What Is the EICAR Test File and How Does It Work?
Antivirus software is a key component of any decent cybersecurity strategy, whether it’s being used to protect a large organization or a personal device from outside attacks. There are hundreds of antivirus software solutions out there, and most of them work on the same basic principle: they detect, quarantine, and remove malicious code.
But is there a way to test if an antivirus program is working properly? The answer is yes, and it involves something called the EICAR test file.
What Is the EICAR Test File?
In simple terms, the EICAR test file is a computer file that was developed to test the response of antivirus (anti-malware) products. It is not a real computer virus, but it mimics malware, and thus allows for safe and effective testing.
The EICAR test file was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO). Both of these organizations have been around since the early 1990s, and are focused on malware research.
How to Test Your Antivirus With the EICAR Test File
To download the EICAR test file and check if your antivirus is any good, head over to eicar.org. The site provides four different files for download: eicar.com, eicar.com.txt, eicar_com.zip, and eicarcom2.zip. It is highly recommended that you download each, and let your antivirus do what it’s supposed to.
The first file, eicar.com, is 68 bytes long and contains the following ASCII string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*. The second file is a copy of this file, with a different filename. The third file, eicar_com.zip, is a ZIP archive file that has to be unzipped to access the actual “virus.” The fourth file contains the third file. So, in eicarcom2.zip, the EICAR test file itself is hidden beneath two layers of ZIP files.
If you try to download any of these files and your antivirus software blocks the download, then it is doing its job properly. However, if you really want to test it, disable your antivirus for a moment, download the fourth file (the one that has two ZIP layers), and then scan it to see whether the product you’re using is capable of penetrating through these multiple layers and detecting what is supposed to be malicious code.
Good antivirus software will immediately detect, and then quarantine or delete the EICAR test file.
What If Your Antivirus Doesn’t Detect the EICAR Test File?
If your antivirus suite does not detect the EICAR test file for some reason, then it is most probably not good enough, not working properly, or it just hasn’t been updated in quite a while. There are some exceptions, however. For example, Malwarebytes, which is a good and reliable anti-malware product, does not always recognize the EICAR test file as malicious.
Malwarebytes said back in 2016 that “detecting the EICAR strings doesn’t mean anything in terms of proving a products’ real-world effectiveness against threats.” According to the company, the EICAR experiment can only show whether an antivirus program can use a pattern-matching signature, but even if it can, that doesn’t mean it can stop more sophisticated malware attacks that employ certain obfuscation and signature evasion techniques.
How to Test Your Anti-Malware Software
Malwarebytes’ criticism may have some merit, but that aside, the EICAR test file can still prove useful when it comes to testing the response of your antivirus software to potential threats.
Still, it goes without saying that you should steer clear of shady websites, avoid downloading anything from unknown sources, and never click on suspicious links or email attachments.
And no matter which anti-malware product you use, make sure you update it regularly and keep an eye out for latest trends in cybersecurity. With all that said, there are several other ways to test antivirus software, without putting your device and personal information at risk.
via MUO – Feed https://ift.tt/M4QUBSi
September 20, 2022 at 01:50PM