On CBS.com: Play Survivor Video Trivia Now
BNET Business Network:
BNET
TechRepublic
ZDNet

November 5th, 2009

Which antivirus is best at removing malware?

Posted by Dancho Danchev @ 12:14 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

The test, including the following antivirus solutions - Avast Professional Edition 4.8; AVG Anti-Virus 8.5; AVIRA AntiVir Premium 9.0; BitDefender Anti-Virus 2010; eScan Anti-Virus 10.0; ESET NOD32 Antivirus 4.0; F-Secure AntiVirus 2010; G DATA AntiVirus 2010; Kaspersky Anti-Virus 2010; Kingsoft AntiVirus 9; McAfee VirusScan Plus 2009; Microsoft Security Essentials 1.0; Norman Antivirus & Anti-Spyware 7.10; Sophos Anti-Virus 7.6; Symantec Norton Anti-Virus 2010; Trustport Antivirus 2009, relied on a modest malware sample, whose prevalence is however easily seen in the wild these days.

Their conclusion:

“None of the products performed “very good” in malware removal or removal of leftovers, based on those 10 samples. eScan, Symantec and Microsoft (MSE) were the only products to be good in removal of malware AND removal of leftovers. Due to the sample size, the final ratings may be generous, but we applied the scoring tables strictly. We tried to give different values for different types of leftovers, although this was very difficult in some gray area cases.

This was the first public malware removal test of AV-Comparatives and due the lack of generally accepted ways to rate malware removal abilities, we did out best to give a fair rating based on the observed overall malware removal results and to do not look / base out ratings on e.g. the deletion of the binary malware only.”

It’s worth keeping in mind that the timeliness of these comparative reviews in an ever-changing threat-scape should be consider before jumping to any conclusions. For instance, quality assurance aware cybercriminals rely on underground alternatives of the popular VirusTotal service, allowing them to pre-scan their malware releases before including them in a campaign.

The bottom line - prevention is always better than the cure, which in terms of malware means operating on an up-to-date operating system, that’s also free of third-party application and browser plug-in vulnerabilities, followed by a decent situational awareness on their current tactics, and basic understanding that the antivirus software is only a part of the defense in-depth solution.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 287 Talkback(s)
Ya
I mean MS make billions of dollars and even with
all that they can't, so I guess it wouldn't be
fair to expect people to do it for free. You are
right that Linux is a lot more secure than Windows
though. Just not secure enough.... (Read the rest)
Posted by: AzuMao Posted on: 11/25/09 You are currently: a Guest | | Terms of Use
Run a Linux distro or a Mac  use_linux | 11/05/09
It would be interesting to see...  NonZealot | 11/05/09
re: interesting...  use_linux | 11/05/09
linux has many vulnerabilities  batpox | 11/05/09
Did you read the post?  rarsa | 11/05/09
Please answer the following question  NonZealot | 11/05/09
Are we talking about OS or administrators?  rarsa | 11/05/09
I truly like Linux  NonZealot | 11/05/09
Choice is indeed good. (nt)  rarsa | 11/05/09
Linux distro's no AV needed  use_linux | 11/06/09
Prove it  UAC nanny screen | 11/07/09
Use the OS you love for something useful  bartly | 11/05/09
I absolutely agree to that sentiment!  DanyJB | 11/06/09
AGREED!  shadfurman | 11/13/09
THANK YOU  tom@... | 11/25/09
re: interesting  archangel9999 | 11/05/09
hehe... I compromise my neihbors routers daily. WPA2 secure my butt! (nt)  shadfurman | 11/13/09
You can't blame WPA2 for shoddy...  JCitizen | 11/22/09
You can.  AzuMao | 11/22/09
I still haven't read a verifiable report..  JCitizen | 11/24/09
BS  Marty R. Milette | 11/05/09
You tell 'em!!!...  JCitizen | 11/09/09
actually, you can.  shadfurman | 11/13/09
One thing is clear: OS X is malware-free  mlindl | 11/06/09
All Your OS X Are Belong To Us.  badinoff | 11/06/09
1 thing  Turd Furgeson | 11/06/09
Don't you mean free malware? NT.  Hate Malware | 11/07/09
If you mean the two malware removers..  JCitizen | 11/09/09
*cough* pwn2own (nt)  shadfurman | 11/13/09
Nothing in the wild, nothing the user didn't install themselves...  GASGTO73@... | 11/25/09
FACTS!  Try2Ketchup | 11/07/09
Facts!  katrillionaire@... | 11/07/09
?Reality has a well-known liberal bias.? - Colbert. NT  Mew-shew | 11/08/09
Who needs reality?  AzuMao | 11/08/09
I endorse the thruthiness of the above statement. nt  Mew-shew | 11/10/09
HA! laugh ...  JCitizen | 11/22/09
hey!  shadfurman | 11/13/09
Psyb0t  Loverock Davidson | 11/05/09
Psyb0t doesn't count  NonZealot | 11/05/09
As much as I understand your sarcasm  Viva la crank dodo | 11/05/09
Actually it doesn't  rarsa | 11/05/09
Like 99.9% of Windows malware  NonZealot | 11/05/09
I still don't know that  rarsa | 11/05/09
Did you actually read this?  NonZealot | 11/05/09
Uh, both his blog link and your article...  UAC nanny screen | 11/07/09
Nothing personal  rarsa | 11/05/09
Gotta stick up for the guy  shane@... | 11/05/09
He may have started off that way  Viva la crank dodo | 11/06/09
Changing the topic?  Lester Young | 11/06/09
Oh, you noticed, huh...  UAC nanny screen | 11/07/09
Threatened? I'm pretty sure NZ doesn't own Microsoft.  Mew-shew | 11/08/09
It didn't  rarsa | 11/05/09
Will you please let this wives tale die?  ye | 11/05/09
IE is part of the OS!  use_linux | 11/05/09
None of what you said refuted what I said.  ye | 11/05/09
Wrong.  James T. Kirk | 11/06/09
No wonder...  UAC nanny screen | 11/07/09
Plus the fact ...  whoflungdung | 11/06/09
Ditching MSW pkatform is a must  drleos | 11/06/09
actually...  shadfurman | 11/13/09
Speaking of which...  JCitizen | 11/22/09
Whatever. Windows = one big hole for spyware.  CounterEthicsCommissioner-23034636492738337469105860790963 | 11/05/09
well apparently we have the age old case of not being able to find the hole  shadfurman | 11/13/09
Ahhh the crow will be fun to watch...nt  USTechHead | 11/05/09
Bott's law triggered.  James T. Kirk | 11/05/09
Try staying on topic  {DvT}Hex | 11/05/09
Vipre  BMyers48 | 11/05/09
I agree, Vipre is good  WiredGuy | 11/06/09
I've never used Vipre but...  shadfurman | 11/13/09
I was forced to use NIS 2008...  JCitizen | 11/22/09
What's wrong with HIPS?  AzuMao | 11/22/09
Nothing is wrong with your definition...  JCitizen | 11/24/09
Run a Linux distro  jmoser | 11/06/09
Macs suck  AzuMao | 11/06/09
MAC OS X has historically been the easiest to hack.  DevGuy_z | 11/06/09
Malwarebytes Anti-Malware  ptcruisergt | 11/05/09
Malwarebytes.org works - period  fmeyersny@... | 11/06/09
Even Free Malwarebytes is Good  bobp@... | 11/07/09
Now that's funny  AzuMao | 11/08/09
I do enjoy the irony  shadfurman | 11/13/09
True  AzuMao | 11/13/09
Actually I have removed a root kit...  JCitizen | 11/22/09
You can also try  jdbukis@... | 11/25/09
MalwareBytes finds what the others miss!  bobdavis321 | 11/25/09
RE: Which antivirus is best at removing malware?  blayneb@... | 11/05/09
That is your opinion...  bjbrock | 11/05/09
arghhh!  cymru999 | 11/05/09
No... it's a fact... Mac falls first at pwn2own... go check it out. (nt)  shadfurman | 11/13/09
Wrong Linux distro's are VAST in number !  use_linux | 11/05/09
Keep dreaming... and pouring your wasted breath... wink  USTechHead | 11/05/09
Linux are not vast - vastly tiny maybe  pvandck | 11/06/09
vast?  DarkLynx | 11/06/09
Then why have so many networks that run linux go down?  DevGuy_z | 11/06/09
Wrong answer  KonradK | 11/05/09
And your arguments are getting old too  NonZealot | 11/05/09
Response  KonradK | 11/06/09
Here's your citation.  Lester Young | 11/06/09
Exactly...  JCitizen | 11/09/09
I searched Mac pwn2own and this was the first link...  shadfurman | 11/13/09
Then why does Mac fall again and again with 0day exploits at pwn2own? (nt)  shadfurman | 11/13/09
So sad, 2010...  CounterEthicsCommissioner-23034636492738337469105860790963 | 11/05/09
Name the OS then!  NonZealot | 11/05/09
Strawman arguement  ThePrairiePrankster | 11/05/09
I have confidence in you  Viva la crank dodo | 11/05/09
It is telling though  NonZealot | 11/05/09
And vice-versa...  jasonp@... | 11/05/09
Fact: More people are able to...  Agnostic_OS | 11/05/09
Want a napkin for that drooling?  rarsa | 11/05/09
Boys, boys boys!  Confused by religion | 11/05/09
It is telling what????  Viva la crank dodo | 11/06/09
Which "rock solid" OS?  Lester Young | 11/06/09
No, this "rock solid" one  UAC nanny screen | 11/07/09
Shh!  AzuMao | 11/07/09
Riiiiiight  Lester Young | 11/07/09
Re: Lester Young  AzuMao | 11/07/09
That's hardly news.  Lester Young | 11/07/09
Using that logic...  jasonp@... | 11/05/09
Phew, that smiley on the end made the difference...  CounterEthicsCommissioner-23034636492738337469105860790963 | 11/05/09
Do you have some facts ...  bjbrock | 11/05/09
I'm starting to suspect  Viva la crank dodo | 11/06/09
Here, have some facts.  Lester Young | 11/06/09
Is that really something to brag about?  AzuMao | 11/07/09
To paraphrase Winston Churchill.....  Lester Young | 11/07/09
Yes  AzuMao | 11/07/09
if your windows machines get massively infected thats your problem  shadfurman | 11/13/09
MSE sucks...  corganfuzz | 11/05/09
No  NonZealot | 11/05/09
Common sense... keep you safe from 99.9% of malware  Agnostic_OS | 11/05/09
If ISP's know whether your system is clean....  bjbrock | 11/05/09
It has already Happened  leopards | 11/05/09
Could we? If ISP's know whether your system is clean...  Agnostic_OS | 11/05/09
Common Sense isn't so common anymore. (nt)  tbensen@... | 11/05/09
its more a matter  Viva la crank dodo | 11/05/09
Well put! (nt)  shadfurman | 11/13/09
More than one AV...  JCitizen | 11/09/09
Why not? I've done it before for testing.. .they didn't interfere... (nt)  shadfurman | 11/13/09
Besides being an industry wide fact...  JCitizen | 11/14/09
Because  AzuMao | 11/15/09
Definitely...  JCitizen | 11/16/09
Not only that, it also...  The Mentalist | 11/05/09
Sounds like an expert talking to me... happy nt  USTechHead | 11/05/09
Come on -3, is that the best you can do?  James T. Kirk | 11/05/09
Apparenlty the "experts" above disagree...let see what is the  USTechHead | 11/05/09
Just thinking...  windozefreak | 11/05/09
Actually they aggree (mostly!  rarsa | 11/05/09
MSE Rocks...  Narg | 11/05/09
The irony is  People | 11/05/09
RE: Which antivirus is best at removing malware?  Windowsruleall | 11/05/09
And it will get even nastier with win 7 entering the scene...  The Mentalist | 11/05/09
For a Mentalist, you are not too bright  GuidingLight | 11/05/09
That's the "beauty" of it...  The Mentalist | 11/05/09
You would know  Windowsruleall | 11/05/09
Lets see 20 years with PC's at home not 1 virus/malware - kind of  USTechHead | 11/05/09
And we're supposed to believe you?  UAC nanny screen | 11/07/09
HA! HA! You funny!!!....  JCitizen | 11/09/09
LOL - you see the "..ist" he added to disguise the real side - nt  USTechHead | 11/05/09
Yeah, that's why I just call him "-3".  James T. Kirk | 11/05/09
As proven by ZDNet today:  CounterEthicsCommissioner-23034636492738337469105860790963 | 11/05/09
Nothing new here  Windowsruleall | 11/05/09
Why would I need an emulator and do binary stuff?  CounterEthicsCommissioner-23034636492738337469105860790963 | 11/05/09
You ain't seen nothin' yet  The Mentalist | 11/05/09
My recommendation  D. T. Schmitz | 11/05/09
RE: Which antivirus is best at removing malware?  pmayer@... | 11/05/09
Been a while...  JCitizen | 11/09/09
RE: Which antivirus is best at removing malware?  khasmin | 11/05/09
That has been my experience..  JCitizen | 11/09/09
RE: Which antivirus is best at removing malware?  dhays | 11/05/09
Comodo best software firewall...  JCitizen | 11/09/09
The Days of Removiing Malware are Past  RandSec | 11/05/09
Malware removal is hopeless- Agreed  w_c_mead | 11/06/09
True..  JCitizen | 11/09/09
I would agree 50% of the time.  bobdavis321 | 11/25/09
AVG Internet security 9......  carlsf@... | 11/05/09
How to determine infection rates of Macs or Linux?  Doc75 | 11/05/09
Exactly the thing that would (edited) ..  JCitizen | 11/09/09
Why didn't you test Clamwin?  SuzCorner | 11/05/09
ZDNET didn't test anything  Greenknight_z | 11/06/09
RE: Which antivirus is best at removing malware?  david@... | 11/05/09
Why not switch to Avast?...  JCitizen | 11/09/09
Point proven Linux servers power the web.  use_linux | 11/05/09
Actually...  LeeC | 11/05/09
re: actually 'productivity with viruses'...  use_linux | 11/06/09
NT  Windowsruleall | 11/05/09
RE: Which antivirus is best at removing malware?  chasster | 11/05/09
RE: Which antivirus is best at removing malware?  brianscook | 11/05/09
Free Solution  brianscook | 11/06/09
That is the one..  JCitizen | 11/09/09
Pointless  eMJayy | 11/05/09
Why give up to the terrorists?...  JCitizen | 11/09/09
A combination of malware programs is best!  Pyrotech_z | 11/05/09
If you do shopping or banking...  JCitizen | 11/09/09
RE: Which antivirus is best at removing malware?  BoltonWilliam@... | 11/05/09
RE: Which antivirus is best at removing malware?  znetlol | 11/05/09
We've thought of that...  JCitizen | 11/09/09
RE: Which antivirus is best at removing malware?  mlbslugger | 11/05/09
Here we go again.........  cymru999 | 11/05/09
It is pointless to argue with them..  JCitizen | 11/09/09
RE: Which antivirus is best at removing malware?  rab_z | 11/05/09
I didn't know A-squared was an AV!!!..  JCitizen | 11/09/09
A-Squared..  rab_z | 11/10/09
Thanks! ...(nt)  JCitizen | 11/10/09
No mater how they rate on a test, I will never trust Symantec again.  John238 | 11/05/09
Wow that was a bad experience indeed.  CounterEthicsCommissioner-23034636492738337469105860790963 | 11/05/09
I can beat that ....  babyboomer57 | 11/05/09
I receive many infected installation..  JCitizen | 11/09/09
I quite concord.  alza68 | 11/05/09
RE: Which antivirus is best at removing malware?  LarryOne1 | 11/05/09
RE: Which antivirus is best at removing malware?  sims.kim@... | 11/05/09
RE: Which antivirus is best at removing malware?  Interdavid123 | 11/05/09
Linux is crap....  transposeIT | 11/05/09
Let us hope that Linux 'fanatics'  mhenriday | 11/06/09
RE: Which antivirus is best at removing malware?  unclefixer@... | 11/05/09
The Cleaner 2010 Anti-malware  dansot | 11/05/09
RE: Which antivirus is best at removing malware?  AA0POTOM@... | 11/05/09
none of them are perfect  gcerny12 | 11/05/09
additional stuff  gcerny12 | 11/05/09
Panda  Lost Cause? | 11/09/09
Not too fast for the other vendors to keep up with.  AzuMao | 11/09/09
It is better to use antispyware  waihong001@... | 11/05/09
BitDefender Total Security 2010  jonnas_tan | 11/06/09
RE: Which antivirus is best at removing malware?  tarunganguli | 11/06/09
RE: Which antivirus is best at removing malware?  jonnas_tan | 11/06/09
RE: Which antivirus is best at removing malware?  michael.jerschow@... | 11/06/09
none..use linux...ban loverock  ljenux-23043766007667558234416105604265 | 11/06/09
RE: Which antivirus is best at removing malware?  molly_b | 11/06/09
RE: Which antivirus is best at removing malware?  cloewy_x | 11/06/09
RE: Which antivirus is best at removing malware?  arora_manish@... | 11/06/09
While you all argue over this....  mlindl | 11/06/09
The multi-billion $$$ industry built on the back of substandard engineering  whisperycat | 11/06/09
Since you quote history...  JCitizen | 11/16/09
Microsoft should provide...  bjbrock | 11/06/09
Seriously?  Zheldon | 11/06/09
Unlikely he would.  ye | 11/06/09
Unrealistic Solution  VEinfeldt@... | 11/06/09
RE: Which antivirus is best at removing malware?  jbarret5@... | 11/06/09
RE: Which antivirus is best at removing malware?  lcmoody | 11/06/09
Viper is definitely getting a lot of attention..  JCitizen | 11/16/09
RE: Which antivirus is best at removing malware?  sirteddy | 11/06/09
Windows 7 was my idea  VEinfeldt@... | 11/06/09
RE: Which antivirus is best at removing malware?  Sirgwain | 11/06/09
Symantec? Wtf? Get NOD32.  AzuMao | 11/06/09
I agree but..  JCitizen | 11/10/09
RE: Mac, *nixes, etc....Oh, and  kc117mx | 11/06/09
RE: Which antivirus is best at removing malware?  Blue1978 | 11/06/09
RE: Which antivirus is best at removing malware?  Cadigan_J@... | 11/06/09
Avast is free download too...  JCitizen | 11/16/09
Who Paid You for your Bias???  GIGOmat | 11/06/09
Avast  hmchelen | 11/06/09
Avast  lancer123 | 11/06/09
Avast rules!..  JCitizen | 11/16/09
RE: Which antivirus is best at removing malware?  ckensek@... | 11/06/09
Where is Panda 2010 AV?  s.petrilli@... | 11/06/09
Panda scored too low...  JCitizen | 11/10/09
RE: Which antivirus is best at removing malware?  nofixed@... | 11/06/09
What about Norton?  leontt1 | 11/07/09
Symantec is the parent company..  JCitizen | 11/21/09
Poor performance - fell off AVcomp's radar..(nt)  JCitizen | 11/16/09
Linux and Mac users keep egging them on  rupaa62 | 11/07/09
How can you NOT test McAfee???  medbiller@... | 11/07/09
McAfee should be tried at Nuremburg..  JCitizen | 11/16/09
Yes, with Symantec as co-defendant  bobjones2007 | 11/19/09
Fer sure!...(nt)  JCitizen | 11/19/09
By testing it.  AzuMao | 11/19/09
IRRELEVANT?  royalstream | 11/07/09
There's nothing intrinsic in the concept of a registry hive..  AzuMao | 11/08/09
Good post but...  JCitizen | 11/16/09
Pc Tools Anti-virus is the best  Hate Malware | 11/07/09
I've had too many past...  JCitizen | 11/16/09
Just out of curiosity  AzuMao | 11/08/09
Message has been deleted.  Franco De Besta | 11/11/09
RE: Which antivirus is best at removing malware?  jkohut | 11/13/09
I'm wondering if AV is obsolete!...  JCitizen | 11/16/09
What's with you self-centered Windows jerk-offs?  AzuMao | 11/16/09
Wow - talk about a jerk-off  bobjones2007 | 11/19/09
Ya seriously. That jkohut guy is a huge jerk-off. Hence my post..  AzuMao | 11/19/09
There to busy not searching wikipedia for linux malware  jdbukis@... | 11/24/09
It will be like talking to a rock..  JCitizen | 11/24/09
Really?  AzuMao | 11/25/09
I dont think the open source community is capable of that  jdbukis@... | 11/25/09
Ya  AzuMao | 11/25/09
RE: Which antivirus is best at removing malware?  anon58 | 11/20/09
Don't forget rule number 3...  JCitizen | 11/21/09
Its Avira  jdbukis@... | 11/24/09
That is what I heard..  JCitizen | 11/24/09
It actualy downloads avira defenitions from avira  jdbukis@... | 11/25/09
Open_Source Linux distro's  Use_More_OIL_NOW | 11/24/09
I doubt it.  AzuMao | 11/24/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here