DarkReading issued a note a few days ago titled "New Tests Show Rootkits Still Evade AV". These tests, originally performed by AV-Test.org, are becoming more important every day as malware is making use of advanced rootkit and hiding techniques to evade detection by security solutions. This, of course, is not news to anyone.
What is news is the effectiveness of rootkit-based malware. It really doesn't make much of a difference if solution XYZ detects the most amount of malware using traditional AV signatures if it can't even "see" the malware which is hidden by a rootkit. Modern security solutions need not only count with advanced heuristics and behavioral analysis and blocking but must also be able to dig deeper into the Operating System or else fail to protect users correctly.
The results of the test are very satisfactory for Panda products, thanks mostly to the technology incorporated into our products which has been tested thoroughly by Panda Anti-Rootkit, specially by regular readers of this blog.
In the online-scanner portion of the anti-rootkit test we did pretty well, with the highest scores in both detection and removal of malware hidden by rootkits:
Security ActiveScan 5.54.01 26 26
In the Windows Vista test we did pretty good as well:
Three AV tools had perfect scores, catching all active and
inactive rootkits as well as removing all of them: Norton Antivirus
2008 15.0.0.58; Panda Security Antivirus 2008 3.00.00; and F-Secure
Anti-Virus 2008 6.80.2610.0.
The test is available here for those who want to take a deeper look (look for "Anti-Stealth Fighters: Testing for Rootkit Detection and Removal", Virus Bulletin 04/2008). Again many thanks to the people who've helped us test and improve our anti-rootkit technology.
EDIT: Updated link to Papers section of AV-Test Website and F-Secure detection and removal rations (26/23 vs. 23/26).
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
4 comments
please retest rootkit detection and removal by using the latest activescan 2.0
Hello,
Regarding ActiveScan, this should be a good tool for detecting rootkits on demand right? It seems that the scanner can detect and remove the malware hidden by rootkits with high detection but not gain as much detection for the rootkits itself? F-Secure has a good result for actually removing active rootkits 23, compared to Panda 15.
When it comes to rootkits the most important part is not a signature detection of the “inactive rootkit” but rather being able to figure out if there is “something hidden by an actively installed rootkit” and then being able to disable that. After that part is done, then you can rely on signatures to detect the un-hidden malware. Yes, detecting the “inactive rootkit” by a signature also helps prevent the infection, but this by itself will not help if you’re trying to clean-up your machine.
it’s great. congratulatons .