June 2008

Certification
In the test of last month we examined the search and destroy algorithms of the antivírus systems under Windows XP Home + SP3 operation systems. We used the samples of the most widespread viruses. STANDARD qualification was given to protections that were capable of recognising the virus in every infected sample and prevented the user from starting the code of the virus. ADVANCED qualification was given to protections that were capable of destroying the virus by restoring the original state if possible. During on-access protection and on-demand search the antivirus must work in the same way. We separately examined the observation of the ingoing and outcoming messages of The Bat! mail system. MAILSCANNER qualification was given to products that were capable of recognising, blocking and removing every spread virus.

Testing of compressing files
We observed the search processes of antivírus software in order to see whether they are capable of recognising the compressed files with different formats. Besides the most frequent formats (ZIP, ARJ, RAR, JAR, LZH, TGZ, CAB, TAR, GZ, ACE) we supplemented the test supply with further compress types created by Total Commander (BZ2, HA, Z, 7Z, BFC). We chose 10 well-known virus then we checked whether each antivírus recognises them or not. Afterwards we compressed infected files and prepared the appropriate formats. We performed the test on these files. Besides the compress types we also dealt with some special features. In the case of ZIP and ACE compresses we examined the formats to run and checked the recognition of parasites hidden in the files compressed with passwords and the use of the long file names. Results indicated by bold letters mean the changes related to the last test.

Testing of storing folders
The viruses and worms can hide not only in compressed files but also in infected emails. These emails are stored in the mail client in its own format. During the test of the storing folders we observed whether the virus search is capable of finding the infected email stored by the mail client, on condition that the entire examination of the system is required. The user rightfully expects the virus protection to assess the entire system. The question is to what extent we can trust the protection if nothing has been found. It is obvious, however, that email enters the storing folders following a previous checking, which is done by the antivírus when the mail enters the client. But what is to be done with a parasite whose recognition and removal algorithm enters the virus protection after it has been stored by our mail client? In a case like this the user rightfully expects the storing folders to be examined.

The following products received CheckVir STANDARD certification:




The following products received CheckVir ADVANCED certification:




The following products received CheckVir MAILSCANNER certification:



Platforms

Platform

Version

Microsoft Windows XP Home Edition v2002 SP3

Used virus samples
The list of viruses that will be used for the test in June 2008 can be downloaded here.

Anti-virus products

Product

Developer

Version

Results

AVG Enterprise AVG Technologies 8.0.138 here
McAfee VirusScan Enterprise McAfee 8.5i here
ESET Smart Security ESET Software 3.0.650.0 here
Norton AntiVirus 2008 Symantec Corp. 15.5.0.23 here
Panda Internet Security 2008 Panda Software 12.00.00 here
Trend Micro Internet Security 2008 Trend Micro 16.10.1106 here

Summary

              [PDF]


All of the information stored on this web site is a property of Veszprog Ltd.
Copyright (c) 2000-2009, Veszprog Ltd., All rights reserved.
Webmaster: webmaster@checkvir.com