Jump to content

Rootkit Detection with the Small Business Products

Recommended Posts

I was reading an article about rootkits and saw that the German research group "AV-TEST" recently gave good marks to Kaspersky Internet Security 7 with it coming in second only to BitDefender Internet Security 2008 (congrats) as a suite, in their ability to stop the install, detect and finally remove rootkits.


While this is great news for home users of version 7, where does that leave business users protecting their servers and workstations. We are using across our network. What kind of rootkit protection is in this version of the software? It seems they conducted their tests on Wndows XP SP2, what about your software on Vista SP1or XP running SP3?


PDF version here...





Product Version Detection of Detection of Detection of Removal of Removal of Removal of

inactive samples actively running malware hidden inactive samples actively running malware hidden

rootkits by rootkits rootkits by rootkits

Reference (max) -> 30 30 30 27 30 30


Avira AntiVir Premium Security Suite 28 29 30 25 7 7

BitDefender Internet Security 2008 11.0.13 30 28 29 27 23 27

Bullguard Internet Security Suite 30 7 10 27 4 0

G DATA InternetSecurity 2008 18.0.7227.533 30 9 4 27 7 0

Kaspersky Internet Security 7.0 28 24 28 25 22 25

Kaspersky Personal Security Suite V 28 21 27 25 19 17

Norton Internet Security 2008 25 18 25 25 18 25

Share this post

Link to post



KAV WKS has got a Proactive Defense module which can help to detect hidden processes as well as KIS7.

More details are available on this FAQ.


I'm not sure but I think that the engine is the same that the one in KIS, except the fact that KIS has a special task to detect rootkit.

Share this post

Link to post


since i've just finished to remove a couple of rootkits (kernel mode) on my colleague's home computer (protected with KAV for Workstation, i can say that:

1) PDM6 is a good "tool" to detect rootkit installation but KAV6 is not so reliable when trying to disinfect an existing hidden driver (several of my resellers reported me about this behaviour)

2) Version 7 architecture, on the other hand, has a better removal approach and some of most widely spread rootkits can be removed easily.

Again, this is only my humble opinion...:)


Share this post

Link to post

New business line products will be based on v8 core.

Edited by Whizard

Share this post

Link to post

  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.