Installing
security software on malware-infested test systems can be tough. Sometimes the
product won't install, or won't run, or won't scan. When I ask the vendor's
tech support what to do, some of them offer a Rescue
CD as a possible solution. But sometimes they advise using a
free third-party program to clean up the system sufficiently that their product
can finish the job. More often than not the program they suggest is Malware
bytes' Anti-Malware 1.46 (free, direct). Be sure to check out our roundup of The
Best Free Antivirus
Software for other free antivirus solutions.
To
further challenge the product's signature-based detection, I presented it with
hand-modified copies of each threat that it eliminated on sight. My tweaks are
pretty minor; I just rename the file, change some non-executable bytes, and
append nulls to change the file size. Spyware Doctor whacked every single one
of the tweaked files and Norton missed just one. By contrast, Malware bytes
missed over a third of the hand-modified files. This result suggests that an
actively polymorphic virus or worm, one that's trying to hide by modifying
itself, would be more likely to slip past Malware bytes.
I
calculate a root kit score based on each product's handling of all samples
(both malware and key loggers) that use root kit technology to hide. Malware
bytes also stumbled here. At 3.9 points its score is barely over half that of
Norton's 6.7. Spyware Doctor ruled in this test. It detected every root kit
sample that tried to launch and scored 9.3 of 10 possible points.
0 Comments