groups of attacks:

1. Modification of file and registry key access permissions
2. Modification / removal of modules
3. Deletion of antivirus databases
4. Modification / deletion of important registry keys
5. Process termination
6. Modification of processes / code
7. Driver unloading.

Antivirus product self-protection testing methodology (http://www.anti-malware-test.com/?q=node/24)

Analysis of self-protection test results and awards (http://www.anti-malware-test.com/?q=node/25)

Table 1. Final results of antivirus product self-protection testing and the awards received

Gold Self-Protection Award
http://www.anti-malware.ru/images/selfprotection/self-protection_gold_sm.gif
Kaspersky Internet Security 7.0 - - 97%

Silver Self-Protection Award
http://www.anti-malware.ru/images/selfprotection/self-protection_silver_sm.gif
VBA32 Antivirus 3.11 - 71%
Symantec Internet Security 2007 - 71%
F-Secure Internet Security 2007 - 61%

Bronze Self-Protection Award
http://www.anti-malware.ru/images/selfprotection/self-protection_bronze_sm.gif
ZoneAlarm Internet Security 7.0 - 58%
Panda Internet Security 2007 - 48%
McAfee Internet Security 2007 - 47%
ESET Smart Security 3.0 - 44%
Trend Micro PC-Cillin 2007 - 42%

Failed testing
Avast! Professional Edition 4. 7 - 33%
Avira Premium Security Suite 7.0 - 33%
Sophos Anti-Virus 6.0 - 33%
DrWeb 4.44 - 32%
Microsoft Windows Live OneCare 1.6 - 32%
BitDefender Internet Security 10 - 30%


Detailed results of the test are available here in HTML or in PDF
http://www.anti-malware-test.com/?q=node/23

Thanx
But I believe this is allready an old test

Hi!
alredy posted here...

http://www.wilderssecurity.com/showthread.php?t=185862&page=2

Its not an old test...

And my 2 cents were:

"..... However, I personally disagree on the the ranking....
I couldn't care less that the junk mail filter in ZASS 7 can be disabled by malware, its not part of the ZASS main defence mechanisms.

If secondary modules like spam, parental control, etc... need to be included in the termination test, I would expected a weighting system that would give less relevance to these elements while firewall, antivirus and antispyware protection should have higher weighting.

The above should reflect the extent of damage that real malware could cause on a system. Disabling spam module has no effect on the protection and integrity of my system if firewall, antivirus and main 'security' related functions remains intact.

Without this weird point system ZASS (and may be other suites?) would have a completely different scoring...."

EDIT: issue already been discussed in the other thread....

Cheers,
Fax

well 9 days ago. Sorry that I called this old;)

Unfortunately their version information is incomplete, they might have tested outdated versions (i.E. stating AntiVir Version 7.0 was tested is not detailed enough, since process self protection was introduced in version 7.06.00.xx on 5th September).

{QUOTE-> well 9 days ago. Sorry that I called this old;) <-QUOTE}

LOL... OK :)

I don't think this test has been discussed here at all... please correct me if I am wrong.

Cheers,
Fax

It has been discussed on one of the AV forums I visit. But must admit I don't recall which.

Guess I'm getting old

{QUOTE-> Guess I'm getting old <-QUOTE}

LoL... you are visiting too many forums :P

Fax

Am affraid so.
Part of the job ;) I guess

{QUOTE-> Am affraid so.
Part of the job ;) I guess <-QUOTE}

Yep.. I know... I was just joking... :)

Cheers,
Fax

{QUOTE-> Hi!
alredy posted here...

http://www.wilderssecurity.com/showthread.php?t=185862&page=2

Its not an old test...

And my 2 cents were:

"..... However, I personally disagree on the the ranking....
I couldn't care less that the junk mail filter in ZASS 7 can be disabled by malware, its not part of the ZASS main defence mechanisms.

If secondary modules like spam, parental control, etc... need to be included in the termination test, I would expected a weighting system that would give less relevance to these elements while firewall, antivirus and antispyware protection should have higher weighting.

The above should reflect the extent of damage that real malware could cause on a system. Disabling spam module has no effect on the protection and integrity of my system if firewall, antivirus and main 'security' related functions remains intact.

Without this weird point system ZASS (and may be other suites?) would have a completely different scoring...."

EDIT: issue already been discussed in the other thread....

Cheers,
Fax <-QUOTE}

That thread you link to ia about CLEANING INFECTED MACHINES TEST. The thread has nothing to do with the subject of this thread which is about self protection. So, this has NOT been discussed earlier and the discussion should continue here.

I agree that they should have given dates because Avira just recently started protecting itself. The protection is buggy though. I could still easily kill all Avira processes from Task Manager or Process Explorer except for avguard.exe which is the real time monitor. That one from Process Explorer, I could Stop the process. It didn't actually kill it but if I can stop it isn't that enough if I was a baddie?

{QUOTE->
Wed, 08/15/2007 - 11:45 — Sergey Ilyin
Self-protection test completed
We have already completed the self-protection test of 15 antivirus solutions.

The results will be published in the end of August.

Antivirus self-protection test has been complited! (http://www.anti-malware-test.com/?q=node/17#comment-8)

I published the results of the antivirus product self-protection test. <-QUOTE}This indicates that this test was completed prior to the recent release of the "Self-Protected" versions of AntiVir
from AVIRA on Wednesday, September 5th, 2007.

{QUOTE-> That thread you link to ia about CLEANING INFECTED MACHINES TEST. The thread has nothing to do with the subject of this thread which is about self protection. So, this has NOT been discussed earlier and the discussion should continue here. <-QUOTE}

Yes, indeed but my question was already answered by the OP in that thread... so no use for me to keep the same text here... :)

Cheers,
Fax

{QUOTE-> This indicates that this test was completed prior to the recent release of the "Self-Protected" versions of AntiVir
from AVIRA on Wednesday, September 5th, 2007. <-QUOTE}


Correct, with rootkit protection on in AntiVir, it can't be terminated now.

ESET Smart Security 3.0 - 44% ??
oh my god

Did you expect anymore at this beta stage?

The test is meaningless with out deteail verison of each av. All or almost all are old verisons of av. So i wouldn't take into account how good your av did or didn't do.

ESET Smart Security 3.0 - 44% ??
oh my god

i will wait untile eset smart security be trail
im sure beta not good

good job kaspersky internet security 7.0.0.125

Kinda strange that AVG wasn't tested.
Dr.Web,Avast,Avira,and BitDefender failing is a surprise.
Vba32 and Symantec achieving Silver rating was a bit of a surprise also.Good for them!

Almost all of them can be killed by AV Killer. Someone in GRC NG's said he just posted this information to the KAV forum and a mod immediately deleted the thread and he was told by Kaspersky that yes, KAV could be killed by AV Killer, but why worry or upset any user as Kaspersky is aware of the problem. I assume my AV, Avira, can also be killed.

http://www.websense.com/securitylabs/blog/blog.php?BlogID=148

All BitDefender 2008 versions have now self protection so you can't easily shutdown the protection anymore. In the past when you selected exit you could kill the BitDefender related processes but that isn't possible anymore. But If I am not wrong every antivirus can be disabled. I agree that it was too easy on the older BitDefender versions.

i aint surprised drweb failed this one,

i think drweb are putting too much into V5,

i think they should spread it out a bit more, i expected the http monitor at least for 4.44, but thats just me

{QUOTE-> i aint surprised drweb failed this one,

i think drweb are putting too much into V5 <-QUOTE}
I wish v5 would hurry up and get here so that you'd stop making excuses for the current version(s). ;) One can only hope that v5 delivers in all aspects, but judging by past discussions (http://www.wilderssecurity.com/showthread.php?t=186045) I don't think too many people will be holding their breath.

{QUOTE-> I wish v5 would hurry up and get here so that you'd stop making excuses for the current version(s). ;) One can only hope that v5 delivers in all aspects, but judging by past discussions (http://www.wilderssecurity.com/showthread.php?t=186045) I don't think too many people will be holding their breath. <-QUOTE}
i think you missed the fact i said "i aint surprised drweb failed this one"

its not always praise, so what are the excuses?

{QUOTE-> i think you missed the fact i said "i aint surprised drweb failed this one"

its not always praise, so what are the excuses? <-QUOTE}
I didn't miss anything at all; in fact I quoted your quoted text above. ;) If you cannot see how you're making excuses then I am not about to go off topic in this thread and point out the obvious. I'm surprised nobody has cried viral marketing yet.

{QUOTE-> I didn't miss anything at all; in fact I quoted your quoted text above. ;) If you cannot see how you're making excuses then I am not about to go off topic in this thread and point out the obvious. I'm surprised nobody has cried viral marketing yet. <-QUOTE}
im not making excuses, its poor and i did expect drweb to fail this test.

i just think drweb are putting too much into V5 ,instead of spreading out the features.

unified control centre
http scanner
HIPS
self protection
etc etc

i just think, they could have put more into 4.44 maybe.

its not making excuses, i think drweb performed poorly in this test, just stating the obvious.

~Personal comments removed.~

:D

lol

tooda-loo

{QUOTE-> Almost all of them can be killed by AV Killer. Someone in GRC NG's said he just posted this information to the KAV forum and a mod immediately deleted the thread and he was told by Kaspersky that yes, KAV could be killed by AV Killer, but why worry or upset any user as Kaspersky is aware of the problem. I assume my AV, Avira, can also be killed.

http://www.websense.com/securitylabs/blog/blog.php?BlogID=148 <-QUOTE}

FYI

http://forum.kaspersky.com/index.php?showtopic=49397

there will always be something available to get past an antivirus, or to shut it down completely, what really matters is the response and actions from the antivirus company itself.