Unlimited storage and bandwidth for $4.95/mo!

 

A Special $10 off "moo"pon -- Just for you!
Home arrow Shop and Compare arrow Comparative tests arrow Anti-Rootkit Detection and Treatment Test
PDF Print E-mail
Article Index
Anti-Rootkit Detection and Treatment Test
Page 2
Page 2 of 2

 

Test of Proactive Rootkit Detection

The results of Proactive rootkit detection test are displayed in the next table. They show the effectiveness of conceptual samples detection with the help of proactive technology. Conceptual samples doesn't constitute a menace for ordinary users, so, only the ability to detect the code was tested (0.5 point for each successful detection).

 

 

 

The table shows very interesting results; proactive protection from unknown rootkits are implemented more or less only in two products: Kaspersky Antivirus and F-Secure Antivirus, which, in turn, uses the modification of scanner engine of Kaspersky.

As for specialized "rootkit busters" - most of them are very effective against potential threats in the form of unknown rootkits.

 

Detailed test result

The three best products based on the test results among Antivirus programs were Kaspersky Anti-Virus 7.0 (Gold Award), Dr.Web 4.44 and Symantec Anti-Virus 2008 (Silver Award)

Table: Best Antivirus Products based on the test results

 

As we mentioned above, Rootkit Unhooker 3.7.300 demonstrated excellent results and received a Gold Anti-Rootkit Protection Award. GMER 1.0.13 and Avira Rootkit Detection 1.0 were very close to the winner and obtained Gold Anti-Rootkit Protection Award as well.

Table: Best Anti-Rootkits based on the test results

 

Methodology

The test was conducted on a specially prepared workstation running under VMware Workstation version 5.5.3. A “clean” virtual machine running under Microsoft Windows XP Service Pack 2 was cloned for each malicious program sample.

 

The following antivirus programs participated in the test:

  1. BitDefender Antivirus 2008

  2. Dr.Web 4.44

  3. F-Secure Anti-Virus 2008

  4. Kaspersky Anti-Virus 7.0

  5. McAfee VirusScan Plus 200

  6. Eset Nod32 Anti-Virus 3.0

  7. Symantec Anti-Virus 2008

  8. Trend Micro Antivirus plus Antispyware 2008


As well as specialized anti-rootkit software packages:

  1. AVG Anti-Rootkit 1.1

  2. Avira Rootkit Detection 1.00.01.1

  3. GMER 1.0.13

  4. McAfee Rootkit Detective 1.1

  5. Panda AntiRootkit version 1.0

  6. Rootkit Unhooker 3.7

  7. Sophos Anti-Rootkit 1.3

  8. TrendMicro RootkitBuster 1.6

A requirement for all anti-rootkit solutions tested was that their functionality should include not only the detection of rootkits, but also their removal (deletion/renaming of files, deletion/renaming of registry keys/ sections).

Rootkit was considered to be completely detected if anti-rootkit (antivirus program module or stand-alone antirootkit package) has been intercepted every attribute of the malicious code present in the system: files, registry keys, processes or API functions.

Rootkit was considered to be rendered harmless if and only if the tested software was able to completely neutralize all its activity in the system.

 

Testing steps:
  1. Activation of malicious code on the virtual machine.
  2. Verification that the virus has been successfully installed and is active.
  3. The infected system was rebooted multiple times.
  4. Anti-rootkit installation and verification of its ability to disinfect the system.
  5. Analysis of the remaining files and auto-start registry keys.

A dedicated clean virtual machine was used for each selected malware sample (step 1). After launching the anti-rootkit program and performing the disinfection, the virtual machine was restored to its initial state after step 3.

 


<< Prev - Next
 
< Prev   Next >
[ Back ]