This document summarizes the results of an on-demand malware detection test conducted by AV-Comparatives in February 2010. 20 antivirus products were tested on their ability to detect malware samples from a set containing over 1.2 million files. The summary includes detection rates for each product, with G DATA, AVIRA, and Panda detecting over 99% of malware. It also includes false positive results, with eScan, F-Secure, and others having very few false alarms. Finally, it shows the award levels reached by each product based on detection and false alarms, with some products reaching the highest ADVANCED+ level.
This document summarizes the results of an anti-virus test conducted in March 2012. 20 anti-virus products were tested on their ability to detect malware. G Data had the highest detection rate at 99.7%, while AhnLab had the lowest at 94%. Microsoft had the fewest false positives at 0, while Webroot had the most at 428. Based on detection rates and false positives, products received awards of Advanced+, Advanced, Standard or Tested. G Data, AVIRA and Kaspersky received Advanced+.
This document summarizes the results of an anti-virus test conducted in March 2012. 20 anti-virus products were tested on their ability to detect malware. G Data detected 99.7% of malware samples, scoring highest. Microsoft detected 93.1% of samples, scoring lowest. The test also evaluated false alarms on clean files. Microsoft generated 0 false alarms, while Webroot generated 428 false alarms, the most of any product. Based on detection rates and false alarms, products received awards of Advanced+, Advanced, Standard or Tested.
A study of anti virus' response to unknown threatsUltraUploader
A study evaluated 12 popular anti-virus programs' ability to detect unknown threats through behavior analysis. Tests were conducted for keylogging, code injection, and network access. Most programs did not detect the threats. Sophos and Trend Micro blocked some tests but still allowed malicious behavior. The study recommends anti-virus vendors improve detection of unknown malware through behavior analysis.
The document discusses different types of antivirus testing methods and potential ways to exploit weaknesses in those methods. It describes "wildcore" testing using real malware samples and "zoo" testing using large malware collections. It also outlines "retrospective" testing using older signature databases. The document suggests hacks like automatically signing samples, customizing settings, and detecting other antivirus products' false positives to manipulate test results. Feedback from the antivirus industry is mixed, with some condoning common practices while others find them problematic.
The document summarizes the results of a performance test of 21 antivirus programs conducted by AV-Comparatives in November 2010. The test measured the impact of each antivirus program on system performance across various tasks like file copying, application launching, and using a performance testing suite. On-access scanners were found to have some negative impact on performance due to the system resources required to continuously monitor files. Factors other than the antivirus program itself, like outdated hardware or a cluttered hard drive, could also negatively influence performance. The test aimed to provide an indication of each product's performance impact rather than definitive comparisons.
This document summarizes a study on automatically generating heuristic classifiers to detect unknown Win32 viruses. The researchers constructed multiple neural network classifiers using distinct n-gram features from virus samples. They found that combining the individual classifier outputs using voting reduced false positives to a very low level while only slightly increasing false negatives. This voting approach made it practical to retrain the classifiers regularly on updated sample sets.
This white paper examines why having multiple anti-virus scanners at mail server level substantially reduces the chance of virus infection and explores ways in which this can be achieved.
This document summarizes the results of an on-demand malware detection test conducted by AV-Comparatives in February 2010. 20 antivirus products were tested on their ability to detect malware samples from a set containing over 1.2 million files. The summary includes detection rates for each product, with G DATA, AVIRA, and Panda detecting over 99% of malware. It also includes false positive results, with eScan, F-Secure, and others having very few false alarms. Finally, it shows the award levels reached by each product based on detection and false alarms, with some products reaching the highest ADVANCED+ level.
This document summarizes the results of an anti-virus test conducted in March 2012. 20 anti-virus products were tested on their ability to detect malware. G Data had the highest detection rate at 99.7%, while AhnLab had the lowest at 94%. Microsoft had the fewest false positives at 0, while Webroot had the most at 428. Based on detection rates and false positives, products received awards of Advanced+, Advanced, Standard or Tested. G Data, AVIRA and Kaspersky received Advanced+.
This document summarizes the results of an anti-virus test conducted in March 2012. 20 anti-virus products were tested on their ability to detect malware. G Data detected 99.7% of malware samples, scoring highest. Microsoft detected 93.1% of samples, scoring lowest. The test also evaluated false alarms on clean files. Microsoft generated 0 false alarms, while Webroot generated 428 false alarms, the most of any product. Based on detection rates and false alarms, products received awards of Advanced+, Advanced, Standard or Tested.
A study of anti virus' response to unknown threatsUltraUploader
A study evaluated 12 popular anti-virus programs' ability to detect unknown threats through behavior analysis. Tests were conducted for keylogging, code injection, and network access. Most programs did not detect the threats. Sophos and Trend Micro blocked some tests but still allowed malicious behavior. The study recommends anti-virus vendors improve detection of unknown malware through behavior analysis.
The document discusses different types of antivirus testing methods and potential ways to exploit weaknesses in those methods. It describes "wildcore" testing using real malware samples and "zoo" testing using large malware collections. It also outlines "retrospective" testing using older signature databases. The document suggests hacks like automatically signing samples, customizing settings, and detecting other antivirus products' false positives to manipulate test results. Feedback from the antivirus industry is mixed, with some condoning common practices while others find them problematic.
The document summarizes the results of a performance test of 21 antivirus programs conducted by AV-Comparatives in November 2010. The test measured the impact of each antivirus program on system performance across various tasks like file copying, application launching, and using a performance testing suite. On-access scanners were found to have some negative impact on performance due to the system resources required to continuously monitor files. Factors other than the antivirus program itself, like outdated hardware or a cluttered hard drive, could also negatively influence performance. The test aimed to provide an indication of each product's performance impact rather than definitive comparisons.
This document summarizes a study on automatically generating heuristic classifiers to detect unknown Win32 viruses. The researchers constructed multiple neural network classifiers using distinct n-gram features from virus samples. They found that combining the individual classifier outputs using voting reduced false positives to a very low level while only slightly increasing false negatives. This voting approach made it practical to retrain the classifiers regularly on updated sample sets.
This white paper examines why having multiple anti-virus scanners at mail server level substantially reduces the chance of virus infection and explores ways in which this can be achieved.
This document summarizes the results of an anti-virus comparative retrospective test conducted in March 2012 that evaluated the abilities of various anti-virus programs to detect new malware through heuristic detection before signature updates as well as behavioral protections after execution; over 4,000 new malware samples from around March 2nd 2012 were used in the test which evaluated 17 anti-virus programs with the results showing the detection rates for scanning and any additional protection provided by behavioral analysis after execution.
This document is a lab report for an information security systems analysis course. It contains baseline system documentation and findings from experiments surfing the web with Firefox and Internet Explorer. The baseline shows 4 programs installed and no malware/rootkits detected. Using Firefox, the system remained unchanged. Using Internet Explorer, spyware was installed and the system began behaving erratically. The conclusion is that Firefox provided more secure web surfing than Internet Explorer.
The document discusses unknown vulnerability management (UVM) which involves detecting vulnerabilities, including zero-days, building defenses, and deploying patches. The UVM process includes attack surface analysis through fuzz testing software, reporting issues found, and mitigating risks through patch verification and IDS rule development. Key challenges are communicating issues without leaks, reproducing bugs easily, and ensuring patches do not introduce new issues.
This document summarizes the results of a whole product dynamic "real-world" protection test conducted from February to June 2016. It tested 18 antivirus and internet security products on 1868 malicious URLs. The top performing products like F-Secure and Trend Micro blocked all threats without any system compromises. Products like Bitdefender, Kaspersky Lab and Avira blocked over 99% of threats with only a few user-dependent results. The test aims to simulate real-world browsing conditions and how well products can protect against internet-based malware threats.
The document summarizes the results of a test comparing the malware protection of Windows 8 and Kaspersky Internet Security. Kaspersky blocked all 42 real-world malware attacks in tests of URLs and emails, while Windows 8 failed to block 5 attacks. In static detection tests, Kaspersky detected 99% of over 111,000 malware files while Windows 8 only detected 90%. Both products detected all 2,500 prevalent malware files and had no false positives on 345,900 clean files. The results indicate Kaspersky provides better protection against modern malware threats than Windows 8 alone.
This document summarizes the results of a "Whole Product Dynamic 'Real-World' Protection Test" conducted from March to June 2014 on 23 security products. The test aimed to simulate real-world conditions by exposing the products to over 4,000 malicious URLs and evaluating how well each product was able to protect the system without any user interaction. The results showed protection levels achieved by each product on a monthly basis over the test period, with some products reaching the highest award level for their ability to block malware without issues.
Application of data mining based malicious code detection techniques for dete...UltraUploader
This document discusses using data mining techniques to detect spyware. It applies Naive Bayes algorithms used in previous work to detect viruses to a dataset of 312 benign and 614 spyware executables. Feature extraction examines byte sequences in files. Initial tests showed low accuracy, but removing Trojan programs from the dataset improved results, with a window size of 4 and without Trojans achieving 80% detection with a 4% false positive rate. Future work proposes testing against larger window sizes and obfuscated code.
On the Security of Application Installers & Online Software RepositoriesMarcus Botacin
My presentation for the DIMVA 2020 conference about the security of application installers. I show the operation dynamics of the repositories and reverse engineer some application installers to show their vulnerabilities, such as to man-in-the-middle attacks.
3 Minute Power Presentation by Rory Berry RAMP Group
This document discusses the importance of maintaining a childlike sense of wonder and play. It notes that children laugh on average 400 times a day while adults only laugh 17 times daily. It questions whether adults prioritize fun enough in their lives and provides contact information for Rory Berry and their website yoursoapbox.co.za which may relate to this topic.
The document outlines seven common start-up sins: 1) Saving on the wrong things and not paying enough for core business needs, 2) Changing too much at once without proper preparation, 3) Hiding things which wastes time and opportunities, 4) Panicking which helps no one, 5) Undervaluing the importance of building a strong brand, 6) Not listening to and conversing with customers, and 7) Getting sidetracked from the core business by watching competitors. It encourages start-ups to focus on customers, innovate through trial and error, and have fun.
3 Minute Power Presentation by Elodie KleynhausRAMP Group
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
This document summarizes findings from 118 security operations maturity assessments of 87 organizations in 18 countries. It finds that the median maturity level remains below the ideal level of 3, and 20% of organizations scored below the minimum level of 1. The top issue facing security operations is the shortage of skilled resources. While organizations are investing in new technologies, many neglect operational budgets and processes, resulting in immature capabilities. Visible breaches have increased focus on security from executive leadership and boards.
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
This document provides an overview and comparison of the mobile device management (MDM) capabilities of various mobile platforms, including iOS, Android, BlackBerry, and Windows Phone. It summarizes the new management features introduced in iOS 9 and Android 6.0 Marshmallow, and describes how Android for Work enhances security and management for Android devices running business apps. Key areas discussed include app permissions, device encryption, password policies, and email/calendar management controls available to IT administrators.
OpenDNS is a DNS service that aims to make the internet safer, faster, smarter and more reliable. It was founded in 2005 and now has over 30 million active users, processing half a million queries per second and answering 30 billion DNS queries daily. OpenDNS provides content filtering, phishing and malware protection to households, schools and businesses. It translates domain names to IP addresses faster than other DNS services, improving internet speed and reliability.
This document provides predictions for security issues in 2016 from Forcepoint Security Labs. It predicts that the 2016 U.S. elections will drive significant cyberattacks themed around the elections, with hackers using social media and websites to spread misinformation. It also predicts that new mobile wallet and payment technologies will introduce opportunities for credit card theft and fraud. Finally, it predicts that the addition of new generic top-level domains will provide new opportunities for cybercriminals to use domain names for social engineering and malware attacks.
The document summarizes the results of an on-demand anti-virus detection test conducted by AV-Comparatives in February 2010. It tested 20 major anti-virus products on their ability to detect malicious software. The results showed detection rates ranging from 99.7% to 97.1%, with lower percentages indicating more missed malware samples. A graph visually depicted the differences in missed samples between the products. The report also included sections on false positive testing and scanning speed.
This document summarizes the results of a malware removal test conducted by AV-Comparatives in October 2012. 14 antivirus products were tested on their ability to remove malware from an infected system. The test found that Bitdefender, Kaspersky, and Panda achieved the highest ADVANCED+ rating, demonstrating reliable malware removal with only negligible traces left behind. Most other products received lower ratings, with some only partially removing malware or leaving problematic issues. The test provides a useful evaluation of how effectively different antivirus software can clean an infected computer.
The document summarizes the results of an anti-virus file detection test conducted in March 2013 by AV-Comparatives on 20 antivirus products. It found that G DATA 2013 detected 99.9% of malware files with few false alarms, earning it the top award level. Microsoft Security Essentials detected 92% of malware with very few false alarms. Overall detection rates ranged from 99.9% to 91.2%, and false alarms ranged from 0 to 38 across the tested products. The test aimed to evaluate how well products can distinguish malware from good files through detection rates and false alarm results.
Scott Brown tested 13 popular antivirus programs using 10 zero-day viruses and 2 exploits. NOD32 and Kaspersky detected the most viruses initially, while after 1 week NOD32, F-Secure, and Kaspersky detected the most with updated definitions. Based on the tests, NOD32 used the fewest system resources and had the best support, leading Brown to conclude it was the best option. Brown will require NOD32 on all computers connecting to his college network.
This document summarizes the results of an anti-virus comparative retrospective test conducted in March 2012 that evaluated the abilities of various anti-virus programs to detect new malware through heuristic detection before signature updates as well as behavioral protections after execution; over 4,000 new malware samples from around March 2nd 2012 were used in the test which evaluated 17 anti-virus programs with the results showing the detection rates for scanning and any additional protection provided by behavioral analysis after execution.
This document is a lab report for an information security systems analysis course. It contains baseline system documentation and findings from experiments surfing the web with Firefox and Internet Explorer. The baseline shows 4 programs installed and no malware/rootkits detected. Using Firefox, the system remained unchanged. Using Internet Explorer, spyware was installed and the system began behaving erratically. The conclusion is that Firefox provided more secure web surfing than Internet Explorer.
The document discusses unknown vulnerability management (UVM) which involves detecting vulnerabilities, including zero-days, building defenses, and deploying patches. The UVM process includes attack surface analysis through fuzz testing software, reporting issues found, and mitigating risks through patch verification and IDS rule development. Key challenges are communicating issues without leaks, reproducing bugs easily, and ensuring patches do not introduce new issues.
This document summarizes the results of a whole product dynamic "real-world" protection test conducted from February to June 2016. It tested 18 antivirus and internet security products on 1868 malicious URLs. The top performing products like F-Secure and Trend Micro blocked all threats without any system compromises. Products like Bitdefender, Kaspersky Lab and Avira blocked over 99% of threats with only a few user-dependent results. The test aims to simulate real-world browsing conditions and how well products can protect against internet-based malware threats.
The document summarizes the results of a test comparing the malware protection of Windows 8 and Kaspersky Internet Security. Kaspersky blocked all 42 real-world malware attacks in tests of URLs and emails, while Windows 8 failed to block 5 attacks. In static detection tests, Kaspersky detected 99% of over 111,000 malware files while Windows 8 only detected 90%. Both products detected all 2,500 prevalent malware files and had no false positives on 345,900 clean files. The results indicate Kaspersky provides better protection against modern malware threats than Windows 8 alone.
This document summarizes the results of a "Whole Product Dynamic 'Real-World' Protection Test" conducted from March to June 2014 on 23 security products. The test aimed to simulate real-world conditions by exposing the products to over 4,000 malicious URLs and evaluating how well each product was able to protect the system without any user interaction. The results showed protection levels achieved by each product on a monthly basis over the test period, with some products reaching the highest award level for their ability to block malware without issues.
Application of data mining based malicious code detection techniques for dete...UltraUploader
This document discusses using data mining techniques to detect spyware. It applies Naive Bayes algorithms used in previous work to detect viruses to a dataset of 312 benign and 614 spyware executables. Feature extraction examines byte sequences in files. Initial tests showed low accuracy, but removing Trojan programs from the dataset improved results, with a window size of 4 and without Trojans achieving 80% detection with a 4% false positive rate. Future work proposes testing against larger window sizes and obfuscated code.
On the Security of Application Installers & Online Software RepositoriesMarcus Botacin
My presentation for the DIMVA 2020 conference about the security of application installers. I show the operation dynamics of the repositories and reverse engineer some application installers to show their vulnerabilities, such as to man-in-the-middle attacks.
3 Minute Power Presentation by Rory Berry RAMP Group
This document discusses the importance of maintaining a childlike sense of wonder and play. It notes that children laugh on average 400 times a day while adults only laugh 17 times daily. It questions whether adults prioritize fun enough in their lives and provides contact information for Rory Berry and their website yoursoapbox.co.za which may relate to this topic.
The document outlines seven common start-up sins: 1) Saving on the wrong things and not paying enough for core business needs, 2) Changing too much at once without proper preparation, 3) Hiding things which wastes time and opportunities, 4) Panicking which helps no one, 5) Undervaluing the importance of building a strong brand, 6) Not listening to and conversing with customers, and 7) Getting sidetracked from the core business by watching competitors. It encourages start-ups to focus on customers, innovate through trial and error, and have fun.
3 Minute Power Presentation by Elodie KleynhausRAMP Group
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
This document summarizes findings from 118 security operations maturity assessments of 87 organizations in 18 countries. It finds that the median maturity level remains below the ideal level of 3, and 20% of organizations scored below the minimum level of 1. The top issue facing security operations is the shortage of skilled resources. While organizations are investing in new technologies, many neglect operational budgets and processes, resulting in immature capabilities. Visible breaches have increased focus on security from executive leadership and boards.
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
This document provides an overview and comparison of the mobile device management (MDM) capabilities of various mobile platforms, including iOS, Android, BlackBerry, and Windows Phone. It summarizes the new management features introduced in iOS 9 and Android 6.0 Marshmallow, and describes how Android for Work enhances security and management for Android devices running business apps. Key areas discussed include app permissions, device encryption, password policies, and email/calendar management controls available to IT administrators.
OpenDNS is a DNS service that aims to make the internet safer, faster, smarter and more reliable. It was founded in 2005 and now has over 30 million active users, processing half a million queries per second and answering 30 billion DNS queries daily. OpenDNS provides content filtering, phishing and malware protection to households, schools and businesses. It translates domain names to IP addresses faster than other DNS services, improving internet speed and reliability.
This document provides predictions for security issues in 2016 from Forcepoint Security Labs. It predicts that the 2016 U.S. elections will drive significant cyberattacks themed around the elections, with hackers using social media and websites to spread misinformation. It also predicts that new mobile wallet and payment technologies will introduce opportunities for credit card theft and fraud. Finally, it predicts that the addition of new generic top-level domains will provide new opportunities for cybercriminals to use domain names for social engineering and malware attacks.
The document summarizes the results of an on-demand anti-virus detection test conducted by AV-Comparatives in February 2010. It tested 20 major anti-virus products on their ability to detect malicious software. The results showed detection rates ranging from 99.7% to 97.1%, with lower percentages indicating more missed malware samples. A graph visually depicted the differences in missed samples between the products. The report also included sections on false positive testing and scanning speed.
This document summarizes the results of a malware removal test conducted by AV-Comparatives in October 2012. 14 antivirus products were tested on their ability to remove malware from an infected system. The test found that Bitdefender, Kaspersky, and Panda achieved the highest ADVANCED+ rating, demonstrating reliable malware removal with only negligible traces left behind. Most other products received lower ratings, with some only partially removing malware or leaving problematic issues. The test provides a useful evaluation of how effectively different antivirus software can clean an infected computer.
The document summarizes the results of an anti-virus file detection test conducted in March 2013 by AV-Comparatives on 20 antivirus products. It found that G DATA 2013 detected 99.9% of malware files with few false alarms, earning it the top award level. Microsoft Security Essentials detected 92% of malware with very few false alarms. Overall detection rates ranged from 99.9% to 91.2%, and false alarms ranged from 0 to 38 across the tested products. The test aimed to evaluate how well products can distinguish malware from good files through detection rates and false alarm results.
Scott Brown tested 13 popular antivirus programs using 10 zero-day viruses and 2 exploits. NOD32 and Kaspersky detected the most viruses initially, while after 1 week NOD32, F-Secure, and Kaspersky detected the most with updated definitions. Based on the tests, NOD32 used the fewest system resources and had the best support, leading Brown to conclude it was the best option. Brown will require NOD32 on all computers connecting to his college network.
This document summarizes the results of an anti-virus file detection test conducted in September 2012. 20 major anti-virus products were tested on their ability to detect malware in a set of over 240,000 recent malicious files. G DATA detected 99.9% of the malware and had few false alarms. Webroot detected below 80% of malware and had many false alarms. The results showed detection rates and false alarms for each product, with the products ranked and receiving awards based on their combined performance.
Is av dead or just missing in action - avar2016rajeshnikam
This document discusses whether antivirus (AV) software is dead or just missing in action. It begins by comparing traditional, signature-based AV to next-generation security products that use techniques like threat intelligence and machine learning. The document then debunks common security myths and discusses VirusTotal's role in evaluating next-gen AVs. Results from independent tests of various next-gen security products are presented. The document concludes that while no single product can solve all security issues, the approach to security needs to constantly evolve through layered defenses and beyond just next-gen hype.
This document discusses whether antivirus (AV) software is dead or just missing in action. It begins by comparing traditional, signature-based AV to next-generation security products that use techniques like machine learning and threat intelligence. The document then debunks common myths about AV and security technologies. It analyzes results from tests of next-generation security products on services like VirusTotal. The document concludes that while no single product can stop all threats, security defenses continue to evolve beyond traditional AV through layered approaches.
This document provides an overview of computer viruses and anti-virus software. It defines what viruses are and how they spread, describes common types of viruses. It then explains what anti-virus software is, how it works to detect and remove viruses, and lists some popular anti-virus programs. It concludes with a brief history of anti-virus software development from the late 1980s onward.
This document summarizes the results of a performance test of 19 antivirus products conducted in October 2012. A variety of common computer tasks were performed on a test system with each antivirus product installed to measure the impact on system performance. The tested products achieved different award levels based on their results. Users are advised to consider how antivirus products may impact system performance when choosing security software.
The document summarizes the limitations of signature-based anti-virus software. It notes that anti-virus software relies on virus signatures but new viruses are constantly emerging. Retrospective testing shows that anti-virus software is often only able to detect a small percentage of new, zero-day threats even when the software is up-to-date. The document questions the methodology of some anti-virus software testing and advocates for improved testing standards and techniques.
The document discusses strategies for evaluating antivirus software programs, including testing detection rates against malware databases, assessing false positives using clean files, and examining prevention and cleaning capabilities by attempting to infect systems. It also covers documenting test results, providing developers review opportunities, and creating cross-reference lists to standardize malware naming between different antivirus products.
Antivirus software testing for the new milleniumUltraUploader
This document discusses the need for standardized testing of antivirus software to properly evaluate claims by vendors of providing "faster, better, cheaper" protection. It outlines the current state of antivirus testing, including certification programs run by ICSA, Westcoast Labs, and universities. The tests evaluate detection of viruses in the wild and ability to disinfect. The document argues for a functional approach to testing that is not specific to any vendor or product.
This document describes the methodology used in the Whole Product Dynamic Test conducted in 2010 by AV-Comparatives. The test aimed to simulate real-world conditions by evaluating how whole security products protected against malware encountered through browsing the web. Each day, the tested products were updated and then exposed to malware through automated testing of hundreds of URLs. The test provided an overview of the detection abilities of security products against current internet threats as experienced by average users.
This document evaluates the effectiveness of antivirus evasion tools against major free antivirus solutions on Windows and Android platforms. It outlines antivirus evasion tools like Veil 3.0, Avet, The Fat Rat, and others. It also reviews top-rated free antivirus products from sources like PC Mag, Safety Detective, and Lifewire. The methodology describes testing the evasion tools against Bitdefender, Avira, Avast, AVG, Kaspersky, and Panda in a virtual machine setup. The results will be analyzed to see which antivirus most effectively detects the malware and which evasion tools are most successful at avoiding detection.
This document discusses spyware and adware, including their history, how they work, and how to detect and remove them. It defines spyware and adware, explaining that spyware reports user data while adware displays ads. The document rates popular spyware removal tools and recommends always keeping them updated to remove spyware and adware that may infect computers through free downloads or pop-ups. It emphasizes preventing infection by avoiding unnecessary downloads and clicking pop-ups whenever possible.
Antivirus software uses various methods like signatures, heuristics, and real-time protection to identify malware like viruses, worms, and trojans. It works by scanning files and comparing them to known virus signatures. While antivirus software is useful for protecting devices from malware, it also has limitations like unexpected renewal costs, potential false positives, and reduced effectiveness against new viruses. Antivirus software must also contend with techniques used by malware authors to avoid detection, such as rootkits that have full system access.
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
This document evaluates the effectiveness of malware protection on Android devices. It conducts tests on several Android antivirus apps using known malware samples and a newly developed proof of concept malware. The tests find that most antivirus apps can be easily evaded by making only trivial alterations to malware package files. The document aims to provide a more realistic assessment of the malware risk and the level of protection offered by antivirus software compared to traditional antivirus tests.
инструкции и утилиты для удаления остатков антивирусных программbelhonka
This document provides instructions and removal tools for uninstalling various antivirus and security software programs. It lists over 70 different antivirus products from vendors such as Avast, AVG, Avira, BitDefender, ESET, F-Secure, Kaspersky, McAfee, Microsoft, Sophos, Symantec and more. For each product, it specifies the supported Windows operating systems and provides a download link to the official uninstallation tool or a third party removal utility. The purpose is to completely remove all traces of the program from the system.
This document provides an overview of antivirus software, including what it is, how it works, configuring antivirus programs, symptoms of an infected computer, manually deleting virus files, effectiveness of antivirus software, damaged files, popular antivirus programs, and online antivirus scanning. It discusses how the first antivirus software was developed in 1987 to combat the first computer virus. It also explains how antivirus software uses virus definitions to examine files and remove viruses, worms, and trojans.
Evading Antivirus software for fun and profitMohammed Adam
Antivirus evasion techniques are used by malware writers, as well as by penetration testers and vulnerability researchers, in order to bypass one or more antivirus software applications.
5 things needed to know migrating Windows Server 2003Kim Jensen
The document provides five key considerations for organizations migrating from Windows Server 2003:
1. The migration is an opportunity to align IT with business goals and modernize processes, not just a routine system update.
2. Conducting a thorough assessment of all hardware, software, and workflows is necessary to develop an accurate timeline and avoid missed dependencies.
3. Not all existing servers and applications need to be migrated - some may be decommissioned through consolidation or replacement with newer options.
4. Updating hardware in addition to software is important to take advantage of new capabilities and ensure performance supports business needs.
5. Most organizations will benefit from partnering with an outside expert to help plan and execute the migration effectively
The document summarizes security data from Secunia regarding vulnerabilities in software products. Some key findings include:
- The total number of vulnerabilities detected in 2013 was 13,073, a 45% increase over 5 years.
- 16.3% of vulnerabilities were highly critical and 0.4% were extremely critical.
- The top attack vector was remote network access (73.5% of vulnerabilities).
- Vulnerabilities in third-party software accounted for 75.7% of vulnerabilities in the top 50 most common software products.
This document is Cisco's 2013 Annual Security Report which highlights the following key points:
1. The rapid proliferation of devices, applications, and cloud services has created an "any-to-any" world where security has become more challenging. The number of internet-connected devices grew to over 9 billion in 2012.
2. A key trend is the growth of cloud computing, with cloud traffic expected to make up nearly two-thirds of total data center traffic by 2016. This trend complicates security as data is constantly moving.
3. Younger, mobile workers expect to access business services using any device from any location, which also impacts security and data privacy.
1. The number of malicious web links grew by almost 600% worldwide according to data from Websense Security Labs.
2. 85% of malicious web links were found on legitimate web hosts that had been compromised, indicating websites can no longer be trusted based on their reputation.
3. Traditional anti-virus and firewall defenses are no longer sufficient to prevent web-borne threats, as the web serves both as an attack vector and in supporting other attack vectors like social media, mobile, and email. Advanced defenses that can identify compromised legitimate sites in real-time are needed.
The document is a summary of a security survey conducted in 2013 by AV-Comparatives. Some key findings include:
- Over 4,700 computer users worldwide participated in the anonymous online survey.
- Most users are aware of online security risks but some still do not use security software. Detection rates, malware removal, and performance are the most important factors for users.
- Windows 7 and 8 are now the most widely used operating systems. Free antivirus programs are growing in popularity and trust compared to paid solutions.
- Detection testing, real-world protection testing, and tests evaluating heuristic capabilities are the most important types of antivirus testing for users. Performance issues remain a top complaint.
-
Miercom Security Effectiveness Test Report Kim Jensen
The document reports on a test of various web security gateways. It found that Websense blocked the most URLs (132,111 or 5.84%) of over 2.25 million URLs, demonstrating superior web security effectiveness. It also provided the most comprehensive and effective data theft and loss prevention policies. Websense showed advantages in malware blocking, real-time defense, and practical DLP policy implementation. Management of Websense required less time and effort than competitors. Overall, Websense performed well across security effectiveness, malware protection, data protection, and manageability.
Bliv klar til cloud med Citrix Netscaler (pdf)Kim Jensen
This document discusses how Citrix NetScaler outperforms other application delivery controllers (ADCs) in enabling enterprise networks to be cloud ready. It provides 9 key areas where NetScaler beats the competition: 1) Pay-As-You-Grow elasticity to scale capacity on demand; 2) Superior ADC consolidation with higher density; 3) Ability to cluster up to 32 appliances to expand capacity; 4) Full featured virtual ADCs with performance parity to hardware; 5) Cloud bridging functionality for hybrid cloud environments; 6) Open application visibility; 7) SQL load balancing; 8) Intuitive policy engine; 9) Faster SSL performance. The document examines these areas in detail and compares NetScaler's capabilities to other ADC
This document provides a summary and analysis of data from the 2012 Verizon Data Breach Investigations Report (DBIR). Key findings include:
- External threat agents such as hackers were responsible for 98% of breaches and over 99% of compromised records.
- Malware was involved in 69% of breaches and accounted for 95% of compromised records.
- The majority of breaches involved small businesses in the retail, accommodation, and food service industries, though healthcare saw the most compromised records on average per breach.
This document summarizes web traffic trends from Q3 2011 as observed by Zscaler ThreatLabZ across billions of transactions. It finds that while Internet Explorer remains the most used browser, non-browser applications account for over 20% of enterprise HTTP traffic. It also reports that Facebook continues to dominate social networking traffic in enterprises and that browser plugins, especially Adobe Flash, remain out of date and vulnerable to attacks.
This document provides an executive summary and analysis of Forrester's evaluation of mobile collaboration vendors in Q3 of 2011. Forrester evaluated 13 vendors against 15 criteria related to their mobile capabilities and experiences. They found that Adobe, Box, Cisco, IBM, Salesforce, SugarSync, Skype, and Yammer led in their commitment to tablets and smartphones as well as a strategy aligned with mobile workforces. AT&T, Citrix, Dropbox, Evernote, and Google were also strong performers in mobile collaboration. No vendor was considered a contender or risky bet in regards to their mobile support.
The document is a market analysis report from The Radicati Group that examines the corporate web security solutions market in 2011. It segments the market into four categories: specialists, trail blazers, top players, and mature players. The report evaluates vendors based on criteria like functionality and market share. It then plots major vendors in the market into a quadrant chart based on their functionality and size to illustrate their relative position. The report also includes individual analyses of prominent vendors in each category.
This document provides an overview of cloud computing security challenges. It discusses how cloud computing introduces new risks by making systems accessible over the internet, shared among multiple tenants, and lacking location specificity. The document outlines common cloud computing models including infrastructure as a service, platform as a service, and software as a service. It also discusses how multitenancy increases the risk of unauthorized access to user data in cloud environments. Overall, the document examines how cloud computing demands new security practices due to its unique architecture and deployment models.
Cloud security deep dive infoworld jan 2011Kim Jensen
This document provides an overview of cloud security and how it differs from traditional security models. Some key points:
- Cloud computing introduces new security challenges due to its reliance on sharing resources over the internet, like computing power and storage.
- There are different cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
- Cloud computing is defined by traits like internet accessibility, scalability, multitenancy, broad authentication, usage-based pricing, and lack of location specificity. These traits increase security risks.
- Multitenancy, where multiple users share the same cloud resources, introduces the risk of unint
Cloud services deep dive infoworld july 2010Kim Jensen
This document provides an overview of cloud computing services and strategies for businesses. It discusses several types of cloud services including Software as a Service (SaaS) applications, email services, office productivity suites, development/testing platforms, backup/recovery services, and business intelligence tools. The document advises businesses to carefully evaluate their specific needs and compare cloud options to on-premises alternatives before adopting cloud services to ensure the right fit.
This document discusses the benefits of unified communications and collaboration (UC&C) systems. UC&C combines communication channels like voice, email, instant messaging, and video conferencing to improve collaboration. The document outlines how UC&C can reduce "communication latency" by making it easier for employees to connect with the right people at the right time. It provides examples of companies that have implemented UC&C through HP and Microsoft solutions and realized cost savings through reduced conferencing costs, simplified management, and other benefits.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
2. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Table of Contents
Tested Products 3
Conditions for participation and test methodology 4
Introduction 4
Test-Procedure 4
Used Malware 5
Test Results 6
Ratings 23
Additional Free Malware Removal Services 26
Award levels reached in this test 27
Copyright and Disclaimer 28
–2-
3. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Tested Products
• avast! Professional Edition 4.8 • Kaspersky Anti-Virus 2010
• AVG Anti-Virus 8.5 • Kingsoft AntiVirus 9
• AVIRA AntiVir Premium 9.0 • McAfee VirusScan Plus 2009
• BitDefender Anti-Virus 2010 • Microsoft Security Essentials 1.0
• eScan Anti-Virus 10.0 • Norman Antivirus & Anti-Spyware 7.10
• ESET NOD32 Antivirus 4.0 • Sophos Anti-Virus 7.6
• F-Secure Anti-Virus 2010 • Symantec Norton Anti-Virus 2010
• G DATA AntiVirus 2010 • Trustport Antivirus 2009
–3-
4. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Conditions for participation and test methodology
The conditions for participation in our tests are listed in the methodology document at
http://www.av-comparatives.org/seiten/ergebnisse/methodology.pdf. Before proceeding with this
report, readers are advised to first read the above-mentioned document.
Products included in our tests constitute some very good anti-virus software with relatively high on-
demand detection rates, as this is one of the requirements needed to be included in our tests. The
participation is usually limited to not more than 18 well-known and worldwide used quality Anti-Virus
products with relatively high detection rates, which vendors agreed to get tested and included in the
public main test reports of 2009. The 16 products that were included in this public test are listed on
the previous page.
Introduction
This test focuses only on the malware removal/cleaning capabilities, therefore all used samples were
samples that the tested Anti-Virus products were able to detect. It has nothing to do with detection
rates or protection capabilities. Of course, if an Anti-Virus is not able to detect the malware, it is also
not able to remove it. The main question was if the products are able to successfully remove malware
from an already infected/compromised system. The test report is aimed to normal/typical home users
and not Administrators or advanced users that may have the knowledge for advanced/manual malware
removal/repair procedures. A further question was if the products are able to remove what they are
able to detect.
Most often user come with infected PC's with no or outdated AV-software to computer repair stores; in
our case they brought the compromised machines to the Innsbrucker Computernotdienst, a local
partner company of AV-Comparatives. The used methodology considers this situation: an already
infected system that needs to be cleaned.
The Test ran between 1st September and 15th September and was run under Microsoft Windows XP
Professional SP3 32Bit with latest updates of 1st September 2009. The used Hardware were Hewlett
Packard PC’s, dc7600 SFF, P4 2.8 GHz, 1GB RAM, sATA-II HDD.
Test-Procedure
• Thorough malware analysis to know what to look for
• Administrator account was used with turned off system restore
• Infect native machine with one threat, reboot and make sure that threat is fully running
• Boot Windows
• if not possible, we started in safe mode; if safe mode was not possible, the BootCD of the AV-
Products was used where available
• Install and update the Anti-Virus Product
• Follow instructions of Anti-Virus product to remove the malware
• Run thorough/full scan with highest settings
• Run AV again in safe mode if necessary
• Run AV again from BootCD is necessary
• Manual inspection/analysis of the PC for malware removal and leftovers
–4-
5. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Used Malware
The samples have been selected by following criteria:
• all Anti-Virus products were able to detect the used inactive malware on-demand/on-access
already at least since begin of August 2009 (in most cases the malware is well-known and
detected already since over a half year or longer by all the tested Anti-Virus products)
• the sample must have been seen in the field on at least two PC’s of customers who brought
their PC for virus cleaning to the local Computernotdienst (a partner company of AV-
Comparatives) in the last 12 months
• we selected 50 users-infection cases randomly. After this, we took 10 different malware
samples from them (different family, payloads, etc.)
• the malware must be non-destructive (in other words, it should be possible for an Anti-Virus
product to “repair/clean” the system without the need of replacing windows system files etc.)
• at least 25% of the samples should be still listed on the WildList1
Malware Prevalence2
NetSky!30 on the WildList / in-the-field
RJump!38 on the WildList / very widespread
Syrutrk!42 in-the-field
FakeAV!70 in-the-field
Autorun!93 in-the-field
Rontokbro!c5 on the WildList / widespread
Vundo!ca very widespread
Rustock!e0 widespread
Agent!4d widespread
ZBot!3d in-the-field
To avoid providing information to malware authors who could be potentially useful for them to
improve their creations, this public report lists only general names of the used malware as well as very
general information about the leftovers, without any technical instructions/details.
Most Anti-Virus products use generic cleaning procedures for some malware/infections (e.g. heuristic
detections or detection added by automation). For the user this does not make a difference, as the
user wants to get rid of the malware no matter how the product is detecting it.
1
http://www.wildlist.org/WildList/200908.htm
2
Prevalence is based on exact file hash only, not malware families. This data has been consulted with
prevalence information given by various vendors and a third party after the test was done. Prevalence is given
in this order: in-the-field, widespread, very widespread.
–5-
6. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Test Results
–6-
7. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Avast
When avast! finds active malware running on the computer, it automatically suggests running a boot-
time scan at reboot, in order to be able to remove the running malware. We used this possibility.
Results
NetSky: Avast removed the malware completely from the system.
RJump: Avast removed the malware, but some non-malicious malware traces were left behind, as
well as some registry entries.
Syrutrk: Avast removed the malware, but some registry entries were left behind.
FakeAV: Avast removed the malware, but some leftovers (including a binary file) were left behind.
A reboot was required to remove the malware.
Autorun: Avast removed the malware, but some traces are still present. The hosts file is still
modified and blocks access to e.g. Google and various security related websites.
Rontokbro: Avast removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: Avast removed the malware, but some registry entries were left behind.
Rustock: Avast removed the malware, but some registry entries that disable Windows Updates were
left behind.
Agent: Avast removed the malware, but some registry entries were left behind.
ZBot: Avast required a boot-time scan in order to find (!) and remove the malware. Some non-
malicious components and registry entries were left behind.
–7-
8. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
AVG
Results
NetSky: AVG removed the malware, but some worm components (with non-executable extension)
were left behind.
RJump: AVG removed the malware, but some non-malicious malware traces were left behind, as
well as some registry entries.
Syrutrk: AVG removed the malware, but some registry entries were left behind.
FakeAV: AVG removed the malware, but some non-malicious leftovers were left behind. A reboot
was required to remove the malware.
Autorun: AVG removed the malware, but the registry has not been cleaned (due which Windows
Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: AVG removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: AVG removed the malware, but some registry entries were left behind. AVG required a
system reboot to remove the malware.
Rustock: AVG failed to remove the malware.
Agent: AVG removed the malware completely from the system.
ZBot: AVG removed the malware, but some non-malicious components and registry entries were
left behind.
–8-
9. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
AVIRA
AVIRA offers the possibility to create a bootable RescueCD.
Results
NetSky: AVIRA required the Boot-CD to remove the malware completely, as the normal scan did
hang.
RJump: AVIRA removed the malware, but some non-malicious malware traces were left behind, as
well as some registry entries.
Syrutrk: AVIRA removed the malware, but some registry entries were left behind.
FakeAV: AVIRA removed the malware, but some leftovers (including a binary file) were left
behind.
Autorun: AVIRA removed the malware, but the registry has not been cleaned (due which Windows
Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: AVIRA removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: AVIRA removed the malware, but some registry entries were left behind. AVIRA required a
system reboot to remove the malware.
Rustock: AVIRA removed the malware, but some registry entries that disable Windows Updates
were left behind.
Agent: AVIRA removed the malware, but some registry entries were left behind.
ZBot: AVIRA removed the malware, but some non-malicious components and registry entries
were left behind.
–9-
10. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
BitDefender
BitDefender offers the possibility to create a bootable RescueCD.
Results
NetSky: BitDefender removed the malware completely from the system.
RJump: BitDefender removed the malware, but some non-malicious malware traces were left
behind, as well as some registry entries.
Syrutrk: BitDefender removed the malware (a reboot was required), but some registry entries were
left behind.
FakeAV: BitDefender removed the malware, but some non-malicious leftovers (including registry
entries) were left behind.
Autorun: BitDefender removed the malware, but the registry has not been cleaned (due which
Windows Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: BitDefender required the Boot-CD to remove the malware.
Vundo: BitDefender removed the malware, but some registry entries were left behind.
BitDefender required a system reboot to remove the malware.
Rustock: BitDefender required the Boot-CD to remove the malware. Some registry entries that
disable Windows Updates were left behind.
Agent: BitDefender removed the malware completely from the system.
ZBot: BitDefender removed the malware, but some non-malicious components and registry
entries were left behind.
– 10 -
11. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
eScan
eScan uses a third-party Anti-Virus engine, but also in-house malware removal routines.
Results
NetSky: eScan removed the malware completely from the system.
RJump: eScan removed the malware completely from the system.
Syrutrk: eScan removed the malware completely from the system. A reboot was required to remove
the malware.
FakeAV: eScan removed the malware completely from the system.
Autorun: eScan removed the malware completely from the system.
Rontokbro: eScan removed the malware completely from the system.
Vundo: eScan removed the malware completely from the system.
Rustock: eScan failed to remove the malware.
Agent: eScan removed the malware completely from the system.
ZBot: eScan failed to remove the malware.
– 11 -
12. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
ESET
ESET offers the option of creating a bootable Rescue CD. Unlike other Rescue CDs, it is not based on
Linux but on Windows (offering better handling of e.g. NTFS drives). Due to that, the creation of the
Rescue CD requires a large download (over 1GB) and installation of third party applications.
Results
NetSky: ESET removed the malware, but some worm components (with non-executable extension)
were left behind.
RJump: ESET removed the malware, but some non-malicious malware traces were left behind, as
well as some registry entries.
Syrutrk: ESET removed the malware (a reboot was required), but some registry entries were left
behind.
FakeAV: ESET removed the malware, but some leftovers (including a binary file and some registry
entries) were left behind.
Autorun: ESET removed the malware completely from the system.
Rontokbro: ESET removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: ESET removed the malware, but some registry entries were left behind.
Rustock: ESET required the RescueCD to find (!) and remove the malware. ESET removed the
malware, but some registry entries that disable Windows Updates were left behind.
Agent: ESET removed the malware completely from the system.
ZBot: ESET removed the malware, but some non-malicious components and registry entries were
left behind.
– 12 -
13. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
F-Secure
F-Secure include a bootable RescueCD ready for use in its boxed product.
Results
NetSky: F-Secure removed the malware completely from the system.
RJump: F-Secure removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries.
Syrutrk: F-Secure removed the malware, but some registry entries were left behind.
FakeAV: F-Secure removed the malware, but some non-malicious leftovers were left behind.
Autorun: F-Secure removed the malware, but the registry has not been cleaned (due which
Windows Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: F-Secure required the Boot-CD to remove the malware.
Vundo: F-Secure removed the malware completely. During the removal process blue screens and
system errors occurred, so that the removal needed several attempts until it was finally
successful.
Rustock: F-Secure required the Boot-CD to remove the malware. Some registry entries that disable
Windows Updates were left behind.
Agent: F-Secure removed the malware completely from the system.
ZBot: F-Secure removed the malware, but some non-malicious components and registry entries
were left behind. F-Secure required a reboot, but instead of doing it automatically as
proposed, a reboot had to be initiated manually.
– 13 -
14. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
G DATA
G DATA offers the possibility to create a bootable RescueCD.
Results
NetSky: G DATA removed the malware completely from the system.
RJump: G DATA removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries.
Syrutrk: G DATA removed the malware (a reboot was required), but some registry entries were left
behind.
FakeAV: G DATA removed the malware, but some non-malicious leftovers (including registry
entries) were left behind. A reboot was required to remove the malware.
Autorun: G DATA removed the malware, but the registry has not been cleaned (due which Windows
Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: G DATA reported the infection (crashed several times and restarted the OS), but was
unable to remove the malware. In addition, the Boot-CD did not help in this case, as it
was able to run only in read-only mode.
Vundo: G DATA removed the malware, but some registry entries were left behind.
Rustock: G DATA required the Boot-CD to remove the malware. Some registry entries that disable
Windows Updates were left behind.
Agent: G DATA removed the malware, but some registry entries were left behind.
ZBot: G DATA failed to remove the malware. Even the Boot-CD did not help in this case, as it
always hang during the scan.
– 14 -
15. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Kaspersky
Kaspersky offers the possibility to create a bootable RescueCD. Furthermore, Kaspersky 2010 products
include a feature that allows repairing some specific/common malware traces manually (Security+).
Results
NetSky: Kaspersky removed the malware completely from the system.
RJump: Kaspersky removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries.
Syrutrk: Kaspersky removed the malware, but some registry entries were left behind.
FakeAV: Kaspersky removed the malware, but some leftovers (including a binary file) were left
behind. A reboot was required to remove the malware.
Autorun: Kaspersky removed the malware completely from the system.
Rontokbro: Kaspersky removed the malware (a reboot was required), but some registry entries were
left behind which have annoying consequences (e.g. showing an error message at every
system restart, regedit disabled, Folder Options are no longer visible/available in the
menu). Those remaining annoying registry leftovers could be fixed using the repair
feature inside the Kaspersky 2010 product.
Vundo: Kaspersky removed the malware completely. During the removal process system errors
occurred and the system rebooted itself several times, so that the removal needed several
attempts until it was finally successful.
Rustock: It was not possible to install the Kaspersky product on the infected system. We therefore
tried to first install the AV product and then infect the machine. In that case, Kaspersky
removed the malware, but some registry entries that disable Windows Updates were left
behind.
Agent: Kaspersky removed the malware completely from the system.
ZBot: Kaspersky removed the malware, but some non-malicious components and registry entries
were left behind.
– 15 -
16. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Kingsoft
Results
NetSky: Kingsoft removed the malware, but some worm components (with non-executable
extension) were left behind.
RJump: Kingsoft removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries.
Syrutrk: Kingsoft removed the malware, but some registry entries were left behind.
FakeAV: Kingsoft removed the malware, but some leftovers (including a binary file) were left
behind.
Autorun: Kingsoft failed to remove the malware.
Rontokbro: Kingsoft removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: Kingsoft failed to remove the malware.
Rustock: Kingsoft failed to remove the malware.
Agent: Kingsoft removed the malware completely from the system.
ZBot: Kingsoft failed to remove the malware.
– 16 -
17. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
McAfee
McAfee uses an online-installer for the installation of its product.
Results
NetSky: McAfee removed the malware completely from the system.
RJump: McAfee removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries.
Syrutrk: McAfee removed the malware (a reboot was required), but some registry entries were left
behind.
FakeAV: McAfee removed the malware, but some non-malicious leftovers were left behind.
Autorun: It was not possible to install McAfee3, as McAfee requires always an online-installation
and does not offer an offline-installer or a Boot-CD. This is especially problematic when
the malware blocks access to the AV vendor websites. For testing purposes, we modified
the hosts-file in order to be able to install McAfee. In that case, McAfee removes the
malware, but it does not fix the registry, due which Windows Explorer does not start
anymore. We also tried to download from a third-party site the standalone STINGER
utility from McAfee. While running STINGER with activated McAfee and highest settings,
it reported 2 clean files as Trojans on standard preinstalled files on HP systems.
Rontokbro: McAfee removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: McAfee removed the malware, but some registry entries were left behind. McAfee required
a system reboot to remove the malware.
Rustock: McAfee removed the malware, but some registry entries that disable Windows Updates
were left behind.
Agent: McAfee removed the malware completely from the system.
ZBot: McAfee had to be installed in safe-mode. McAfee removed the malware, but some non-
malicious components and registry entries were left behind.
3
If users have trouble while installing the product or cleaning their machines they can contact the McAfee
technical support (first 30 days from purchase there is free phone support). Virtual Technician can help with
many types of problems. http://service.mcafee.com/TechSupportHome.aspx?lc=1033&sg=TS
– 17 -
18. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Microsoft
Results
NetSky: Microsoft removed the malware completely from the system.
RJump: Microsoft removed the malware, but some registry entries were left behind.
Syrutrk: Microsoft removed the malware completely from the system. A reboot was required to
remove the malware.
FakeAV: Microsoft removed the malware, but a non-malicious leftover was left behind. Microsoft
required a system reboot to remove the malware.
Autorun: Microsoft removed the malware, but some traces are still present. The hosts file is still
modified and blocks access to e.g. Google and various security related websites. Only the
access to some few major AV websites has been restored.
Rontokbro: Microsoft removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. regedit disabled, Folder Options are no longer
visible/available in the menu).
Vundo: Microsoft removed the malware, but some registry entries were left behind. Microsoft
required a system reboot to remove the malware.
Rustock: Microsoft removed the malware, but some registry entries that disable Windows Updates
were left behind. Microsoft required a system reboot to remove the malware.
Agent: Microsoft removed the malware completely from the system.
ZBot: Microsoft removed the malware, but some non-malicious components and registry entries
were left behind. Microsoft required a system reboot to remove the malware.
– 18 -
19. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Norman
Results
NetSky: Norman removed the malware, but some worm components (with non-executable
extension) were left behind.
RJump: Norman removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries. A reboot was required to remove the malware.
Syrutrk: Norman removed the malware (a reboot was required), but some registry entries were left
behind.
FakeAV: Norman removed the malware, but some non-malicious leftovers (including registry
entries) were left behind.
Autorun: Norman removed the malware, but the registry has not been cleaned (due which Windows
Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: Norman removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: Norman removed the malware, but some registry entries were left behind. Norman
required a system reboot to remove the malware.
Rustock: Norman removed the malware, but some registry entries that disable Windows Updates
were left behind.
Agent: Norman removed the malware, but some registry entries were left behind.
ZBot: Norman failed to remove the malware.
– 19 -
20. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Sophos
Sophos offers the possibility to create a bootable RescueCD.
Sophos is a corporate product. Due that, it does not restore e.g. some registry entries by design, as in
a managed environment, some of these settings are typically enforced centrally by system
administrators.
Results
NetSky: Sophos removed the malware, but some worm components (with non-executable
extension) were left behind.
RJump: Sophos removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries. A reboot was required to remove the malware.
Syrutrk: Sophos removed the malware completely from the system.
FakeAV: Sophos removed the malware, but some non-malicious leftovers were left behind.
Autorun: Sophos removed the malware, but some traces are still present. The hosts file is still
modified and blocks access to e.g. Google and various security related websites. Only the
access to some few major AV websites has been restored.
Rontokbro: Sophos removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu).
Vundo: Sophos removed the malware, but some registry entries were left behind. During the
removal process blue screens and system errors occurred and the system rebooted several
times by itself, so that the removal needed several attempts until it was finally
successful.
Rustock: Sophos had to be installed in safe-mode. In that case, Sophos removed the malware, but
some registry entries that disable Windows Updates were left behind.
Agent: Sophos removed the malware completely from the system.
ZBot: Sophos removed the malware, but some non-malicious components and registry entries
were left behind. Sophos required a system reboot to remove the malware.
– 20 -
21. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Symantec
Symantec includes a bootable RescueCD ready for use in its boxed product.
Results
NetSky: Symantec removed the malware completely from the system.
RJump: Symantec removed the malware completely from the system.
Syrutrk: Symantec removed the malware completely from the system. A reboot was required to
remove the malware.
FakeAV: Symantec removed the malware, but some non-malicious leftovers were left behind.
Symantec had to be installed in safe-mode.
Autorun: Symantec removed the malware, but some traces are still present. The hosts file is still
modified and blocks access to e.g. Google and various security related websites. Only the
access to some few major AV websites has been restored.
Rontokbro: Symantec removed the malware (the scan had to be done in safe mode, as in normal
mode the system continued to reboot continuously after installation), but some registry
entries were left behind which have annoying consequences (e.g. showing an error
message at every system restart, regedit disabled, Folder Options are no longer
visible/available in the menu).
Vundo: Symantec removed the malware, but some registry entries were left behind. Symantec
required a system reboot to remove the malware.
Rustock: Symantec removed the malware, but some registry entries that disable Windows Updates
were left behind.
Agent: Symantec removed the malware completely from the system.
ZBot: Symantec removed the malware, but some non-malicious components and registry entries
were left behind.
– 21 -
22. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Trustport
Trustport offers the possibility to create a bootable RescueCD.
Results
NetSky: Trustport removed the malware, but some worm components (with non-executable
extension) were left behind.
RJump: Trustport removed the malware, but some non-malicious malware traces were left behind,
as well as some registry entries. A reboot was required to remove the malware.
Syrutrk: Trustport removed the malware (a reboot was required), but some registry entries were
left behind.
FakeAV: Trustport removed the malware, but some non-malicious leftovers (including registry
entries) were left behind.
Autorun: Trustport removed the malware, but the registry has not been cleaned (due which
Windows Explorer cannot load anymore!). The hosts-file has also not been cleaned.
Rontokbro: Trustport removed the malware, but some registry entries were left behind which have
annoying consequences (e.g. showing an error message at every system restart, regedit
disabled, Folder Options are no longer visible/available in the menu). Additionally, an
Autostart entry was only renamed instead of deleted, giving an additional pop-up at
system start.
Vundo: Trustport removed the malware, but some registry entries were left behind. A reboot was
required to remove the malware, but it had to be initiated manually.
Rustock: Trustport required the Boot-CD to find (!) and remove the malware. Trustport removed the
malware, but some registry entries that disable Windows Updates were left behind.
Agent: Trustport removed the malware completely from the system.
ZBot: Trustport removed the malware, but some non-malicious components and registry entries
were left behind.
– 22 -
23. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Ratings
The ratings (and the resulting awards) are calculated based on
a) Removal of malware
a. Malware completely removed (10)
b. Malware removed, some unimportant traces left (8)
c. Malware removed, but annoying or potentially dangerous problems remaining (4)
d. Malware not removed (0)
b) Removal of leftovers
a. No remaining leftovers (4)
b. Innocent non-executable files or unimportant registry entries remaining (3)
c. Non-malicious, but visible executable files remaining (2)
d. Registry entries (e.g. loading points, etc.) remaining (1)
e. Malicious executable files remaining or registry entries which cause
problems/annoyance (like pop-ups, error messages, windows not booting, windows
updates disabled, hosts file blocking websites, registry disabled, etc.) (0)
c) Convenience:
a. Removal could be done easily in normal mode (5)
b. Reboot (or manual actions) required to remove the malware or some entries (4)
c. Errors/BSOD during malware removal (3)
d. Removal required booting in safe-mode (2)
e. Removal required creation of a Boot-CD (1)
f. Detection required a scan from Boot-CD/safe mode or install required contacting
support or similar (0)
Points are given according to the above system, averaged and categorized as follow:
a) Removal of malware
a. 0.0 – 5.0 (poor)
b. 5.1 – 6.6 (average)
c. 6.7 – 8.0 (good)
d. 8.1 – 10.0 (very good)
b) Removal of leftovers
a. 0.0 – 1.0 (poor)
b. 1.1 – 2.0 (average)
c. 2.1 – 3.0 (good)
d. 3.1 – 4.0 (very good)
c) Convenience
a. 0.0 – 2.5 (poor)
b. 2.6 – 3.5 (average)
c. 3.6 – 5.0 (good)
Convenience: All products were more or less same convenient, therefore this category was this time
not counted for the awards.
Even if not observed during this test, over-aggressive cleaning has not been specifically
considered/evaluated during the test, but may be an interesting point to consider in the next test.
– 23 -
24. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Based on the above scoring system, we get the following summary results:
Removal of Removal of
malware leftovers
Avast average average
AVG average average
AVIRA average average
BitDefender good average
eScan good good
ESET average average
F-Secure good average
G DATA average poor
Kaspersky good average
Kingsoft poor poor
McAfee average average
Microsoft good good
Norman average poor
Sophos average average
Symantec good good
Trustport average average
None of the products performed “very good” in malware removal or removal of leftovers, based on
those 10 samples. eScan, Symantec and Microsoft (MSE) were the only products to be good in removal
of malware AND removal of leftovers.
Due the sample size, the final ratings may be generous, but we applied the scoring tables strictly. We
tried to give different values for different types of leftovers, although this was very difficult in some
grey area cases. This was the first public malware removal test of AV-Comparatives and due the lack of
generally accepted ways to rate malware removal abilities, we did our best to give fair ratings based
on the observed overall malware removal results and to do not look / base our ratings on e.g. the
deletion of the binary malware only.
Some products do not remove all registry entries on purpose (as long as they do not have any visible
side effect for the user), e.g. if that helps to prevent reinfection by the same malware. Furthermore,
in some cases it is not possible to know if the registry values (or the hosts file) were modified by the
malware or by the user itself (or third-party utilities used by the user). Therefore, some AV products
may decide to do not touch those values and to do not restore default/standard values. For most
home users it may be OK to reset to default, but in some cases, especially in corporate environments,
restoring default settings could break the security policy of the company. We think that giving an
option to the user to restore such values after a malware infection (during malware removal) could be
useful to clean up completely a PC.
Leaving behind leftovers (even if just non-malicious components/files or some entries in the registry)
could lead to make users believe to have still active malware on their PC, e.g. when they run another
Anti-Virus product or more probably some other Anti-Spyware product. Anti-Spyware products very
often report traces/leftovers and then claim to be able to detect malware which other Anti-Virus
products are not able to find, without saying that the leftovers were not doing anything malicious.
Beside that, it does not even mean that those products would be able to remove the real malware
running on the PC, as the Anti-Virus product may have been able to do.
– 24 -
25. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Good malware detection is very important to find existing malware that is already on a system.
However, a high detection rate of a product does not necessarily correspond/mean that a product has
good removal abilities. On the other hand, a product with low detection rate may not even find the
infection and therefore not removed it.
Some users may wrongly assume that Anti-Virus products just delete binary files (probably because
most Anti-Virus products usually list only infected files in their logs) and do not fix anything else,
like e.g. the registry etc. This report is also intended as a little informational document to explain
that professional Anti-Virus products do much more than just deleting malicious files.
We advise users to do regular backups of their important data and to use e.g. image restoring
software.
– 25 -
26. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Additional Free Malware Removal Services/Utilities offered by the vendors
Boot-Disk4 Free Online Scanner with removal ability5 Free Removal-Tools for specific malware
Avast No No http://www.avast.com/eng/avast-virus-cleaner.html
AVG No No http://www.avg.com/virus-removal
AVIRA YES No http://www.avira.com/en/support/antivir_removal_tool.html
Bitdefender YES http://www.bitdefender.com/scanner/online/free.html http://www.bitdefender.com/site/Downloads/browseFreeRemovalTool
eScan No No http://www.mwti.com/products/mwav/mwav.asp
ESET YES http://www.eset.com/onlinescan http://www.eset.com/download/free-virus-remover.php
F-Secure YES http://www.f-secure.com/en_EMEA/security/security- http://www.f-secure.com/en_EMEA/security/security-center/easy-
lab/tools-and-services/online-scanner/index.html clean/index.html
G DATA YES No No
Kaspersky YES No http://support.kaspersky.com/viruses/avptool?level=2
Kingsoft No No No
McAfee No No http://home.mcafee.com/VirusInfo/VirusRemovalTools.aspx
Microsoft No http://onecare.live.com/site/en-US/center/howsafe.htm http://www.microsoft.com/security/malwareremove
Norman No No http://www.norman.com/support/support_tools/58732/en-us
Sophos YES No http://www.sophos.com/support/disinfection
Symantec YES No http://www.symantec.com/norton/security_response/removaltools.jsp
Trustport YES No No
In some cases the above mentioned additional free malware removal utilities are in our opinion not advertised enough, in other words most users may not
know about their availability when they need it. They should be promoted inside the user manuals, inside the product, provided thru an information box in
case of a specific infection (or in case of unsuccessful malware removal) or be better placed on the vendors’ website.
4
Included in the standard package without extra charging.
5
Must be free, not requiring registration, must provide free removal (not just detection) and be able to scan a PC (not only single files).
– 26 -
27. Anti-Virus Comparative – Malware Removal Test - September 2009 www.av-comparatives.org
Awards reached in this test
AV-Comparatives provides a 3-level-ranking-system (STANDARD, ADVANCED and ADVANCED+). As this
report contains also the raw results and not only the awards, users can evaluate the results by
themselves if they prefer.
AWARDS PRODUCTS
(based on removal capabilities) (in no specific order)6
eScan
Symantec
Microsoft7
F-Secure
Kaspersky
Bitdefender
ESET
Sophos
AVG
McAfee
Avast
AVIRA
Trustport
Norman
G DATA
Kingsoft
Please keep in mind, that the ten used prevalent samples were selected randomly, based on infected
user PC's from the real world. With other samples, the results could be completely different.
It may not look fair to give awards in a test with only ten randomly selected samples. However,
malware is also not fair and users cannot select which malware hits their PC's. Therefore, it could be
exactly that one not removed malware sample, which kills your PC.
6
We suggest to consider products with same the award to be as good as the other products with same award.
7
Microsoft OneCare would have scored Advanced.
– 27 -