Level 61

Google Translate

Translated by Google Translate


The test was attended by 19 producers of antivirus products, including:

Avast! Internet Security 6.0.1000
AVG Internet Security 2011 (10.0.1325)
Avira Premium Security Suite
BitDefender Internet Security 2011 (
Comodo Internet Security 5.3.181415.1237
Dr.Web Security Space
Emsisoft Anti-Malware
Eset Smart Security
F-Secure Internet Security 2011 (10.51 build 106)
G Data Internet Security 2011 (
Kaspersky Internet Security 2011 ( (bcd))
McAfee Internet Security 2011
Microsoft Security Essentials 2.0.657.0
Norton Internet Security 2011 (
Outpost Security Suite Pro 7.1
Panda Internet Security 2011 (16.00.00)
PC Tools Internet Security
Trend Micro Titanium Internet Security 2011 (
ZoneAlarm Internet Security Suite 2011 (

Rising Internet Security 2011 (20 th in the list) was excluded from the test due to lack of detective (and his desire to add from the vendor) for most of the malware samples used in the test.

The test was performed on these malicious programs that have been selected in accordance with specific requirements :

TDL (TDSS, Alureon, Tidserv)
Sinowal (Mebroot)
Rootkit.Protector (Cutwail, Pandex)
Rootkit.Podnuha (Boaxxe)
Virus.Protector (Kobcka, Neprodoor)
Rustock (Bubnix)
Email-Worm.Scano (Areses)
SST (DNSChanger, FakeAV)
SubSys (Trojan.Okuks)
Rootkit.Pakes (synsenddrv, BlackEnergy)
TDL2 (TDSS, Alureon, Tidserv)
TDL3 (TDSS, Alureon, Tidserv)
TDL4 (TDSS, Alureon, Tidserv) *

Xorpix (Eterok)

* Check the treatment TDL4 (TDSS, Alureon, Tidserv) was carried out by us not only to Windows XP, and Windows 7 x64, to ensure correct treatment of the Trojan program.


New Member
BitDefender Internet Security 2011 just get 35%?
something weird with MSE result :D
Microsoft Security Essentials 2.0 get 65%


Level 61
Not to expect Emsisoft to fail the test. Since rootkits are very hard to detect so most vendors will be difficulty in detecting it.


New Member
jamescv7 said:
Since rootkits are very hard to detect so most vendors will be difficulty in detecting it.
just scanning with Hitman Pro, will be remove and destroy it :p

Deleted member 178

On Wilders they dont value this test so much.


Level 85
Staff member
From all the test that I've read from anti-malware.ru (Russian site) ....their are always two products in the top .. Kaspersky and Dr.Web (both Russian Vendors). I don't want to accuse them but it seems a little strange :)
This rootkit cleaning test is really a good idea .... didn;t see one for a long time. MSE on 3 it's a really a surprise ... while seeing Dr. Web on two is not a surprise at all ,since they are specialized in cleaning pc's :p

Steps for testing:

1.Install the hard drive operating system and create a complete hard disk image using Acronis True Image.
2.Infection of the machine with a clean operating system (activation of the malware).
3.Verifying the malware and its successful installation in the system.
4.Reboot the infected system.
5.Checking the activity of malicious programs on your system.
6.Install anti-virus and to treat the infected system.
7.Recorded testimony virus, the remaining keys malware startup after successful treatment. In the case of successful treatment are not verified by the activity of the malicious program or its components.
8.Recovering uncontaminated by the operating system image on disk using Acronis True Image (boot from CD).
9.Repetition of paragraphs 2-8 for all the malware and all the antivirus.
Proving that a Image back-up (prevention) it's the best solution in dealing with rootkits :p

Hungry Man

New Member
Comodo's antivirus is already not great. It's definitely not great for removal. Hopefully they integrate their cleaning tool into CIS, but it doesn't really matter, the big part of Comodo is to prevent malware.


New Member
aaronpackers said:
They make COMODO look AWFULLY bad..
Comodo has always been about prevention. Detection type tests aren't their forte. If nothing can get in, there isn't anything to detect. ;)


Exactly.. Comodo was designed based on prevention. It is what is called,Default Deny Protection.. The anti virus has been known not to be that strong, although getting better.. It is through the combined layers of AV,D+,Sandbox,Firewall, that make this suite effective at preventing a clean machine from becoming infected.

Hungry Man

New Member
I don't even bother with the antivirus. The cloud heuristics on unknown sandboxed items is enough for me.


New Member
Results like this, all AV failing but 2, reinforces the belief that learning
how to prevent infections is the only way. Searching on how to
protect myself against zero day threats and rootkits was the search
that led me to SBIE.

This search for something to prevent this kind of infection, very quickly
put SBIE in front of my eyes, together with a bunch of other security

Luckily, I was able to recognize what SBIE is and what it does, is done
very well.



Retired Staff
Jack said:
From all the test that I've read from anti-malware.ru (Russian site) ....their are always two products in the top .. Kaspersky and Dr.Web (both Russian Vendors). I don't want to accuse them but it seems a little strange :)
They use Russian malware samples in their test not global malware samples, that's why Kaspersky and Dr.Web do so well on their testing results. Many Russian malwares are localized users from other parts of the world will never come in contact with most of them.



Level 61
The only main backbone feature even before was Defense+.

Not to make it really 100%, its seems the test are not exaggerated and for me the test also was credible.


Staff member
Both Dr.Web and Kaspersky are Russian computer software companies. It makes this test look less creditable.