Nowadays, in the field of the antivirus industry different proactive technologies are worked on and tested, as well as the reaction speed and the detection quality are increased. At the same time, the frequency of appearance of new types and modifications of malware is also increasing very quickly. Unfortunately, no antivirus developper can give the user a 100% protection. Infection happen often enough, and there is no Internet user in the world whose computer has not at least once been infected.In this article we intend to inform you about the results of independent Antivirus software tests, prepared and organized by the participants of the project Anti-Malware.ru

Anti-Virus Testing on Active Infection Treatment

Virus-makers improve themselves permanently, and some of their creations turn out to be very complex to be deleted. They use different ways of masking their presence (root kits being one of them) and avoiding deletion by antivirus programs.

What can be done, then, if you have been unfortunate and you computer has become the victim of malicious code? Will the existent antivirus deal with it or should you ask for help another competitor's product?

Results of the ACTIVE INFECTION TREATMENT test (17/09/2007)

Dr.Web Anti-Virus 4.44 Beta (82%)	Gold  Malware Treatment Award
Kaspersky Anti-Virus 7.0 (71%)  Symantec Norton AntiVirus 2007 (71%)	Silver Malware Treatment Award
Panda Antivirus 2008 (59%) Avast! Professional Edition 4.7.1029 (53%) AVG Anti-Virus Professional Edition 7.5 (47%)	Bronze Malware Treatment Award
McAfee VirusScan 2007 (29%) Trend Micro Internet Security 2007 (29%) Avira AntiVir PE Premium 7.0 (24%) F-Secure Anti-Virus 2007 7.0 (18%) Eset NOD32 Antivirus 2.7 (18%) Sophos Anti-Virus 6.5 (18%) Dr.Web Anti-Virus 4.33 (12%) BitDefender Antivirus 10 (6%) VBA32 Antivirus 3.12 (6%)	TEST FAILED

Active Infection Treatment testing methodology

Test was performed on a VMware GSX Server dedicated for that purpose. Separate Virtual PC with Microsoft Windows XP SP2 was cloned for every "experimental" antivirus product. At the test point we installed every patch available for each antivirus program at our disposal.

The following Anti-Virus products were tested in this comparative:

1. Avast! Professional Edition 4.7.1029

2. AVG Anti-Virus 7.5.476

3. Avira AntiVir PE Premium 7.0

4. BitDefender Antivirus 10

5. Dr.Web Anti-Virus 4.33.3

6. Dr.Web Anti-Virus 4.44.0.8030 beta

7. Eset NOD32 Antivirus 2.70.39

8. F-Secure Anti-Virus 2007 7.02.395

9. Kaspersky Anti-Virus 7.0.0.125

10. McAfee VirusScan 2007

11. Panda Antivirus 2008

12. Sophos Anti-Virus 6.5.7 R2

13. Symantec Norton AntiVirus 2007

14. Trend Micro Internet Security 2007

15. VBA32 Antivirus 3.12.2.2

Procedure

During installation all the recommended by developer procedures (restarting, upgrading, etc) were performed. All the defense components were activated, in case this action has not been supported after installation automatically.

In the case when antivirus software has not been able to detect malicious code during first scan, the infected catalog verification was initialized.

Testing procedure description

1. Malicious code activation (contamination) on separate Virtual Machine

2. Verification of successful virus installation and its functionality.

3. Multiple system reboot.

4. Antivirus program installation and malware removal attempt.

5. Revealing of malicious code reminders in the case of successful removal

Separate Virtual Machine was dedicated for each virus sample used in the test. Virtual machine was rolled back after each attempt to install and treat particular malware.

Malicious code sampling procedure for active infection treatment test (September 2007)

17 malware samples were separated for the test in compliance with the following criteria:

1. Sample should have been detected by each antivirus program participating in the test

2. Virus was supposed to disguise its presence.

3. Model was supposed to demonstrate some kind of resistance to its detection and deletion (ability to  self-recover)

4. Sample should have been widespread and famous

While sampling, preference was given to the most complicated samples, which were chosen from “the wild nature” by anti-malware.ru experts.

Functionality of each sample was verified on the test system descibed above; in this manner, the following malware was chosen:

1. Adware.Win32. Look2me.ab
2. Adware. Win32.NewDotNet
3. AdWare.Win32.Virtumonde.bq
4. Backdoor.Win32.Haxdoor.ix
5. Backdoor.Win32.PcClient.ca
6. Email-Worm.Win32.Scano.ac
7. Trojan-Clicker.Win32.Costrat.l
8. Trojan-Downloader.Win32.Agent.brr
9. Trojan-Downloader.Win32.Agent.brk
10. Trojan-Proxy.Win32.Agent.lb
11. Trojan-Proxy.Win32.Wopla.ag
12. Trojan-Proxy. Win32.Xorpix.ba
13. Trojan-Spy.Win32.Bancos.aam
14. Trojan-Spy.Win32.Goldun.ls
15. Virus.Win32.Gpcode.af
16. Rootkit.Win32.Agent.ea
17. SSpamTool.Win32.Agent.u

By our methodology, if antivirus software has eliminated an active infection of the system in less then 40% cases - it is considered as "FAILED THE TEST"