How to Test Antivirus?

Antivirus are serious business. You need to have one guarding your system, along with a firewall, and ensure that all your security software is kept updated. Your antivirus downloads all the newest virus definitions, and you make sure to deploy all the latest security patches for your security programs.

But setting up your defenses is one thing — ensuring they are working is another.

Luckily, there are is a whole array of tools available that help you test your antivirus, and quickly determine how secure a PC is. There are dedicated websites available that help you with this, and nifty little tools that test the malware detection capabilities of your system.

Here’s how you can make sure you are protected and your antivirus is not sleeping on the job!

Why should you Test Antivirus?

The more important question is, how do you know if the antivirus or antimalware that you installed on your system is actually protecting your computer?

There is a continually expanding array of security software available these days, both paid and free. And every program will state that it is working correctly, confirm that your system is really protected. Even in cases, where a stealthy malware may have tampered with the program itself.

Keeping in mind the fact that most premium antivirus software come with yearly licenses, you could be looking at prices anywhere from $30 to $60 for programs that may just be hanging out in your system tray, eating up resources, and — wait for it — doing nothing.

That’s really not what you want.

Now, searching for and downloading a real virus from the internet to your computer is not an option, because you risk your computer being infected by it.

Good then, that a few different tools are available that can test the effectiveness of your preferred antivirus application. These range from simple files you can create yourself, to more elaborate solutions that help you test your chosen antivirus or antimalware.

The most basic of these is EICAR.

1. EICAR Test File

While the name may sound a little intimidating, the EICAR test file is basically a computer file that has been developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO).

This is a simple yet handy file that tests the response of computer antivirus programs.

Instead of using real malware that can potentially do real damage on a PC, this test file allows people to test their antivirus applications without having to use a real computer virus.

It is a basic text file, but antivirus makers have set the EICAR string as a verified virus, and created a signature that virus scanners can detect. In other words, it is not a real virus that can harm a computer, but a detection pattern. Once detected, the virus scanner will respond exactly as it would as if it found a harmful piece of malware. Better yet, the EICAR test file can also be zipped up or archived, and an antivirus software can be put through its paces to see if it actually detects the string in the compressed file or not.

It may be a synthetic test, but it’s an effective one.

You can easily create this file in Notepad, by copying and pasting the 68 characters listed below, and saving the file with either a COM or EXE extension. Most modern antivirus with real time protection should automatically detect this file as a threat, and remove it from your computer. Or alternatively, you can run a manual scan and point to this file or a compressed archived containing it, to see if your antivirus or antimalware solution detects it.

Here is the string:

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save the file on your system. If you have active protection working properly, the simple act of saving the file should trigger an alert.

In case the EICAR file is not detected, something is either wrong with your antivirus program, or you are using a rogue or fake security solution. Almost all antivirus applications are able to detect this file and mark it as a threat. At least 49 out of the 52 programs in VirusTotal, at the time of this writing.

Long story short, if you have an antivirus program installed on your system, and it fails the EICAR test by not detecting the file, then you should either tinker with its settings to make sure it is working properly, or opt for another, more reliable security software.

A competent antivirus engine should respond to an EICAR file it detects in the same manner as if it found a harmful virus.

If it doesn’t, something is wrong.

2. TestMyAV

If you’re adventurous enough to test antimalware solutions yourself in order to determine the best one for your needs, then the folks over at TestMyAV may just have what you need. This is a website with a single purpose. And that is, to get people testing antimalware solutions for themselves, rather than trusting vendors. It is basically a free resource of testing guides and tools, as well as some fresh malware, that you can put to good use in order to test your antivirus.

Sounds a bit scary? It does.

The good thing is that TestMyAV have put together a lot of helpful guides to guide you through the testing process — which involves building a test lab, sourcing and introducing malware, and then seeing just how good your antivirus or antimalware application is.

Essentially, this is doing the testing yourself, instead of leaving it to the experts. And the website guides you every step of the way. From setting up a secure virtual environment (on Windows, Linux and macOS machines) to process and system monitoring tools, as well as network analyzers and more.

Taking Risk

You will need to register and login in order to access the malware repository, and you can even test by modifying the hash and mutating viruses. In other words, this is pretty much modifying and crafting malware yourself, creating new threats that evade security solutions.

Again, these tests are also synthetic, and not a like for like representation of the real-world threats that plague the computing world. But for those of you what want to test things out personally, there is no better resource available than TestMyAV.

Give it a try and see how your antivirus or antimalware applications fare.

3. Simulation tools

And finally, if you want to take this one step further, and get an experience as close to the real thing, then simulation tools might be worth checking out. These, as you can imagine, simulate the threats via an actual harmless virus attack. All in order to find out if your antivirus is on active duty, or sleeping on the job.

A whole bunch of different simulation solutions are available that help you find out just how vulnerable your system is against malware attacks. 

One of the more famous ones around is the appropriately named RanSim, a free ransomware simulator tool that you can download, install and run. A harmless simulation will let you test 10 different types of infection scenarios.

Simulation Tools

Another good option is the SpyShelter Security Test Tool that can be used on live systems, and comes with 6 separate modules, with tests ranging from keylogging, webcam capture, keystroke encryption, clipboard and screen capturing, sound recording and overall system protection like registry access and writing to startup folder.

For web browsers, look no further than WICAR, a place that contains widely abused browser exploits that you can safely click on to test your defenses, and find out whether your advanced internet protection security software is up to the mark.

Onto the network side of things, we have ShieldUp, which can be used to test Windows DNS and router UPnP exposures in order to ensure that your system is not disclosing your information and data without your permission or knowledge.

And finally, there is FortiGuard that lets you test malware infections that spread via compressed files. Cybercriminals conceal their code in different file types and compressions, hiding malware deep within archived files that can regularly fool most network security solutions. In fact, there are still quite a few antivirus and antimalware applications that cannot analyze a file that is compressed in any other format than ZIP. This simulation lets you dab into some other formats, and see whether your protection is able to fend them off.

Leave a Reply 0 comments

Leave a Reply: