================================================ File 6GWNT.TXT: Detailed results of File and Macro Virus related on-demand scanner tests under Windows NT: ================================================ (Formatted with non-proportional font: Courier; 72 columns) The following 18 products (versions) were submitted for W-NT tests, and 17 were tested (DRW tried always to delete the virus from the testbed; for details of related AV producers: see A2SCNLS.txt): -------------------------------------------------------- Products submitted for aVTC test under Windows-NT: -------------------------------------------------------- AV3 v: 3.0.304.0 sig: Dec.04,2000 AVG 6 v: 6.220 sig: Dec.11,2000 AVK 10 v: 10,0,0,0 sig: Dec.07,2000 AVP Platinum v: 3.5.311.0 sig: Dec.07,2000 CMD v: 4.60 sig: Dec.11,2000 DRW v: 4.21 (see problems list) FPR v: 3.08b sig: Dec.11,2000 FPW v: 3.08b sig: Dec.11,2000 FSE v: 5.21 sig: Dec.01,2000 INO v: 4.53 Enterprise Ed. sig: Dec.11,2000 NAV v: 5.01.01 sig: Dec.07,2000 NVC v: 4.86 sig: Dec.01,2000 PAV v: 3.0.132.4 sig: Dec.07,2000 PER v: 6.60 sig: Nov.30,2000 PRO v: 7.0.A11 sig: Dec.09,2000 RAV v: 8.1.001 sig: Dec.11,2000 SCN v: 4.12.0 sig: Dec.04,2000 VSP v: 12.02.2 sig: Dec.11,2000 -------------------------------------------------------- The following tables summarize detection and identification quality concerning FILE and MACRO viruses as well as selected FILE and MACRO MALWARE, both in full "zoo" virus collection and for viral ITW testbed. Additionally, test results are reported concerning detection of (6*10,000) viruses in a testbed with generations of 6 polymorphic file viruses, as well as a subset of 10,706 viruses generated from VKIT virus construction kit. Moreover, results for detection of viruses in files compressed with 6 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 6ASUMOV.TXT and 7EVAL.TXT. Results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- WNT.F1: "FileVirus 1": Results of "full" Zoo test for file viruses WNT.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses WNT.FA: "Polyfile-Test": Results of Polymorphic test WNT.FB: "VKIT Test": Results of VKIT file virus test WNT.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ and RAR WNT.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and packed with PKZIP, LHA, ARJ and RAR WNT.F3: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB WNT.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed wiith PKZIP WNT.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA WNT.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ WNT.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR WNT.F3e: "WinRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WinRAR WNT.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB WNT.F4: "False Positive" detection: Results of "full" Zoo test for non-viral (clean) file samples detected as "False positives" WNT.F5 "File Malware": Results of "full" Zoo test for File-related malware WNT.M1: "MacroVirus 1": Results of "full" test for macro viruses WNT.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses WNT.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB WNT.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB WNT.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP WNT.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA WNT.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ WNT.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR WNT.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WinRAR WNT.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB WNT.M4: "False Positive" detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" WNT.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware WNT.S1: "ScriptVirus 1": Results of "full" test for script viruses (VBS, JS etc) WNT.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses WNT.E1: "Exotic" malware: Results of special test for "exotic" viruses/trojans Table WNT.F1: "FileVirus 1": Results of "full" test for file viruses under Windows NT: =================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 20564 100.0 150703 100.0 ---------------------------------------------------------- AV3 19581 95.2 700 3.4 179 0.9 145286 96.4 AVG 16851 81.9 570 2.8 373 1.8 129336 85.8 AVK 20518 99.8 622 3.0 27 0.1 150530 99.9 AVP 20539 99.9 590 2.9 8 0.0 150590 99.9 CMD 20111 97.8 51 0.2 60 0.3 148734 98.7 FPR 20111 97.8 24 0.1 59 0.3 148739 98.7 FPW 20108 97.8 24 0.1 59 0.3 148736 98.7 ---------------------------------------------------------- FSE (3) 10518 51.1 47 0.2 5 0.0 76418 50.7 FSE(2+3) 15502 75.4 126 0.6 7 0.0 115510 76.6 ---------------------------------------------------------- INO 20107 97.8 688 3.3 201 1.0 148296 98.4 NAV 19307 93.9 1484 7.2 439 2.1 143110 95.0 NVC 20173 98.1 1295 6.3 209 1.0 148195 98.3 PAV 20539 99.9 590 2.9 8 0.0 150590 99.9 PRO 14500 70.5 790 3.8 1567 7.6 104829 69.6 RAV 19231 93.5 771 3.7 749 3.6 139144 92.3 SCN 20515 99.8 639 3.1 4 0.0 150640 100.0 VSP 15313 74.5 2941 14.3 1421 6.9 102296 67.9 ----------------------------------------------------------- Comment: results of several scanners may be influenced by the fact that these products had to be rerun when we detected that not all entries had been accessed during first run. In a 1st and possibly a 2nd "post- scan", those files untouched before were explicitly selected for scanning. We stopped after a 2nd postscan but even then, some products had not touched all objects. There is some evidence that this is due to a known problem in the FindFirst/FindNext routines in Windows operating systems which also materialized earlier, though at a lesser extent with a significantly smaller testbed (always for zoo file viruses). Microsoft was made aware of this problem ago but (no correction so far). Comment #2: concerning FSE, test progress was as following: In 1st run, FSE crashed without report (no diagnosis reported). 2nd and 3rd run were completed at each about 50% and 51.1%. When both reports (2+3) are connected, the CORRECT RESULT IS 75.4% (see CORRECTED ENTRY) There was also an (unplanned) 4th run which produced: --------------------------------------------------------- FSE#4 15502 75.4 126 0.6 7 0.0 115510 76.6 --------------------------------------------------------- This result can !NOT be used" as ALL OTHER PRODUCTS had ONLY 2 postscans AT MOST. Table WNT.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses under Windows NT: ====================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AV3 19 95.0 1 5.0 1 5.0 398 97.3 AVG 20 100.0 4 20.0 0 0.0 409 100.0 AVK 20 100.0 1 5.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 20 100.0 0 0.0 0 0.0 409 100.0 FPR 20 100.0 0 0.0 0 0.0 409 100.0 FPW 20 100.0 0 0.0 0 0.0 409 100.0 FSE 20 100.0 4 20.0 0 0.0 409 100.0 INO 20 100.0 1 5.0 0 0.0 409 100.0 NAV 20 100.0 3 15.0 0 0.0 409 100.0 NVC 20 100.0 2 10.0 0 0.0 409 100.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 14 70.0 0 0.0 2 10.0 235 57.5 PRO 20 100.0 3 15.0 0 0.0 409 100.0 RAV 20 100.0 3 15.0 3 15.0 402 98.3 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 9 45.0 3 15.0 1 5.0 295 72.1 ----------------------------------------------------------- Table WNT.FA: "Polyfile-Test": Results of Polymorphic test: =========================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Maximum 6 100.0 60000 100.0 ---------------------------------------------------------- AV3 6 100.0 1 16.7 1 16.7 59999 100.0 AVG 6 100.0 0 0.0 0 0.0 60000 100.0 AVP 6 100.0 0 0.0 0 0.0 60000 100.0 CMD 6 100.0 1 16.7 0 0.0 60000 100.0 FPR 6 100.0 1 16.7 0 0.0 60000 100.0 FSE 6 100.0 0 0.0 0 0.0 60000 100.0 INO 6 100.0 3 50.0 0 0.0 60000 100.0 NAV 6 100.0 1 16.7 0 0.0 60000 100.0 NVC 6 100.0 1 16.7 0 0.0 60000 100.0 PER 1 16.7 0 0.0 1 16.7 5000 8.3 PRO 6 100.0 2 33.3 1 16.7 58788 98.0 RAV 6 100.0 1 16.7 0 0.0 60000 100.0 SCN 6 100.0 1 16.7 0 0.0 60000 100.0 VSP 4 66.7 1 16.7 3 50.0 28551 47.6 ----------------------------------------------------------- Remark: For 6 polymorphic viruses (with Maltese Amoeba, MTE.Encroacher.B, NATAS, TREMOR, One-Half and Tequila as in the previous test), 10,000 generations each were produced with VTCs dynamic polymorphic generation and test engine. For each virus, 100 directories including infected objects with goat files of lengths ranging from 1 kByte to 100 kByte were generated. Table WNT.FB: "VKIT Test": Results of VKIT file virus test: =========================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 10706 100.0 104640 100.0 ---------------------------------------------------------- AV3 10527 98.3 1612 15.1 125 1.2 103244 98.7 AVG 10137 94.7 783 7.3 117 1.1 97780 93.4 AVK 10706 100.0 1194 11.2 0 0.0 104640 100.0 AVP 10706 100.0 1194 11.2 0 0.0 104640 100.0 CMD 10706 100.0 5721 53.4 3 0.0 104636 100.0 FPR 10706 100.0 1439 13.4 3 0.0 104637 100.0 FPW 10706 100.0 1439 13.4 3 0.0 104636 100.0 FSE 10706 100.0 0 0.0 0 0.0 104640 100.0 INO 10703 100.0 1264 11.8 8 0.1 104592 100.0 NAV 10696 99.9 638 6.0 120 1.1 103951 99.3 NVC 10704 100.0 6191 57.8 323 3.0 102073 97.5 PAV 10706 100.0 1194 11.2 0 0.0 104640 100.0 PER 2064 19.3 4 0.0 430 4.0 16043 15.3 PRO 9013 84.2 265 2.5 999 9.3 82345 78.7 RAV 10706 100.0 221 2.1 178 1.7 104247 99.6 SCN 10706 100.0 0 0.0 0 0.0 104640 100.0 VSP 10638 99.4 5925 55.3 71 0.7 103416 98.8 ----------------------------------------------------------- Remark: A testbed of 10,706 viruses generated with the VKIT virus generator (out of about 14,000 viruses which can be generated) was used to test detection quality. This test was separated from the "normal" file virus test as 1) there is no agreement between AV producers whether viruses from VKIT should be counted just as 1 or as 14,000 different viruses (boasting number of detected viruses to over 40,000), and 2) because of the large size of this special testbed. Table WNT.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------- ZIP % LHA % ARJ % RAR % WRAR % CAB % TestBed 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 ------------------------------------------------------------------------- AVG 20 100.0 0 0.0 20 100.0 19 95.0 20 100.0 0 0.0 AVK 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 AVP 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 CMD 20 100.0 20 100.0 20 100.0 0 0.0 0 0.0 20 100.0 FPR 20 100.0 0 0.0 20 100.0 20 100.0 20 100.0 0 0.0 FPW 20 100.0 0 0.0 20 100.0 20 100.0 20 100.0 0 0.0 FSE 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 INO 19 95.0 20 100.0 20 100.0 0 0.0 0 0.0 0 0.0 NAV 20 100.0 20 100.0 20 100.0 0 0.0 0 0.0 20 100.0 NVC 20 100.0 0 0.0 20 100.0 0 0.0 0 0.0 0 0.0 PAV 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 PER 14 70.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 PRO 20 100.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 20 100.0 0 0.0 20 100.0 20 100.0 20 100.0 20 100.0 SCN 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 20 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------- Table WNT.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses, packed with PKZIP,LHA,ARJ,RAR,WinRAR,CAB ======================================================================= This includes Viral objects detected per packer ------------------------------------------------------------------------------- ZIP % LHA % ARJ % RAR % WRAR % CAB % TestBed 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 ------------------------------------------------------------------------------- AVG 406 99.3 0 0.0 406 99.3 405 99.0 406 99.3 0 0.0 AVK 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 AVP 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 CMD 409 100.0 409 100.0 409 100.0 0 0.0 0 0.0 409 100.0 FPR 409 100.0 0 0.0 409 100.0 409 100.0 409 100.0 0 0.0 FPW 409 100.0 0 0.0 409 100.0 409 100.0 409 100.0 0 0.0 FSE 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 INO 388 94.9 396 96.8 409 100.0 0 0.0 0 0.0 0 0.0 NAV 409 100.0 409 100.0 409 100.0 0 0.0 0 0.0 409 100.0 NVC 409 100.0 0 0.0 409 100.0 0 0.0 0 0.0 0 0.0 PAV 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 PER 231 56.5 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 PRO 409 100.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 402 98.3 0 0.0 402 98.3 402 98.3 402 98.3 402 98.3 SCN 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Table WNT.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP under Windows NT: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AVG 20 100.0 4 20.0 1 5.0 406 99.3 AVK 20 100.0 0 0.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 20 100.0 0 0.0 0 0.0 409 100.0 FPR 20 100.0 0 0.0 0 0.0 409 100.0 FPW 20 100.0 0 0.0 0 0.0 409 100.0 FSE 20 100.0 8 40.0 0 0.0 409 100.0 INO 19 95.0 1 5.0 0 0.0 388 94.9 NAV 20 100.0 3 15.0 0 0.0 409 100.0 NVC 20 100.0 2 10.0 0 0.0 409 100.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 14 70.0 0 0.0 5 25.0 231 56.5 PRO 20 100.0 3 15.0 0 0.0 409 100.0 RAV 20 100.0 3 15.0 3 15.0 402 98.3 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA under Windows NT: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 20 100.0 0 0.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 20 100.0 1 5.0 0 0.0 409 100.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 20 100.0 8 40.0 0 0.0 409 100.0 INO 20 100.0 1 5.0 1 5.0 396 96.8 NAV 20 100.0 3 15.0 0 0.0 409 100.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ under Windows NT: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AVG 20 100.0 4 20.0 1 5.0 406 99.3 AVK 20 100.0 0 0.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 20 100.0 0 0.0 0 0.0 409 100.0 FPR 20 100.0 0 0.0 0 0.0 409 100.0 FPW 20 100.0 0 0.0 0 0.0 409 100.0 FSE 20 100.0 8 40.0 0 0.0 409 100.0 INO 20 100.0 1 5.0 0 0.0 409 100.0 NAV 20 100.0 3 15.0 0 0.0 409 100.0 NVC 20 100.0 2 10.0 0 0.0 409 100.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 20 100.0 3 15.0 3 15.0 402 98.3 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR under Windows NT: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AVG 19 95.0 4 20.0 0 0.0 405 99.0 AVK 20 100.0 0 0.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 FPR 20 100.0 0 0.0 0 0.0 409 100.0 FPW 20 100.0 0 0.0 0 0.0 409 100.0 FSE 20 100.0 1 5.0 0 0.0 409 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 20 100.0 3 15.0 3 15.0 402 98.3 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.F3e: "WinRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WinRAR: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AVG 20 100.0 4 20.0 1 5.0 406 99.3 AVK 20 100.0 0 0.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 FPR 20 100.0 0 0.0 0 0.0 409 100.0 FPW 20 100.0 0 0.0 0 0.0 409 100.0 FSE 20 100.0 1 5.0 0 0.0 409 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 20 100.0 3 15.0 3 15.0 402 98.3 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ---------------------------------------------------------- Table WNT.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB: ============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 20 100.0 409 100.0 ---------------------------------------------------------- AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 20 100.0 0 0.0 0 0.0 409 100.0 AVP 20 100.0 1 5.0 0 0.0 409 100.0 CMD 20 100.0 0 0.0 0 0.0 409 100.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 20 100.0 1 5.0 0 0.0 409 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 20 100.0 3 15.0 0 0.0 409 100.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 20 100.0 1 5.0 0 0.0 409 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 20 100.0 3 15.0 3 15.0 402 98.3 SCN 20 100.0 1 5.0 0 0.0 409 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ---------------------------------------------------------- Table WNT.F4: "False Positive" detection: Results of "full" zoo test for Non-viral (clean) samples detected as "false positives" under Windows NT: ============================================================== False This includes Virus ---- unreliably ---- Files Scanner Alarm identified detected detected ---------------------------------------------------------- Maximum 27 100.0 664 100.0 ---------------------------------------------------------- AV3 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 0 0.0 0 0.0 0 0.0 0 0.0 AVP 0 0.0 0 0.0 0 0.0 0 0.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Remark: within 27 non-viral directories and totally 664 non- viral objects, at least one sample in N directories was falsely detected (N = number in column 1) Table WNT.F5 "File Malware": Results of "full" zoo test for File-related malware under Windows NT: ======================================================== File This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 6250 100.0 12160 100.0 ---------------------------------------------------------- AV3 3185 51.0 102 1.6 166 2.7 6506 53.5 AVG 3173 50.8 65 1.0 214 3.4 5578 45.9 AVK 6009 96.1 398 6.4 47 0.8 11647 95.8 AVP 6024 96.4 378 6.0 159 2.5 11920 98.0 CMD 5867 93.9 63 1.0 125 2.0 11321 93.1 FPR 5872 94.0 13 0.2 125 2.0 11326 93.1 FPW 5872 94.0 14 0.2 125 2.0 11326 93.1 FSE 6172 98.8 55 0.9 38 0.6 11969 98.4 INO 4797 76.8 115 1.8 279 4.5 9356 76.9 NAV 4053 64.8 139 2.2 322 5.2 7639 62.8 NVC 4701 75.2 383 6.1 192 3.1 9487 78.0 PAV 6016 96.3 398 6.4 44 0.7 11666 95.9 PER 634 10.1 7 0.1 96 1.5 989 8.1 PRO 2071 33.1 56 0.9 280 4.5 3687 30.3 RAV 5038 80.6 215 3.4 193 3.1 9233 75.9 SCN 5653 90.4 214 3.4 28 0.4 11304 93.0 VSP 2162 34.6 90 1.4 95 1.5 3140 25.8 ----------------------------------------------------------- Table WNT.M1: "MacroVirus 1": Results of "full" zoo test for macro viruses under Windows NT: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 6233 100.0 19387 100.0 ---------------------------------------------------------- AV3 5966 95.7 51 0.8 44 0.7 18651 96.2 AVG 6128 98.3 42 0.7 11 0.2 19123 98.6 AVK 6230 100.0 91 1.5 1 0.0 19380 100.0 AVP 6230 100.0 91 1.5 1 0.0 19380 100.0 CMD 6233 100.0 72 1.2 0 0.0 19387 100.0 FPR 6233 100.0 7 0.1 0 0.0 19387 100.0 FPW 6233 100.0 7 0.1 0 0.0 19387 100.0 FSE 6233 100.0 10 0.2 0 0.0 19387 100.0 INO 6215 99.7 86 1.4 6 0.1 19334 99.7 NAV 6043 97.0 84 1.3 12 0.2 18717 96.5 NVC 6219 99.8 67 1.1 7 0.1 19333 99.7 PAV 6230 100.0 91 1.5 1 0.0 19380 100.0 PER 4252 68.2 97 1.6 26 0.4 13122 67.7 PRO 4181 67.1 0 0.0 145 2.3 12125 62.5 RAV 6208 99.6 309 5.0 10 0.2 19309 99.6 SCN 6233 100.0 53 0.9 0 0.0 19387 100.0 VSP 1 0.0 0 0.0 1 0.0 1 0.0 ----------------------------------------------------------- Table WNT.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses under Windows NT: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AV3 147 100.0 10 6.8 4 2.7 1339 99.4 AVG 147 100.0 7 4.8 0 0.0 1347 100.0 AVK 147 100.0 8 5.4 0 0.0 1347 100.0 AVP 147 100.0 8 5.4 0 0.0 1347 100.0 CMD 147 100.0 0 0.0 0 0.0 1347 100.0 FPR 147 100.0 0 0.0 0 0.0 1347 100.0 FPW 147 100.0 0 0.0 0 0.0 1347 100.0 FSE 147 100.0 1 0.7 0 0.0 1347 100.0 INO 147 100.0 9 6.1 0 0.0 1347 100.0 NAV 147 100.0 11 7.5 0 0.0 1347 100.0 NVC 147 100.0 8 5.4 0 0.0 1347 100.0 PAV 147 100.0 8 5.4 0 0.0 1347 100.0 PER 114 77.6 16 10.9 0 0.0 1119 83.1 PRO 146 99.3 0 0.0 13 8.8 1315 97.6 RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ZIP % LHA % ARJ % RAR % WRAR % CAB % ------------------------------------------------------------------------------ Testbed 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 ------------------------------------------------------------------------------ AVG 147 100.0 0 0.0 147 100.0 147 100.0 147 100.0 0 0.0 AVK 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 AVP 55 37.4 56 38.1 56 38.1 56 38.1 56 38.1 54 36.7 CMD 147 100.0 147 100.0 147 100.0 0 0.0 0 0.0 147 100.0 FPR 147 100.0 0 0.0 147 100.0 147 100.0 147 100.0 0 0.0 FPW 147 100.0 0 0.0 147 100.0 147 100.0 147 100.0 0 0.0 FSE 147 100.0 147 100.0 147 100.0 146 99.3 146 99.3 146 99.3 INO 147 100.0 147 100.0 147 100.0 0 0.0 0 0.0 0 0.0 NAV 147 100.0 147 100.0 147 100.0 0 0.0 0 0.0 147 100.0 NVC 147 100.0 0 0.0 147 100.0 0 0.0 0 0.0 0 0.0 PAV 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 PER 114 77.6 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 PRO 146 99.3 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 147 100.0 0 0.0 147 100.0 147 100.0 147 100.0 147 100.0 SCN 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 147 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------ Table WNT.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================= This includes Viral objects detected per packer ------------------------------------------------------------------------------- ZIP % LHA % ARJ % RAR % WRAR % CAB % ------------------------------------------------------------------------------- Testbed 1347 100.0 1347 100.0 1347 100.0 1347 100.0 1347 100.0 1347 100.0 ------------------------------------------------------------------------------- AVG 1347 100.0 0 0.0 1347 100.0 1347 100.0 1347 100.0 0 0.0 AVK 1347 100.0 1347 100.0 1347 100.0 1347 100.0 1347 100.0 1269 94.2 AVP 403 29.9 411 30.5 411 30.5 411 30.5 411 30.5 391 29.0 CMD 1347 100.0 1347 100.0 1347 100.0 0 0.0 0 0.0 1347 100.0 FPR 1347 100.0 0 0.0 1347 100.0 1347 100.0 1347 100.0 0 0.0 FPW 1347 100.0 0 0.0 1347 100.0 1347 100.0 1347 100.0 0 0.0 FSE 1347 100.0 1347 100.0 1347 100.0 1327 98.5 1328 98.6 1264 93.8 INO 1347 100.0 1298 96.4 1347 100.0 0 0.0 0 0.0 0 0.0 NAV 1347 100.0 1346 99.9 1347 100.0 0 0.0 0 0.0 1347 100.0 NVC 1347 100.0 0 0.0 1347 100.0 0 0.0 0 0.0 0 0.0 PAV 1347 100.0 1127 83.7 1347 100.0 1347 100.0 1347 100.0 1318 97.8 PER 1119 83.1 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 PRO 1315 97.6 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 1346 99.9 0 0.0 1346 99.9 1346 99.9 1346 99.9 1346 99.9 SCN 1347 100.0 1347 100.0 1347 100.0 1347 100.0 1347 100.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Table WNT.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP under Windows NT: ===================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AVG 147 100.0 7 4.8 0 0.0 1347 100.0 AVK 147 100.0 0 0.0 0 0.0 1347 100.0 AVP 55 37.4 5 3.4 0 0.0 403 29.9 CMD 147 100.0 0 0.0 0 0.0 1347 100.0 FPR 147 100.0 0 0.0 0 0.0 1347 100.0 FPW 147 100.0 0 0.0 0 0.0 1347 100.0 FSE 147 100.0 9 6.1 0 0.0 1347 100.0 INO 147 100.0 9 6.1 0 0.0 1347 100.0 NAV 147 100.0 11 7.5 0 0.0 1347 100.0 NVC 147 100.0 8 5.4 0 0.0 1347 100.0 PAV 147 100.0 8 5.4 0 0.0 1347 100.0 PER 114 77.6 16 10.9 0 0.0 1119 83.1 PRO 146 99.3 0 0.0 13 8.8 1315 97.6 RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA under Windows NT: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 147 100.0 0 0.0 0 0.0 1347 100.0 AVP 56 38.1 5 3.4 0 0.0 411 30.5 CMD 147 100.0 0 0.0 0 0.0 1347 100.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 147 100.0 9 6.1 0 0.0 1347 100.0 INO 147 100.0 9 6.1 5 3.4 1298 96.4 NAV 147 100.0 11 7.5 1 0.7 1346 99.9 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 147 100.0 8 5.4 1 0.7 1127 83.7 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ under Windows NT: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AVG 147 100.0 7 4.8 0 0.0 1347 100.0 AVK 147 100.0 0 0.0 0 0.0 1347 100.0 AVP 56 38.1 5 3.4 0 0.0 411 30.5 CMD 147 100.0 0 0.0 0 0.0 1347 100.0 FPR 147 100.0 0 0.0 0 0.0 1347 100.0 FPW 147 100.0 0 0.0 0 0.0 1347 100.0 FSE 147 100.0 9 6.1 0 0.0 1347 100.0 INO 147 100.0 9 6.1 0 0.0 1347 100.0 NAV 147 100.0 11 7.5 0 0.0 1347 100.0 NVC 147 100.0 8 5.4 0 0.0 1347 100.0 PAV 147 100.0 8 5.4 0 0.0 1347 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR under Windows NT: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AVG 147 100.0 7 4.8 0 0.0 1347 100.0 AVK 147 100.0 0 0.0 0 0.0 1347 100.0 AVP 56 38.1 5 3.4 0 0.0 411 30.5 CMD 0 0.0 0 0.0 0 0.0 0 0.0 FPR 147 100.0 0 0.0 0 0.0 1347 100.0 FPW 147 100.0 0 0.0 0 0.0 1347 100.0 FSE 146 99.3 8 5.4 1 0.7 1327 98.5 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 147 100.0 8 5.4 0 0.0 1347 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WinRAR: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AVG 147 100.0 7 4.8 0 0.0 1347 100.0 AVK 147 100.0 0 0.0 0 0.0 1347 100.0 AVP 56 38.1 5 3.4 0 0.0 411 30.5 CMD 0 0.0 0 0.0 0 0.0 0 0.0 FPR 147 100.0 0 0.0 0 0.0 1347 100.0 FPW 147 100.0 0 0.0 0 0.0 1347 100.0 FSE 146 99.3 8 5.4 1 0.7 1328 98.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 147 100.0 8 5.4 0 0.0 1347 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ---------------------------------------------------------- Table WNT.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 147 100.0 0 0.0 7 4.8 1269 94.2 AVP 54 36.7 5 3.4 2 1.4 391 29.0 CMD 147 100.0 0 0.0 0 0.0 1347 100.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 146 99.3 7 4.8 7 4.8 1264 93.8 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 147 100.0 11 7.5 0 0.0 1347 100.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 147 100.0 7 4.8 7 4.8 1318 97.8 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ---------------------------------------------------------- Table WNT.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" under Windows NT: ================================================================= False This includes Virus ---- unreliably ---- Files Scanner Alarm identified detected detected ---------------------------------------------------------- Maximum 26 100.0 329 100.0 ---------------------------------------------------------- AV3 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 0 0.0 0 0.0 0 0.0 0 0.0 AVP 2 7.7 0 0.0 2 7.7 4 1.2 CMD 1 3.8 0 0.0 1 3.8 2 0.6 FPR 1 3.8 0 0.0 1 3.8 2 0.6 FPW 1 3.8 0 0.0 1 3.8 2 0.6 FSE 1 3.8 0 0.0 1 3.8 2 0.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 4 15.4 0 0.0 4 15.4 4 1.2 NVC 3 11.5 0 0.0 3 11.5 5 1.5 PAV 2 7.7 0 0.0 2 7.7 4 1.2 PER 2 7.7 0 0.0 2 7.7 3 0.9 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 1 3.8 0 0.0 1 3.8 1 0.3 SCN 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Remark: within 26 non-viral directories and totally 329 non- viral objects, at least one sample in N directories was falsely detected (N = number in column 1) Table WNT.M5: "Macro-Malware": Results of "full" test for Macro-related malware under Windows NT: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 403 100.0 627 100.0 ---------------------------------------------------------- AV3 329 81.6 3 0.7 5 1.2 497 79.3 AVG 323 80.1 1 0.2 5 1.2 523 83.4 AVK 400 99.3 1 0.2 0 0.0 624 99.5 AVP 400 99.3 0 0.0 0 0.0 624 99.5 CMD 402 99.8 6 1.5 0 0.0 621 99.0 FPR 402 99.8 2 0.5 0 0.0 621 99.0 FPW 402 99.8 2 0.5 0 0.0 621 99.0 FSE 403 100.0 0 0.0 0 0.0 627 100.0 INO 378 93.8 5 1.2 1 0.2 600 95.7 NAV 306 75.9 4 1.0 2 0.5 491 78.3 NVC 399 99.0 10 2.5 2 0.5 606 96.7 PAV 400 99.3 0 0.0 0 0.0 624 99.5 PER 234 58.1 4 1.0 9 2.2 369 58.9 PRO 208 51.6 0 0.0 8 2.0 303 48.3 RAV 391 97.0 24 6.0 5 1.2 604 96.3 SCN 403 100.0 5 1.2 0 0.0 627 100.0 VSP 1 0.2 0 0.0 0 0.0 1 0.2 ----------------------------------------------------------- Table WNT.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 477 100.0 904 100.0 ---------------------------------------------------------- AV3 139 29.1 2 0.4 19 4.0 328 36.3 AVG 276 57.9 22 4.6 20 4.2 618 68.4 AVK 476 99.8 41 8.6 1 0.2 901 99.7 AVP 476 99.8 32 6.7 1 0.2 901 99.7 CMD 462 96.9 9 1.9 12 2.5 850 94.0 FPR 463 97.1 10 2.1 12 2.5 853 94.4 FPW 462 96.9 10 2.1 14 2.9 846 93.6 FSE 477 100.0 2 0.4 3 0.6 899 99.4 INO 442 92.7 46 9.6 12 2.5 831 91.9 NAV 260 54.5 25 5.2 24 5.0 501 55.4 NVC 422 88.5 24 5.0 13 2.7 773 85.5 PAV 476 99.8 32 6.7 1 0.2 901 99.7 PER 105 22.0 0 0.0 31 6.5 214 23.7 PRO 171 35.8 3 0.6 33 6.9 312 34.5 RAV 405 84.9 46 9.6 28 5.9 697 77.1 SCN 477 100.0 28 5.9 0 0.0 904 100.0 VSP 407 85.3 50 10.5 32 6.7 701 77.5 ---------------------------------------------------------- Table WNT.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 16 100.0 133 100.0 ---------------------------------------------------------- AV3 16 100.0 1 6.3 6 37.5 119 89.5 AVG 16 100.0 4 25.0 6 37.5 123 92.5 AVK 16 100.0 6 37.5 0 0.0 133 100.0 AVP 16 100.0 2 12.5 0 0.0 133 100.0 CMD 16 100.0 0 0.0 4 25.0 127 95.5 FPR 16 100.0 0 0.0 4 25.0 127 95.5 FPW 16 100.0 0 0.0 6 37.5 123 92.5 FSE 16 100.0 0 0.0 3 18.8 128 96.2 INO 16 100.0 5 31.3 1 6.3 132 99.2 NAV 16 100.0 8 50.0 2 12.5 127 95.5 NVC 16 100.0 4 25.0 3 18.8 127 95.5 PER 13 81.3 0 0.0 8 50.0 82 61.7 PRO 14 87.5 0 0.0 7 43.8 99 74.4 SCN 16 100.0 4 25.0 0 0.0 133 100.0 VSP 14 87.5 2 12.5 8 50.0 108 81.2 ---------------------------------------------------------- Table WNT.E1: "Exotic Malware": Results of special test for exotic viruses: ================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 115 100.0 274 100.0 ---------------------------------------------------------- AV3 9 7.8 0 0.0 1 0.9 46 16.8 AVG 6 5.2 0 0.0 0 0.0 46 16.8 AVK 104 90.4 3 2.6 0 0.0 252 92.0 AVP 103 89.6 3 2.6 5 4.3 238 86.9 CMD 76 66.1 1 0.9 4 3.5 129 47.1 FPR 76 66.1 1 0.9 4 3.5 129 47.1 FPW 76 66.1 1 0.9 4 3.5 129 47.1 FSE 106 92.2 0 0.0 1 0.9 254 92.7 INO 33 28.7 2 1.7 1 0.9 133 48.5 NAV 24 20.9 1 0.9 7 6.1 97 35.4 NVC 75 65.2 2 1.7 5 4.3 150 54.7 PAV 106 92.2 3 2.6 1 0.9 254 92.7 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 2 1.7 0 0.0 2 1.7 2 0.7 RAV 85 73.9 3 2.6 6 5.2 184 67.2 SCN 81 70.4 1 0.9 2 1.7 220 80.3 VSP 30 26.1 0 0.0 11 9.6 94 34.3 ----------------------------------------------------------