ΥΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΈ ³ ³ ³ INFECTION COUNTDOWN - July 1995 ³ ³ ³ ΤΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΎ by David Smith, Antivirus researcher, Professional programmer Authorized vendor of TBAV and InVircible antivirus Copyright 1995, All rights reserved E-MAIL: physics@iadfw.net SIX THOUSAND LIVE VIRUSES FIVE SCANNERS go head-to-head in a fierce competition This is a complete analysis of all the virus scanners. All files were integrity sealed, and downloaded directly from the Internet plus other bulletin boards. Over 6,000 viruses and TEN HOURS of scanning, I bring you the real results from the real goodies. Viruses used for the test: 1. Russian collection 2. Classic - a well organized and reliable collection 3. Various dropper files Scanners used: IBM's Antivirus from DOS 7.0 McAfee's SCAN version 2.2.2 (06/15/95) AvPro 2.2 (registered) with update from 06/30/95 F-Prot 2.18a Tbav 6.35 (registered) Batch File used: AVP /t /m /p /b /q /s /y /w=fvirs.ksp F-PROT /nomem /list /noboot /nowrap /old /report=fvirs.fpr SCAN.EXE /nomem /sub /rpterr /rptcor /report fvirs.sc2 TBSCAN ld ba el ol lo ll=4 ln=fvirs.tbs IBMAVSP -vlog -programs -nb -copenerr -cerr -nrep -nwipe -nfscan -logfvirs.ibm BEFORE THE SCAN - COMMENTS Lots of new scanners this month. Finally, everybody updated! At the request of Keith Peer, the AVPRO guy, I set AVPRO to ALARM! mode (but took off redundant scan, since I do have a life) in order to maximize its potential to detect zoos. Not much of a difference... Also, I fully expect IBM to again suffer greatly at the hands of these other awesome scanners, and will remove it from testing as of next month. If any of you out there know some good scanners to try (that can keep up with AVPRO, TBAV, etc.), please drop me a line at physics@iadfw.net THE RESULTS: ------------------------------------------------------------------------ LAYOUT BY FILES: Russian Classic Droppers # 1443 3953 842 AVPRO 1416 3123 755 TBSCAN 1311 3688 696 F-PROT 1322 3642 805 McAfee 1188 3419 263 IBM n/a 3113 n/a LAYOUT BY PERCENTAGE: Russian Classic Droppers AVPRO 98.1 79.0 89.7 TBSCAN 90.8 93.3 82.7 F-PROT 91.6 92.1 95.6 McAfee 82.3 86.5 31.2 IBM n/a 78.8 n/a Best overall: ??? It's a tie! Second best: F-PROT Worst: IBM (as usual) AFTER THE SCAN - ANALYSIS: ------------------------------------------------- Everybody did good on each collection. AVPRO found all the Russian viruses, TBSCAN found most of the classic viruses, and F-PROT found most of the dropper files. It was close, so I'll just let the results speak for themselves... Great news: AVPRO lowered their prices to $60 for a license. Not a bad deal, and definitely better than F-PROT Professional's prices, and lower than TBAV's standard price of $70 bucks for DOS and $80 for DOS/Windows. All in all, your best bet is to snag a AVPRO license before they jack the price up again ;-) ------------------------------------------------------- 1. Russian collection ------------------------------------------------------- F-PROT: Files: 1433 (4.6 MB) Scanned: 1433 (4.6 MB) Infected: 1322 Suspicious: 17 Disinfected: 0 Deleted: 0 Renamed: 0 No boot sectors were scanned. Time: 2:59 AVPRO: Detected: 1416 bodies of 510 viruses Scanned: 1433 files 11 packed 3 directories 4773 Kbytes Scan time: 0:20:49 Speed: 4 Kb/sec SCAN: Analyzed: .............. 1433 Scanned: ............... 1432 Possibly Infected: ..... 1188 Time: 00:03.54 TBAV: Found 1433 files in 3 directories, 1252 files seem to be executable. 0 files were checked for changes, 0 files have been changed. 1311 files are infected by one or more viruses ------------------------------------------------------ 2. Classic - a well organized and reliable collection ------------------------------------------------------- F-PROT: Files: 3953 (18.1 MB) Scanned: 3754 (16.6 MB) Infected: 3642 Suspicious: 63 Disinfected: 0 Deleted: 0 Renamed: 0 No boot sectors were scanned. Time: 10:06 AVPRO: Detected: 3123 bodies of 1105 viruses Warnings: 25 Suspicious: 225 Scanned: 3542 files 158 packed 898 directories 17222 Kbytes Scan time: 1:32:37 Speed: 4 Kb/sec SCAN: File(s) Analyzed: .............. 3953 Scanned: ............... 3885 Possibly Infected: ..... 3419 Time: 00:12.34 TBAV: Found 3953 files in 1206 directories, 3884 files seem to be executable. 0 files were checked for changes, 0 files have been changed. 3688 files are infected by one or more viruses ------------------------------------------------------- 3. Various dropper files ------------------------------------------------------- F-PROT: Files: 842 (4.4 MB) Scanned: 842 (4.4 MB) Infected: 805 Suspicious: 17 Disinfected: 0 Deleted: 0 Renamed: 0 No boot sectors were scanned. Time: 0:53 AVPRO: Detected: 755 bodies of 197 viruses Warnings: 8 Suspicious: 29 Scanned: 842 files 678 packed 1 directories 4602 Kbytes Scan time: 0:26:57 Speed: 3 Kb/sec SCAN: Analyzed: .............. 842 Scanned: ............... 842 Possibly Infected: ..... 263 Time: 00:01.14 TBAV: Found 842 files in 1 directories, 823 files seem to be executable. 0 files were checked for changes, 0 files have been changed. 696 files are infected by one or more viruses FREE ADVERTISEMENT AVAILABLE HERE Contact physics@iadfw.net for info ³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³ WEST COAST INSTITUTE OF VIRUS RESEARCH Worlds Largest! 100 Megs Of Virus Files, All Strains, All Variations Over 7000 Virus With Complete Descriptions Online Over 10,000 .Exe and .Com Virus Files Online ASM,Mac,PAS,C,Amiga,Images,Docs,Text,Tdos,Bin,Trojans, etc. =Many Complete Collections= Nukenet 111:714/0, Virus Fido Echos WE Want Your Virus or Collection Researchers WANTED APPLY WITHIN (714) 772-7039, Sysop Falcon/NuKE This bbs is dedicated to the research and identification of the computer VIRUS.