Verify if your desktop security software

Detects drive-by downloads of malware

Drive-by download means two things, each concerning the unintended download of computer software from the Internet:

  1. Downloads which a person has authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically.
  2. Any download that happens without a person’s knowledge, often a computer virus, spyware, malware, or crimeware.

To verify if your desktop security software detects drive-by downloads of malware, a simulated “drive-by download” will be initiated: a new web page or tab will open and your browser will automatically attempt to download the EICAR test file. The EICAR test file was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO) to test the response of computer antivirus programs. Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real malware sample.

So, this file is NOT actually malicious, but by industry-wide agreement this file is detected as malicious by mainstream products with anti-malware functionality so that people can verify that their anti-malware product’s detection capability is configured correctly.

When you click on this button, a simulated “drive-by download” is initiated: a new web page will open and the EICAR test file will attempt to be downloaded.

If you are able to download this 68 byte test file successfully, your anti-malware solution is NOT configured correctly or DOES NOT conform with industry best practice.

Not sure if your product should support this feature?

Please contact your vendor’s support department for instructions explaining how to enable the feature in your product.

Verify if your desktop security software

The AMTSO Security Features Check Tools are hosted in association with EICAR.