Test auto-protection antivirus software 2017
How important is "auto-protection" antivirus program? In the context of the vulnerability of the DoubleAgent plays a major role, as a result of gaps in systems up to XP after Windows 10 gives criminals the opportunity to seize control of anti-virus. Entrusting the security of systems and data vendors of this type of solutions we have in them hope – as sometimes it turns out – getting in return the delusions and to ensure the protection, which have no actually reflected in reality.
Recall that the DoubleAgent is a vulnerability that was discovered in the AppVerifier available in Windows. This tool allows developers to check the error code when the application starts and works by loading the DLL into the program, which is the process of debugging. It may end the dramatic consequences of which we write more here.
As we are still in the area of auto-protect, this is the third time the German lab AV-Test has published the results of an unusual, but very interesting test that concerned the effectiveness of auto-protection of antivirus software for businesses and consumers from virus attacks on their own files, from which they are constructed.
AV-Test checked implemented defense mechanisms:
1. ASLR Mechanism was first applied in Windows Vista. A random allocation system address space randomization (ASLR-address space layout randomization) protects the (difficult) before the buffer overflow as a result of the attack the exploit of the vulnerability in the system. This complex mechanism in short means that ASLR randomly assigns a stack of application memory addresses, which makes none of the essential elements of the system (including files exe, dll, sys) can not be easily tracked by malicious code foreign application. This is even more difficult, if malicious code "does not know", in which location in memory at any given time is the application.
2. DEP (Data Execution Prevention is protection common in modern operating systems Microsoft Windows. Its purpose is to prevent code execution from data segment. This helps protect against the exploit using the buffer overflow. DEP works in two modes: hardware, in which the processor means memory pages as non-executable, and a software that will give you limited protection and is used when the processor is not able to mark memory pages as non-executable. The first version of the DEP appeared in Windows XP Service Pack 2.
To show whether manufacturers really "protecting ourselves to protect us", have different antivirus programs and recorded 32 64-bit and change files PE (portable executable) antivirus. PE files include, for example: EXE, DLL, SYS, DRV.
Consumer protection solutions
Protection solutions for business
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.