Make a comparative characteristic of antivirus programs. Comparative analysis of antivirus agents. Control of devices based on politician

In this comparative testing, we studied the effectiveness of antiviruses and HIPS programs to counteract the latest samples of malicious programs transmitted to users most common now - through infected websites.

Introduction

Practically all conducted by other laboratories (AV-test.org, av-comparatives.org) Test tests of antiviruses for the quality of protection were critical comments of the professional community about some of their syntheticism or separation from real life.

The first and basic claim came down to the fact that when checking the file collections, only some of the anti-virus protection components are tested, such as classical signature detect or heuristics, while the possible contribution of relatively new technologies, such as behavioral analysis or HIPS, is not taken into account. In addition, the work and other components of the protection of those in modern combines are not taken into account (class products Internet Security) In addition to antivirus, for example, Firewall / IDS (can detect suspicious traffic and sign up for infection), checking HTTP traffic on the fly, etc.

The second test reason is that the real user does not store and does not start the ancient malware on its hard disk. It is usually falling into it, as a rule, new sammplats, from which its antivirus can not protect. The methods of malicious programs on a computer are also important. Infection can occur when opening the resulting links (by e-mail, ICQ, etc.) or simply found in the search engine, opening a file attached to a letter downloaded from a file network or rewritten from an external medium.

The method of penetration can be largely dependent on their effectiveness, since some antiviruses have a threat of infection can be eliminated at the stage of attempting to activate the malicious script on the web page, and others have only when the loader loaded loaded by the exploit is also further - When starting the loaded malware.

In our comparative testing, we studied the effectiveness of antiviruses to counteract the latest samples of malicious programs transmitted to users the most common way now - Through infected websites. To do this, we collected links to infected sites from various sources (daily collections of links from MessageLabs + help our community). As a rule, each of us stumbled into such links in search engines, receives by E-mail, ICQ or other means of Internet communication, including social networks.

Essence comparative testing Consistent with checking comprehensive Antivirus opportunities in counteracting the latest threats in the form of malicious programs distributed through infected websites.

Methodology of comparative testing

The test took place from August 5 to September 15, 2008. Before the start of the test, the testing environment was prepared. To do this run VMware Workstation. 6.0.3 a set of clean virtual machinesThe Microsoft Windows XP PRO SP2 operating system was installed (the latest updates were not intentionally set). For each machine individually, the program of protection was established from the number below.

If possible, we took in test products for integrated security of the Internet Security class, but if there were no people in the vendor line, then the products were used in the line. As a result, in comparison,:

  1. Avast Antivirus Professional 4.8-1229
  2. AVG Internet Security 8.0.156
  3. Avira Premium Security Suite 8.1.0.367
  4. BitDefender Internet Security 2008 (11.0.17)
  5. Dr.Web 4.44.
  6. ESET SMART SECURITY 3.0.667
  7. F-Secure Internet Security 2008 (8.00.103, it is Streamanivirus)
  8. G Data Internet Security 2008
  9. Kaspersky Internet Security 2009 (8.0.0.454)
  10. McAfee Internet Security Suite 8.1
  11. Microsoft. Windows Live. ONECARE 2.5
  12. Norton Internet Security 2008 (15.5.0.23)
  13. Outpost Security Suite 2009 (6.5.2358)
  14. Panda Internet Security 2008 (12.01.00)
  15. Sophos Anti-Virus 7.3.5
  16. Trend Micro Internet Security 2008 (10/16/1182)
  17. VBA32 Workstation 3.12.8

Also in comparison, two special programs for proactive protection against the newest types of threats of the HIPS class (HOSTED Intrusion Prevention System) are also

  1. Defensewall Hips 2.45
  2. SAFE "N" SEC Pro 3.12

Unfortunately, during the test and processing of the results obtained, some vendors issued updates to their products, which could not be reflected in the final results.

It is important to note that all antiviruses were tested with standard default settings and with all relevant updates obtained in automatic mode. In essence, the situation was simulated as if a simple user was used by one of the test protection programs used the Internet and moved according to his references (in one way or another, see above).

Selection of malicious programs

For the test, references to sites infected with only the newest samples of malicious programs were chosen. What does the "newest" mean? This means that these links loaded by links should not be detected by file antiviruses of more than 20% from the list of test products, which was checked through the Virustotal service (38 different anti-virus engines are connected on this service). If selected self-selected and detected by someone, the verdicts were usually inaccurate (suspicion of infection or a packed object).

The number of images that meet such requirements was a bit, which significantly affected the size of the final sampling and timing timing. For more than a month of testing, 34 work links to the newest malware were selected.

Assessment of results

  1. Exploit detection by open web page (malicious script) or blocking the opening of the page is an anti-phishing module.
  2. Detection of the loader program transmitted using an exploit ( special Programwhich is used to download the victim of other malicious programs to the computer, for example, Trojan) web antivirus or file antivirus.
  3. Detection of the loaded malicious program in the process of its installation (as a rule, with behavioral analysis).

With any of the above options for preventing antivirus infection, it was put 1 point. The differences were not done, since from the point of view of the user it does not matter at what stage, and which component of protection eliminated the threat of infection. The main thing is liquidated. If the infection has not been prevented, including in part, then the antivirus was set 0 points.

In fact, such an assessment system means the following. 1 The score was put if the attempt was detected in explicit form or a suspicious action was detected, and at the same time the infection was completely suspended, subject to the correct user selection in the dialog box (about the detection of a hazardous action, preventing an attempt to infection, detecting an attempt to start a suspicious program, attempted Change files, etc.). In all other cases, 0 points were put.

It is worth noting that in some cases the presence of a malicious program on a computer was found after infection using a file monitor or firewall / IDS, but I could not cope with an antivirus infection. In this case, the antivirus still set 0 points, as he did not protect against infection.

HIPS class programs were evaluated by the same principle as antiviruses. They were put on 1 point in all cases where malicious or suspicious activity was found and infection was prevented.

Results of comparative testing

Final results of comparative testing antivirus software And the HIPS are presented below in Figure 1 and tables 1-2.

Figure 1: Efficiency of various protection programs against the latest threats

Table 1: Efficiency of anti-virus programs against the latest threats

Antivirus

% of max (34)

Kaspersky

Avira.

Sophos.

BitDefender.

F-Secure.
(Stream.anivirus)

Dr.Web.

G Data.

Avast!

Outpost.

Trend Micro.

Microsoft.

ESET.

McAfee

Panda.

Norton.

VBA32.

Among Antiviruses, the best were Kaspersky Internet Security, Avira Premium Security Suite and AVG Internet Security, which were able to prevent infection of 70% of cases and higher. Sophos Anti-Virus, BitDefender Internet Security and F-Secure Internet Security (it are also streaming), overcoming a barrier in 50% were the worse.

High Protection Indicators Kaspersky Internet Security is primarily associated with the built-in HIPS component, allowing you to evaluate malicious ratings of any applications using reputational mechanisms (Whitelisting).

Avira Premium Security turned out to be effective due to a high level of exploit detection (see table 3 in a complete test report) and packaged objects (meaning the detection of the packer used in it). It turned out to be proactive technologies for detection in AVG Internet Security products, Sophos Anti-Virus, Bitdefender Internet Security and F-Secure Internet Security (Streamanivius), which occupied from 3 to 6, respectively. In the F-Secure Internet Security, an application control module (DeepGuard technology) was noticeable.

It is important to note that when a malicious program is detected (the withdrawal of alerts), many compared products often could not prevent infection.

Table 2: Efficiency of HIPS against the latest threats

Hips.

Number of prevented infections

% of max (34)

Defensewall Hips.

SAFE "N" sec

As can be seen from Table 2, from the HIPS class programs, a very high result showed Defensewall Hips, which was able to detect the attempts to infect the system in almost 100%. SAFE "N" SEC was less effective, but its result is still much better than many antiviruses compared in this article.

SAFE "N" SEC and Defensewall HIPS products are very different in the interaction approaches to users. If SAFE "N" SEC on the principle of operation is similar to anti-virus products and does not require special training, then in relation to Defencewall is not so simple. To learn to effectively use the latter, at least have certain knowledge and experience, and also carefully read the user manual.

It should be noted that the above results are not the truth in the last instance, testifying to the super expense of the alone and weakness of other products. The test does not claim absolute objectivity - this is a small study that should be the first step on the way of comparative testing of integrated products for anti-virus protection.

This article should be viewed as a trial step towards comprehensive testing real efficiency protection of antivirus programs. In the future, we plan to improve the technique of such a comparative test: to use a greater sample of malicious programs, fix and conduct an accurate analysis of the efficiency of various components of products, etc.

Anti-virus programs (Antivirus) exist to protect your computer from malicious programs, viruses, Trojans, worms and spywarewhich can delete your files, steal your personal data and make your computer and web connections are extremely slow and problematic. Consequently, the choice of a good antivirus program is an important priority for your system.

To date, there are more than 1 million computer viruses in the world. Because of such a wide prevalence of viruses and other malicious programs, there are many different options for users of computers in the anti-virus software.

Antivirus programs Quickly turned into a big business, and the first commercial antiviruses appeared on the market in the late 1980s. Today you can find many, both paid and free antivirus programs to protect your computer.

What antivirus programs do

Antivirus programs will regularly scan your computer in search of viruses and other malicious programs that can be on your PC. If the software detects the virus, then it usually places it in quarantine, treats or removes it.

You choose how often scanning will occur, although, as a rule, it is recommended that you start it at least once a week. In addition, most antivirus programs will protect you in everyday activity, such as check email and web surfing.

Whenever you download any file to your computer from the Internet or with an e-mail, the antivirus will check it and make sure that the OK file (free from viruses or "clean").

Antivirus programs will also update what is called "antivirus definitions". These definitions are updated as often as new viruses and malicious programs appear and detect.

New viruses appear every day, so it is necessary to regularly update the anti-virus database on the manufacturer of the manufacturer of the anti-virus program. After all, as you know, any antivirus program knows how to recognize and neutralize only those viruses with which it "trained" manufacturer. And it's no secret that from the moment the virus is sent to the program developers, until the update of the anti-virus databases can pass several days. During this period, thousands of computers worldwide can be infected!

So, make sure that you installed one of the best antivirus packages, and update it regularly.

Firewall (firewall)

Protecting a computer from viruses depends not only on one antivirus program. Most users are mistaken, believing that the antivirus installed on the computer is a panacea from all viruses. The computer can still be infected with a virus, even having a powerful antivirus program. If your computer has access to the Internet, one antivirus is not enough.

Antivirus can delete the virus when that directly is on your computer, but if the same virus becomes embedded in your computer from the Internet, for example, with a web page download, the anti-virus program will not be able to do anything with it - as long as he Does not show its activity on the PC. Therefore, the full-fledged protection of the computer from viruses is impossible without a firewall - a special protective program that will notify the presence of suspicious activity when the virus or worm is trying to connect to the computer.

The use of firewall on the Internet allows you to limit the number of unwanted connections from outside to your computer, and significantly reduces the likelihood of its infection. In addition to protection against viruses, attackers (hackers) access to your information and attempt to download a potentially dangerous program on your computer is also much difficult.

When the firewall is used in conjunction with the anti-virus program and operating system updates, the computer protection is supported for the maximum high level security.

Update operating system and programs

An important step to protect your computer and data is a systematic updating of the operating system with the latest security patches. It is recommended to do this at least once a month. The latest updates for OS and programs will create conditions under which the computer protection against viruses will be at a fairly high level.

Updates are fixes found over time errors in software. A large number of viruses use these errors ("holes") in system security and programs for their distribution. However, if you close these "holes", then viruses are not terrible and the computer protection will be at a high level. Additional plus regular update - more reliable system operation due to error correction.

Login password

Password to enter your system, especially for account "Administrator" will help protect your information from unauthorized access locally or over the network, besides will create an additional barrier to viruses and spyware. Make sure you use sophisticated password - Because Many viruses for their distribution use simple passwords, for example 123, 12345, starting selected from empty passwords.

Secure Web Surfing

Protecting a computer from viruses will be complicated if, watching sites and wandering over the Internet, you agree to everything and install everything. For example, under the guise of updating Adobe Flash Player, one of the varieties of the virus is distributed - "Send SMS to the room". Practice secure web surfing. Always read what exactly you are offered to do, and only then agree or refuse. If you are offered something in a foreign language - try to translate it, otherwise I feel free to refuse.

Many viruses are contained in e-mail attachments and begin to spread immediately after the opening of the attachment. We convincingly do not recommend that you open attachments without prior arrangement about obtaining it.

Antiviruses on SIM, flash cards and USB devices

Mobile phones manufactured today have a wide range of interfaces and data transmission capabilities. Consumers should carefully examine the protection methods before connecting any small devices.

Such methods of protection, as hardware, possibly antiviruses on USB devices or SIM, will be more suitable for mobile phone consumers. Technical assessment and review of how to install an antivirus program on a cellular mobile phone should be considered as a scanning process that may affect other legal applications on this phone.

Anti-virus programs on SIM with antivirus embedded in a small capacity memory zone ensure the fight against malicious / viruses, protecting PIM and phone user information. Antiviruses on flash cards give the user the ability to share information and use these products with various hardware devices.

Antiviruses, mobile devices and innovative solutions

No one will surprise when the viruses that infect personal and portable computers will go to mobile devices. More and more developers of this area are offered antivirus programs to combat viruses and protect mobile phones. IN mobile devices There are the following types of combating viruses:

  • § Processor restrictions
  • § Memory limit
  • § Definition and updating of signatures of these mobile devices

Antivirus companies and programs

  • § AOL® Virus Protection as part of AOL Safety and Security Center.
  • § ActiveVirusshield from AOL (based on kav 6, free)
  • § Ahnlab.
  • § ALADDIN KNOWLEDGE SYSTEMS
  • § Alwil Software (Avast!) From the Czech Republic (free and paid versions)
  • § Arcavir from Poland
  • § AVZ from Russia (free)
  • § Avira from Germany (there is free version Classic)
  • § authentium from the UK
  • § BitDefender from Romania
  • § BullGuard from Denmark
  • § Computer Associates from USA
  • § Comodo Group from USA
  • § ClamAV - GPL license - free with open source program codes
  • § clamwin - clamav for Windows
  • § Dr.Web from Russia
  • § ESET NOD32 from Slovakia
  • § Fortinet.
  • § Frisk Software from Iceland
  • § F-Secure from Finland
  • § Gecad from Romania (Microsoft bought a company in 2003)
  • § GFI Software.
  • § GRISOFT (AVG) from the Czech Republic (free and paid versions)
  • § hauri.
  • § H + Bedv from Germany
  • § Kaspersky Anti-Virus from Russia
  • § McAfee from USA
  • § MicroWorld Technologies from India
  • § Nuwave Software from Ukraine
  • § MKS from Poland
  • § Norman from Norway
  • § Outpost from Russia
  • § Panda Software from Spain
  • § Quick Heal Antivirus from India
  • § Rising.
  • § Rose Swe.
  • § Sophos from the UK
  • § Spyware Doctor.
  • § Stiller Research.
  • § Sybari Software (Microsoft bought a company in early 2005)
  • § Symantec from the USA or United Kingdom
  • § Trojan Hunter.
  • § Trend Micro from Japan (Nominally Taiwan-USA)
  • § Ukrainian national antivirus from Ukraine
  • § VirusBokka (VBA32) from Belarus
  • § Virusbuster from Hungary
  • § Zonealarm Antivirus (American)
  • § File check by multiple antiviruses
  • § File check by multiple antiviruses (eng.)
  • § Check files for viruses before downloading (eng.)
  • § virusinfo.info portal dedicated information security (Conference of virusologists) on which you can request assistance.
  • § Antivse.com Another portal from where you can download the most common antivirus programs, both paid and free.
  • § www.viruslist.ru Viral Internet encyclopedia created by the "Kaspersky Lab"

Antivirus

Avast! * AVS * Ashampoo Antivirus * AVG * Avira Antivir * Bitdefender * Cam Antivirus * Camwin * Comodo Antivirus * Dr. Web * F-Prot * F-Secure Antivirus * Kaspersky Anti-Virus * McAfee Virusscan * nod32 * Norton Antivirus. * Outpost Antivirus * Panda AntiVirus * PC-Cillin * Windows Live Onecare

Providing information security systems is one of the primary issues. In modern society, the protection of information is played a particularly significant role, since the Internet is sisit of viruses and even the simplest of them can cause serious damage to the computer and stored on it. These threats can be the most diverse character - to break the operation of the system by destroying important system files, steal important information, passwords, documents. This leads to sad consequences - from reinstalling the system before losing important data or money. Therefore, the question of choosing an antivirus program for a computer that can protect important data becomes very important. In this article, we will look at some popular antiviruses and try to choose among them the most optimal for an ordinary user (most of them will be free, since yet, it is free Antivirus are the most accessible to the wide audience of users). So, we will consider 4 antivirus - Avast Free Antivirus, Panda Antivirus, 360 Total Security, ESET NOD32. Let's start with the presentation and brief information About each of them.

We live in the era of new discoveries and the heyday of information technology. But with the development of technologies, the risk of information to intruders increases, so the need for data protection has improved. That is why the demand for professions associated with the protection of information and the software that carries the same function. This article is devoted to the second.

Detection of the virus and the ability to remove

Prevents the appearance of viruses, trojans and worms, spyware and advertising, checks the files automatically and at the request of the user, checks mail messages, checks the Internet traffic, protects Internet pagers, protects Java from malicious software - and Visual Basic. - Scripts. Constantly checks the files offline, protects against phishing sites.

NOD32 protects from: viruses, trojans, worms, phishing - attacks. ESET NOD32 is based on Threatsense technology, which detects new dangerous dealers in real time, performing the analysis of the programs performed on malicious code, and warns the actions of viral programs.

Checking the computer for viruses during the screen saver demonstration on the screen. Also check at the time of startup, even before the operating system is loaded. Blocks malicious scripts. Removes spy software.

Removes common viruses;
Protects real-time;

Prevents the appearance of various kinds of worms, rootkits, viruses, infecting files, Trojan programs, stealth, viruses, viruses using polymorphism (that is, the formation of the virus program code during its execution), macro, viruses, damaging documents, script - viruses, spyware programs, passwords, promotional software, hacker utilities, programs - hatches, malicious scripts and other harmful objects, spam.

Updating anti-virus bases

By schedule or manually updates antivirus bases. Copy update files occurs, the antivirus automatically uses the copied bases and uses them when checking traffic.

To update, servers are used to update the mirrors, it is also possible to create a mirror inside the network, which will significantly unload the Internet channel. It is possible to update from official servers, but for this service you need to have a user login and password that can be obtained if you activate your product number during registration, respectively, the product must be purchased.

Updates automatically both antivirus databases and the program itself. If there is a key, automatically updated to the latest version.

There is an opportunity for both automatic updates and manual. For manual update You need to go to the Update tab on the main screen of antivirus.

Anti-virus updates are released immediately along with the release of new viruses, since new threats are not subject to graphics.

Easy use

Kaspersky Anti-Virus is not difficult to use, but for an inexperienced user it may seem somewhat difficult in understanding due to the diversity of settings.

Antivirus is easy to use, a novice user should have problems in the process of using the program.

In the program settings, it is possible to set a password to change. Support about forty interface languages. Voice messages If the program has detected a virus or an update available. In the form of pleasant little things, the presence of the interface than not every antivirus boasts.

Antivirus is simple enough to use and understand. It does not have incomprehensible settings and unnecessary parameters.

The interface is quite simple and understandable, despite numerous settings and program options.

Technical support

24-hour technical support for household products and technical support S. - PT. 10:00 - 18:30 (GMT +3) subject to the acquisition of a licensed product.

Technical support is round the clock. That is, the user can call and write an email.

IN technical support You can contact on the official website, subject to registration, or to the Russian-language program forum.