Malware Research Group is adding another type of test to our existing tests, Real Time protection test. As we believe that prevention is the most important part of the battle with malware, we will encourage these tests more often then other tests as they will show much clearer picture on how Anti-Malware applications deal with blocking new samples of malware in real time. In these tests we will pick the samples from the list of most distributed malware (trojans, backdoors, worms, rootkits, exploits….), we will attempt to run those samples and try to infect the system (like in the average everyday scenario when users get infected), Anti-Malware applications that will be used in this test must block all the samples from running, it is as simple as that.
For every application tested and all the samples used we will monitor the system for any changes, detecting a sample doesn’t necessarily mean that the sample is really blocked from running, as we have conducted similar tests in the past many times malware is found actively running after it was detected and “blocked” by the tested application. If any traces of the infection is found running after the test is completed (for every sample separate), the application tested will fail this test. Only those applications that manage to block all samples from running and no traces of the infection are found in the system will pass this test.
The amount of samples that we plan to use in this test is not yet set, but we are thinking of using about 50-80 samples per test, as these tests will be performed more frequently there is no need to use larger number of samples.
Stay tuned for more details about this test,