testing effectiveness of your virus resident scanner!!

Are there any sites where you can test how effective your virus scanner is by dowloading fake virus programs?

 

I'm not sure you understand how a virus scanner works. A virus is either in the scanner's definitions or it's not, so the only way to test it is with a virus that's not in the definitions, in which case, the scanner would obviously fail. The only way I can think of actually testing them would be to load up on virii and see how comprehensive the definitions are, or measure the amount of time between the introduction of a new virus and it's appearance on updated definitions.

 

Not sure if this will really answer your question, but there are online scanners such as this which, I suppose, you could use to double check your own AV's thoroughness.

 

I understand the heuristics part of the AV program, but you still can't make a benchmarking system in the traditional sense. All the companies have to do is include those virii into a definitions update, and that would guarantee a 100% pass.

 

See www.av-comparatives.org ... they have data on the different AV packages and how many viruses are caught by the resident scanner and by on-demand scans.

As far as doing your own tests... you could download a virus file and just not run it and see if the AV program flags it. That's all I can really think of.

 

what about running the virus in a virtual machine? I dont know that much about virtualisation though!

 

Don't forget the Heuristics that many also employ. This is used to track behavior rather then just a signature. In theory, a new virus may not have a signature yet, but the Heuristics may still detect the abnormal behavior and act upon that.

Many AVs use both systems.