MRG Effitas: Dynamic testing of antiviruses. Q4 2017

abdou17

Level 2
Thread author
Verified
May 3, 2013
82
MRG Effitas Laboratory published the results of dynamic testing of antiviruses "360 Assessments" for the fourth quarter (Q4) 2017. Testing was conducted on Windows OS 10 64-bit in conditions close to real with a full range of threats
2018-03-22_17-26-581.png



Dynamic testing "360 Assessments" by an independent laboratory shows MRG Effitas antivirus capabilities protect against real threats. Also, if the system has been infected, it is measured by the time required to detect and eliminate the consequences of infection.

The methodology used is close to the actual use of anti-virus programs on the average system, and allows you to give a realistic assessment of the security capabilities of the product.

MRG Effitas specialists take into account the peculiarity that many anti-virus software can detect infection only during reset / startup, or if the scan was set to the default schedule. To estimate the detection time used methodology based on the fact that the infected system reboots once during the 24-hour period.

Test the name "360 Assessments" due to the fact that the test was carried out with the full spectrum of malware, not only with financial threats. Used for testing trojans, trojans, backdoors, coders, financial malware and other malicious samples.

test methodology
detailed information
1. Operating System Windows 10 64-bit installed on a virtual machine. The system installed Adobe Flash, Reader, Java, Microsoft Office 2010, Microsoft Edge and VLC Player. All Microsoft components are fully upgraded, and all third-party components are out of date by three months.

2. Create an image of the operating system.

3. A copy of the system image is created for each of the test product.

4. Individual security applications installed with default settings (if security options from the EOR is included) on each system created at step 3, and then, if necessary, updated.

5. A copy system after completing step 4.

6. Conduct testing. Loading malware sample on active URL-link with Microsoft Edge browser on the desktop, after Microsoft Edge closing is performed sample run.

7. The test is passed on the following criteria:

a) security application disables URL-link, on which the sample is located, thus preventing it from loading.

b) security application detects the sample until it is downloaded to the desktop.

d) the sample application security detects when executed according to the following criterion:

- Anti-Virus detects as malicious sample and then either automatically blocks it or suspend its execution, and notifies the user, without running it and waiting for user solutions.

8. The test is considered failed on the following criteria:

a) security application is not able to detect the pattern of all the conditions of paragraph 7.

9. Test on the infected system continues for 24 hours by the following process:

a) Reboot the system is performed once in a 24-hour period, exactly 12 hours after infection system.

10. The ability of anti-virus recover the infected system by manually checking the state of the system as compared to its original state, and not with the help of anti-virus scan with the most security products.

11. In the process of testing all the systems have Internet access.

12. All security programs have full functionality in unregistered versions or versions, registered anonymously, without any connection with the MRG Effitas.

13. All tests were conducted in the 3rd quarter of 2017.

14. The test does not provide for compulsory launch of scanners, so in order to prevent threats to the tested products can use a variety of proprietary technologies detect and eliminate malware, including background scanning, scanning at system startup, scheduled scanning, monitoring, etc. Scheduled Scan has been used, only if it has been enabled by default.
Test antivirus
We used the following anti-virus software with the latest version at the time of testing:


Antivirus
Version
Avast Internet Security 17.9.2322
AVG Internet Security 17.9.3040
Avira Internet Security 15.0.34.16
Bitdefender Internet Security 2018 22.0.18.224
ESET NOD32 Smart Security 11.0.159.0
Kaspersky Internet Security 2018 18.0.0.405 (f)
Malwarebytes Anti-Malware* 3.3.1.2183
Microsoft "Защитник Windows" 4.12.16299.15
Microsoft "Защитник Windows" + SmartScreen 4.12.16299.15
Panda Internet Security 17.0.1
SurfRight Hitman Pro* 3.7.20.286
Symantec Norton Security 22.12.0.104
ThreatTrack VIPRE Advanced Security 10.1.4.33
Trend Micro Maximum Security 12.0.1226
Watchdog Anti-Malware * 2.72.186.426
Webroot SecureAnywhere AntiVirus 9.0.19.43
Zemana AntiMalware* 2.74.2.150
* Malwarebytes AntiMalware, Surfright HitmanPro, Watchdog AntiMalware Zemana AntiMalware and are optional anti-virus tools. HitmanPro does not protect in real time and has been tested only when scanning "on demand".

Useful examples of malicious
A total of 322 were used active "In the Wild" sample, including: Trojans (149) Trojans backdoor (68), financial malware (80), coders (18) and others (7).
2018-03-22_17-17-391.png


Test results

Missed and blocked samples
2018-03-22_17-19-041.png

blocks auto - automatic locking threats, behaviour block - behavioral locking by proactive protection, block in 24h - blocking for 24 hours, fail - missed threats
Missed and blocked samples (additional security tools)


2018-03-22_17-19-531.png


Lock cryptographers (ransomware)

2018-03-22_17-20-531.png


Lock financial threats

2018-03-22_17-21-411.png


Blocking of potentially unwanted programs (PUP)

2018-03-22_23-31-441.png


Certification MRG Effitas

2018-03-22_17-22-351.png

Pass
Only those antivirus software / tools receive a certificate "MRG Effitas 360 Assessment" for the 4th quarter 2017:

Level 1 . All threats detected at the first execution, via proactive defense or within 24 hours.

  • Avira Internet Security
  • Avast Internet Security
  • Bitdefender Internet Security
  • ESET NOD32 Smart Security
Level 2 . Not less than 98% neutralized and detected threats / system is restored prior to or during the first scan.

  • Kaspersky Internet Security
  • Symantec Norton Security
  • Trend Micro Maximum Security
test failed
Other security products could not detect all the threats and eliminate the infection in the system during testing.

A full report can be found at this link .
 
Last edited:

legendcampos

Level 6
Verified
Aug 22, 2014
286
Always found that Avira was going the right way, the bad side is that the program it is heavy even the free version .. In the country I live, there is lot of advertising and third party programs embedded in the official program the famous PUP and in this the avira works better, on the other hand avast has let pass a lot of PUP ... kaspersky have not yet improved on this issue although PUP le lawful software but is malicious software maybe they are afraid of some company to process them ..
 

amico81

Level 21
Verified
Top Poster
Well-known
Jan 10, 2017
1,061
Panda not the first place.....that's unusual :LOL:
but can we say if there are in the "wild-test" a lot of blocks from signatures not behavior blocker, that the malware is not really fresh?!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top