Comparative analysis of current anti-virus software products of the PC. Antiviruses for Windows (archives). Different types of computer viruses
I’ll point out that the statistics have less anti-virus solutions, as they are wider in Russia, and Kaspersky Anti-Virus , Eset Nod32 , Likar Web , Symantec/Norton , Trend Micro , Panda, McAfee, Sophos, BitDefender, F-Secure, Avira, Avast!, AVG, Microsoft. Such an exotic, like G-DATA AVK, F-Prot Anti-Virus and AEC TrustPort, is not to be seen. So, let's proceed to the preparation of tests.
Patriarchs testing
One of the first tests of anti-virus products was the British magazine Virus Bulletin, the first tests published on their site date back to the distant 1998. The collection is the basis of the dough shkidlivih programs wild list. For successful passing of the test, it is necessary to detect all viruses in the collection and to demonstrate the zero parity score on the collection of "clean" files in the journal. Testing is carried out once in a while on different operating systems; Products that successfully pass the test will receive a VB100% in the city. Below you can tell how many wines the city VB100% was taken off in 2006-2007 by the products of various anti-virus companies.
Insanely, the Virus Bulletin magazine can be called the oldest anti-virus tester, but the status of the patriarch does not allow for any criticism of anti-virus knowledge. So, at the spring conference Virus Bulletin at Vidniy, an expert Andreas Marx from the previous AV-Test laboratory at the University of Magdeburg spoke from the special The WildList is Dead, Long Live the WildList! In his own specialty, Marx added that all tests, which are carried out on the WildList virus collection (including VB100%), may have low deficiencies associated with the collection's warehouse. First, WildList includes only viruses and worms and only for Windows platforms, and small programs of other types (trojans, backdoors) and small programs for other platforms are left behind. In a friend, Koleki Wildlist can be small in the Schkіdlivikh programs, I will have a good thing: for the Klektsya Zamiye, the tens of novelties, todi yaks, the Koleki Av-Test for Topic Ten is abundant. software security.
It's all worth talking about those who seem to have the WildList collection morally obsolete and do not reflect the real situation with viruses on the Internet. As a result, according to Andreas Marx, tests based on the WildList collection become more stupid. The stinks are good for advertising products, but they have passed, but the real quality antivirus zakhistu don't stink.
View WildList before testing on great collections
Independent research laboratories, such as AV-Comparatives, AV-Tests, are not limited by criticism of testing methods. Drivers on the river stinks themselves to test anti-virus products for the same time as detection of high-speed programs. Collections, on which tests are carried out, cover up to a million shkіdlivih programs and are regularly updated. The test results are published on the websites of these organizations (www.AV-Comparatives.org, www.AV-Test.org) and in the leading computer magazines PC World, PC Welt and others. Subbags of sickle tests are presented below:
If we are talking about the largest expansion of products on the Russian market, then, as a matter of fact, behind the results of these tests, only the solution of Kaspersky Lab and Symantec enter into the top three. For all due respect, I am the leader in the Avira tests, but let's turn to those farther in the distribution of pardons.
Modeluemo Koristuvacha
Tests of previous laboratories AV-Comparatives and AV-Test, so the very same as tests, to find their pluses and minuses. Pluses lie in the fact that the testing is carried out on great collections of sophisticated software, and in the fact that in these collections the most advanced types of sophisticated programs are presented. Minuses for the fact that these collections have not only "fresh" pieces of shkidlivih programs, but also appreciably old ones. As a rule, vikoristovuyutsya zrazki, zіbranі stnі pіvroku. In addition, the results of these tests are analyzed translation of the zhorsky disk on the Internet, just like in real life, you can capture infected files from the Internet, or take them away from you by e-mail. It is important to display such files yourself at the moment they appear on the computer of the koristuvach.
I'll try to test the testing methodology, as I don't suffer from these problems, by creating one of the oldest British computer magazines - PC Pro. In the last test, a collection of random programs was tested, which were detected two days before the test in the traffic that passed through the servers of the MessageLabs company. MessageLabs provides its clients with filtering services for various types of traffic, and a collection of smart programs really improves the situation with the widespread computer infection in Merezh.
The PC Pro log command did not just scan the infected files, but simulated the cracking: the infected files were attached to the leaves in a seemingly inset and the leaves were downloaded to the computer install antivirus. On the other hand, with the help of specially written scripts, infected files were captured from the web server, so. model surfing the koristuvach on the Internet. Mind you, in which similar tests are carried out, as close as possible to the real ones, which could not but affect the results: the rate of detection in most antiviruses turned out to be significantly lower, lower in the case of a simple conversion to cancer in the AV-Comparatives and AV-Test tests. In such tests, an important role is played by how little antivirus vendors react to the appearance of new programs, as well as proactive mechanisms for detecting programs.
Swedish response group
The speed of release of anti-virus updates from the signatures of new shkіdlivih programs is one of the most important stocks of effective anti-virus protection. The sooner the signature database update is released, it will take less than an hour to become unprotected. In April 2007, the AV-Test laboratory team conducted for the American magazine PC World a follow-up of the response rate to new threats, and the following was observed in them:
Vіdome nevіdome
In the rest of the hour, new shkіdlіvі programs z'yavlyayutsya flooring often, scho anti-virus labs can soon react to the emergence of new zrazkіv. In a similar situation, there is information about those, as an antivirus can resist not only already known viruses, but also new threats, for the manifestation of which a signature has not yet been issued.
For the detection of unknown threats, the ranks of proactive technologies are developed. Roughly, it is possible to divide these technologies into two types: heuristics (influence scrambled programs based on the analysis of their code) and behavioral blockers (block scrambled traffic on the computer, running on these behaviors).
If we talk about heuristics, then their effectiveness has long been developed by AV-Comparatives - a long-standing laboratory under the ceramics of Andreas Clementi. The AV-Comparatives team developed a special methodology: anti-viruses are checked for the current virus collection, and then the anti-virus is tested with three-month-old signatures. In this way, the anti-virus is brought to a standstill, and I don’t know anything about vins. Antiviruses are overridden by scanning a collection of scrambled software on a hard disk, which is overridden by the efficiency of heuristics, and another proactive technology - a behavioral blocker - does not work in these tests. How mi bachimo, navit most heuristics at the moment show the rate of manifestation is only close to 70%, and a lot of them are still ill at pardon on clean files. All the same, it's a pity to talk about those that the proactive method of manifestation can only win over at once with the signature method.
As far as the other proactive technology, the behavioral blocker, there have been no serious side-by-side tests yet. First of all, many anti-virus products (Doctor Web, NOD32, Avira etc.) have a daily behavioral blocker. In another way, carrying out such tests is associated with some sort of difficulties. On the right, in order to check the effectiveness of a behavioral blocker, it is necessary not to scan a disk with a collection of bad programs, but to run it on a computer and posterigate how successfully the antivirus blocks it. This process is more laborious, and it’s not enough to take on such tests. Everything is still available to the general public as a result of the testing of 8 products conducted by the AV-Comparatives team. As soon as an hour of antivirus testing successfully blocked some unknown programs running on a computer, the product won the Proactive Protection Award. At present moment F-Secure with its DeepGuard behavioral technology and Kaspersky Anti-Virus with its module "Proactive Defender" were taken away like that.
Infection prevention technologies, based on the analysis of the behavior of high-speed programs, are becoming more and more widespread, and the number of complex relative tests in our eyes cannot but be turbulent. Recently, there was a hope for the appearance of such tests: the facsimiles of the AV-Test laboratory at the Virus Bulletin 2007 conference held a wide discussion of food, in which retailers of anti-virus products took part. The basis of this discussion was a new methodology for testing the ability of anti-virus products to withstand unknown threats. In detail, this methodology will be presented, for example, leaf fall, at the conference of the Asian Association of Anti-Virus Researchers in Seoul.
Hibni spratsovuvannya scary for viruses
The high rate of manifestation of shkidlivih programs from different technologies is one of the most important characteristics of antivirus. Ale, maybe, not less important characteristic є vіdsutnіst hibnyh spratsovuvan. Pardoning can be done not less shkodi koristuvach, lower virus infection: block the robot required programs, block access to sites, etc. It's a pity, hibni spratsovuvannya vіdbuvayutsya dosit often. After the black renewal at the spring of 2007 antivirus AVG becoming accepted Adobe Acrobat Reader 7.0.9 for Trojan Shueur-JXW, and the antivirus NOD32 in 2007, informed people about the appearance of the Tivso.14a.gen trojan, hiding from banners like serving-sys.com on popular sites on Yahoo, MySpace and other portals, but it is important for new directness.
In the course of their research, AV-Comparatives, in order to test the ability of antiviruses to detect a bad software, conduct pardon tests on collections of clean files (the results of the divs are shown in the diagram below). Check with the anti-viruses "Doctor Web" and Avira with the test of the best with pardons.
Lіkuєmo those who did not spite
Although it’s possible to summarily ascertain, there is no such thing as a stovid-communal defense against viruses. Koristuvachі іnodi stikayutsya z situatsієyu, if skіdlіva program penetrated the computer and the computer showed infections. This is due either to the fact that there was no antivirus on the computer, or to the fact that the antivirus did not detect the malicious program either by signature or by proactive methods. In such a situation, it is important that if the antivirus with fresh signature databases will be installed on the computer, the antivirus will not only display a shoddy program, but also successfully eliminate all traces of activity, for example, it is actively infected. At the same time, it’s important to understand that virus writers will gradually improve their “mastery”, and deyakі їkh vytvorit important to see from the computer - shkidli programs can different ways mask your presence at the system (among other things, for help with rootkits) and create anti-robots antivirus programs. In addition, do not just remove or remove infections from the file, you need to eliminate all changes that are broken by a slow process in the system (for example, change in the registry), and restore the system's regularity. The authors do not know more than one group of researches, how to conduct tests for the detection of an active infection - the whole team of the Russian portal Anti-Malware.ru. The rest of this stink test was carried out at the spring of the past rock, and the results are presented on the next diagram:
Integratively assessments
We have looked more closely at different approaches to antivirus testing, showed how the parameters of antivirus robots are considered during testing. I realized that in some antiviruses there is one showdown, in others - another. With this, it is natural that in their advertising materials antivirus retailers slander only on those tests, where their products occupy leading positions. So, for example, "Kaspersky Lab" speaks out on the speed of reaction to the appearance of new threats, Eset - on the strength of its heuristic technologies, "Doctor Web" describes its advantages in the elation of active infection. Ale sho robiti koristuvachevі, like robiti correct choice?
We suspect that these articles will help coristuvach in choosing an antivirus. For this purpose, the results of various tests were cited, in order to take into account the findings about the strengths and weaknesses of the anti-virus software. It was clear that the decision, like a vibere koristuvach, can be balanced and for the most parameters in may be among the leaders for the results of the tests. To complete the picture below, in a single table, the positions are listed, which anti-viruses were ranked in the examined tests, and an integrated rating was also shown - as in the average for all tests, it occupies the same product. Three winners got results: Kaspersky, Avira, Symantec.
Today, like never before, anti-virus software is no less popular in the security system, whether it be “operations”, but one of the main components. And even earlier, the koristuvach had more than enough room, a modest choice, then at the same time you can know even more of such programs. Also, if you look at the list of "Top 10 antiviruses", you can remember that not all stinks are equal in terms of functionality. Let's take a look at the most popular packages. In this case, the analysis will include both paid, mentally free (antivirus for 30 days), and add-ons that are freely available. Ale about everything in order.
Top 10 antiviruses for Windows: test criteria
The first step is to proceed to the formation of a song rating, perhaps, the next thing is to become familiar with the main criteria, which are most likely to be carried out during the testing of such software.
Obviously, it is simply impossible to look at all the packages. However, among the most popular ones, you can see the most popular ones. When tsimu vrahuymo and official ratings of independent laboratories, and vodguki koristuvachiv, yakі vikoristovuyut that chi іnshey software product in practice. Cream of that mobile programs they won’t sway, we’ll sound on stationary systems.
What is worth conducting the main tests, as a rule, they include a sprat of the main aspects:
- presence of paid and cost-free versions and obmezhen, related to functionality;
- speed of regular scanning;
- the speed of identifying potential threats and the possibility of their being isolated in quarantine for the help of algorithms;
- frequency of updating anti-virus databases;
- self-defense and arrogance;
- the manifestation of additional abilities.
As can be seen from the above list, re-verification of a robotic anti-virus software allows you to determine the strengths and weaknesses of that other product. Let me look at the most popular software packages, which is included in the Top 10 antiviruses, and also given their main characteristics, especially for improving people's thoughts, which are the best for everyday robots.
Software products of Kaspersky Lab
We look at the program modules, which are distributed by Kaspersky Lab, as if in the post-traditional space, and are supervised.
Here you can’t see just one program, even among them you can know the regular scanner of Kaspersky Antivirus, and modules for just one internet security, that portable utility like Virus Removal Tool, and navіt zavantazhuvannye disks for poshkogennyh systems Rescue Disc.
Against the varto, there are two smut minuses: first, judging by the observations, practically all programs, for a rare vinnyatka, є paid or smartly-cost-free, but in a different way, systemic help unprimed protection, which makes it difficult for them to stagnate in apparently weak configurations. Obviously, you can easily find the activation keys of Kaspersky Antivirus or Internet Security at the All-World Merazh.
Otherwise, the activation situation can be fixed in a different way. For example, Kaspersky keys can be generated for help special supplements yak Key Manager. True, such a pidkhid is, mildly seemingly, contrary to the right, prote, like a vihid, victorious, rich with coristuvachi.
Speed of work modern machines to be in the middle (because for new configurations all the more important versions are being created), then the data bases, which are constantly updated, the uniqueness of the technologies used and the variety of other viruses and potentially unsafe programs are on the rise here. It is not surprising that the Kapersky Laboratory is today the leader among the retailers of zahisny PZ.
And two more words about the inspirational disc. Vіn is unique in its own way, shards captivate the scanner graphical interface even before the start of Windows itself, allowing you to see threats operational memory.
The same is worth using the portable utility Virus Removal Tool, which can detect a threat on the infected terminal. Behind him, you can see if there is a similar utility Dr. Web.
Zahist Dr. Web
Before us is another one of the most powerful representatives of the security industry - the most famous Doctor Web, which has been standing in the forefront of the creation of all anti-virus software security from time immemorial.
Among the great number of programs you can know and regular scanners, get a surf for Internet surfing, portable utilities, and DVD drives. You can’t repeat the mustache.
The main factor in the greediness of the software of this retailer can be called the high security of the work, instantly identifying threats from the possibility of abo total withdrawal, or isolation, as well as pomirne navantazhennya on the system zahal. Zagalom, with a glance of the greater number of coristuvachs, the easier option of "Kaspersky". Descho tsіkave here all the same є. Zokrema tse Dr. web katana. It is important that this is a new generation software product. If you are oriented to the selection of “sand” technologies, then threaten to put them in the “gloom” or “sandbox” (whatever you want, call it that way) for analysis, first of all, it will penetrate the system. However, in order to expand, there are no special innovations here, even if such a technique has been established in kostovnoy antivirus Panda. Before that, behind the words of rich koristuvachiv, Dr. Web Katana is similar to Security Space with the same technologies. Vtіm, as if to speak in a drunken manner, be it the software of the security of the retailer, it will be stable and strained. It is not surprising that a lot of coristuvachiv give priority to such packages themselves.
ESET software
Speaking about the Top 10 antiviruses, one cannot help but guess one of the most beautiful representatives of this galaxy - the ESET company, which became famous for such a popular product, like NOD32. Trohi later in the world came and module ESET Smart security.
How to look at these programs, you can see ticking moment. In order to activate the same functionality of any package, you can install it separately. From one side - tse attachment of an official license. From the other side - you can install a trial antivirus without cost, or activate your skin for 30 days. With activation, there is also a cicava situation.
How do you define all coristuvaches, for ESET smart security(or for a regular antivirus) on the official site you can find the keys that are freely available, looking at the login and password. Until recently, it was possible to beat only qi data. At once, the process has become easy: you need to login and password on a special site, change it to a license number, and then enter it in the registration field already in the program itself. Vіm, if you don't pay attention to such rubbish, you can say that this antivirus is one of the best. Pluses that are considered coristuvachi:
- update of the databases of virus signatures is carried out every once in a while for production,
- vyznachennya threats on the biggest equal,
- daily whether there are conflicts with system components (firewall),
- the package may be a strong self-defender,
- daily pardon worries too soon.
Okremo varto means that the pressure on the system is minimal, and the task of the "Antizlodii" module allows you to steal data from theft or illegal slander with a scurrilous method.
Antivirus AVG
AVG Antivirus is a paid software, covered by comprehensive security coverage computer systems(Є and bezkoshtovna shortened version). І wanting this year's package not to be included until the top five, protein wines demonstrate to achieve a high level of reliability and stability.
In principle, wine is ideal for home koristuvannya, oskіlki, krіm shvidkosti roboti, maє zruchny russification of the interface and more or less stable behavior. True, how do they designate deaks of coristuvachi, if the building’s fault is to miss the trouble. And it’s worth it not to have viruses like these, but, better, spy programs or advertising "junk" called Malware and Adware. The Vlasny module of the program, although it is widely advertised, nevertheless, behind the words of coristuvachiv, looks like it is underused. This add-on brandmauer is often built to avoid conflicts with the "native" Windows firewall, as if the modules were being reloaded from the active station.
Avira package
Avira is another representative of the antivirus family. In principle, the majority of such packages of wines are not considered. However, if you want to read about the new posts of koristuvachs, you can find out about the posts.
Many people do not in any way recommend to win the free version, the shards of the existing modules in it are just daily. Shchob secure nadiy zahist, come to bathe paid product. Then such an antivirus is suitable for 8th and 10th versions, in which the system itself has a lot of resources, and the package is at the lowest level. In principle, Avira is best suited, say, for budget laptops and weak computers. About the installation, however, th movie can’t be booty.
Cool service Panda Cloud
Bezkoshtovny in his time becoming a little revolution in the gallery of anti-virus technologies. The selection of the so-called "pisochnitsa" for the correction of suspected content for analysis before penetration into the system broke up this program, especially popular among the middle class.
The very same anti-virus is being associated with the "pisochnitsa" So, really, such a technology, for the control of other programs, allows you not to let the threat into the system. For example, whether a virus saves its body on the Winchester or in operational memory, and then we start our activity. Here, on the right, you can’t reach the savings. Spochatku suspicious file to gloomy service, de pass the re-check, and then you can save money in the system. True, according to the assertions of eyewitnesses, unfortunately, it can take a little more than an hour and it’s unrealistically strongly vantage the system. From the other side, here is a wart to ask yourself what is more important: the safety of the more hour of rechecking? Vtіm, for current computer configurations with internet speed of 100 Mbps and more you can win without problems. Before the speech, and the Vlasny Zakhist takes care of itself through the "gloom" that others call the narration.
Scanner Avast Pro Antivirus
Now a few words about one yaskravian representative of Vin to report popular among rich coristuvachiv, prote, regardless of the presence of such a "sniffer", an anti-shpigun, a lace scanner, a brandmauer and a virtual office, unfortunately, Avast Pro Antivirus is behind the main indicators of productivity, functionality of that obviously playing for such giants, like the software products of Kaspersky Lab or add-ons that exploit Bitdefender technologies, wanting to demonstrate high scanning speed and low resource savings.
Koristuvachіv tsіy produktsії privablyuє mainly those scho shchotovna version of the package є the most functional and especially does not look like paid software. Until then, the whole antivirus works on all Windows versions, including the "top ten", and it's good to be driven on old cars.
360 Security packages
Before us, sing-song, is one of the best anti-viruses of the present - 360 Security, split by Chinese fakes. Vzagali, all products labeled "360" are enviable swidkistyu work (the same Internet browser 360 Safety Browser).
Regardless of the main purpose, the program can add additional modules to take into account the inconsistencies of the operating system and optimization. Ale nі shvidkіst roboti, nіvіlne widen not to go at the same time with hibnimi worries. In the list of programs that can be found according to these criteria, tse PZ occupies one of the first months. As vvazhayut rich fahivtsiv, conflicts are blamed on the system level through additional optimizers, such that they are overshadowed by the operating system itself.
Software products based on Bitdefender technologies
Another "old" among the most popular "operators" is Bitdefender. It's a pity that in 2015 the roci wines gave up the palm to the products of Kaspersky Lab, prote in anti-virus fashion, so to say, one of the trendsetters in style.
Even more respectfully, you can remember that there are a lot of modern programs (the same 360 Security package) in different variations based on these technologies. Regardless of the rich rich functional base, there are also some shortcomings. First, the Russian antivirus (Russified) Bitdefender you will not know, shards of this kind do not exist in nature. In a different way, regardless of the stagnation of the remaining technological developments in the plan to defend the system, unfortunately, it shows too high a number of pardons (to the point, after the words of fahivtsiv, it is typical for all groups of programs created on the basis of Bitdefender). The presence of additive components-optimizers and power firewalls is heavily indicated by the behavior of such anti-viruses not in short bik. Natomist at shvidkost's robot does not help to addendum. In addition, P2P is used for verification email in real time mode, which is not up to the mark.
Microsoft antivirus
Another addendum, which is enviable to the enviable application without a drive, is a powerful Microsoft product called Security Essentials.
The Top 10 antiviruses have the same package of inclusions, perhaps only because the splitting is turned on for Windows systems, which means that they do not cause everyday conflicts on the system level. Until then, who, if not the fahivtsy from Microsoft, knows all the dirks in the safety of the volatility of their operating systems. Let's talk about the fact that the Windows 7 and Windows 8 options for the basic configuration did not have the MSE, but then for some reason the package was changed. Vtіm, for "Windy" itself, wines can become the simplest decisions in the plan of defense, although you don't want to worry about the particular functionality.
Addendum McAfee
What is the cost of the programs, looking out to finish the cicavo. The most popular, it's true, it has earned in the hallway zastosuvannya on mobile devices with strong blocking, prote on stationary computers, and the antivirus is no worse for itself.
The program can lower P2P support with double access to Instant Messenger files, as well as propagate a 2-level attack, in which the WormStopper and ScriptStopper modules play the main role. But in general, according to the words of supporters, the functional set is on the middle level, and the program itself is more focused on the manifestation of spyware software, computer worms and trojans and the prevention of penetration into the system of scripts or shkidlivyh codes.
United antiviruses and optimizers
Naturally, here we looked at less than antiviruses, which should be included in the Top 10. If you talk about repairing programs of such a plan, you can designate some packages that can remove anti-virus modules from your kits.
What do you see?
Obviously, all antiviruses can be similar to each other, and vicious. What to install? Here it is necessary to go out of demand and equal protection. As a rule, For corporate clients varto come closer fencing installation(Kaspersky, Dr. Web, ESET). As far as the home vikoristannya, here the koristuvach himself chooses what is necessary for you (you can know how to send an antivirus to the river - without registration or purchase). And just to marvel at the reports of the koristuvachivs, rather install the Panda Cloud, navigate without regard to the deed of the addendum to the system and an hour of rechecking in the “pisochnitsa”. Prote itself here is an absolute guarantee that the threat will not penetrate the system in any way. Vtim, you can choose the skin yourself, what you yourself need. It's not that difficult to activate, be kind: home systems work miraculously with ESET products. Ale vikoristovuvaty optimizers with anti-virus modules as the main zasіb zakhistu vkrai nebazhano. Well, let’s say, as the program takes up the first place, it’s not possible: skolki koristuvachiv, stilki th thoughts.
Pairing anti-virus programs has always been a difficult task. Even the companies that make similar products have been constantly cheering their efforts to perfection and constant updating of their software. Regardless of the price, some antiviruses are better able to cope with their tasks, otherwise.
The skin of them has its own advantage and imperfections, but not the skin of a human being is able to objectively evaluate his work and choose the same, as a better idea for a robotic computer.
Therefore, we were asked to conduct an analysis of the most popular anti-virus programs on the market, Kaspersky, ESET NOD32, McAfee, Symantec, with a method to give you publicity about your work and help you find the right choice for protecting your personal computer. The results of the analysis were reviewed in the tables for maximum benefit of the difference between the software tools that are being tested.
|
Support for the "fence behind lock" scenario with the possibility of automatic switching off of the scenario necessary for the robotic system processes and trusted updates |
||||
|
Allowed / blocking programs: |
||||
|
Select from the program registry |
||||
|
Select from the registry of selected files |
||||
|
Introducing metadata for picturing files |
||||
|
Introduction of checksums for typing files (MD5, SHA1) |
||||
|
Introducing a path to wiki files (local or UNC) |
||||
|
Selection of installed categories of addenda |
||||
|
Allowed/blocked programs for okremy koristuvachivs/groups of koristuvachivs Active Directory |
||||
|
Monitoring and exchange of program activity |
||||
|
Monitoring and prioritization of inconsistencies |
||||
|
Allowed/blocked access to web resources, security alert: |
||||
|
Filtering silan |
||||
|
Filtering instead of the installed categories |
||||
|
Filtering together with data type |
||||
|
Integration with Active Directory |
||||
|
Allowed/blocked access to web resources for the layout |
||||
|
Formation of memorandums about the use of a PC for access to web resources |
||||
|
Control of outbuildings based on policies: |
||||
|
Per port/bus type |
||||
|
For the type I will add what is connected |
||||
|
Behind groups of correspondents in Active Directory |
||||
|
Creation of more lists based on serial numbers outbuildings |
||||
|
Gnuchka keruvannya with access rights to the outbuildings for reading / writing with the possibility of adjusting the layout |
||||
|
Management of time clock access permissions |
||||
|
Scenario "fence for locking", which is behind the improvement of priority |
Analyzing the data taken, we can state with confidence that, with the help of the tasks, such as control of programs, Internet sites, and attachments, only one antivirus, Kaspersky, has come into contact. McAfee antivirus showed bad results in the category "attachment control", having won the maximum rating, but, unfortunately, for web control and software control, it is not suitable.
Another important analysis of anti-virus programs has become their practical investigation for the purpose of identifying the protection of personal computers. Three more anti-virus programs were added for this analysis: Dr. Web, AVG, TrustPort, in this way the picture of the software segment has become even better. For testing, 3837 infected files with different instances of threats were uploaded, and those that were infiltrated by anti-virus programs that are being tested are shown in the table below.
|
Kaspersky |
|||||
|
1 xv 10 sec |
|||||
|
5 xv 32 sec |
|||||
|
6 min 10 sec |
|||||
|
1 xv 10 sec |
I am again the first to get Kaspersky Anti-Virus, outperforming its competitors for such an important indicator as the number of threats - more than 96%. Ale, as it seems, without a spoon, the dog didn’t work here. An hour of searching for infected files and reducing the resources of a personal computer turned out to be the largest among the average products that are being tested.
Best seen here were Dr. Web and ESET NOD32, which spent three times more than one virus on virus scans, 77.3% and 50.8% of infected files were detected apparently. What is more important - vіdsotok vіdsotok vіrusіv vіrusiv or hour, stained for poshuk - vіrishuvati you. But don't forget that the security of your computer may be over your mustache.
ESET NOD32 showing the highest result in the detection of threats, less than 50.8%, which is an unacceptable result for a PC. TrustPort is the most visible, and AVG is the least visible to resources, but, unfortunately, the low number of threatening anti-virus programs cannot allow them to compete with the leaders.
Depending on the results of the tests, Kaspersky Anti-Virus can be considered the best option for protecting your computer, for you know that enough operative memory is installed on it good processor. Until then, the price for the product of Kaspersky Laboratories is not the highest, which cannot but rejoice the spontaneous.
Carry out a comparative characteristic of antivirus programs - to make it more busy, as through the tiredness of the battles of the greater coristuvachiv, so the prospect of viklikati dissatisfied virus companies, as for the results of the tests, they fell in the lower ranks of the rating.
One suggestion is to surf on the forums for the sake of the drive and lack of any kind of anti-virus, in other case - to blame the results of the relative testing of the products of the leading trademarks.
In this situation, the most optimal solutions are obtained from specialists who are professionally engaged in testing anti-virus software. One of them is the experts of the independent Russian information and analytical portal information security Anti-Malware.ru, which were tested before anti-virus programs presented below.
For testing, we used the following anti-virus programs:
- - Kaspersky Anti-Virus 7.0
- - Eset Nod32 2.7
- - DrWeb 4.44
- - Norton AntiVirus 2007
- - Avira AntiVir PE Classic 7.0
To evaluate the main criterion of the programs that are being tested - as a cost to defend, the following parameters were insured:
- - the nature of heuristic analysis;
- - Shvidkіst reaction in case of detected viruses;
- - quality of signature analysis;
- - as a behavioral blocker;
- - Health before the recovery of active infections;
- - Health before the manifestation of active rootkits;
- - like self-defense;
- - Possibility of pіdtrimki pakuvalnikov;
- - The frequency of pardons spratsovuvan.
Results
computer virus program
|
Criteria |
Kaspersky Anti-Virus |
Norton AntiVirus |
|||
|
resource capacity |
|||||
|
Brilliance |
|||||
|
Functionality |
|||||
|
Resistant to failure |
|||||
|
Hnuchkist nalashtuvan |
|||||
|
Ease of installation |
|||||
|
Quickness of reaction |
|||||
|
Signature manifestation |
|||||
|
Heuristic analyzer |
|||||
|
Behavior blocker |
|||||
|
Treatment of active infection |
|||||
|
Detection of active rootkits |
|||||
|
self-defense |
|||||
|
Pіdtrimka pakuvalnikov |
|||||
|
Hibni spratsovuvannya |
|||||
According to the results of the peer-to-peer testing of anti-virus programs, "Kaspersky Anti-Virus 7.0" came first, scoring Norton Anti-Virus 2007 by 15 points less, the third result was shown by the anti-virus program Eset Nod32 2.7.
On the global test results, different criteria were added, for which anti-virus programs were evaluated, and to call the program the absolute leader would be incorrect if I wanted to, for different koristuvachiv The most important are the various parameters of antivirus robots, although the main criterion is the quality of protection, obviously, a priority.
Best results in according to the test"Kaspersky Antivirus 7.0" is characterized by quick response to new threats, frequency of virus database updates, the presence of a behavioral blocker that is used daily in other antivirus programs, rootkit recovery and effective self-defense.
До переваг «Антивіруса Касперського 7.0» потрібно також віднести його великий функціональний діапазон: знаходження та іннактивація активних руткітів, швидка перевірка трафіку HTTP, здатність змінювати наслідки діяльності шкідливих програм, наявність програми аварійного відновлення, ефективне регулювання навантаження на центральний процесор.
Until now, Kaspersky Anti-Virus 7.0 has had a low resistance to crashes, due to the low efficiency of heuristic analysis, which exceeds the high resistance to such types of threats, as for now, Kaspersky Anti-Virus 7.0 is not known. Among the negative features of Kaspersky Anti-Virus 7.0, there is a large number of pardons, which are especially effective against some of the hard-working ones.
Norton Anti-Virus 2007, based on another position, adds robustness and simplicity and robustness to the interface, the efficiency of signature detection and a low number of pardon alarms.
Over the course of the day, Norton Anti-Virus 2007 takes up a lot of system resources and may have a low response rate. The proactive defender is not the strongest and the pakuvalnikov's bag is depleted. The flexibility of Norton Anti-Virus 2007 is limited, which does not allow yoga to be adapted to a wide range of applications. The biggest strengths of Eset Nod32 2.7, which occupied the third place, were its efficient heuristic analyzer and minimal reduction of system resources, which is especially noted by the hackers, which are not like "Swedish" computers.
Up to a short period of Eset Nod32 2.7, there is a lack of response to new threats, minimal response to the detection of active rootkits and the elimination of traces of active infection. The old interface will also need to be updated.
A quarter of the anti-virus program "Doctor Web" is aware of the presence of an active blocker, effective tools resistance to active infection and manifestation of rootkits. The effectiveness of the heuristic analyzer "Doctor Web" can be short. With all the shortcomings of this antivirus, it is impossible not to achieve a high level of flexibility, a fast response, and an easy-to-navigate installation algorithm for a found-out koristuvachev.
Most of the results are tied with the decision of the participants in the test showing Avira AntiVir PE Classic 7.0. I wanting a signature detector and an analytical analyzer in a new, bad, inefficient way to protect and low health to the elimination of legacy infections, the software released Avira AntiVir PE Classic 7.0 at the end of the month.
The only advantage of Avira AntiVir PE Classic 7.0 before the decision of the participants in the test is cost-free. Other anti-viruses may have approximately the same cost (between 1000 rubles), although some of them look better in the case of Kaspersky Anti-Virus and Doctor Web, which have a lower level of technical support.
course work
"Regular analysis of current anti-virus programs"
INSTUP
CHAPTER 1. Zagalni vіdomostі about computer viruses
1.1 Understanding computer viruses
1.2 Change computer viruses
1.3 Ways of penetration of viruses, signs appeared on the computer
1.4 Antivirus protection
ROZDIL 2. Regular analysis of anti-virus programs
WISNOVOK
List of vicorists dzherel
Entry
We live on a stick of two thousand, if the people have entered the era of a new scientific and technological revolution. Until the end of the twentieth century, people slandered the rich mystery of the transformation of speech and energy and learned the victorious knowledge for the enrichment of their lives. Ale krіm speech and energy in the life of a person, a great role is played by one more warehouse - information. Tse niriznomanіtnіshі vіdomosti, podomlennya, zvіstki, znannya, umіnnya. In the middle of our century, special attachments appeared - computers, focused on the collection and transformation of information and the computer revolution. At the link with a strong development information technology In addition to these penetrations in all spheres of human activity, a number of malices, directed against information security, have grown. Today, the massive stagnation of personal computers, unfortunately, has appeared in the wake of the emergence of programs that self-create, viruses, that override the normal robotic computer, destroy the file structure of disks and manage the data that is saved in the computer. Ignorantly praised in rich lands, laws on the fight against computer malware and the distribution of special program contributions protection against viruses, the number of new software viruses is growing steadily. Tse vymagaє vіd koristuvacha personal computer know about the nature of viruses, ways of infection with viruses and zahistu vіd them.
In the course of a day, viruses become dyed-in-the-wool, which leads to a substantial change in the profile of threats. And the market for anti-virus software does not stand on the spot, propagating impersonality, it would be given, identical products. These koristuvachs, presenting a problem only in zagalnyh rices, often miss important nuances and as a result, eliminate the illusion of zahist instead of zakhist.
For writing term paper buli vikoristany so dzherela: Bezrukov N.M. "Computer viruses", Mostovy D.Yu. " Modern technologies fight against viruses”, Mogilov O.V. "Informatics: a textbook for students of pedagogical universities". initial assistant Mogilov's path to great vistas from the theoretical ambushes of informatics, software, using language and programming methods, counting technique, information systems, computer merezhami and telecommunication, computer modeling. It is clear and accessible about the different computer viruses, their different ways to fight against them.
On the basis of the learned literature, we will try to figure out what needs to be protected, how to exhort and what should be given special respect.
CHAPTER 1
1.1 Understanding computer viruses.
A program is called a computer virus, as it sounds small beyond the size (from 200 to 5000 bytes), as it launches independently, copies its code in many ways, adding it to the codes of other programs (“multiplies”) and conquers correct work computer and/or other information that is stored on magnetic disks (programs and data).
Detect viruses and less “evil” ones, which call out, for example, resetting dates in a computer, music (like playing a melody), which is done until some image appears on the display screen, or until the information of the letters appears on the display screen, » etc. .d.
The creation of computer viruses can be legally qualified as evil.
There are reasons why qualified programmers are afraid to create computer viruses, even if the robot is not paid and cannot give popularity. Obviously, for the creators of viruses, there is a way to self-assertion, a way to bring their qualifications and zdibnosti. The creations of computer viruses are engaged in the qualification of programs, for other reasons, they did not know their own place in the core of the work, in the rozrobts application programs, yakі suffer from sore zarozumіlosti or a complex of innocence. Become the creators of viruses and young programmers, like they see difficulties in cooperating with strange people, do not learn from the side of fahivtsiv, as if someone else understands morality and ethics of the computer sphere of activity. Also, the creation of viruses can be dealt with by the anti-virus programs themselves with a profit method. Having created new virus otherwise, by modifying the old one, virobniks are negligently releasing anti-virus tools to fight them, thereby outsmarting their competitors.
Іsnuyut and so fahivtsі, yakі vіddayut their strength and talent to fight against computer viruses. Russia has its own programs D. Lozinsky, D. Mostovy, I. A. Danilov, N. Bezrukov et al. .
It’s a headlong trouble, in my opinion, to become not by the power of computer viruses, but by hard computers computer programs, not prepared for exposure to viruses, to behave in an unskilled manner when infected with symptoms of computer infection, to panic easily, to paralyze normal work.
1.2 Different types of computer viruses
Let's take a look at the main features of computer viruses, the characteristics of anti-virus programs, and check out the programs for data on computer viruses in the most extensive MSDOS system.
For the nearest estimates in today's days There are over ten thousand different viruses. Pidrahunok їх are folded together, that a lot of viruses a little vіrіznyayutsya one kind of one, є variants of one and the same virus and, on the other hand, that very virus can change its own look, code itself. In truth, the main principles of ideas, like the basis of viruses, are not rich (a few dozen).
Among the features of the diversity of computer viruses, we see the following groups:
- exciting ( boot ) viruses infect the program of the computer attack, which is saved in the attack sector of the floppy disk or the hard drive, and the computer is started every hour of the attack;
- file viruses in the simplest way, they infect files that populate, but they can also expand through document files (WordforWindows systems) and navigate not to modify files, but rather mother to them as a reminder;
- zavantazhuvalno-file viruses Mayut signs like zavantazhuvalnyh, і file viruses;
-driver viruses infect the drivers of the computer attachments or launch the included configuration file of the additional row.
3 viruses that don't work well personal computers under the MSDOS operating system, next guess mezhezhі viruses, which are rozpovsyudzhuyutsya in merezhi, scho unite a lot of dozens and hundreds of thousands of computers.
Let's take a look at the principles of functioning exciting viruses. On the skin floppy disk there are service sectors, which are used by the operating system for power needs, including the sector of the cob vanishing. New Crimea has information about the floppy disk (number of tracks, number of sectors in total) small program cob entanglement.
The most simple vanishing viruses, resident in the memory of an infected computer, detect an uninfected floppy disk in the drive and perform the following actions:
They see the area of the floppy disk and make it inaccessible operating system(significantly, for example, like a zbіynu - bad);
Replace the program of the cob capture in the capture sector of the floppy disk, copying the correct capture program, as well as its code, from the visible area of the floppy disk;
Organize the transfer of control in such a way that the code of the virus is first written down and only later - the program of the initial entanglement.
Magnetic disks Computers of the Winchester type sound like a split into a sprat of logical splits. Cob capture program є i in MBR (MasterBootRecord - head exciting record) that in the exciting distribution of Winchester, infection of which can be similar to infection avantage sector diskettes. However, the program of the header partition in the MBR winches when switching to the program of the header of the partition of the hard drive, so called the partition table (Partitiontable), which contains information about the position of the header partition on the disk. The virus can create Partitiontable information and in this way transfer control to its code written to disk, without formally changing exciting programs.
Now let's look at the principles of functioning file viruses. The file virus is not necessarily resident; When an infected file is launched, the virus removes the password, checks the code and turns it on with the code, whichever is used. Dії, like vykonuє virus, including a search for the virus to infect a file, to carry out in a new way, to take control of the file, to achieve a certain effect, for example, a sound or graphical one. Since the file virus is resident, it is installed in memory and can infect files and appear independently in the infected file.
Infecting the file, the virus must change its code, but do not start robbing other changes. Zocrema, you can not change the ear of the file that yogo dozhina (which used to be considered a sign of infection). For example, viruses can spoof information about files that are collected from the service area of magnetic disks - file allocation tables (Fat - fileallocationtable) - to make it impossible for a robot to work with files. This is how the viruses of the Dir family behave.
