Tuesday, September 04, 2007

Is Your Anti-Virus Program Working?

Everyone has an Anti-Virus program installed on their PC these days, but is it working? Many malware programs target well known anti-virus programs and attempt to disable them. I recently discovered a freeware program that safely detects whether your AV program is actually working. Its called the UnityPro Anti-Virus Tester.
In 1990 the European Institute for Computer Antivirus Research (EICAR) created a test file that should be detected by every AV program. The freeware tester tests whether your AV program is running by creating a test file when you ask it to. If your AV program doesn't detect this new file, it either sucks or it isn't working.
I tried it on my computer and was reassured that at least my NOD32 program was running. If the test fails on your PC, then your AV program needs some immediate attention.

2 comments:

Anonymous said...

The problem with this test, is that it only tests if your AV is picking up viruses it knows about. The big misconfiguration that leads to most AV problems are that the signatures aren't regularly updated. Given that virus writers and av vendors are in an arms race due to the silly blacklisting technique of signature based detection and the immaturity of heuristic approaches, not regularly updating your signatures is usually the bigger cause of infection.

Donn Edwards said...

Good point. This test only checks if your AV program is working, not whether it is up to date. NOD32 shows me the date of the current signature file, and warns if the signatures are older than 2 weeks. Not all AV programs are that proactive.