Which antivirus is best at removing malware?

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

The test, including the following antivirus solutions - Avast Professional Edition 4.8; AVG Anti-Virus 8.5; AVIRA AntiVir Premium 9.0; BitDefender Anti-Virus 2010; eScan Anti-Virus 10.0; ESET NOD32 Antivirus 4.0; F-Secure AntiVirus 2010; G DATA AntiVirus 2010; Kaspersky Anti-Virus 2010; Kingsoft AntiVirus 9; McAfee VirusScan Plus 2009; Microsoft Security Essentials 1.0; Norman Antivirus & Anti-Spyware 7.10; Sophos Anti-Virus 7.6; Symantec Norton Anti-Virus 2010; Trustport Antivirus 2009, relied on a modest malware sample, whose prevalence is however easily seen in the wild these days.

Their conclusion:

“None of the products performed “very good” in malware removal or removal of leftovers, based on those 10 samples. eScan, Symantec and Microsoft (MSE) were the only products to be good in removal of malware AND removal of leftovers. Due to the sample size, the final ratings may be generous, but we applied the scoring tables strictly. We tried to give different values for different types of leftovers, although this was very difficult in some gray area cases.

This was the first public malware removal test of AV-Comparatives and due the lack of generally accepted ways to rate malware removal abilities, we did out best to give a fair rating based on the observed overall malware removal results and to do not look / base out ratings on e.g. the deletion of the binary malware only.”

It’s worth keeping in mind that the timeliness of these comparative reviews in an ever-changing threat-scape should be consider before jumping to any conclusions. For instance, quality assurance aware cybercriminals rely on underground alternatives of the popular VirusTotal service, allowing them to pre-scan their malware releases before including them in a campaign.

• Go through related posts: MS Security Essentials test shows 98% detection rate for 545k malware samples; Does free antivirus offer a false feeling of security?; Does software piracy lead to higher malware infection rates?; Modern banker malware undermines two-factor authentication; Commonwealth fined $100k for not mandating antivirus software

The bottom line - prevention is always better than the cure, which in terms of malware means operating on an up-to-date operating system, that’s also free of third-party application and browser plug-in vulnerabilities, followed by a decent situational awareness on their current tactics, and basic understanding that the antivirus software is only a part of the defense in-depth solution.