I have covered various security products before. I even told you how to get them for free (Six Premium Antivirus Software for free and Six Premium Antivirus Software for Free – II). But in the past I mainly concentrated on the detection rates. Detecting a malware is important, but equally important is completely removing the malware (once detected). So how effective is your antivirus in cleaning up the mess once a malware is successful in attacking the system? Anti-Malware.com put all the popular antivirus softwares through the test and the results are shocking to say the least.
Anti-malware.com first infected the test bed with Adware. Win32.NewDotNet, Backdoor.Win32.Sinowal.ce, Email-Worm.Win32.Scano.bd, Rootkit.Win32.Agent.ea, Rootkit.Win32.Podnuha.a, Trojan-Dropper.Win32.Agent.vug, Trojan-Dropper.Win32.Mutant.e, Trojan-Proxy.Win32.Saturn.cu, Trojan-Proxy. Win32.Xorpix.dh, Trojan-Spy.Win32.Zbot.bsa, Trojan.Win32.Agent.lkz, Trojan.Win32.Monderb.gen, Trojan.Win32.Pakes.cuh, Trojan.Win32.Small.yc and Virus.Win32.Rustock.a. Once the system was compromised antivirus softwares were installed and full system scan was run. After the antivirus software was done, a list of remaining traces was prepared. You can find the detailed methodology used here.
So, how did the antivirus softwares do? Terribly. Here are the results:
Platinum Malware Treatment Award :
Dr.Web Anti-Virus 4.44 (100%)
Gold Malware Treatment Award :
Kaspersky Anti-Virus 2009 (80%)
Avast! Professional Edition 4.8 (80%)
Bronze Malware Treatment Award :
Agnitum Outpost Antivirus Pro 6.5 (53%)
Norton AntiVirus 2009 (53%)
Panda Antivirus 2009 (40%)
Poor results :
BitDefender Antivirus 2009 (33%)
Trend Micro Antivirus plus Antispyware 2008 (33%)
McAfee VirusScan 2008 (33%)
F-Secure Anti-Virus 2009 (33%)
AVG Anti-Virus & Anti-Spyware 8.0 (33%)
Avira AntiVir PE Premium 8.1 (20%)
Sophos Anti-Virus 7.3 (33%)
Eset NOD32 Antivirus 3.0 (0%)
VBA32 Antivirus 3.12 (0%)
Avira is known to have a lot of token detections. It has a strong heuristic due to which it’s able to detect a large number of viruses (it has the best detection rate among all single engine AV products). However, once a system is infected Avira fails miserably. Notably Avira had also failed the self-protection test conducted by Anti-Malware lab. Although Dr. Web managed to completely remove everything thrown at it, it’s not the best option due to its average detection rate. The best option seems to be Kaspersky. Kaspersky has a very good detection rate (generally second best after Avira among single engine AV products) and managed to clean 80% of the malware and bagged the Gold award.
What is your take on these results? What do you prefer? Better detection rate or better cleanup ability?