Test of the Antivirus Software For antivirus solutions, the test was divided up into two typical infection scenarios.



Similar documents
Endurance Test: Does antivirus software slow

26 Protection Programs Undergo Our First Test Using Windows 8

10 Security Packages for Mac OS X: No less than 5 products achieved a perfect score of 100 percent in detection (AV-TEST April 2015).

Security Suites for Mac OS X: For on-demand detection, only four products achieved the 100-percent mark (AV-TEST August 2014).

Anti-Virus Comparative

Banker Malware Protection Test Report

Detection of Linux malware

AV-TEST Examines 22 Antivirus Apps for Android Smartphones and Tablets

Real World and Vulnerability Protection, Performance and Remediation Report

Anti-Virus Comparative

In addition, all versions were examined in terms of whether the PE files are signed with a valid certificate.

Director Test Research: David Walkiewicz

KASPERSKY LAB PROVIDES BEST IN THE INDUSTRY PROTECTION*

Windows 8 Malware Protection Test Report

AV-Comparatives. Support-Test (UK) Test of English-Language Telephone Support Services for Windows Consumer Security Software 2016

KASPERSKY LAB PROVIDES BEST IN THE INDUSTRY PROTECTION*

MRG Effitas 360 Assessment & Certification Programme Q4 2014

Performance test November 2014 / 1 INTRODUCTION... 1 TESTED PROGRAM VERSIONS..2 WHAT AND HOW WE TESTED. 3 OTHER PRINCIPLES...

Anti-Virus Comparative

PCSL. PCSL IT Consulting Institute 机 安 全 软 件 病 毒 检 测 率 测 试

Anti-Virus Comparative

Anti-Virus Comparative - Proactive/retrospective test May 2009

AV-Comparatives. Mobile Security Test. Language: English. February 2015 Last revision: 30 th March

Anti-Virus Comparative

Anti-Virus Comparative

Anti-Virus Comparative

IT Security Survey 2016

IT Security Survey 2015

Security Industry Market Share Analysis

Security Industry Market Share Analysis

Anti-Virus Comparative

Willem Wiechers 3 rd March 2015

Proactive Rootkit Protection Comparison Test

Anti-Virus Comparative

Windows Updates vs. Web Threats

IT Security Survey 2012

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

Anti-Virus Comparative

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

Supported Anti Virus from ESAP 2-6-1

Online Payments Threats

Anti-Virus Protection and Performance

MRG Effitas Online Banking / Browser Security Assessment Project Q Results

Emsi Software a-squared Anti-Malware 4.5

Zscaler Cloud Web Gateway Test

Mobile Security Apps. Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de

Anti Phishing Test July 2013

Anti-Virus Comparative No.22

Global Antivirus Software Package Market

Virtual Desktops Security Test Report

PCSL. PCSL IT Consulting Institute 手 机 安 全 软 件 病 毒 检 测 率 测 试. Malware Detection Test. Celebrating Technology Innovation

Fully supported Antivirus software (Managed Antivirus)

26.6% 20.2% 28% 70% 67% Market Share Analysis of Antivirus & Operating Systems. Contents. Report Highlights. Introduction.

ESAP Release Notes. Version Published

Anti Virus Comparative Performance Test (Suite Products) May 2012

Avira Rescue System. HowTo

How To Test For Performance On A 64 Bit Computer (64 Bit)

IT Security Survey 2014

Tracking Anti-Malware Protection 2015

Virtual Environment Protection Test Report

How to Determine the Performance of a Computer System

Topic 2: Computer Management File Management Folders A folder is a named storage location where related files can be stored. A folder also known as

Best Practice Configurations for OfficeScan (OSCE) 10.6

Anti-Virus Comparative

Home Anti-Virus Protection

ESAP Release Notes. SDK Version: Mac and Windows (V2 Unified + V3).

ESAP Release Notes

Anti-Virus Comparative - Performance Test (AV Products) May 2014

Anti Virus Comparative Summary Report 2011 December 2011

Home Anti-Virus Protection

Avira Rescue System Release Information

Global Endpoint Security Products Market: Protecting the Last Line of Defense from Emerging Threats. N July 2011

Anti Virus Comparative Performance Test (AV Products) November 2011

Firewall Test. Firewall protection in public networks. Commissioned by CHIP. Language: English. Last Revision: 11 th April 2014

Home Anti-Virus Protection

DETERMINATION OF THE PERFORMANCE

KASPERSKY ENDPOINT SECURITY FOR BUSINESS: TECHNOLOGY IN ACTION

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Anti-Virus Comparative

McAfee. Anti-Malware Detection Rates Comparative Testing. September McAfee Anti-Malware Detection Rates Comparative Testing

Active Threat Control

Henry Ford Health System Remote Access Support Details

Document: 2015 Consumer Security Products Performance Benchmarks (Edition 3) Authors: M. Baquiran, D. Wren Company: PassMark Software Date: 30 March

Malware Detection and Removal: An examination of personal anti-virus software

Security Consultant Scenario INFO Term Project. Brad S. Brady. Drexel University

B-HAVE the road to success

Maintaining, Updating, and Protecting Windows 7

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Document: 2015 Consumer Security Products Performance Benchmarks (Edition 2) Authors: M. Baquiran, D. Wren Company: PassMark Software Date: 28

Whole Product Dynamic Real-World Protection Test (February-June 2016)

Whole Product Dynamic Real-World Protection Test (March-June 2015)

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Android Malware Detection Test 手 机 安 全 软 件 病 毒 检 测 率 测 试 Dec. Celebrating Technology Innovation

What is a Virus? What is a Worm? What is a Trojan Horse? How do worms and other viruses spread? Viruses on the Network. Reducing your virus Risk.

Avira System Speedup. HowTo

Home Anti-Malware Protection. January - March 2016

Installation Instructions

CougarTrack Troubleshooting - Internet Explorer 8

DSD avast! Pro Antivirus 1-PC 1 jaar 33,99 41,13 DSD avast! Pro Antivirus 3-PC 1 jaar 42,99 52,02

Online Banking and Endpoint Security Report October 2012

Transcription:

29th July 2014 created by Markus Selinger 17 software packages in a repair performance test after malware attacks Can antivirus software packages or recovery/clean-up tools completely clean and repair a Windows system after a virus infection? Lab experts at AV-TEST resolved this question in an extremely comprehensive ten-month endurance test. The result: Yes, they can! It's a worst-case scenario many users have experienced: Malware defeats the security barriers of their system and becomes embedded there. Is it even possible, in the aftermath of such an attack, to restore the Windows system to its previous condition? It ought to work with the help of antivirus software or clean-up tools. But how effectively do these first responders do their job? The laboratory at AV-TEST has resolved this question in a major test in which 10 antivirus solutions and 7 special cleaning tools had to not only clean the infected systems but also completely repair them. The following security packages were examined in the test: - 3 popular freeware solutions: Avast! Free Antivirus 9.0, AVG AntiVirus Free 2014, Avira Free Antivirus; - Malwarebytes Anti-Malware Free, a solution recommended by many IT magazines; - Microsoft Security Essentials, included in Windows; - five additional well-known paid software solutions from Bitdefender, ESET, F-Secure, Kaspersky and Norton. In addition, the following clean-up and recovery tools were tested: - The tools Avira Cleaner and Hitman Pro recommended by the initiative and anti-botnet advisory center "Botfrei.de"; - Disinfect2013 from IT trade publisher Heise; - the four well-known tools F-Secure Removal Tool, Kaspersky Removal Tool, Panda Cloud Cleaner and Norton Power Eraser. The Test Procedure In this endurance test, the software solutions were tested multiple times over a period of 10 months, from September 2013 to June 2014 in terms of their clean-up and repair performance. Throughout the entire period, various malware families were repeatedly tested, as they also undergo constant evolution. The malware samples used were already known to all the solutions and thus should have been clearly detected by all of them. In the test tables, the clean-up and repair quality was recorded according to the following priority: 1. Was the malware detected or not? 2. Were the active components completely removed? 3. Did any harmless file remnants remain, and were all the changes to the system reversed? 4. Did the security and clean-up software perfectly remove and restore everything? As a result, the table also includes a percentage rating of the overall clean-up and repair performance. Test of the Antivirus Software For antivirus solutions, the test was divided up into two typical infection scenarios. 1. On a system already infected with malware, the protection software was installed and the subsequent detection, clean-up and repair of the damage was logged. 2. The protection packages were briefly deactivated, the malware was loaded, and protection was reactivated. Here the detection, clean-up and repair were logged again.

This two-part scenario was intended to simulate what happens if a user installs the software retroactively and if an installed security package only detects malware after a certain period of time and then attempts to remedy the damage. In each step, the system watchdogs had to deal with 30 malware samples. Test of the Recovery and Repair Tools The recovery tools are generally only deployed after a malware infection has occurred. Which was exactly the scenario examined in the test. Each of the 7 tools had to remove 55 intrusions of malware samples and their damage. These threats were known to the tools as well; after all, the object was to examine the repair performance and not the detection ability. The Test Platform and Environment This endurance test as with all others conducted by AV-TEST was performed exclusively on real hardware, this time under Windows 7, however. The rationale: some malware samples can detect whether they are in a virtual environment. In this case, there was a possibility that some of the malware code would not fully execute. With the use of real hardware, the scenario is as realistic as the user's everyday environment. The lab test was extremely comprehensive, as each platform had to be infected individually with a malware sample. Afterwards, the protection packages were installed or reactivated, and clean-up tools were launched respectively. Finally, the cleaned system always had to be compared to the original system. For a total of 60 and 55 malware samples respectively and 10 security packages, plus 7 tools, this added up to 985 individual tests over a period of 10 months. Evaluating Results For both test groups, security packages and recovery tools, the individual test results were entered into the table according to the following descending risk schema: 1. Malware not detected 2. Active malware component not removed 3. Only harmless file remnants left behind 4. Complete removal, clean system Result 1: Malware not detected The result in this category actually should have been 0 for all the test candidates, because it was established prior to the test that each malware sample was known to the solution. Among the security packages, known malware was not detected as such by Microsoft Security Essentials and Avira Free Antivirus. That actually should not have happened. The seven clean-up tools revealed no errors in basic detection. Result 2: Active malware components not removed In this case, the malware was detected and some files were removed, but the core of the malware was not rendered harmless. Thus, the system remains infected. Among the 10 security packages, the freeware solutions from Avira, Avast and AVG, as well as Microsoft's Security Essentials, had several problems. They failed to remove active components in the system between 1 and 7 times. The additional paid software products and the freeware Malwarebytes Anti-Malware Free cleaned error-free in this case. Among the 7 clean-up tools, more than half the participants also failed on this key task: Hitman Pro, Panda Cloud Cleaner, Avira Cleaner and the F-Secure Removal Tool were unable to remove 1 to 11 active components. Only the Kaspersky Removal Tool, the Norton Power Eraser and Disinfect2013 from Heise performed reliably in this category. Result 3: Harmless file remnants left behind This segment documented the harmless code remnants left behind in the aftermath of malware attack clean-up. These remnants mainly included additional ineffective files or orphaned entries in the Windows registry.

The security packages from Bitdefender, F-Secure, Kaspersky, Norton and ESET only left small file remnants and insignificant entries in the registry between 1 and 9 times. In terms of quality, this put them just slightly below the perfect score attained by Malwarebytes Anti-Malware Free. Among the clean-up tools, the Kaspersky Removal Tool only missed removal of a harmless file in one instance. It performed all other tasks with flying colors. Norton Power Eraser fell short of a perfect clean-up 11 times, and Disinfect2013 from Heise even missed it 48 times. All it left behind, however, was digital garbage without any dangerous components. Result 4: Complete removal, clean system Of all the security packages, only the Malwarebytes Anti-Malware Free utility left the system completely cleaned and repaired after 60 tests. The package from Bitdefender was able to do this 59 times, whereas the packages from F-Secure and Kaspersky were each successful 56 times. The two security solutions merely overlooked harmless registry entries. Otherwise they achieved an almost perfect performance. Among the clean-up tools, none of the tools was able to render the infected test systems completely clean. Only the Kaspersky Removal Tool achieved top performance. It would have left the system totally error-free except for one overlooked, yet harmless, file remnant. Summary: There is software for the morning after The test results disproved a statement frequently posted in forums, that all you can do is delete your Windows system if it becomes infected with malware. Among the security suites, the solutions from Malwarebytes, Bitdefender and Kaspersky demonstrated the best performance among all the packages tested. All in all, however, the rest of the field still showed quite solid performance, even though a few active components were left behind. Among the freeware clean-up tools, the Kaspersky Removal Tool is worth recommending. While the Norton tool, as well as Disinfect2013 from Heise, left behind quite a lot of data garbage, neither failed to detect a single active malware component. In final analysis: In case an existing security suite ever fails, there are reliable rescue options for having a Windows system cleaned and repaired. The best part of all: in case of emergency, most of the tools can even be used free of Charge.

Repair test: In two typical attack scenarios, the 10 antivirus solutions were tested in terms of their clean-up and repair performance (AV-TEST Endurance Test from 9/13 to 6/14). Overall result: Most antivirus solutions showed excellent performance in the repair test. Several of them did leave some digital garbage behind, but nothing dangerous (AV-TEST Endurance Test from 9/13 to 6/14).

Recovery and Repair Tools: The traditional first responders were also tested following two typical attack scenarios in terms of their clean-up and repair performance (AV-TEST Endurance Test from 9/13 to 6/14). Recovery and Repair Tools: Most of the first responders after a malware attack achieved a favorable result in test. They were also quite reliable in clean-up and repair (AV-TEST Endurance Test from 9/13 to 6/14).

Malwarebytes Anti-Malware Free: Among the antivirus solutions, this application achieved a perfect repair result. Coming in close behind in terms of performance were the packages from Bitdefender, Kaspersky, Norton, ESET and F-Secure.

F-Secure Internet Security 2014: This antivirus software also impressed the test engineers with its quality of repair in the major endurance test.

Kaspersky Removal Tool: This freeware first-responder tool rendered the system completely repaired in the test after 55 attacks. Only once did it overlook an unimportant file. Copyright 2016 by AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0) 391 60754-60, Fax +49 (0) 391 60754-69, www.av-test.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information