Testing the Tools

To evaluate antivirus utilities I rely on hands-on, real-world testing. The malware removal test involves installing each product on a dozen malware-infested virtual machines and challenging it to clean them up.

This article explains how I get from those tests to the figures in the chart below: How We Test Malware Removal.

For the malware blocking test I attempt to install the same collection of threats on a clean system protected by the product being tested.

The article How We Test Malware Blocking explains how I analyze and score the results.I also refer to reports from major independent antivirus testing labs.

The labs have vastly more resources than I do, so they can perform large-scale tests that would take more time than I have available.

The chart below specifically lists results for the companies whose 2012 products are rounded up here.

For full details on how I interpret these lab results see How We Interpret 


Cleanup-Only Tools

Four of these recent products are specifically designed to clean up malware infestations, with no real-time protection component. Malwarebytes’ Anti-Malware Free 1.51 (Free, 4 stars) was the most effective of these. Its detection rate wasn’t high, but effective removal gave it 6.4 points overall. The commercial Malwarebytes’ Anti-Malware PRO 1.51 ($24.95 direct, 3 stars) does add real-time protection, but it was the least effective of the entire group.

Norman Malware Cleaner 2.1 (Free, 3.5 stars) wasn’t as effective as Malwarebytes. Its rootkit removal score is especially low because most of the rootkits it detected were still running after its alleged removal.

Comodo Cleaning Essentials (free, 4.5 stars) is full portable, so malware can’t evade it by interfering with installation. It was particularly effective against rootkits.

While not free like the others, avast! Rescue Disc ($10/once direct, 3.5 stars) is inexpensive. Rootkits and other malware types that subvert Windows itself should yield to this bootable tool. However, in testing one rootkit remained running even after alleged removal.


Source: PC MAG