AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. Products from the following companies have identified all 73:
* Alwil Software (Avast)
* Softwin (BitDefender)
* ClamAV
* F-Secure Inc.
* Fortinet Inc.
* McAfee Inc.
* ESET (Nod32)
* Panda Software
* Sophos Plc
* Symantec Corp.
* Trend Micro Inc.
* VirusBusterThese products detected fewer variants:
* 62 — eTrust-VET
* 62 — QuickHeal
* 61 — AntiVir
* 61 — Dr Web
* 61 — Kaspersky
* 60 — AVG
* 19 — Command
* 19 — F-Prot
* 11 — Ewido
* 7 — eSafe
* 7 — eTrust-INO
* 6 — Ikarus
* 6 — VBA32
* 0 — NormanThe difference for the more effective products is likely to be heuristic detection, tracking the threat by identifying the basic techniques of the exploit, rather than looking for specific patterns for specific exploits.
I know a lot of people who use various free antivirus programs, especially AVG. I don’t recommend them, and this study is one giant data point in my argument.
Anyone with an updated subscription to any of the AV programs on the first list above is fully protected from the WMF exploit. Anyone using a program on the second list should ask themselves whether it’s time to switch.
Ed Bott 
I’ve been using the Free avast! 4 Home Edition for about a year and had no problems. Sure is nice to see its protection recognized up there with the other big names.
John
Yes, true about Avast, but I think it’s a crapshoot either way. Look at Kaspersky. Time and again that (not free) program ends up at the very top in detection-rate tests. Yet not in this case.
How does Zone Alarm stack up to this?
Zone Alarm is a firewall whereas the ones mentioned above are antivirus programs.
A firewall is a device – hardware or software – that filters information being transferred through your Internet connection with your computer. If a packet of information is flagged by the filters, it is not allowed through. Simply, a firewall is a barrier to keep destructive forces away from your property.
An antivirus program – like the ones mentioned above – scans for viruses and other malware on your system. Also, most of the better ones provide realtime protection by scanning everything that is downloaded.
John
There is also a Zone Alarm package that comes with an anti-virus component. I believe it is identical to the eTrust software that did not do so well above.
Avast has a free version, so Ed’s implication that free anti-virus programs are going to be less effective than commercial ones is a bit odd. Companies like Avast and AVG generally offer free and commercial versions, with the free ones restricted to private use. I switched from Avast to AVG because the former puts a limit on the number of incoming connections, which was causing problems for me. In any case, I’ve been using the DEP (on all programs) solution noted here earlier, and haven’t had any problems yet.
how long did it take these same companies to detect the sony rootkit. It bothers me to no end that some of the big boys knew about the rootkit and it took weeks before they did a thing.
It’s useless to compare antivirus software based on just one test. I’ve seen a free scanner not mentioned here at all to react to new threats much faster than at least one of this list’s top entries.
Oliver wrote:
“I’ve seen a free scanner not mentioned here at all to react to new threats much faster than at least one of this list’s top entries.”
Great, can you enlighten us about this product, and where to obtain it?
I use AVG. It looks like I’ll have to switch to Avast. But will the free version offer the same degree of protection? Yarr.
@Wataru: This has been H+BEDV Antivir (antivir.de). This is used as second scanner for all incoming mails at our system, so it will only appear when a mail has been let through by the main scanner. This happens occasionally. There’s a free version for non-commercial use.
I use AVG simply becuase I have 4 machines that need AV (three workstations and one server) and the cost to protect those machines with Symantec Anti-Virus was prohibitively expensive. I was able to get a 5-user license of AVG (this included remote management) for the price of 2 1/2 workstation licenses on Symantec…and the server license for Symantec…DAMN!! they’re proud of that!