AV-Test is best known for its ongoing evaluation of antivirus protection and usability but just recently the German lab shifted gear and, instead of measuring how well antivirus protects our data and devices, decided to look into how effective these products are at protecting themselves.
AV-Test’s report states that the most well designed programs include only one error per 2,000 lines of code. The problem is, a major program will contain not thousands but millions of lines of code, and that can add up to a lot of errors! Not every error is susceptible to exploitation of course, but a percentage are.
AV-Test based its testing and subsequent scores on two mature technologies – DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) – which, when implemented, are proven to be effective at thwarting many exploits
- DEP protects against some program errors, and helps prevent certain malicious exploits, especially attacks that store executable instructions in a data area via a buffer overflow ~ Wikipedia
- (put simply, DEP prevents code execution in any memory area that’s marked as holding data)
- Address space layout randomization (ASLR) hinders some types of security attacks by making it more difficult for an attacker to predict target addresses ~ Wikipedia
- (in simple terms, ASLR shuffles the memory sectors used by a program, making it very difficult for an attacker to predict where to find the sector holding the vulnerable code)
For the purposes of evaluation, AV-Test investigated common modules (such as executables, dynamic link libraries, drivers, and sys files) associated with each application, to find out if they implemented DEP, ASLR, or both. 32-bit and 64-bit editions were evaluated separately:
The above table of results reveals a number of interesting statistics. For example; it seems 64-bit editions are overall more effective at self-protection than their 32-bit counterparts – most notable here are the scores for AVG AntiVirus Free, with the 64-bit edition beating the 32-bit edition by a quite considerable margin.
It also puts a new light on a number of leading products’ overall effectiveness, with several that tend to regularly achieve high scores in terms of system protection falling down badly when it comes to self-protection.
Avast Free users will no doubt be reassured to see their favorite antivirus scoring well, at number 4 overall. Of the other free solutions included in the tests, Panda Free Antivirus finished mid field, which is in contrast to its generally excellent results for system protection.
Last but certainly not least; a pat on the back for Eset Smart Security, the only product to score a perfect 100% across the board.
It’s good to see AV-Test delving into new areas for evaluation, such as testing products for self-protection. If for nothing else than to make the security vendors sit up and take notice, and maybe, think again before failing to implement adequate self-protection techniques, such as DEP and ASLR.
- Access AV-Test’s full report here: Self-Protection for Antivirus Software