Stress test

2009. 06. 03.

In the past few months, the reliable operation of protections against malware was examined with a test designed especially for this purpose.

Considering the quarter of a century long history of computer malware, the large number of malware is commonplace. The protection systems, however, have to cope with a large number of different malware. This means a large number of search and removal algorithms. Naturally, the execution of removal algorithms is only “rarely” necessary, when a malicious code is found on the computer. Owing to their large number, search algorithms and various environments are also difficult to test. Protection systems, however, do not only use search and removal algorithms but also apply numerous other procedures (e.g.: removal of infected file, their placement in quarantine, preparation of log file, etc.). In our current test we examined to what extent the tested products are able to process the large number of hits. To do so, on-access protection systems were tested. To prepare the test, the EICAR test file (www.eicar.org) was placed in 300 directories in a way that exactly 1000 copies should be placed in each directory. Both the directories and the files within the directories were numbered. A batch file was prepared for the testing, which attempted to copy the test file from file 1 of directory 1 up to file 1000 of directory 300. As a result, the protection was ordered to examine altogether 300000 infected files. The default settings, also recommended by the manufacturers, were used for the testing. The tested products behaved in different ways.

AVG Internet Security

AVG Internet Security examined 226 thousand files in about 32 hours without any problems. Due to the limited testing time, the testing had then to be stopped. It identified all the 226 thousand infections and blocked copying.

ESET Smart Security

ESET Smart Security indicated the infection without any problems in all cases, removed the original source of copying and blocked copying.

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise examined 153 thousand files in about 28 hours without any problems. Due to the limited testing time, the testing had then to be stopped. It identified all the 153 thousand infections and blocked copying.

Panda Internet Security

Panda Internet Security indicated the infection without any problems in every case, removed the original source of copying and blocked copying.

Sunbelt VIPRE Antivirus + Antispyware

Sunbelt VIPRE Antivirus + Antispyware produced the quickest run. Following a ten minute run and fewer than some thousand checks, the protection stopped with an error message. After clicking on the OK button of the error message, the protection did not continue to work and the test files could be copied undisturbed. In the case of Sunbelt VIPRE Antivirus + Antispyware, the test was repeated twice, - using the English and the Hungarian versions - with the same result. (The description of the mentioned problem was sent to the Sunbelt Software on 26th May 2009, but till now there was no answer.)

Trend Micro Internet Security

The product of Trend Micro indicated the infection in each case, removed the original source of copying and blocked copying.