All Your Root Checks Are Belong to Us: the Sad State Of

Total Page:16

File Type:pdf, Size:1020Kb

All Your Root Checks Are Belong to Us: the Sad State Of All your Root Checks are Belong to Us: The sad state of Root detection Nathan Evans Azzedine Benameur Yun Shen Symantec Research Labs Symantec Research Labs Symantec Research Labs Herndon, VA Herndon, VA Dublin USA USA Ireland [email protected] [email protected] [email protected] ABSTRACT Categories and Subject Descriptors Today, mobile devices are ubiquitous; a facet of everyday life D.4.6 [Security and Protection ]: [Android Security, Root for most people. Due to increasing computational power, Detection, Library Interposition] these devices are used to perform a large number of tasks, from personal email to corporate expense account manage- ment. It is a hassle for users to be required to maintain 1. INTRODUCTION multiple mobile devices to separate personal and corporate The wide proliferation of smartphones in recent years has activities, but in the past this was a commonplace require- led to a boom in Android (Linux based) mobile devices. An- ment. Today, the Bring Your Own Device (BYOD) rev- droid is so popular that, as of the end 2014 it was installed olution has promised to consolidate personal and business on over 70% [2] of smartphones and tablets sold globally. applications onto one device for added convenience and to Following the same trend, personal devices penetrated en- reduce costs. As business applications move to personal de- terprises; putting corporate crown jewels alongside personal vices, a clear problem has arisen: how to keep business data applications, data and threats. This led to the wide spread secure and personal data private when they reside on the adoption of Mobile Device Management (MDM) and Bring same device. Many solutions exist, both for increasing the Your Own Device (BYOD) in corporate security solutions security of mobile devices as well as BYOD and Mobile De- to protect their assets against malicious applications and vice Management (MDM) software to allow access to busi- malicious or unsuspecting users. ness applications and data while keeping it secure. Android is successful, in part, due to its open nature that One chink in the armor for both security and business ap- avail users, enterprises, governments and telecommunica- plications is \rooted" devices. These devices have been un- tions providers of numerous customization options. How- locked, providing low level system access to users and ap- ever, Android's openness (and Linux ancestry) has also given plications. With root access, users may be able to bypass rise to applications that leverage \root" access to modify the BYOD mechanisms in place to protect data, and malware most intricate parts of the operating system. Such low-level may be able to access both private personal and business and overprivileged access is often seen as a security risk [6, data on devices. As such, security applications and busi- 8] as it provides complete access to the system that can ness applications often attempt to identify rooted devices be leveraged by malware targeting Android devices. For and report them as compromised. In this paper, we ana- this reason, mobile software security vendors often include lyze the most popular Android security focused applications checks for rooted devices, either to warn the user, provide along with market leading BYOD solutions to discover how added functionality or simply record and report it. \rooted" devices are identified. We dissect the aforemen- tioned applications with commonly available open source Even without considering the possibility of enabling mal- Android reverse engineering frameworks to demonstrate the ware running on a rooted device to do more harm, it is relative ease of circumventing these root checks. Finally we difficult if not impossible for enterprises to guarantee that present AndroPoser, a simple tool that can subdue all the their corporate policies can be enforced for rooted BYOD root checks we discovered, allowing \rooted" devices to ap- devices. Typically corporate policy prohibits the use of cer- pear \non-rooted". tain dangerous apps, requires the use of some security and policy enforcing apps, and may include device tracking and remote shutdown/wipe capability. However, rooted devices Permission to make digital or hard copies of all or part of this work for threaten these policies because users or malicious apps that personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear gain access can manipulate the underlying operating sys- this notice and the full citation on the first page. Copyrights for components tem. Also, apps used for business purposes often encrypt of this work owned by others than ACM must be honored. Abstracting with their data at rest, but a user or application that can ob- credit is permitted. To copy otherwise, or republish, to post on servers or to serve the memory and library usage of these apps are able redistribute to lists, requires prior specific permission and/or a fee. Request to access this data when unencrypted in memory. permissions from [email protected]. MobiWac'15, November 02-06, 2015, Cancun, Mexico ACM 978-1-4503-3758-8/15/11 ...$15.00 Approaches currently exist to turn Android into a trusted DOI: http://dx.doi.org/10.1145/2810362.2810364 platform [3], which allow sensitive functions such as encrypt- 81 ing and decrypting data, storing encryption keys, etc. in a alyzing the behavioral differences between the original app trusted computing base, but these are not widely deployed. and repackaged versions. Interestingly, Yeongung Park et al. Currently the barriers to entry are that a trusted platform proposed RGBDroid [10] to protect the system by effectively complicates development, requires partnerships with chip- responding after an attacker has already attained root-level makers, and the functionality of a trusted base is rather access. limited. Therefore, both security focused applications and BYOD solutions alike embed checks for the sole purpose of Root evasion Applications have emerged to evade root de- detecting if a device is \rooted". Like many security mea- tection; [1] allows users to hide the presence of the su binary sures root detection and avoidance has quickly become a cat- by renaming or removing it. Others such as [4] use Java re- and-mouse game where applications have emerged to hide flection to intercept standard API calls and change their traces of \rooting" [4, 1], and application developers have de- behavior. The main limitation is that if the check happens veloped more and more checks. While it is well known in the to be done using native code it cannot be bypassed. community that checks for \rooted" devices are in place, as well as countermeasures (and counter-counter measures), no Misc. Ongtang et al. proposed Secure Application INTer- systematic analysis of these methods and their usage across action (Saint) [9] to govern install-time permission assign- security and BYOD/MDM applications exists as far as we ment and their run-time use according to security policies know. To fill that gap, in this paper we provide an analy- defined by the app authors. Rastogi [11] evaluated the state- sis of the state of the art in root detection across security of-the-art commercial mobile anti-malware products for An- and BYOD/MDM applications based solely on static analy- droid to test how resistant they are against various common sis of application packages freely available for Android. Our obfuscation techniques which are usually leveraged by mal- analysis reveals that, unfortunately, root detection remains ware to hide root exploit code. a tricky task, with no method being able to detect rooted devices in the presence of a determined user. In addition, we In our study of the state of the art we were unable to find provide details on how devices are rooted in the first place, a paper that focuses on the mechanisms employed by appli- and how privilege escalation to root works on Android. We cations to detect the presence of \rooted" phones. Thus we also discuss which root detection methods are more difficult believe this to be the first paper to investigate these methods to evade than others, as well as which ones are better at and uncover their simplicity. avoiding detection by simple static analysis. 3. ROOT CHECKS The remainder of the paper is organized as follows. Section 2 presents related work. Section 3 describes how root access 3.1 How does Root work works on mobile devices along with a detailed analysis of the There are two common ways that root access is attained mechanisms used to detect such access amongst popular se- on Android: either a custom Android image (aka ROM) is curity focused applications and BYOD/MDM applications. installed that provides privilege escalation or an application Section 4 presents AndroPoser; a simple tool that despite exploits a flaw in the operating system to add a privilege its simplicity can circumvent all of the checks we encoun- escalation binary to the system partition. tered, causing apps to behave as if installed on a device that is non-rooted while it in fact is \rooted". Finally Section 5 Unlike standard Linux systems the invocation of \su" is com- summarizes our work and concludes the paper. monly not enough to elevate privileges to root. Following the conventions of the Android ecosystem root privilege is 2. RELATED WORK managed through intents. With these intents, an applica- tion must ask for permission to escalate privileges and this MDM In [13] the authors present an enhanced root man- request must be granted by a supervisor process. Figure 1 agement system for protecting rooted Android phones by depicts the life-cycle of an application requesting root priv- providing a fine-grained policy and more contextual informa- ileges. First the application invokes the su binary, which tion about applications that are requesting root privileges.
Recommended publications
  • Mind Your Own Business: a Longitudinal Study of Threats and Vulnerabilities in Enterprises
    Mind your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises Abstract—Enterprises own a significant fraction of the hosts to, financial assets, and security investment. Thus, it is very connected to the Internet and possess valuable assets, such as likely that the best practices mentioned above do not equally financial data and intellectual property, which may be targeted apply to all of them. by attackers. They suffer attacks that exploit unpatched hosts and install malware, resulting in breaches that may cost millions Currently, it is not clear how the security posture of in damages. Despite the scale of this phenomenon, the threat and enterprises differ according to different factors and whether vulnerability landscape of enterprises remains under-studied. The enterprises are indeed more secure than consumer hosts, i.e., security posture of enterprises remains unclear, and it’s unknown if their security investment is paying off. In this paper, we aim whether enterprises are indeed more secure than consumer hosts. to throw light into these questions by conducting a large-scale To address these questions, we perform the largest and longest longitudinal measurement study of enterprise security. We an- enterprise security study up to date. Our data covers nearly alyze the enterprise threat landscape including the prevalence 3 years and is collected from 28K enterprises, belonging to 67 industries, which own 82M hosts and 73M public-facing servers. of malware and PUP in enterprise hosts and how common security practices, such as vulnerability patching and operating Our measurements comprise of two parts: an analysis of system updates are handled.
    [Show full text]
  • Forescout Counteract® Endpoint Support Compatibility Matrix Updated: October 2018
    ForeScout CounterACT® Endpoint Support Compatibility Matrix Updated: October 2018 ForeScout CounterACT Endpoint Support Compatibility Matrix 2 Table of Contents About Endpoint Support Compatibility ......................................................... 3 Operating Systems ....................................................................................... 3 Microsoft Windows (32 & 64 BIT Versions) ...................................................... 3 MAC OS X / MACOS ...................................................................................... 5 Linux .......................................................................................................... 6 Web Browsers .............................................................................................. 8 Microsoft Windows Applications ...................................................................... 9 Antivirus ................................................................................................. 9 Peer-to-Peer .......................................................................................... 25 Instant Messaging .................................................................................. 31 Anti-Spyware ......................................................................................... 34 Personal Firewall .................................................................................... 36 Hard Drive Encryption ............................................................................. 38 Cloud Sync ...........................................................................................
    [Show full text]
  • Mcafee Epolicy Orchestrator DATA SHEET
    DATA SHEET McAfee ePolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage by offering more time to exploit the gap not seen between the tools and do damage. In addition, the cybersecurity workforce is limited and needs to be empowered to manage cybersecurity complexity. The McAfee® ePolicy Orchestrator® (McAfee ePO™) management platform removes the time-consuming and potential human error effort and inspires those responsible to manage security quicker and with higher efficacy. Fundamental Security Proven Advanced Security Management Start with the fundamentals. Core to any security More than 30,000 businesses and organizations trust architecture is the ability to monitor and control the the McAfee ePO console to manage security, streamline health of endpoints and systems. Industry standards and automate compliance processes, and increase such as Center for Internet Security (CIS) Controls and overall visibility across endpoint, network, and security National Institute of Standards Technology (NIST) SP operations. Big companies rely on the McAfee ePO 800 153 security and privacy controls call this out as console’s highly scalable architecture, allowing large a must. The McAfee ePO console allows you to gain enterprises to manage hundreds and thousands of critical visibility and set and automatically enforce nodes from a single console. The McAfee ePO console policies to ensure a healthy security posture across provides an enterprise security administrator with the your enterprise. Policy management and enforcement opportunity to simplify policy maintenance, pull in third- across security products for your entire enterprise party threat intelligence leveraging Data Exchange Layer is accomplished from a single console, removing the (DXL), and integrate policies bi-directionally with an array complexity of managing multiple products.
    [Show full text]
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts
    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
    [Show full text]
  • Printmgr File
    ˆ200F$l2ZLVgqon1gÈŠ 200F$l2ZLVgqon1g¨ VDI-W7-PR3-1248 SYMANTEC CORPORATION Donnelley Financial12.6.30 EGV yanns0ap24-May-2018 22:26 EST 594139 TX 1 2* SYMANTEC CORP PAL HTM ESS 0C Page 1 of 1 UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM SD SPECIALIZED DISCLOSURE REPORT Symantec Corporation (Exact Name of Registrant as Specified in its Charter) Delaware 000-17781 77-0181864 (State or other jurisdiction of (Commission (IRS Employer incorporation or organization ) File Number) Identification No.) 350 Ellis Street, Mountain View, California 94043 (Address of Principal Executive Offices) (Zip Code) Nicholas R. Noviello, Executive Vice President and Chief Financial Officer (650) 527-8000 (Name and telephone number, including area code, of the person to contact in connection with this report.) Not Applicable (Former Name or Former Address, if Changed Since Last Report) Check the appropriate box below to indicate the rule pursuant to which this form is being filed, and provide the period to which the information in this form applies: Rule 13p-1 under the Securities Exchange Act (17 CFR 240.13p-1) for the reporting period January 1 to December 31, 2017 ˆ200F$l2ZLVhV$Vk6$Š 200F$l2ZLVhV$Vk6$ VDI-W7-PFL-0639 SYMANTEC CORPORATION Donnelley Financial12.6.29 EGV ahern0ap24-May-2018 23:14 EST 594139 TX 2 3* SYMANTEC CORP PAL HTM ESS 0C Page 1 of 1 Item 1.01. Conflict Minerals Disclosure and Report. Conflict Minerals Disclosure A copy of the Conflict Minerals Report of Symantec Corporation (“Symantec”) for the reporting period January 1 to December 31, 2017 is filed as Exhibit 1.01 to this specialized disclosure report on Form SD and is also available at Symantec’s website at https://www.symantec.com/about/corporate-responsibility/resources/corporate-responsibility-policies .
    [Show full text]
  • Q3 Consumer Endpoint Protection Jul-Sep 2020
    HOME ANTI- MALWARE PROTECTION JUL - SEP 2020 selabs.uk [email protected] @SELabsUK www.facebook.com/selabsuk blog.selabs.uk SE Labs tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real time. 2 Home Anti-Malware Protection July - September 2020 MANAGEMENT Chief Executive Officer Simon Edwards CONTENTS Chief Operations Officer Marc Briggs Chief Human Resources Officer Magdalena Jurenko Chief Technical Officer Stefan Dumitrascu Introduction 04 TEstING TEAM Executive Summary 05 Nikki Albesa Zaynab Bawa 1. Total Accuracy Ratings 06 Thomas Bean Solandra Brewster Home Anti-Malware Protection Awards 07 Liam Fisher Gia Gorbold Joseph Pike 2. Threat Responses 08 Dave Togneri Jake Warren 3. Protection Ratings 10 Stephen Withey 4. Protection Scores 12 IT SUPPORT Danny King-Smith 5. Protection Details 13 Chris Short 6. Legitimate Software Ratings 14 PUBLICatION Sara Claridge 6.1 Interaction Ratings 15 Colin Mackleworth 6.2 Prevalence Ratings 16 Website selabs.uk Twitter @SELabsUK 6.3 Accuracy Ratings 16 Email [email protected] Facebook www.facebook.com/selabsuk 6.4 Distribution of Impact Categories 17 Blog blog.selabs.uk Phone +44 (0)203 875 5000 7.
    [Show full text]
  • Consumer Security Products Performance Benchmarks (Edition 2) Antivirus & Internet Security Windows 10
    Consumer Security Products Performance Benchmarks (Edition 2) Antivirus & Internet Security Windows 10 January 2020 Document: Consumer Security Products Performance Benchmarks (Edition 2) Authors: J. Han, D. Wren Company: PassMark Software Date: 13 January 2020 Edition: 2 File: Consumer_Security_Products_Performance_Benchmarks_2020_Ed_2.docx Consumer Security Performance Benchmarks 2019 PassMark Software Table of Contents TABLE OF CONTENTS ......................................................................................................................................... 2 REVISION HISTORY ............................................................................................................................................ 3 REFERENCES ...................................................................................................................................................... 3 EXECUTIVE SUMMARY ...................................................................................................................................... 4 OVERALL SCORE ................................................................................................................................................ 5 PRODUCTS AND VERSIONS ............................................................................................................................... 6 PERFORMANCE METRICS SUMMARY ................................................................................................................ 7 TEST RESULTS ................................................................................................................................................
    [Show full text]
  • RECOMMENDED MERGER of AVAST PLC with NORTONLIFELOCK INC
    NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, IN WHOLE OR IN PART, DIRECTLY OR INDIRECTLY, IN, INTO OR FROM ANY JURISDICTION WHERE TO DO SO WOULD CONSTITUTE A VIOLATION OF THE RELEVANT LAWS OR REGULATIONS OF SUCH JURISDICTION FOR IMMEDIATE RELEASE THIS ANNOUNCEMENT CONTAINS INSIDE INFORMATION 10 August 2021 RECOMMENDED MERGER of AVAST PLC with NORTONLIFELOCK INC. to be effected by means of a Scheme of Arrangement under Part 26 of the Companies Act 2006 Summary Further to the announcements made by NortonLifeLock Inc. (“NortonLifeLock”) and Avast plc (“Avast” or the “Company”) on 14 July 2021, the boards of NortonLifeLock and Avast are pleased to announce that they have reached agreement on the terms of a recommended merger of Avast with NortonLifeLock, in the form of a recommended offer by Nitro Bidco Limited (“Bidco”), a wholly- owned subsidiary of NortonLifeLock, for the entire issued and to be issued ordinary share capital of the Company (the “Merger”). It is intended that the Merger will be effected by means of a Court- sanctioned scheme of arrangement under Part 26 of the Companies Act (the “Scheme”). The boards of NortonLifeLock and Avast believe the Merger has compelling strategic logic and represents an attractive opportunity to create a new, industry leading consumer Cyber Safety business, leveraging the established brands, technical expertise and innovation of both groups to deliver substantial benefits to consumers, shareholders and other stakeholders. Under the terms of the Merger, Avast Shareholders will be entitled to receive: for each Avast Share held: USD 7.61 in cash and 0.0302 of a New NortonLifeLock Share in respect of their entire holding of Avast Shares (the “Majority Cash Option”).
    [Show full text]
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense
    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
    [Show full text]
  • Saint Francis Healthcare Stays Safe from Cyberattacks Secures Thousands of Endpoints Vital to Patient Care
    GravityZone Success Story Saint Francis Healthcare stays safe from cyberattacks Secures thousands of endpoints vital to patient care THE CUSTOMER Saint Francis Healthcare System is a 308-bed facility serving more than 713,000 people Industry throughout Missouri, Illinois, Kentucky, Tennessee and Arkansas. The progressive, innovative Healthcare regional tertiary care referral center has been named one of the top 100 “Best Places to Work in Healthcare” by Modern Healthcare magazine for six consecutive years. Headquarters Cape Girardeau, Missouri, U.S.A Employees THE CHALLENGE 3,000 (IT staff, 24) With patients’ health at stake, physicians need uninterrupted access to vital medical information. Challenges Saint Francis Healthcare System’s previous antivirus software, from Trend Micro, made this Faulty antivirus software more challenging because it erroneously blocked critical applications, requiring doctors to call for blocked physicians’ access to support at all hours. critical applications while scan storms crippled virtual desktop The Trend Micro software also created scan storms, dragging virtual desktop sessions to a crawl. performance. A second security This forced the IT team to remove antivirus programs from the virtual desktop infrastructure, solution created policy conflicts leaving thousands of endpoints unprotected. and an administrative burden. To fill the gap, IT added protection with Malwarebytes. Still, the infamous CryptoLocker Solution ransomware evaded the protective layer, disrupting productivity. Because policies across Trend Bitdefender GravityZone Micro and Malwarebytes often conflicted, engineers couldn’t keep up with the constant fixes, Enterprise Security Suite, which further exposed endpoint protection to risk. deployed on premises to protect physical and virtual desktops, and servers and ensure secure, THE SOLUTION reliable access to vital medical To consolidate and strengthen endpoint protection, Saint Francis Healthcare System evaluated and administrative applications.
    [Show full text]
  • Nortonlifelock to Acquire Avira in $360M Deal
    Source: Research and Markets December 10, 2020 05:58 ET NortonLifeLock to Acquire Avira in $360M Deal Dublin, Dec. 10, 2020 (GLOBE NEWSWIRE) -- ResearchAndMarkets.com published a new article on the IT security industry "NortonLifeLock to Acquire Avira in $360M Deal" NortonLifeLock has announced that it will acquire German IT security firm Avira for around $360 million in an all cash deal from Investcorp Technology Partners. Avira provides customers with a suite of software security solutions, including anti-malware, threat intelligence and IoT solutions to protect users' online identity and private data. The company has built a customer base of millions around its freemium model which allows users to install Avira antivirus software for free but with less functionality than paid versions. Avira has also grown its customer base via white label deals with strategic partners like NTT, Deutsche Telekom and more. By acquiring Avira, NortonLifeLock hopes to expand into the freemium consumer market as well as strong markets in Europe and other emerging regions. Avira chief executive Travis Witteveen and chief technology officer Matthias Ollig will join NortonLifeLock's leadership team after the deal's closing which is expected in the fourth quarter of 2021. To see the full article and a list of related reports on the market, visit"NortonLifeLock to Acquire Avira in $360M Deal" About ResearchAndMarkets.com ResearchAndMarkets.com is the world's leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.
    [Show full text]
  • Summary Report 2020 Awards, Winners, Comments
    Independent Tests of Anti-Virus Software Summary Report 2020 Awards, winners, comments TEST PERIOD : 2020 LANGUAGE : ENGLISH LAST REVISION : 15TH JANUARY 2021 WWW.AV-COMPARATIVES.ORG Summary Report 2020 www.av-comparatives.org Content INTRODUCTION 3 MANAGEMENT SUMMARY 5 ANNUAL AWARDS 9 PRICING 16 USER EXPERIENCE REVIEW 18 AVAST FREE ANTIVIRUS 21 AVG ANTIVIRUS FREE 24 AVIRA ANTIVIRUS PRO 27 BITDEFENDER INTERNET SECURITY 30 ESET INTERNET SECURITY 34 F-SECURE SAFE 38 G DATA INTERNET SECURITY 41 K7 TOTAL SECURITY 45 KASPERSKY INTERNET SECURITY 48 MCAFEE TOTAL PROTECTION 52 MICROSOFT DEFENDER ANTIVIRUS 55 NORTONLIFELOCK NORTON 360 DELUXE 58 PANDA FREE ANTIVIRUS 61 TOTAL AV ANTIVIRUS PRO 64 TOTAL DEFENSE ESSENTIAL ANTI-VIRUS 67 TREND MICRO INTERNET SECURITY 70 VIPRE ADVANCED SECURITY 73 FEATURELIST COMES HERE 76 COPYRIGHT AND DISCLAIMER 77 2 Summary Report 2020 www.av-comparatives.org Introduction About AV-Comparatives We are an independent test lab, providing rigorous testing of security software products. We were founded in 2004 and are based in Innsbruck, Austria. AV-Comparatives is an ISO 9001:2015 certified organisation. We received the TÜV Austria certificate for our management system for the scope: “Independent Tests of Anti-Virus Software”. http://www.av-comparatives.org/iso-certification/ AV-Comparatives is the first certified EICAR Trusted IT-Security Lab http://www.av-comparatives.org/eicar-trusted-lab/ At the end of every year, AV-Comparatives releases a Summary Report to comment on the various consumer anti-virus products tested over the course of the year, and to highlight the high-scoring products of the different tests that took place over the twelve months.
    [Show full text]