AV-Test is best known for its ongoing evaluation of antivirus protection and usability but just recently the German lab shifted gear and, instead of measuring how well antivirus protects our data and devices, decided to look into how effective these products are at protecting themselves.
AV-Test’s report states that the most well designed programs include only one error per 2,000 lines of code. The problem is, a major program will contain not thousands but millions of lines of code, and that can add up to a lot of errors! Not every error is susceptible to exploitation of course, but a percentage are.
AV-Test based its testing and subsequent scores on two mature technologies – DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) – which, when implemented, are proven to be effective at thwarting many exploits
- DEP protects against some program errors, and helps prevent certain malicious exploits, especially attacks that store executable instructions in a data area via a buffer overflow ~ Wikipedia
- (put simply, DEP prevents code execution in any memory area that’s marked as holding data)
- Address space layout randomization (ASLR) hinders some types of security attacks by making it more difficult for an attacker to predict target addresses ~ Wikipedia
- (in simple terms, ASLR shuffles the memory sectors used by a program, making it very difficult for an attacker to predict where to find the sector holding the vulnerable code)
For the purposes of evaluation, AV-Test investigated common modules (such as executables, dynamic link libraries, drivers, and sys files) associated with each application, to find out if they implemented DEP, ASLR, or both. 32-bit and 64-bit editions were evaluated separately:
The above table of results reveals a number of interesting statistics. For example; it seems 64-bit editions are overall more effective at self-protection than their 32-bit counterparts – most notable here are the scores for AVG AntiVirus Free, with the 64-bit edition beating the 32-bit edition by a quite considerable margin.
It also puts a new light on a number of leading products’ overall effectiveness, with several that tend to regularly achieve high scores in terms of system protection falling down badly when it comes to self-protection.
Avast Free users will no doubt be reassured to see their favorite antivirus scoring well, at number 4 overall. Of the other free solutions included in the tests, Panda Free Antivirus finished mid field, which is in contrast to its generally excellent results for system protection.
Last but certainly not least; a pat on the back for Eset Smart Security, the only product to score a perfect 100% across the board.
It’s good to see AV-Test delving into new areas for evaluation, such as testing products for self-protection. If for nothing else than to make the security vendors sit up and take notice, and maybe, think again before failing to implement adequate self-protection techniques, such as DEP and ASLR.
- Access AV-Test’s full report here: Self-Protection for Antivirus Software
Interesting, as I recently read this: http://www.syscan360.org/slides/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf
All antivirus venders are ‘scrambling’ (some more than others)!
Jim, fascinating article, but to the average Joe (or Ralph) out here, should this be the criteria for selecting our antivirus protection? Also, no mention of Windows Defender. Should I be seriously looking at finding other anti virus protection in light of this article?
Ralph, while effective self-protection should not be the only criteria, it’s certainly something to take into consideration. The most interesting aspect of these tests is that this area of self-protection hasn’t generally been highlighted previously – antivirus products being traditionally rated on how well they protect the system rather than themselves.
I wouldn’t presume to recommend one antivirus over another, it’s largely subjective and often depends on the end user’s own habits, level of experience, and hardware specs… horses for courses. There isn’t a huge margin between the top 10 or so products in most of these tests anyway.
To be honest, I probably wouldn’t be advising someone to rely on Windows Defender as their sole line of defense. However, Windows Defender included in a layered approach, that is working alongside ancillary security products, can be quite effective in the right hands.
As for changing AVs based solely on these tests (or any other tests for that matter), no. If someone has been using a particular AV for some time and remained malware free, they will not generally be looking to change and probably shouldn’t. If, on the other hand, someone has reason to be looking for a new AV, while these types of tests shouldn’t be the sole deciding factor, they can certainly help with selection.
Thanks for clearing this up for me, Jim. I guess I don’t go to he darker side of the net, as both my wife’s and my laptops have remained clean using Windows Defender. That is not say that one of us will not unknowingly click on something that infects a machine, so maybe we should consider upping our level of protection. I will have a look around at various reviews and hopefully make an informed choice. And hopefully the right one. Thanks again.
Ralph, I know I said I’m loath to make recommendations in this area but you really can’t go wrong with either Avast Free, or Avira Free.
I use both, Avast Free in a Windows 7 system and Avira Free in a Windows 8.1 system. Personally, I lean slightly toward Avira Free, it’s detection rates are excellent and it’s overall less intrusive than Avast.
I don’t use any active anti virus…..not since MS stopped supporting XP. Defender & other free ”protection” never stopped hijacks & PUP’s anyway.
Even so, just to check I occasionally run Melwarebytes & Sophos root kit remover …usually nothing found.
My experience is that I rarely come across virus infections loke 10 years ago. …search , browser & pup’s hijacks seem to be the biggest issues I have found on other folks computers.
You can’t go past Adwcleaner as an very effective quick remover of browser, search hijacks & pup removal.
Needless to say, an effective sandbox gives virtually 100% protection {try Sandboxie which is free)
Thanks to Jim and John for your comments. I am not sure I am happy with no virus protection as John does, so I think I will download Avira. Jim, should I remove Windows Defender before installing Avira? Can I simply turn it off, or should I find a way to remove it?
Thanks again,
I agree Ralph, I don’t think it’s a good idea to go without any AV at all.
Avira will automatically turn Defender off during installation. Just to make sure; after you’ve installed Avira free, go to Control Panel>Windows Defender and you should receive a message saying “This application has been turned off and isn’t monitoring your computer”.
I love it when these scary messages get people involved. I’ve been a loyal fan of KIS for several years and have about 2 years on my subscription. Consider myself lucky that Trend Micro, Zone Alarm, and Vipre scored lower, as I used to rely on their products, Mindblower!