MRG EFFITAS: a study in which only 3 programs pass the test

In a survey carried out in Q4 2014 by MRG EFFITAS , Kaspersky Internet Security , ESET Smart Protection and Webroot SecureAnywhere received the highest honors. All other security applications did not pass the test - they were not able to detect malware even 24 hours after the system was infected. The test procedures carried out were intended to show the capabilities of the anti-virus in protection against real threats. In addition, if the system was infected, the time needed to eliminate the threat was measured. In total, 526 samples were used for the test, including 316 Trojans, 97 backdoors, 49 crimeware, 42 ransomware and 22 PUAs.

Experts from MRG Effitas have pointed out that in practice antivirus software can often detect an infection only during the system restart or during a scheduled scan. The methodology assumed that exactly after 12 hours from the launch of the malware, the system was restarted and another 24 hours waited for detection and removal of the threat.

Tested programs

  • Avast Internet Security 2015.10.0.2208.712
  • Avira Internet Security 2014 14.0.7.468
  • BitDefender Internet Security 2015 18.20.0.1429
  • ESET Smart Security 8.0.304.0
  • Kaspersky Internet Security 2015 15.0.1.415.0.598
  • Malwarebytes Anti-Malware (Premium) 2.0.4.1028
  • McAfee Internet Security 2015
  • Microsoft Security Essentials 4.7.0202
  • Norton Security 2015 22.1.0.9
  • Panda Internet Security 2015 15.0.4
  • SurfRight HitmanPro 3.7.9 - Build 232 *
  • Trend Micro Internet Security 2015 8.0.1133
  • VIPRE Internet Security 2015 8.0.5.3
  • Webroot SecureAnywhere Internet Security 8.0.6.28

* Surfright HitmanPro: in the free version the program does not provide protection in real time - threats could only be detected during on-demand scanning.

Research methodology

The programs were tested in Windows 7 Ultimate with Service Pack 1, which was installed on a 64-bit virtual machine: 4GB RAM + 2 processor cores. Additional applications have been installed: Adobe Flash, Adobe Reader, Java, Microsoft Office 2010, Internet Explorer 11 and VLC Player. All Microsoft components and other programs were completely updated.
Then, the operating system image was created and a copy of it was used for each tested product. Security applications were installed using the default settings and updated as necessary. A copy of the system was created after the above activities were completed and the test was started.

Malware through Internet Explorer was downloaded from pages that contained links to binary samples. The program included a test if it blocked malicious software before writing to disk, or after saving, but before launching - or after launching. If the signatures did not allow detection of the virus, the file was run and the results waited. The behavioral protection program had to warn the user with a message. If he did not do it, the system was restarted after 12 hours.

In order to assess the ability of the anti-virus to remove malware, the remains of the infection were manually checked. During each test stage, the programs had access to the Internet. Moreover, in all cases the manufacturer's license was not used, full versions were activated with other data - not related to MRG Effitas.

Results

The best protection according to this test is provided by Kaspersky Internet Security 2015 , ESET Smart Protection 8 and Webroot SecureAnywhere Internet Security 8. Only these three programs - despite the fact that not all threats were detected before they were launched - have managed to completely disinfect the system. Other security applications have allowed for infection and did not completely remove all threats.

Full report [ PDF ]



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.