AntiVirus Trials 2009

The Antivirus Trials are over

Wow, what an interesting test. We ran the trials for two weeks testing Vipre, BitDefender, Eset, and Microsoft Security Essentials Anti-Malware products. We backed up and then cleaned 12 customer computers (volunteers) installed Viper or BitDefender antivirus products and sent them back 'into the wild'. We also built a new computer, and loaded it with Windows XP and one of the four antivirus products and then intentionally infected it repeatedly.

Meet the contenders

First we look at the commerical products. Vipre, Eset, and BitDefender. Each is highly rated by the rating companies on the web. We selected these three because they were top five products in every review. Also because they were noted for their small foot prints i.e. they don't use a lot of resources to protect you (programs sucking up memory and giving you pop ups, constant nagging windows etc.). We also tested Microsoft Security Essentials because it is new, and it is free.

Secondly, the viruses:

We isolated what we call 'The Rogue', a class of malware that simulates a legitimate antivirus product and then proceeds to shut your computer down and steal your credit card information. The Rogue includes Antivirus 2008/2009/2010, Security Center 2009 and a multitude of identical infections each with a different name and a slightly different GUI.

The Rogue is insidious, it will pop up and tell you that you are infected with a bazillion viruses and hundreds of trojans and so on. It insists that you go to its website and buy protection. Eventually it will not let you do anything except go to the website, and later it won't even allow that. You lose internet connectivity as well as the ability to close the windows, so you can not use the computer at all. 'The Rogue' is "Public Enemy Number One" right now.

While the computers in the wild were subject to all sorts of nasties, we felt we should make every attempt to collect as many viruses as possible for the internal test.

Now we all know the fastest way to infect a computer is to download free (illegal) music. But we didn't want to participate in illegal activity, so on our test computer at the shop we used BitTorrent to download several so called "Key Generators", and "Cracked" software packages. Key Generators are programs that produce product keys so you can install software without paying for it. Downloading the actual Key Generator is not illegal, although using it may be. The same can be said for cracked software packages. They may be illegal to use, but downloading them without installing them doesn't break any laws.

During the trial in our shop the computer with Microsoft Security Essentials repeatedly got infected by everything we threw at it.

Then we watched the other three products consistantly defeat infection after infection, until the 2nd day, when BitDefender let 'The Rogue' come in. It turns out we had a downloaded a very new revision of 'The Rogue', and BitDefender missed it. What really surprised us was that BitDefender not only missed the download but it allowed us to install it. It continued to let 'The Rogue' run its full course with never so much as a "Hi! how you doing" from BitDefender.

This seemed pretty scary for a top rated program, so we saved the original file to a thumb drive and reloaded the system. We loaded Eset and copied 'The Rogue' onto the hard drive. Eset allowed us to save the file, but when we ran it Eset immediately zapped it into quarantine.

Next we uninstalled Eset and put Vipre on it. We plugged the USB flash drive into the computer and Vipre zapped it. We didn't even access the drive, and it had quarantined our only copy of 'The Rogue'! I tried to restore from quarantine so I could keep using the file for testing, but Vipre would immediately re-zap the file as soon as it was restored. Eventually we had to shut Vipre down and use recovery software on the thumb drive so we could continue the testing. Holy Protection Batman!

As the computers that were out in the real world started coming back in for the final review we saw that BitDefender had protected most of them, only one came back with an active infection. We also noticed that when we removed BitDefender and installed Vipre on each computer, Viper usually found some malicious cookies and other minor traces that had been left behind by BitDefender. None of the Vipre computers came back infected at all.

We completed our trial by using Vipre to rescan machines that had been cleaned by a combination of Eset and Malwarebytes (a utility for removing spyware). In more than half of the cases Vipre found more traces and removed them. In one case over 500 traces were found by Vipre. Removing every trace is important because sometimes a cleaned machine is so damaged by these traces that the operating system has to be reloaded to get proper performance.

In the end Vipre won our AV trial hands down. While Eset made a very strong showing, BitDefender failed with the Rogue, and Microsoft Security Essentials failed across several threats.

~Steve

					The Web Search Village Geek
					Join our mailing list for advance notice of specials and security issues
	Home Warranties & Returns Recycling Privacy Info Jobs