How We Test: Anti-virus software
A look at the real-world testing methodology that sets our anti-virus testing lab apart from the crowd
The Test Systems
To ensure a level playing field, we install each anti-virus program on one of our test PCs, which have identical hardware and run identical Windows XP Professional installations. These have been updated to Service Pack 3 (SP3), but no further patches or Windows updates have been applied. This is a common software setup for many computers that access the internet. Each anti-virus product is installed and updated with the latest virus definitions.
Although no further Windows updates are applied, the anti-virus software is updated for each test. We expose each system to the same threat within a 24-hour period.
[IMG ID=”156775F”][/IMG]
Monitoring
We use a range of tools to help us monitor and analyse our test results. The systems are pre-installed with software that allows us to record and watch events in real time as Windows processes start and stop. We can observe network traffic to and from the PC and make and compare Windows Registry and file-system records to check for undesirable modifications.
Malware downloaded from websites is often subject to rapid change. Although it may appear as if the same malicious software is being downloaded every time a victim visits a particular website, there are often subtle variations that can make it harder to detect. Because we want to expose each anti-virus suite to exactly the same threat, we use a custom-built system that ensures each of our test computers receives the same threats when they visit an infected site.