Products from the Expert Laboratory
Innovative Data Processing of the Highest Quality
The provision of up-to-date data of the highest quality requires the use of innovative collection, storage and processing methods. AV-TEST has therefore developed the products Sunshine, VTEST and FLARE in order to meet this purpose. These products have been developed from the day-to-day practical work in the laboratory. They are used to fully automatically categorise and analyse information from the comprehensive AV-TEST databases in accordance with the latest standards in the field of information technology, are being constantly developed and are already being actively used by a variety of manufacturers and users.
Sunshine is an innovative tool that can be used to analyse malware. It enables potentially malicious data to be executed in a controlled manner on a non-infected system and analyses the system changes caused by these data. The data can be run on both physical and virtual hardware. Sunshine monitors the following areas:
- The file system (created, modified and deleted files),
- The registry (created, modified and deleted keys and values),
- Processes and their modules,
- System areas in the memory,
- Incoming and outgoing network traffic.
The analysed malware is then classified and categorised for further processing based on the system changes observed.
VTEST is a multi-scanning system, available for Windows and Android, that analyses malware and can be used in a variety of tests. A combination of more than 40 individual virus scanners quickly and effectively scans files for known malicious patterns. The storage of all signature updates since 2004 additionally enables the detection and scanning process to be carried out at different points in time, meaning that older updates can also be used. This method is used to determine all proactive detections and the reaction times of the respective manufacturers with regard to new threats (outbreaks).
The VTEST systems used in a wide variety of locations all over the world examine several million files every day, fully automatically and in a timely and efficient manner.
The service FLARE is based on the comprehensive AV-TEST database, which is continuously increasing in volume thanks to the daily import of tens of thousands of new data from various international sources. AV-TEST makes this information fully available for product optimisation and the prevention of false positives.
At the AV-TEST Institute, FLARE is particularly used for the analysis and registration of false positives, which occur when security products trigger security warnings in programs that have been proven to be clean due to their similarities to malicious codes.