Antivirus product self-protection test by Anti-Malware Test Lab

Discussion in 'other anti-virus software' started by IlyaOS, Sep 20, 2007.

Thread Status:
Not open for further replies.
  1. IlyaOS

    IlyaOS Registered Member

    Joined:
    Nov 13, 2005
    Posts:
    29
    Anti-Malware Test Lab tasted fifteen of the most popular antivirus programs, including:

    1. Avast! Professional Edition 4. 7
    2. Avira Premium Security Suite 7.0
    3. BitDefender Internet Security 10
    4. DrWeb 4.44
    5. ESET Smart Security 3.0
    6. F-Secure Internet Security 2007
    7. Kaspersky Internet Security 7.0
    8. McAfee Internet Security 2007
    9. Microsoft Windows Live OneCare 1.6
    10. Panda Internet Security 2007
    11. Sophos Anti-Virus 6.0
    12. Symantec Internet Security 2007
    13. Trend Micro PC-Cillin 2007
    14. VBA32 Antivirus 3.11
    15. ZoneAlarm Internet Security 7.0

    The antivirus product self-protection test was conducted on products running under Microsoft Windows XP with Service Pack 2 for the following groups of attacks:

    1. Modification of file and registry key access permissions
    2. Modification / removal of modules
    3. Deletion of antivirus databases
    4. Modification / deletion of important registry keys
    5. Process termination
    6. Modification of processes / code
    7. Driver unloading.

    Antivirus product self-protection testing methodology

    Analysis of self-protection test results and awards

    Table 1. Final results of antivirus product self-protection testing and the awards received

    Gold Self-Protection Award
    http://www.anti-malware.ru/images/selfprotection/self-protection_gold_sm.gif
    Kaspersky Internet Security 7.0 - - 97%

    Silver Self-Protection Award
    http://www.anti-malware.ru/images/selfprotection/self-protection_silver_sm.gif
    VBA32 Antivirus 3.11 - 71%
    Symantec Internet Security 2007 - 71%
    F-Secure Internet Security 2007 - 61%

    Bronze Self-Protection Award
    http://www.anti-malware.ru/images/selfprotection/self-protection_bronze_sm.gif
    ZoneAlarm Internet Security 7.0 - 58%
    Panda Internet Security 2007 - 48%
    McAfee Internet Security 2007 - 47%
    ESET Smart Security 3.0 - 44%
    Trend Micro PC-Cillin 2007 - 42%

    Failed testing
    Avast! Professional Edition 4. 7 - 33%
    Avira Premium Security Suite 7.0 - 33%
    Sophos Anti-Virus 6.0 - 33%
    DrWeb 4.44 - 32%
    Microsoft Windows Live OneCare 1.6 - 32%
    BitDefender Internet Security 10 - 30%


    Detailed results of the test are available here in HTML or in PDF
    http://www.anti-malware-test.com/?q=node/23
     
  2. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Thanx
    But I believe this is allready an old test
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Hi!
    alredy posted here...

    https://www.wilderssecurity.com/showthread.php?t=185862&page=2

    Its not an old test...

    And my 2 cents were:

    "..... However, I personally disagree on the the ranking....
    I couldn't care less that the junk mail filter in ZASS 7 can be disabled by malware, its not part of the ZASS main defence mechanisms.

    If secondary modules like spam, parental control, etc... need to be included in the termination test, I would expected a weighting system that would give less relevance to these elements while firewall, antivirus and antispyware protection should have higher weighting.

    The above should reflect the extent of damage that real malware could cause on a system. Disabling spam module has no effect on the protection and integrity of my system if firewall, antivirus and main 'security' related functions remains intact.

    Without this weird point system ZASS (and may be other suites?) would have a completely different scoring...."


    EDIT: issue already been discussed in the other thread....

    Cheers,
    Fax
     
    Last edited: Sep 20, 2007
  4. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    well 9 days ago. Sorry that I called this old;)
     
  5. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Unfortunately their version information is incomplete, they might have tested outdated versions (i.E. stating AntiVir Version 7.0 was tested is not detailed enough, since process self protection was introduced in version 7.06.00.xx on 5th September).
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    LOL... OK :)

    I don't think this test has been discussed here at all... please correct me if I am wrong.

    Cheers,
    Fax
     
  7. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    It has been discussed on one of the AV forums I visit. But must admit I don't recall which.

    Guess I'm getting old
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    LoL... you are visiting too many forums :p

    Fax
     
  9. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Am affraid so.
    Part of the job ;) I guess
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Yep.. I know... I was just joking... :)

    Cheers,
    Fax
     
  11. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    That thread you link to ia about CLEANING INFECTED MACHINES TEST. The thread has nothing to do with the subject of this thread which is about self protection. So, this has NOT been discussed earlier and the discussion should continue here.

    I agree that they should have given dates because Avira just recently started protecting itself. The protection is buggy though. I could still easily kill all Avira processes from Task Manager or Process Explorer except for avguard.exe which is the real time monitor. That one from Process Explorer, I could Stop the process. It didn't actually kill it but if I can stop it isn't that enough if I was a baddie?
     
  12. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    This indicates that this test was completed prior to the recent release of the "Self-Protected" versions of AntiVir
    from AVIRA on Wednesday, September 5th, 2007.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Yes, indeed but my question was already answered by the OP in that thread... so no use for me to keep the same text here... :)

    Cheers,
    Fax
     
  14. Arup

    Arup Guest


    Correct, with rootkit protection on in AntiVir, it can't be terminated now.
     
  15. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    ESET Smart Security 3.0 - 44% ??
    oh my god
     
  16. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Did you expect anymore at this beta stage?
     
  17. wdh2313

    wdh2313 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    18
    The test is meaningless with out deteail verison of each av. All or almost all are old verisons of av. So i wouldn't take into account how good your av did or didn't do.
     
  18. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    ESET Smart Security 3.0 - 44% ??
    oh my god

    i will wait untile eset smart security be trail
    im sure beta not good
     
  19. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    good job kaspersky internet security 7.0.0.125
     
  20. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Kinda strange that AVG wasn't tested.
    Dr.Web,Avast,Avira,and BitDefender failing is a surprise.
    Vba32 and Symantec achieving Silver rating was a bit of a surprise also.Good for them!
     
  21. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Almost all of them can be killed by AV Killer. Someone in GRC NG's said he just posted this information to the KAV forum and a mod immediately deleted the thread and he was told by Kaspersky that yes, KAV could be killed by AV Killer, but why worry or upset any user as Kaspersky is aware of the problem. I assume my AV, Avira, can also be killed.

    http://www.websense.com/securitylabs/blog/blog.php?BlogID=148
     
  22. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    All BitDefender 2008 versions have now self protection so you can't easily shutdown the protection anymore. In the past when you selected exit you could kill the BitDefender related processes but that isn't possible anymore. But If I am not wrong every antivirus can be disabled. I agree that it was too easy on the older BitDefender versions.
     
  23. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i aint surprised drweb failed this one,

    i think drweb are putting too much into V5,

    i think they should spread it out a bit more, i expected the http monitor at least for 4.44, but thats just me
     
  24. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I wish v5 would hurry up and get here so that you'd stop making excuses for the current version(s). ;) One can only hope that v5 delivers in all aspects, but judging by past discussions I don't think too many people will be holding their breath.
     
  25. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i think you missed the fact i said "i aint surprised drweb failed this one"

    its not always praise, so what are the excuses?
     
Loading...
Thread Status:
Not open for further replies.