Which antivirus is best at removing malware?

Which antivirus is best at removing malware?

Summary: According to a comparative review of sixteen antivirus solutions, only a few were successful at completely removing the malware they were tested against.

SHARE:
TOPICS: Security, Malware
310

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org's recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous "leftovers" from the infection.

More info on the tested antivirus solutions , and how they scored:

The test, including the following antivirus solutions - Avast Professional Edition 4.8; AVG Anti-Virus 8.5; AVIRA AntiVir Premium 9.0; BitDefender Anti-Virus 2010; eScan Anti-Virus 10.0; ESET NOD32 Antivirus 4.0; F-Secure AntiVirus 2010; G DATA AntiVirus 2010; Kaspersky Anti-Virus 2010; Kingsoft AntiVirus 9; McAfee VirusScan Plus 2009; Microsoft Security Essentials 1.0; Norman Antivirus & Anti-Spyware 7.10; Sophos Anti-Virus 7.6; Symantec Norton Anti-Virus 2010; Trustport Antivirus 2009, relied on a modest malware sample, whose prevalence is however easily seen in the wild these days.

Their conclusion:

"None of the products performed "very good" in malware removal or removal of leftovers, based on those 10 samples. eScan, Symantec and Microsoft (MSE) were the only products to be good in removal of malware AND removal of leftovers. Due to the sample size, the final ratings may be generous, but we applied the scoring tables strictly. We tried to give different values for different types of leftovers, although this was very difficult in some gray area cases.

This was the first public malware removal test of AV-Comparatives and due the lack of generally accepted ways to rate malware removal abilities, we did out best to give a fair rating based on the observed overall malware removal results and to do not look / base out ratings on e.g. the deletion of the binary malware only."

It's worth keeping in mind that the timeliness of these comparative reviews in an ever-changing threat-scape should be consider before jumping to any conclusions. For instance, quality assurance aware cybercriminals rely on underground alternatives of the popular VirusTotal service, allowing them to pre-scan their malware releases before including them in a campaign.

The bottom line - prevention is always better than the cure, which in terms of malware means operating on an up-to-date operating system, that's also free of third-party application and browser plug-in vulnerabilities, followed by a decent situational awareness on their current tactics, and basic understanding that the antivirus software is only a part of the defense in-depth solution.

Topics: Security, Malware

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

310 comments
Log in or register to join the discussion
  • Run a Linux distro or a Mac

    It is funny, when you 'weld' a web_browser
    into an operating system and viruses/worms/
    malware/trojans and spyware come in from
    outside sources it is amazing how insecure
    it makes an Operating System.

    Say what you will, Linux distro's power the
    Internet with Bind (dns), dhcp, routers/switches
    and they do not have constant issues and Linux
    distro's are the MOST widely used on the earth
    as far as the Internet Backbone to ISP's
    for DNS...

    The inherit security of a Linux distro makes
    it far easier to lock down with the mechanism's
    in place than some closed source 10G operating
    system that has a web_browser that has to
    be ran in 'secure mode' because it is part
    of the CORE OS!

    ;)
    use_linux
    • It would be interesting to see...

      I wonder if there are more uninfected Windows desktops or more uninfected Linux servers? My guess would be that the raw numbers would actually show that Windows is both the #1 most uninfected OS in the world [b]and[/b] the #1 most infected OS in the world! :)

      PS While Windows has used a shared HTML rendering library for its GUI (never a part of the kernel) for quite some time, there has never been a single instant where the actual web [b]browser[/b] was integrated into the OS. There have always been simple hacks available to remove the browser from any version of Windows you care to talk about. With Windows 7, IE can be uninstalled like any other application. Looks like you will have to find another complaint. :)
      NonZealot
      • re: interesting...

        Well the Windows bots are all over the world.

        Linux distro's power the web with dns 'bind', dhcp at ISP's and Postfix/Sendmail and face the public
        Internet head on day after day being polled
        and brute_forced without problems.

        You cannot put a Windows machine facing the
        public Internet, unless you want it hacked
        and used as a spam box or a box used to do
        other things like a bot...
        use_linux
        • linux has many vulnerabilities

          Just subscribe to the uscert.gov mailings and you'll get a sense of the large number of vulnerabilities in Linux and MacOS, as well as Windows. Linux/Mac escape by being too small a market to waste a hackers time on. But if you are claiming they are "head on" without problems, then you should visit uscert.gov and start applying some patches to your servers, my friend. Footnote: my PDP/11-44 has never had a virus.
          batpox
          • Did you read the post?

            "Linux/Mac escape by being too small a market to waste a hackers time on."

            Did you read the post? specially the part where it indicates that a great deal of the Internet back bone infrastructure is run in Linux. Even if you don't believe its a "great deal", would you agree that even a 10% is not a "small market"?. Do you really think that MS servers are the other 90% of the infrastructure?

            Regarding Linux:
            Yes, there are vulnerabilities.

            Yes, servers that are not administered properly are vulnerable regardless of the OS.

            And finally:
            Yes, Objective numbers show that Linux is less vulnerable.
            rarsa
          • Please answer the following question

            Can you identify any usage differences between servers that run the Internet's backbone and desktops that have a keyboard, a monitor, and a user that executes zipped applications that are attached to emails proclaiming to be from Facebook?

            [i]Yes, Objective numbers show that Linux is less vulnerable.[/i]

            Actually, LAMP servers are hacked more frequently than IIS servers so no, it doesn't show that Linux is less vulnerable. What the numbers show is that servers in general are less vulnerable than desktops, mostly because servers are naturally immune to most of the attack vectors used by malware, no matter the OS.
            NonZealot
          • Are we talking about OS or administrators?

            [i]"Actually, LAMP servers are hacked more frequently than IIS servers"[/i]

            What does this have to do with the OS?

            [i]servers in general are less vulnerable than desktops[/i]

            I agree as they are more likely to have administrators.

            OK, lets agree. We cannot definitively conclude that Linux on the desktop is less vulnerable until they have equivalent volume. I'll wait for that time using my Linux desktop without antivirus. What you use while you wait is your own choice.
            rarsa
          • I truly like Linux

            [i]I'll wait for that time using my Linux desktop without antivirus. What you use while you wait is your own choice.[/i]

            I first started using Linux in the mid 90s when you DID have to compile nearly everything. Once you got it setup, it was so much better than Windows 3.1, it wasn't even funny!

            I then started dabbling in Linux a few years ago, starting with LFS (that was fun although not very stable), then Gentoo (fantastic system although updates took forever), then Kubuntu and SuSE on the desktop and Xubuntu for my MythTV media PC. I am [b]well[/b] on the record as hoping that Linux becomes far more popular than it is today.

            However, none of that means that I think Windows is bad. So yes, you use Linux without AV and I'll continue to use Windows with AV. Ain't choice grand?! :)
            NonZealot
          • Choice is indeed good. (nt)

            nt
            rarsa
          • Linux distro's no AV needed

            The difference is Windows has IE in which it is
            part of the CORE Operating System you can tell
            me it can be removed now, however in reality
            it does NOT and will NOT be removed by the
            end user.

            IE allows everything under the sun to float
            right in and make itself home.

            The UAC is an attempt to put a 'focus' prompt
            in front of the user asking them 'what to do'...

            Now you tell me, purchase Windows, purchase
            AV, purchase a REAL firewall, and purchase
            some other spyware removal software
            something is WRONG with this picture.

            It is like buying a new truck, and having to
            buy tires for it, then an alarm system, then
            add on a transmission for it to move.

            A total rip off!
            use_linux
          • Prove it

            [i]Actually, LAMP servers are hacked more frequently than IIS servers so no, it doesn't show that Linux is less vulnerable[/i]

            Prove it.
            Wintel BSOD
        • Use the OS you love for something useful

          Why does every story turn into a Windows/Mac
          rant. Go find something useful to do with your
          OS besides rehash spent "Mac is whoopie,"
          "Windows is loopie" stuff forever.

          If someone does write anything useful in the
          comments section I can never find it because of
          never ending ranting.

          If you like your OS for crying out loud find
          something better to do with it than endlessly
          typing the same dogged phrases on every forum
          and comment page. Most of us have heard them
          all and are nauseous already.

          I've used a Mac and it worked great. I now use
          Windows and I don't get viruses. There are no
          catch phrases which are true about either OS. I
          have to think most of you just repeat what you
          have read somewhere else because it makes you
          feel good.

          Do you have to convince us that you have the
          best OS because you have a security problem? If
          everyone agrees, and buys what you buy, then
          that will prove how cleaver you are, right? Let
          it go. See a shrink. Talk to him or her about
          your OS. Leave me and other readers alone
          unless you have something useful to say about
          the article.
          bartly
          • I absolutely agree to that sentiment!

            When there is a problem with something, for goodness sake, fix it or try to work with it, don't run away thinking the grass is so much greener on the other side of the fence.
            I, too, like to read about how to best protect a PC running Windows, not how wonderful and great Linux is and why not change over to Mac, the "perfect" child of the Computer World.

            I have not used Linux, not interested, but have experience with my Mac Power Book, never mind the Mac computers used by my son, who is a professional editor for TV shows, commercials etc.
            My personal conclusion is - Mac is great for working with high end graphics etc., but as a regular budget oriented PC for users who love to use a variety of software for photo, music, share certain 'actions' with Windows users, Mac has lots of limitations and can end up rather expensive.

            Never mind that even Macs have serious security issues, but they are usually hushed up and 'fixed' via their updates.

            So, why don't we all stick with the type of Operating System/computer we like and concentrate on making them work for us the best way possible.

            At least, this is my firm opinion - and I am sticking to it.

            PS. I am using a combination of Protective Programs that include AVAST, IOBIT Security and, believe it or not, MSE, which for whatever reason does not conflict with any of the others, including AVAST. This Combo seems to be able to keep my PCs running quite safely, pretty much no matter where on the Internet or what ends up in my email.
            DanyJB
          • AGREED!

            Although it's my evening entertainment... so...
            yea... guilty as charged :-P
            shadfurman
          • THANK YOU

            Thank you breathing some focus and relevance into this discussion.

            Let's leave the "My OS is better then your OS" Pi**ing contest to another forum
            tom@...
        • re: interesting

          You've really got to cut down on the crack - postfix/sendmail is hacked daily, a major hack of the dns infrastructure caused global problems, dhcp servers and linux based routers are compromised daily
          archangel9999
        • BS

          You may want to go back to Mom's basement and do your homework. Check out how many Fortune 500 companies DO have Windows boxes in public-facing sites. My own current project will have over 40 public-facing boxes. I've had public-facing Windows servers running since 1996 with never a single problem.

          Your statement makes you look like an ignorant, zealot idiot.
          Marty R. Milette
          • You tell 'em!!!...

            Marty you the voice of reason on this heap. But I definitely agree with your aggressive approach. I get so tired of the ignorance.
            JCitizen
        • actually, you can.

          The reason for those boxes being more secure is
          due to the requirement for them to be more
          secure. A poorly secured linux box (default
          Ubuntu install) is just an insecure as a poorly
          setup Windows box (pretty much any default
          Windows install). But a good admin knows how to
          secure pretty much any box they're familiar
          with.

          I'm pretty sure the reason Linux is preferred
          on so many servers is due to it's extreme
          customizability and potentially low overhead,
          per flop and dollar wise, in most internet
          servers.
          shadfurman
      • One thing is clear: OS X is malware-free

        Nothing in the wild, nothing the user didn't install themselves...

        Nothing.

        Zero.

        Zilch.

        Nul.

        Not one.

        Make all the excuses you want for the others,

        OS X is the most secure server/client combination there is.

        The most.

        Hands down.

        Proven, not theoretical.

        Zip.

        Face up to it.

        Stop yourself from your excuse-making.

        Only Apple is malware free.

        Only Apple.

        Stop crying and be an adult about it.

        OS X.

        Any questions?
        mlindl