Skip navigation.
Home

Antivirus test

|

I have some friends that have found some new antivirus programs Vipre from Sunbelt Software is one, and I would like to test it against other antivirus programs like Norton's, Kaspersky, McAfee and others. I would be willing when I have completed these test post the results.

The main thing I would like to know is how you would feel would be the best way to go about the test. Should I infect the VM first then install the AV, or install the AV then install some viruses?

What would you suggest as far as viruses I should use in the test?

Is there a place I can download x number of viruses so that way I can install and when the AV say "Found and removed 10,200 viruses" I can then say ppppppffffttttt there are 120,000 on there loser program next.

What I want to do is not only test how many it finds, but how long it takes and what system resources it takes up.

I also heard its better to test live viruses then simulated signature's that if you use signatures the AV will pass over them more so then a live.

Any help and input would help would be appreciated.

Thanks
Thom

Most anti-virus products are

Most anti-virus products are a preventative measure, not a curative measure, so you'll likely get much better results by installing the AV first and then attempting to infect the host, or you could do both tests and compare which ones are better as a preventative/curative option. Also it would be better to use a dedicated machine rather than a VM, if you use a sample that detects VM's it won't function correctly.

As for the malware you should use go to different anti-virus sites and they will often have a list of the "top" threats in the last day/week/month/year etc. You should concentrate on modern in-the-wild malware but also include some older and legacy stuff because they can crop back up. Also see if you can get someone to make some new stuff to test any heuristic/behavioral detection the products may have, anything from simple hex edits of existing malware to completely new stuff. Include lots of variants, such as Conficker.A/B/B+/C not just a single variant of a piece of malware. Be sure to include a number of legitimate programs to test for false positives.

It's also good to test the default settings vs. highest settings to see what the default will catch vs what the max will catch.

Removal

You can also test the removal/cleaning rate, as most AV programs detects many viruses but fails to remove/clean them completely.