Test: This is how well 8 security packages and 7 special tools come to the rescue after a virus attack
Many users ask on the Internet what they can do after a malware attack. The tenor of most so-called forum specialists: delete everything and reinstall everything. The fact that this tip is completely over-the-top is supported by the latest endurance test from the test labs of AV-TEST. There, 8 well-known security solutions for Windows PCs and 7 special tools for cleaning up and repairing infected PCs were put to an endurance test. Below is a summary of the initial tests from January up to the beginning of July 2016.
8 security packages vs. 7 tools
Unfortunately, there are still too many users who assume that the security solution built into Windows will protect them sufficiently and even help them in an emergency. But once disaster has struck, the same two questions always emerge: how could that happen, and what software do I need now to reliably restore the PC? The first question is easy to answer: the user had no reliable antivirus protection in place. The second question is addressed by this endurance test from the AV-TEST labs. It precisely illustrates how reliably each tested software or special tool restores the system to its status prior to an infection.
The following products are part of the endurance test
The 8 security suites:
- Avast! Free Antivirus 2016
- Avira Antivirus Pro
- Bitdefender Internet Security 2016
- G Data Internet Security
- Kaspersky Internet Security 2016
- Malwarebytes Anti-Malware
- Microsoft Security Essentials
- Symantec Norton Security
The 7 special tools and boot CDs:
- Avira PC Cleaner
- Bitdefender Rescue CD
- Antibot CD
- Heise Desinfec't 2016
- Kaspersky Virus Removal Tool
- Microsoft Windows Malicious Software Removal Tool
They were tested 474 times!
In the lab, the 8 security packages were checked in two scenarios.
1. They were installed on an already infected system.
2. They were already installed, switched off briefly in order to infect the system, then reactivated.
The 7 special tools were naturally only deployed on already infected systems.
On all the packages or tools, the clean-up function was tested and registered in phases:
1. Did the malware sample prevent clean-up?
2. Were the active malware components completely removed?
3. Did any harmless file remnants remain, and were all the changes to the system reversed?
4. Did the security or clean-up software perfectly remove and repair everything?
Endurance Test: here is how well the security packages and tools come to the rescue
Even though the endurance test still has at least 6 months to go, there are already some clear tips emerging from laboratory:
6 out of 8 security packages can be recommended. Among the security packages, the following solutions delivered the best result: Avira Antivirus Pro, Malwarebytes Anti-Malware, Kaspersky Internet Security 2016, Symantec Norton Security, Avast! Free Antivirus 2016 and G Data Internet Security. These 6 packages were able to either completely remove or only leave harmless file remnants, i.e. a text file, from the 40 malware samples used in the endurance test. That is a significant improvement compared to the endurance test in 2015. Microsoft Security Essentials delivered a somewhat poor performance. During the cleaning process, the application was blocked twice by a malware for the 40 test cases, and 4 times the active malware component could not be removed.
2 out of 7 special tools can be recommended. The interim assessment of the special tools in the endurance test is not quite as favorable. Only the Kaspersky Virus Removal Tool and HitmanPro were able to completely remove the already infiltrated malware in 22 test cases or overlooked only one innocuous file remnant.
Endurance Test: another 6 months of testing still to go
The interim assessment in the endurance test is already very good. 6 security packages and 2 special tools delivered an excellent performance in the first 6 months. But there are still 6 months of testing up ahead for all the candidates.
It is already striking that security solutions are finishing ahead of the special tools. This is the case, regardless of whether the security packages were installed after the systems were infected or were already installed and only deactivated for the infection. The latter scenario simulates the case where the attacker was previously unknown to the security package. This also underscores the quality of a security solution. Even if it did not know the latest attacker, it retroactively corrected this error.
Both tools from Kaspersky Lab and HitmanPro are also vital first responders, however. They clean a system with the help of a boot CD or a stick. This way, an infected system can be cleaned without having to re-boot.
Sophisticated test procedure behind the scenes
The time and effort put into such an endurance test appears to be modest, because in the first 6 months "only" 22 out of 40 malware samples were deployed. But first impressions can be extremely deceiving.
What goes on behind the scenes in this test involves far more time and effort than other tests. Because while the testing of the ability to fend off malware can still be easily semi-automated in the lab, the test for clean-up and repair is in large part a purely manual task. In some cases, individual steps had to be confirmed on the screen for each clean-up. In total, 474 individual tests were already completed in the first 6 months!
The ongoing endurance test is being conducted exclusively on real hardware under Windows 7. After all, it is the most widely-used system in the world. Using virtual environments for the test is out of the question, as some malware samples are able to detect this. In virtual environments, they often behave neutrally, as they assume they are in a test environment. With real PCs and Windows 7, the test configuration is as realistic as a user's everyday routine. However, this requires an extreme amount of time and effort.