Overview: Results of VTC Test 97-02 (February 1997): ---------------------------------------------------- The test presented here works on the shoulder of previous VTC tests performed by Vesselin Bontchev (his last test "94-07" is available, for comparison, from a parallel entry in our ftp site). Due to inter- dediary developments, a new category (macro viruses) had appeared, and the number of file and boot viruses had more than doubled, with a related increase in infected files and images. Moreover, security requirements forced VTC to transport the "simple test platform" (just a 486!) to a local Windows NT network (see 4testcon.txt). Consequently, test protocols became more complex, and result complexity also grew. Under these conditions, VTC has tested on-demand AntiViral scanners for their ability to detect boot, file and macro viruses in the resp. virus database. The protocols produced by each scanner were analysed for indications how many viruses were detected, and whether identification is consistent (that is: producing the same name for all infected files, images and documents, respectively) and reliable (that is: detecting all infected files, images and documents). The file, boot and macro viruses were frozen on November 30, 1996. For a detailed index of the resp. virus databases see: A3TSTBED.ZIP). After a series of pre-tests during which test procedures were installed, final tests wer performed on available products received before February 9, 1997. As some scanners had several updates within this period, test results show nicely how quality of those scanners improved during this time period. In order to extract maximum information from the test results, comparative tables were produced for all sets both for the "full test" as well as for the subset regarded equivalent to Joe Well`s "In-The-Wild" list. The result tables are given in ASCII, in a form from which an EXCEL or LOTUS spreadsheet can simply be derived, by simply deleting the headline and importing the "pure" table into a related spreadsheet. VTC deliberately did NOT follow suggestions to (optionally) present the results in XLS form, to avoid ANY possible macro-viral side effect (e.g. when some mirror site inadvertantly implants an XLS virus during its preprocessing, e.g. when adding some information on the mirror site). In order to determine whether and to what degree AntiViral products also help users in identiying non-replicating malicious software, such as trojan horses, virus generators and intended (though not replicating) viruses, a special test was performed to detect known non-viral malware esp. related to macro viruses; this area was selected as published evidence about such malicious non-viral software is available (see VTCs macrolst.971). Presently, this is a by-product of AV products, but as malicious software develops, users will need support form knowledgeable sources to at least detect malware, possibly including network anomalies such as worms, hostile applets and controls etc. This additional test is *mainly for discussion of the need for such products, rather than on the quality of present products*. Detailed results are collected in separate files: 6b-sufil.txt: Detection Rate/Consistency/Reliability of File Viruses 6c-suboo.txt: Detection Rate/Consistency/Reliability of Boot Viruses 6d-sumac.txt: Detection Rate/Consistency/Reliability of Macro Viruses 6e-sumal.txt: Detection Rate of Macro Malware The following tables present an comparative overview of results concerning: Table 1: Detection Rate of Viruses in "Full Test" Table 2: Detection Rate of Viruses on "In-The-Wild" list Table 3: Detection Rate of Infected Objects (Files/Images/Documents) Table 4: Consistency/Reliability of Virus Detection in "Full Test" Table 5: Detection Rate of Non-Viral Macro Malware in "Full Test" Much more information is available from the detailed tables, including detection of virus related to goat files, images and documents (see related chapters). -------------------- Overview Table #1: - ---------------------- Table 1: Viral Detection Rate in "full test": This table indicates how many viruses in the full database have been detected by the respective scanner. Optimum measure is 100%. ================================================================ | Scanner | Number of File | Number of Boot ! Number of Macro! | Codename: | Viruses (%): | Viruses (%): ! Viruses (%) | |===========+================+================+================+ | Total: | 10,704 (100 %) | 827 (100 %) ! 143 (100 %) | ============+================+================+================+ | ALERT/Look: | | al41013 | 10,487 (98,0%) | 804 (97,2%) | 100 (69,9%) | | al41014 | 10,507 (98,2%) | 807 (97,6%) | 126 (88,1%) | | al41015 | 10,580 (98,8%) | 774 (93,6%) | 138 (96,5%) | | AVAST!/Alwil: =============================================== | av75013 | 10,506 (98,2%) | 808 (97,7%) | 104 (72,7%) | | av75014 | 14,511 (98,2%) | 807 (97,6%) | 126 (88,1%) | | av77001 | 10,584 (98,9%) | 778 (94,1%) | 142 (99,3%) | | AVG/Grisoft: ================================================= | avg41 | 8,481 (79,2%) | 586 (70,9%) | 36 (25,2%) | | AVP/KAMIS: =================================================== | avp222 | 10,578 (98,8%) | 802 (97,0%) | 138 (96,5%) | | avpl30 | 10,589 (98,5%) | 536 (64,8%) | 142 (99,3%) | | AVScan/H+B EDV: ============================================== | avs293b | 6,850 (64,0%) | 464 (56,1%) | 25 (17,5%) | | avs320 | 7,852 (73,4%) | 504 (60,9%) | 83 (58,0%) | | DrWeb/Dialogue SC: =========================================== | drw318d | 9,984 (93,3%) | 357 (43,2%) | 129 (90,2%) | | drw318f | 9,979 (93,2%) | 366 (44,3%) | 129 (90,2%) | | DSAV/DrSolomon: ============================================== | dsav766 | 10,657 (99,6%) | | 111 (77,6%) | | dsav767 | 10,674 (99,7%) | 820 (99,2%) | 120 (83,9%) | | dsav768 | 10,675 (99,7%) | 825 (99,8%) | 140 (97,9%) | | F-PROT: ====================================================== | fmac102 | n/a n/a | n/a n/a | 141 (98,6%) | | fpr225 | 9,705 (90,7%) | 703 (85,0%) | 62 (43,4%) | | F/Win: ======================================================= | fwin402 | n/a n/a | n/a n/a | 139 (97,2%) | | fwin403 | n/a n/a | n/a n/a | 139 (97,2%) | | IBM AV: ====================================================== | ibm251 | 10,017 (93,6%) | See problems | 93 (65,0%) | | Integrity Master: ============================================ | itm311a | See problems | See problems | 41 (28,7%) | | itm311b | See problems | 107 (12,9%) | 117 (81,8%) | | InVircible: ================================================== | inv612a | 838 (7,8%) | See problems | See problems | | inv612d | 829 (7,7%) | See problems | See problems | | Norton AV/Symantec: ========================================== | nav30j | See problems | 543 (65,7%) | 110 (76,9%) | | nav30f | 8,638 (80,7%) | 553 (66,9%) | 121 (84,6%) | | Norman VC: =================================================== | nvc351 | 9,359 (87,4%) | 711 (86,0%) | 19 (13,3%) | | PCVP/CSE: ==================================================== | pcvp239 | 7,267 (67,9%) | 397 (48,0%) | See problems | | pcvp240 | 7,266 (67,9%) | 335 (40,5%) | See problems | | Scan/McAfee: ================================================= | scn253d | 8,701 (81,3%) | 670 (81,0%) | 114 (79,7%) | | scn253f | 8,981 (83,9%) | 682 (82,5%) | 136 (95,1%) | | Sweep/Sophos: ================================================ | swp293 | 10,111 (94,5%) | 780 (94,3%) | 106 (74,1%) | | swp294 | 10,262 (95,9%) | 784 (94,8%) | 125 (87,4%) | | TBAV/ThunderByte: ============================================ | tbav706 | 10,178 (95,1%) | 751 (90,8%) | 101 (70,6%) | | tbav707 | 10,223 (95,5%) | 650 (78,6%) | 103 (72,0%) | | TNT/Carmel: ================================================== | tnt964 | See problems | 379 (45,8%) | 32 (22,4%) | | tnt971 | 6,209 (58,0%) | 373 (45,1%) | 88 (61,5%) | | VDS/Adv.Res.Group: =========================================== | vds31 | See problems | See problems | 23 (16,1%) | | Virex: ======================================================= | vrx299 | See problems | See problems | 11 ( 7,7%) | | Virus Buster/Leprechaun: ===================================== | vbs482 | 4,457 (41,6%) | See problems | See problems | | vbs484 | 4,457 (41,6%) | See problems | See problems | | vbsl484 | 7,794 (72,8%) | See problems | See problems | | vb48415 | 4,614 (43,1%) | See problems | See problems | | Virus Hunter/Dialogue Sc: ==================================== | vht1663 | 2,018 (18,9%) | | See problems | | vht1678 | 2,066 (19,3%) | 301 (36,4%) | See problems | | Virus Track/On Technology: =================================== | vit9606 | 4,873 (45,5%) | See problems | 9 ( 6,3%) | | XScan/Anyware: =============================================== | xsc233 | 6,365 (59,5%) | See problems | See problems | |============+================+================+================+ Explanation of the different columns: 1) "Scanner Codename" is the code name of the scanner as listed in the file A2SCANLS.TXT. 2) "Number of File Viruses (%)" is the number of different file infecting *viruses* in the virus collection used during the tests, which have been detected by the particular scanner. Their percentage from the full set of viruses in the collection used for the tests is given in parenthesis. We define two viruses as being different if they differ in at least one bit in their non-modifiable parts. For the variably encrypted viruses, the virus body has to be decrypted before the comparison is to be performed. For the polymorphic viruses, additionally the part of the virus which is modified during the replication process has to be ignored. 3) "Number of Boot Viruses (%)" is the number of different boot sector *viruses* from the collection used for the test that the scanner detects. This field is analogous to field 2, only it lists boot sector viruses, not file infecting viruses. 4) "Number of Macro Viruses (%)" is the number of different macro *viruses* from the collection used for the test that the scanner detects. This field is analogous to field 2, only it lists macro viruses, not file infecting viruses. -------------------- Overview Table 2: ------------------------- Table 2: "In-The-Wild" Viral Detection Rate: This table indicates how many viruses belonging to the "In-The-Wild" subset of the full virus databases have been found by the respective scanner. Optimum measure is 100%. ================================================================ | Scanner | Number of File | Number of Boot ! Number of Macro! | Codename: | Viruses ITW(%):| Viruses ITW(%):! Viruses ITW (%)| |===========+================+================+================+ | Total: | 118 (100,0 %) | 91 (100,0 %) ! 22 (100,0%) | ============+================+================+================+ | ALERT/Look: | | al41013 | 118 (100,0%) | 90 ( 98,9%) | 21 ( 95,5%) | | al41014 | 118 (100,0%) | 90 ( 98,9%) | 22 (100,0%) | | al41015 | 118 (100,0%) | 85 ( 93,4%) | 22 (100,0%) | | AVAST!/Alwil: ================================================ | av75013 | 118 (100,0%) | 91 (100,0%) | 21 ( 95,5%) | | av75014 | 118 (100,0%) | 90 ( 98,9%) | 22 (100,0%) | | av77001 | 118 (100,0%) | 86 ( 94,5%) | 22 (100,0%) | | AVG/Grisoft: ================================================= | avg41 | 101 ( 85,6%) | 69 ( 75,8%) | 6 ( 27,3%) | | AVP/KAMIS: =================================================== | avp222 | 118 (100,0%) | 91 (100,0%) | 22 (100,0%) | | avpl30 | 118 (100,0%) | 78 ( 85,7%) | 22 (100,0%) | | AVScan/H+B EDV: ============================================== | avs293b | 104 ( 88,1%) | 80 ( 87,9%) | 5 ( 22,7%) | | avs320 | 112 ( 94,9%) | 85 ( 93,4%) | 18 ( 81,8%) | | DrWeb/Dialogue SC: =========================================== | drw318d | 115 ( 97,5%) | 74 ( 81,3%) | 21 ( 95,5%) | | drw318f | 115 ( 97,5%) | 73 ( 80,2%) | 21 ( 95,5%) | | DSAV/DrSolomon: ============================================== | dsav766 | 118 (100,0%) | | 21 ( 95,5%) | | dsav767 | 118 (100,0%) | 91 (100,0%) | 22 (100,0%) | | dsav768 | 118 (100,0%) | 91 (100,0%) | 22 (100,0%) | | F-PROT: ====================================================== | fmac102 | n/a | n/a | 22 (100,0%) | | fpr225 | 117 ( 99,2%) | 90 ( 98,9%) | 16 ( 72,7%) | | F/Win: ======================================================= | fwin402 | n/a | n/a | 22 (100,0%) | | fwin403 | n/a | n/a | 22 (100,0%) | | IBM AV: ====================================================== | ibm251 | 117 ( 99,2%) | See problems | 21 ( 95,5%) | | Integrity Master: ============================================ | itm311a | See problems | See problems | 13 ( 59,1%) | | itm311b | See problems | 10 ( 11,0%) | 22 (100,0%) | | InVircible: ================================================== | inv612a | 41 ( 34,7%) | See problems | See problems | | inv612d | 43 ( 36,4%) | See problems | See problems | | Norton AV/Symantec: ========================================== | nav30d | See problems | 88 ( 96,7%) | 22 (100,0%) | | nav30f | 117 ( 99.2%) | 88 ( 96,7%) | 22 (100,0%) | | Norman VC: =================================================== | nvc351 | 104 ( 88,1%) | 89 ( 97,8%) | 2 ( 9,1%) | | PCVP/CSE: ==================================================== | pcvp239 | 86 ( 72,9%) | 65 ( 71,4%) | See problems | | pcvp240 | 86 ( 72,9%) | 72 ( 79,1%) | See problems | | Scan/McAfee: ================================================= | scn253d | 116 ( 98,3%) | 87 ( 95,6%) | 22 (100,0%) | | scn253f | 118 (100,0%) | 88 ( 96,7%) | 22 (100,0%) | | Sweep/Sophos: ================================================ | swp293 | 118 (100,0%) | 91 (100,0%) | 20 ( 90,9%) | | swp294 | 118 (100,0%) | 91 (100,0%) | 21 ( 95,5%) | | TBAV/ThunderByte: ============================================ | tbav706 | 118 (100,0%) | 91 (100,0%) | 20 ( 90,9%) | | tbav707 | 118 (100,0%) | 89 (100,0%) | 20 ( 90,9%) | | TNT/Carmel: ================================================== | tnt964 | See problems | 76 ( 83,5%) | 9 ( 40,9%) | | tnt971 | 108 ( 91,5%) | 77 ( 84,6%) | 20 ( 90,9%) | | VDS/Adv.Res.Group: =========================================== | vds31 | See problems | See problems | 6 ( 27,3%) | | Virex: ======================================================= | vrx299 | See problems | See problems | 3 ( 13.6%) | | Virus Buster/Leprechaun: ===================================== | vbs482 | 86 ( 72,9%) | See problems | See problems | | vbs484 | 86 ( 72,9%) | See problems | See problems | | vbsl484 | 101 ( 85,6%) | See problems | See problems | | vb48415 | 87 ( 73,7%) | See problems | See problems | | Virus Hunter/Dialogue Sc: ==================================== | vht1663 | 61 ( 51,7%) | | See problems | | vht1678 | 65 ( 55,1%) | 57 ( 62,6%) | See problems | | Virus Track/On Technology: =================================== | vit9606 | 91 ( 77,1%) | See problems | 1 ( 4,5%) | | XScan/Anyware: =============================================== | xsc233 | 86 ( 72,9%) | See problems | See problems | ============+================+================+================+ -------------------- Overview Table 3: ------------------------- Table 3: Detection Rate of infected objects in "full test": This table indicates how many infected objects (files, boot/MBR images, Word and EXCEL documents) have been found by the respective scanner in the full database. Optimum measure is 100%. ================================================================ | | ------- Number of objects infected: ----------- | | Scanner | with File | with Boot | with Macro | | Codename: | Viruses (%): | Viruses (%) ! Viruses (%) | |===========+================+================+================+ | Total: | 58,000 (100 %) | 2,577 (100 %) ! 472 (100 %) | ============+================+================+================+ | ALERT/Look: | | al41013 | 57,325 (98,8%) | 2,466 (95,7%) | 389 (82,4%) | | al41014 | 57,400 (99,0%) | 2,472 (95,9%) | 437 (92,6%) | | al41015 | 57,622 (99,3%) | 1,876 (72,8%) | 454 (96,2%) | | AVAST!/Alwil: ================================================ | av75013 | 57,400 (99,0%) | 2,530 (98,2%) | 395 (83,7%) | | av75014 | 57,416 (99,0%) | 2,472 (95,9%) | 437 (92,6%) | | av77001 | 57,638 (99,4%) | 1,950 (75,7%) | 471 (99,8%) | | AVG/Grisoft: ================================================= | avg41 | 45,842 (79,0%) | 1,476 (57,3%) | 171 (36,2%) | | AVP/KAMIS: =================================================== | avp222 | 57,606 (99,3%) | 2,518 (97,7%) | 459 (97,2%) | | avpl30 | 57,632 (99,4%) | 1,752 (68,0%) | 471 (99,8%) | | AVScan/H+B EDV: ============================================== | avs293b | 38,761 (66,8%) | 1,363 (52,9%) | 141 (29,9%) | | avs320 | 44,644 (77,0%) | 1,522 (59,1% | 318 (67,4%) | | DrWeb/Dialogue SC: =========================================== | drw318d | 54,407 (93,8%) | 1,305 (50,6%) | 449 (45,1%) | | drw318f | 54,296 (93,6%) | 1,337 (51,9%) | 449 (45,1%) | | DSAV/DrSolomon: ============================================== | dsav766 | 57,902 (99,8%) | | 411 (87.1%) | | dsav767 | 57,937 (99,9%) | 2,566 (99,6%) | 431 (91,3%) | | dsav768 | 57,938 (99,9%) | 2,574 (99,9%) | 465 (98,5%) | | F-PROT: ====================================================== | fmac102 | n/a | n/a | 470 (99,6%) | | fpr225 | 52,989 (91,4%) | 2,193 (85,1%) | 264 (55,9%) | | F/Win: ======================================================= | fwin402 | n/a | n/a | 461 (97,7%) | | fwin403 | n/a | n/a | 461 (97,7%) | | IBM AV: ====================================================== | ibm251 | 55,608 (95,9%) | See problems | 365 (77,3%) | | Integrity Master: ============================================ | itm311a | See problems | See problems | 196 (41,5%) | | itm311b | See problems | 220 ( 8,5%) | 431 (91,3%) | | InVircible: ================================================== | inv612a | 5,853 (10,1%) | See problems | See problems | | inv612d | 5,816 (10,0%) | See problems | See problems | | Norton AV/Symantec: ========================================== | nav30d | See problems | 1,704 (66,1%) | 418 (88,6%) | | nav30f | 49,312 (85,0%) | 1,744 (67,7%) | 430 (91,1%) | | Norman VC: =================================================== | nvc351 | 51,682 (89,1%) | 2,136 (82,9%) | 37 ( 7,8%) | | PCVP/CSE: ==================================================== | pcvp239 | 37,213 (64,2%) | 1,102 (42,8%) | See problems | | pcvp240 | 37,207 (64,2%) | 1,106 (42,9%) | See problems | | Scan/McAfee: ================================================= | scn253d | 48,891 (84,3%) | 2,058 (79,9%) | 411 (87,1%) | | scn253f | 50,209 (86,6%) | 2,085 (80,9%) | 454 (96,2%) | | Sweep/Sophos: ================================================ | swp293 | 56,071 (96,7%) | 2,456 (95,3%) | 411 (87,1%) | | swp294 | 56,465 (97,4%) | 2,471 (95,9%) | 445 (94,3%) | | TBAV/ThunderByte: ============================================ | tbav706 | 55,621 (95,9%) | 2,304 (89,4%) | 392 (83,1%) | | tbav707 | 55,853 (96,3%) | 2,338 (79,1%) | 399 (84,5%) | | TNT/Carmel: ================================================== | tnt964 | See problems | 1,288 (50,0%) | 169 (35,8%) | | tnt971 | 34,586 (59,6%) | 1,266 (49,1%) | 343 (72,7%) | | VDS/Adv.Res.Group: =========================================== | vds31 | See problems | See problems | 88 (18,6%) | | Virex: ======================================================= | vrx299 | See problems | See problems | 108 (22,9%) | | Virus Buster/Leprechaun: ===================================== | vbs482 | 25,746 (44,4%) | See problems | See problems | | vbs484 | 25,749 (44,4%) | See problems | See problems | | vbsl484 | 40,806 (70,4%) | See problems | See problems | | vb48415 | 26,579 (45,8%) | See problems | See problems | | Virus Hunter/Dialogue Sc: ==================================== | vht1663 | 12,496 (21,5%) | | See problems | | vht1678 | 12,609 (21,7%) | 1,002 (38,9%) | See problems | | Virus Track/On Technology: =================================== | vit9606 | 24,684 (42,6%) | See problems | 98 (20,8%) | | XScan/Anyware: =============================================== | xsc233 | 35,703 (61,6%) | See problems | See problems | |============+================+================+================+ Additional Explanation of the different columns (see also 1-4 at Table 1): 5) "Number (%) of objects infected with file viruses" is the number of *files* infected with file-infecting viruses from the test set, which are detected by that particular scanner as being infected. Percentage of those files from the full set of files is given in parenthesis. We often have more than one infected file per virus, but not all viruses are represented by the same number of files, so this number does not give a good impression of the real detection rate of the scanner. It is included here only for completeness. Of course, it still *does* provide some information - usually the better a scanner is, the more files it will detect as infected. 6) "Number (%) of objects infected with boot viruses" is the number of infected boot sectors in the test set that the scanner detects as infected. This field is analogous to field 5, though it lists infected boot sectors, not files. 7) "Number of objects infected with macro viruses" is the number of infected documents in the test set that the scanner detects as infected. This field is analogous to field 5, though it lists infected documents, not files. -------------------- Overview Table 4: ------------------------- Table 4: Consistency and Reliability of Virus Detection in "full test": This table provides information about the "quality" of detection. Inconsistent or unreliable detection means that some virus is identified with different names in different objects belonging to the same virus. Unreliable detection means that some virus is identified at least once, though not in all objects infected with the related virus. Optimum measures both for inconsistency and unreliability is 0%. ========================================================================== | Scanner | Unreliable Identification: | Unreliable Detection: | | Codename: | File(%) Boot (%) Macro (%) | File (%) Boot (%) Macro (%) | |=============+================+===========+===============+=============| | ALERT/Look: | | al41013 | 3,9% 2,8% 4,2% | 0,6% 0,6% 2,8% | | al41014 | 4,0% 2,8% 4,9% | 0,5% 0,6% 2,8% | | al41015 | 4,0% 1,8% 5,6% | 0,5% 25,2% 3,5% | | AVAST!/Alwil: =========================================================+ | av75013 | 3,9% 2,9% 4,9% | 0,5% 0,5% 2,1% | | av75014 | 3,9% 2,8% 4,9% | 0,5% 0,6% 2,8% | | av77001 | 4,0% 1,9% 1,4% | 0,4% 25,5% 0,0% | | AVG/Grisoft: ==========================================================+ | avg41 | 7,7% 1,6% 0,0% | 3,4% 23,2% 0,7% | | AVP/KAMIS: ============================================================+ | avp222 | 3,4% 3,7% 0,7% | 0,5% 1,1% 0,0% | | avpl30 | 0,8% 1,3% 0,7% | 0,4% 5,0% 0,0% | | AVScan/H+B EDV: =======================================================+ | avs293b | 62,1% 0,6% 0,0% | 1,7% 2,2% 2,8% | | avs320 | 71,7% 1,0% 0,0% | 1,6% 1,9% 8,4% | | DrWeb/Dialogue SC: ====================================================+ | drw318d | 10,8% 0,0% 0,0% | 4,0% 3,0% 1,4% | | drw318f | 8,7% 0,0% 0,0% | 4,0% 2,8% 1,4% | | DSAV/DrSolomon: =======================================================+ | dsav766 | 3,6% 0,0% | 0,1% 0,0% | | dsav767 | 3,5% 2,2% 0,0% | 0,1% 0,1% 0,0% | | dsav768 | 3,5% 2,1% 0,7% | 0,1% 0,0% 0,0% | | F-PROT: ===============================================================+ | fmac102 | n/a n/a 0,0% | n/a n/a 0,0% | | fpr225 | 1,3% 2,5% 0,0% | 1,1% 1,0% 4,2% | | F/Win: ================================================================+ | fwin402 | n/a n/a 0,0% | n/a n/a 0,0% | | fwin403 | n/a n/a 0,0% | n/a n/a 0,0% | | IBM AV: ===============================================================+ | ibm251 | 5,4% problem 0,0% | 0,9% problem 5,6% | | Integrity Master: =====================================================+ | itm311a | problem problem 2,8% | problem problem 4,2% | | itm311b | problem 0,0% 8,4% | problem 6,9% 2,8% | | InVircible: ===========================================================+ | inv612a | 0,0% problem problem | 2,6% problem problem | | inv612d | 0,0% problem problem | 2,6% problem problem | | Norton AV/Symantec: ===================================================+ | nav30d | problem 0,7% 0,7% | problem 2,9% 0,0% | | nav30f | 3,7% 0,7% 0,7% | 2,3% 3,0% 3,5% | | Norman VC: ============================================================+ | nvc351 | 0,0% 1,8% 0,0% | 1,6% 1,3% 7,0% | | PCVP/CSE: =============================================================+ | pcvp239 | 4,9% 4,2% problem | 4,8% 17,3% problem | | pcvp240 | 4,8% 0,2% problem | 4,8% 1,6% problem | | Scan/McAfee: ==========================================================+ | scn253d | 5,3% 2,3% 2,1% | 3,5% 2,9% 2,1% | | scn253f | 5,4% 2,2% 2.1% | 3,5% 2,9% 0,7% | | Sweep/Sophos: ========================================================== | swp293 | 4,0% 2,5% 0,0% | 1,4% 2,2% 0,0% | | swp294 | 4,1% 2,7% 0,7% | 1,4% 2,2% 0,0% | | TBAV/ThunderByte: =====================================================+ | tbav706 | 3,2% 1,6% 2,8% | 1,8% 1,6% 0,7% | | tbav707 | 2,4% 1,0% 2,8% | 1,7% 1,3% 0,7% | | TNT/Carmel: ===========================================================+ | tnt964 | problem 1,5% 0,0% | problem 3,5% 4,2% | | tnt971 | 3.3% 1,2% 1,4% | 8,9% 2,9% 6,3% | | VDS/Adv.Res.Group: ====================================================+ | vds31 | problem problem 0,0% | problem problem 7,7% | | Virex: ================================================================+ | vrx299 | problem problem 0,0% | problem problem 0,0% | | Virus Buster/Leprechaun: ==============================================+ | vbs482 | 0.9% problem problem | 2,9% problem problem | | vbs484 | 0.9% problem problem | 2,9% problem problem | | vbsl484 | 2,6% problem problem | 10,8% problem problem | | vb48415 | 0,9% problem problem | 3,0% problem problem | | Virus Hunter/Dialogue Sc:==============================================+ | vht1663 | 0,6% problem | 2,2% problem | | vht1678 | 0,6% 0,4% problem | 2,1% 1,2% problem | | Virus Track/On Technology: ============================================+ | vit9606 | 1,4% problem 0,0% | 4,6% problem 1,4% | | XScan/Anyware: ========================================================+ | xsc233 | 2,9% problem problem | 2,4% problem problem | |============+===============+================+==========================+ More Explanation of the different columns (see also 1-7 at tables 1+3): 8) The fields "Unconsistent Identification" measures the relative amount (%) of those viruses where different names were assigned to the same virus. This is, to some extent, a measure of how precise the identification capacity of the resp. scanner is; optimum measure is 0%. 9) The fields "Unreliable Detection" measures the relative amount (%) of viruses which were only partly detected. Definition of unreliable detection is that at least one sample of the virus *is* detected and at least one sample of the virus is *not* detected. In some sense, unreliable detection is more dangerous than those cases when a scanner misses the virus completely, because an unreliably detected virus may be a hidden source of continuous viral infections. Remark: in comparison with previous VTC tests, we have refrained from reporting other features such as "unreliable identifications" and "multiple reports", to reduce information overload. -------------------- Overview Table #5: - ---------------------- Table 5: Non-Viral Macro Malware Detection Rate: This table indicates whether some AntiVirus product also detects non-viral malware, esp. including virus generators, trojans and intended (though not self-replicating) viruses. Results only apply to Macro Malware where VTCs "List of Known Macro Malware" displays the actual status of all known malicious threats. ================================ | Scanner | Number of Macro | | Codename: | Malware found (%)| |===========+==================+ | Total: | 18 (100.0%) | ============+==================+ | ALERT/Look: | | al41013 | 7 ( 46,7%) | | al41014 | 9 ( 60,0%) | | al41015 | 9 ( 60,0%) | | AVAST!/Alwil: ===============+ | av75013 | 8 ( 53,3%) | | av75014 | 9 ( 60,0%) | | av77001 | 10 ( 66,7%) | | AVG/Grisoft: ================+ | avg41 | 5 ( 33,3%) | | AVP/KAMIS: ==================+ | avp222 | 10 ( 66,7%) | | avpl30 | 13 ( 86,7%) | | AVScan/H+B EDV: =============+ | avs293b | 3 ( 20,0%) | | avs320 | 8 ( 53,3%) | | DrWeb/Dialogue SC: ==========+ | drw318d | 9 ( 60,0%) | | drw318f | 9 ( 60,0%) | | DSAV/DrSolomon: =============+ | dsav766 | 13 ( 86,7%) | | dsav767 | 13 ( 86,7%) | | dsav768 | 13 ( 86,7%) | | F-PROT: =====================+ | fmac102 | 7 ( 46,7%) | | fpr225 | 1 ( 6,7%) | | F/Win: ======================+ | fwin402 | 8 ( 53,3%) | | fwin403 | 8 ( 53,3%) | | IBM AV: =====================+ | ibm251 | 4 ( 26,7%) | | Integrity Master: ===========+ | itm311a | 5 ( 33,3%) | | itm311b | 8 ( 53,3%) | | InVircible: =================+ | inv612a | See problems | | inv612d | See problems | | Norton AV/Symantec: =========+ | nav30d | 7 ( 46,7%) | | nav30f | 10 ( 66,7%) | | Norman VC: ==================+ | nvc351 | 2 ( 13,3%) | | PCVP/CSE: ===================+ | pcvp239 | See problems | | pcvp240 | See problems | | Scan/McAfee: ================+ | scn253d | 7 ( 46,7%) | | scn253f | 9 ( 60,0%) | | Sweep/Sophos: ===============+ | swp293 | 7 ( 46,7%) | | swp294 | 8 ( 53,3%) | | TBAV/ThunderByte: ===========+ | tbav706 | 7 ( 46,7%) | | tbav707 | 7 ( 46,7%) | | TNT/Carmel: =================+ | tnt964 | 2 ( 13,3%) | | tnt971 | 3 ( 20,0%) | | VDS/Adv.Res.Group: ==========+ | vds31 | 1 ( 6,7%) | | Virex: ======================+ | vrx299 | 0 ( 0,0%) | | Virus Buster/Leprechaun: ====+ | vbs482 | See problems | | vbs484 | See problems | | vbsl484 | See problems | | vb48415 | See problems | | Virus Hunter/Dialogue Sc: ===+ | vht1663 | See problems | | vht1678 | See problems | | Virus Track/On Technology: ==+ | vit9606 | 1 ( 6,7%) | | XScan/Anyware: ==============+ | xsc233 | See problems | |===========+==================+