Test auto-protection antivirus software 2017

How important is "auto-protection" antivirus program? In the context of the vulnerability of the DoubleAgent plays a major role, as a result of gaps in systems up to XP after Windows 10 gives criminals the opportunity to seize control of anti-virus. Entrusting the security of systems and data vendors of this type of solutions we have in them hope – as sometimes it turns out – getting in return the delusions and to ensure the protection, which have no actually reflected in reality.

Recall that the DoubleAgent is a vulnerability that was discovered in the AppVerifier available in Windows. This tool allows developers to check the error code when the application starts and works by loading the DLL into the program, which is the process of debugging. It may end the dramatic consequences of which we write more here.

As we are still in the area of auto-protect, this is the third time the German lab AV-Test has published the results of an unusual, but very interesting test that concerned the effectiveness of auto-protection of antivirus software for businesses and consumers from virus attacks on their own files, from which they are constructed.

AV-Test checked implemented defense mechanisms:

1. ASLR Mechanism was first applied in Windows Vista. A random allocation system address space randomization (ASLR-address space layout randomization) protects the (difficult) before the buffer overflow as a result of the attack the exploit of the vulnerability in the system. This complex mechanism in short means that ASLR randomly assigns a stack of application memory addresses, which makes none of the essential elements of the system (including files exe, dll, sys) can not be easily tracked by malicious code foreign application. This is even more difficult, if malicious code "does not know", in which location in memory at any given time is the application.

2. DEP (Data Execution Prevention is protection common in modern operating systems Microsoft Windows. Its purpose is to prevent code execution from data segment. This helps protect against the exploit using the buffer overflow. DEP works in two modes: hardware, in which the processor means memory pages as non-executable, and a software that will give you limited protection and is used when the processor is not able to mark memory pages as non-executable. The first version of the DEP appeared in Windows XP Service Pack 2.

To show whether manufacturers really "protecting ourselves to protect us", have different antivirus programs and recorded 32 64-bit and change files PE (portable executable) antivirus. PE files include, for example: EXE, DLL, SYS, DRV.

Consumer protection solutions

The table shows the aggregate average security 32 and 64 bit PE files each anti-virus methods DEP and ASLR.

The table shows the more detailed results and security all files antivirus from 2014, 2015 and 2017.


The table shows the number of files that make up each antivirus program version 32 or 64 bit, and whether those files are digitally signed by prodicenta.

Protection solutions for business

The table shows the aggregate average security 32 and 64 bit PE files each anti-virus methods DEP and ASLR.

The table shows the more detailed results and security all files antivirus from 2014, 2015 and 2017.


The table shows the number of files that make up each antivirus program version 32 or 64 bit, and whether those files are digitally signed by prodicenta.


The table shows that the producer allows you to download the installer via HTTP/HTTPS.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.