========================================= File 7EVALWXP.TXT ----------------------------------------- Evaluation of results for File, Macro and Script Virus/Malware detection under Windows-XP in aVTC Test "2003-04": ========================================= Formatted with non-proportional font (Courier) Content of this file: ===================== ******************************************************************* Eval WXP: Development of detection rates under Windows-XP: ******************************************************************* Eval WXP.01: Development of Windows-XP Scanner Detection Rates Table WXP-A: Comparison File/Macro/Script virus detection rates Eval WXP.02: In-The-Wild Detection under WXP Eval WXP.03: Evaluation of overall WXP AV detection rates Eval WXP.04: Evaluation of detection by virus classes under WXP WXP.04.1 Grading the Detection of file viruses under WXP WXP.04.2 Grading the Detection of macro viruses under WXP WXP.04.3 Grading the Detection of script viruses under WXP Eval WXP.05: Detection of Packed Viruses by virus classes under WXP WXP.05.1 Detection of Packed File Viruses under WXP WXP.05.2 Detection of Packed Macro Viruses under WXP Eval WXP.06: Avoidance of False Alarms (Macro) under WXP WXP.06.1 Avoidance of False Alarms (file) under WXP WXP.06.2 Avoidance of False Alarms (macro) under WXP Eval WXP.07: Detection of Malware by classes under WXP WXP.07.1 Detection of File Malware under WXP WXP.07.2 Detection of Macro Malware under WXP WXP.07.3 Detection of Script Malware under WXP Eval WXP.SUM Grading of WXP products ******************************************************************* This part of VTC "2003-04" test report evaluates the detailed results as given in sections (files): 6jWXP.TXT File/Macro/Script Viruses/Malware results (WXP) The following *10* products participated in this scanner test for WXP products: ------------------------------------------------------------------- Products for aVTC test under Windows-XP: ------------------------------------------------------------------- AVP AntiVirus Professional (Kaspersky Labs, Moscow, Russia) v(def): 3.55.160.0 date: December 12, 2001 BDF BitDefender Professional (Softwin, Bucuresti, Romania) v(def): v6.3.6 CMD Command Antivirus (Command Software Systems,Jupiter,USA) v(def): 4.64.0 date: August 11, 2001 Eng: 3.55.160.3203 Sign.def date: December 17, 2001 Macro.def date: December 16, 2001 DRW DrWeb for Win32 (Dialogue Science, Moscow, Russia) v(def): 4.26 (DrWeb32.txt) date: September 25, 2001 (test.ful) Sig/date: Dec.17, 2001 (drwtoday.vbd) FSE F-SECURE (F-Secure Corporation, Helsinki, Finland) v(def): 1.00.1251 Sig/date: December 14, 2001 Eng: 3.09.507 (F-PROT) Eng: 3.55.160.3210 (AVP) Eng: 1.02.15 (Orion) INO InoculateIT (Computer Associates, Islandia, USA) v(def): Eng:49.00 date: December 14, 2001 Sig/date: December 17, 2001 NAV Norton Antivirus (Symantec, Cupertino, USA) v(def): 7.60.926 Eng: 4.1.0.15 Sig: rev.3 Sig/date: December 14, 2001 NVC Norman Virus Control (Norman Data Defense, Oslo) v(def): 5.00.36 date: --- Sig/date: December 17, 2001 (binary viruses) Sig/date: December 16, 2001 (macro viruses) RAV Roumanian AntiVirus (GECAD, Bucharest, Romania) v(def): 8.3.1 command line for Win32 i386 Eng: 8.5 for i386 Sig/date: Dec. 17, 2001 at 16:22:24 SCN McAfee ViruScan (Network Associates, Santa Clara, USA) v(def): 4.1.60 Sig:4177 date:December 17, 2001 -------------------------------------------------------------- Eval WXP.01: Scanner Detection Rates under Windows-XP: ======================================================== The following table summarizes results of file, macro and script virus detection under Windows-XP (this is aVTCs first test): Table WXP-A: File/Macro/Script Zoo Virus Detection Rates: ================================================================ Scan I == File Virus == + == Macro Virus == + == Script Virus == ner I Detection I Detection I Detection -----+------------------+--------------------------------------- Test I 0304 I 0304 I 0304 -----+------------------+--------------------------------------- AVP I 100.~ I 100.~ I 98.9 BDF I 82.9 I 99.0 I 72.4 CMD I 98.5 I 99.9 I 89.1 DRW I 98.3 I 99.4 I 94.7 FSE I 100.~ I 100.~ I 99.5 INO I 98.7 I 99.9 I 94.7 NAV I 98.3 I 99.6 I 96.8 NVC I 97.8 I 99.8 I 87.6 RAV I 96.7 I 99.9 I 96.1 SCN I 99.8 I 100.0 I 99.6 -----+------------------+-------------------+------------------- Mean : 97.1% I 99.8% I 92.9% Mean>10%: 97.1% I 99.8% I 92.9% -----+------------------+-------------------+------------------- Remark: for abbreviations of products (code names), see appendix A5CodNam.txt. Concerning file zoo virus detection, NO product is able to detect ALL viruses (rating: "perfect"), but several products detect more than 99% and are rated "excellent": AVP and FSE (both 100~), SCN (99.8%) Concerning macro zoo virus detection, ONE product detects ALL viruses and is rated "perfect": SCN (100.0%) In addition, all other (9) products detect >99% of viruses and are rated "excellent": AVP,FSE (all: 100~), CMD,INO,RAV (all: 99.9%), NAV,NVC (both 99.8%), DRW (99.4%) and BDF (99.0%). Concerning script zoo virus detection, NO product detects ALL viruses, and only 2 products detect more than 99% and are rated "excellent": SCN (99.6%), FSE (99.5%). **************************************************************** Findings WXP.1: For this selection of products, mean detection rates of zoo viruses are rather high: mean file zoo virus detection rate: 97.1% mean macro virus detection rate: 99.8% mean script virus detection rate: 92.9% ------------------------------------------------ Concerning file zoo viruses: NO product detects ALL viruses ("perfect") 3 products detect more than 99% and are rated "excellent": AVP,FSE;SCN ------------------------------------------------ Concerning macro zoo viruses: 1 products detects ALL macro zoo viruses in all files and is rated "perfect": SCN 9 products detect almost all macro viruses in almost all files and are rated "excellent": AVP,FSE;CMD,INO,RAV;NAV,NVC;DRW;BDF ------------------------------------------------ Concerning script zoo viruses: NO product detects ALL viruses ("perfect") 2 products detect almost all script viruses in almost all files and are rated "excellent": SCN,FSE **************************************************************** Eval WXP.02: In-The-Wild (File,Macro,Script) Detection under WXP ================================================================ Concerning "In-The-Wild" viruses, the following grid is applied: - detection rate is 100% : scanner is "perfect" - detection rate is >99% : scanner is "excellent" - detection rate is >95% : scanner is "very good" - detection rate is >90% : scanner is "good" - detection rate is <90% : scanner is "risky" 100% detection of In-the-Wild viruses also esp. detecting ALL instantiations of those viruses is an ABSOLUTE REQUIREMENT, for file, macro and script viruses to be rated "perfect", also including detection of ALL infected objects. Presently, 5 scanners are "perfect" in detecting ALL ITW viruses in ALL 3 classes (file, macro and script): AVP, DRW, FSE, NAV and SCN (100% viruses, 100% infected objects). And 2 more scanners are "excellent" as they detect 100% of ALL ITW viruses but miss few infected objects (>99= detection rate): INO, RAV. ITW virus/file detection ( FileV. MacroV. ScriptV. ) ---------------------------------- "Perfect" WXP ITW scanners: AVP (100% 100%; 100% 100%; 100% 100%) DRW (100% 100%; 100% 100%; 100% 100%) FSE (100% 100%; 100% 100%; 100% 100%) NAV (100% 100%; 100% 100%; 100% 100%) SCN (100% 100%; 100% 100%; 100% 100%) ---------------------------------- "Excellent" WXP ITW scanners: INO (100% 99.8; 100% 99.8; 100% 99.2) RAV (100% 99.1; 100% 99.8; 100% 99.8) ---------------------------------- Concerning detection of ITW file viruses only: 5 scanners are "perfect" (100% 100%): AVP,DRW,FSE,NAV,SCN 2 more scanners are "excellent": INO (100% 99.8), RAV (100% 99.1) Concerning detection of ITW macro viruses only: 6 scanners are rated "perfect": AVP,DRW,FSE,INO,NAV,SCN: all (100% 100%) 4 more scanners are rated "excellent": NVC,BDF,CMD: all (100% 99.9%), RAV (100% 99.8%) Concerning detection of ITW script viruses only: 8 scanners are rated "perfect": AVP,CMD,DRW,FSE,NAV,NVC,RAV,SCN: all (100% 100%) 1 more scanner is rated "excellent": INO: all (100% 99.2%) ****************************************************************** Findings WXP.2: 5 AV products (out of 10) detect ALL In-The-Wild file, macro and zoo viruses in ALL instantiations (files) and are rated "perfect": AVP,DRW,FSE,INO,SCN 2 more scanners are "excellent": INO,RAV ************************************************* Concerning detection of ITW file viruses only: 5 "perfect" scanners: AVP,DRW,FSE,NAV,SCN 2 more "excellent" scanners: INO,RAV Concerning detection of ITW macro viruses only: 6 "perfect" scanners: AVP,DRW,FSE,INO,NAV,SCN 4 "excellent" scanners: NVC,BDF,CMD,RAV Concerning detection of ITW script viruses: 8 "perfect" scanners: AVP,CMD,DRW,FSE,NAV,NVC,RAV,SCN 1 more "excellent" scanner: INO ***************************************************************** Eval WXP.03: Evaluation of overall W-XP AV detection rates (zoo,ITW) ==================================================================== The following grid is applied to classify scanners: - detection rate =100% : scanner is graded "perfect" - detection rate above 99% : scanner is graded "excellent" - detection rate above 95% : scanner is graded "very good" - detection rate above 90% : scanner is graded "good" - detection rate of 80-90% : scanner is graded "good enough" - detection rate of 70-80% : scanner is graded "not good enough" - detection rate of 60-70% : scanner is graded "rather bad" - detection rate of 50-60% : scanner is graded "very bad" - detection rate below 50% : scanner is graded "useless" To assess an "overall AV grade" (including file, macro and script virus detection, for unpacked objects), the lowest of the related results is used to classify each scanner. Only scanners where all tests were completed are considered. (For problems in test: see 8problms.txt). The following list indicates those scanners graded into one of the upper three categories, with file, macro and script virus detection rates in unpacked samples, and with perfect ITW virus detection (rate=100%). Zoo test: ITW test: (file/macro/script; file/macro/script) -------------------------------------- "Perfect" WXP scanners: ========= NONE ========= "Excellent" WXP scanners: SCN (99.8% 100% 99.6%; 100% 100% 100%) FSE ( 100~ 100~ 99.5%; 100% 100% 100%) -------------------------------------- "Very Good" WXP scanners: AVP ( 100~ 100~ 98.9%; 100% 100% 100%) NAV (98.3% 99.6% 96.8%; 100% 100% 100%) RAV (96.7% 99.9% 96.1%; 100% 100% 100%) -------------------------------------- ****************************************************************** Findings WXP.3: Now, NO WXP product is overall rated "perfect" 2 "excellent" overall scanners: SCN,FSE 3 "very good" overall scanners: AVP,NAV,RAV ****************************************************************** Eval WXP.04: Evaluation of detection by virus classes under Windows-XP: ======================================================================= Some scanners are specialised on detecting some class of viruses (either in deliberately limiting themselves to one class, esp. macro viruses, or in detecting one class significantly better than others). It is therefore worth notifying which scanners perform best in detecting macro and script viruses. Products rated "perfect" (=100%), "excellent" (>99%) and "very good" (>95%) are listed (where ITW virus detection must be 100%). WXP.04.1 Grading the Detection of file zoo viruses under WXP: ------------------------------------------------------------- "Perfect" WXP file scanners: === NONE === "Excellent" WXP file scanners: AVP (100~) FSE (100~) SCN (99.8%) "Very Good" WXP file scanners: INO (98.7%) CMD (98.5%) DRW (98.3%) NAV (98.3%) NVC (97.8%) RAV (96.7%) WXP.04.2 Grading the Detection of macro zoo viruses under WXP: -------------------------------------------------------------- "Perfect" WXP macro scanners: SCN (100.0%) "Excellent" WXP macro scanners: AVP ( 100~ ) FSE ( 100~ ) CMD ( 99.9%) INO ( 99.9%) RAV ( 99.9%) NVC ( 99.8%) NAV ( 99.6%) DRW ( 99.4%) BDF ( 99.0%) "Very Good" WXP macro scanner: --- WXP.04.3 Grading the Detection of Script zoo viruses under WXP: --------------------------------------------------------------- "Perfect" WXP script scanners: === NONE === "Excellent" WXP script scanners: SCN ( 99.6%) FSE ( 99.5%) "Very Good" WXP script scanners: AVP ( 98.9%) NAV ( 96.8%) RAV ( 96.1%) *********************************************************************** Finding WXP.4: Performance of WXP scanners by virus classes: Perfect scanners for file zoo: --- Excellent scanners for file zoo: AVP,FSE,SCN Very Good scanners for file zoo: INO,CMD,DRW,NAV,NVC,RAV Perfect scanners for macro zoo: SCN Excellent scanners for macro zoo: AVP,FSE,CMD,INO,RAV,NAV,NVC,DRW,BDF Very Good scanners for macro zoo: --- Perfect scanners for script zoo: --- Excellent scanners for script zoo: SCN,FSE Very Good scanners for script zoo: AVP,NAV,RAV *********************************************************************** Eval WXP.05: Detection of Packed File and Macro Viruses under Windows-XP ======================================================================== Detection of file and macro viruses within packed objects becomes essential for on-access scanning, esp. for incoming email possibly loaded with malicious objects. It seems therefore reasonable to test whether at least ITW viral objects compressed with given popular methods are also detected. It seems therefore reasonable to test whether at least ITW viral objects compressed with 6 popular methods (PKZIP, ARJ, LHA, RAR, WinRAR and CAB) are also detected. Tests are performed only on In-The-Wild viruses packed once (no recursive packing). As last test showed that AV products are rather far from perfect detection of packed viruses, testbed has essentially be unchanged to ease comparison and improvement. ATTENTION: for packing objects in ITW testbeds, we used WinRAR 2.0. As WinRAR 2.0 didnot properly pack VTCs very large file testbed, this testbed was packed with WinRAR 2.9 which at that time was available in its final version (after longer availability of beta versions) since >3 months. Only upon evaluation, we detected that ONLY ONE product (RAV) was at all able to handle WinRAR 2.9 packed malware, at least to some degree (though not sufficient for the grade "perfect"). Consequently, this evaluation doesNOT include WinRAR. The following evaluation includes: ARJ,CAB,LHA,RAR,ZIP. Concerning overall detection of ALL file and ALL macro virus samples: A "perfect" product would detect ALL packed viral samples (100%) for 5 packers: ---------------------------------------------------- "Perfect" packed virus detectors: SCN ---------------------------------------------------- An "excellent" product would reach 100% detection of packed viral samples for at least 4 packers: ---------------------------------------------------- "Excellent" packed macro virus detector: AVP,DRW ---------------------------------------------------- A "very good" product would detect viral samples for at least 3 packers: ---------------------------------------------------- "Very Good" packed macro virus detector: FSE ---------------------------------------------------- Remark: it is interesting to observe that some - otherwise excellent - products miss just ONE sample packed e.g. with CAB (AVP, FSE). Concerning detection of packed file viruses only: "Perfect" packed file virus detectors: AVP,FSE,SCN "Excellent" packed file virus detectors: DRW "Very Good" packed file virus detectors: --- Concerning detection of ALL packed macro viruses: "Perfect" packed macro virus detectors: SCN "Excellent" packed macro virus detectors: AVP,DRW "Very Good" packed macro virus detectors: RAV Remark: Much more data were collected on precision and reliability of virus detection in packed objects. But in the present state, it seems NOT justified to add differentiation to results discussed here. *********************************************************************** Findings WXP.5: Concerning OVERALL detection of packed file AND macro viruses, 1 product is "perfect": SCN And 2 products are "excellent": AVP,DRW One more product is "very good": FSE ******************************************************* Concerning detection of packed FILE viruses: 3 products are "perfect": AVP,FSE,SCN 1 product is "excellent": DRW ***************************************************** Concerning detection of packed MACRO viruses: 1 product is "perfect": SCN 2 products are "excellent": AVP,DRW 1 product is "very good": RAV *********************************************************************** Eval WXP.06: Avoidance of False Alarms (File, Macro) under Windows-XP: ====================================================================== First introduced in VTC test "1998-10", a set of clean (and non-malicious) objects has been added to the file and macro virus testbeds to determine the ability of scanners to avoid False-Positive (FP) alarms. This ability is essential for "excellent" and "very good" scanners as there is no automatic aid to customers to handle such cases (besides the psychological impact on customerīs work). Therefore, the grid used for grading AV products must be significantly more rigid than that one used for detection. The following grid is applied to classify scanners: - False Positive rate = 0.0%: scanner is graded "perfect" - False Positive rate < 0.5%: scanner is graded "excellent" - False Positive rate < 2.5%: scanner is graded "very good" - False Positive rate < 5.0%: scanner is graded "good enough" - False Positive rate <10.0%: scanner is graded "rather bad" - False Positive rate <20.0%: scanner is graded "very bad" - False Positive rate >20.0%: scanner is graded "useless" It is good to observe that 8 (of 10) scanners avoid FP alerts on clean files, but concerning clean macro objects, only 4 (out of 10) products are "perfect" in avoiding any alarm, and 1 more product is "excellent" as this only alerts on a single samples (<0.5%). Overall, the following products didnot issue any false alarm: --------------------------------------------------------------------- "Perfect" file-FP AND macro-FP avoiding WXP products: BDF,INO,NAV,SCN --------------------------------------------------------------------- "Perfect" file-FP avoiding WXP products: AVP,BDF,CMD,FSE,INO,NAV,NVC,RAV,SCN "Excellent" file-FP-avoiding WXP product: DRW --------------------------------------------------------------------- "Perfect" macro-FP-avoiding WXP products: BDF,INO,NAV,SCN "Excellent" macro-FP-avoiding WXP products: RAV --------------------------------------------------------------------- ******************************************************************** Findings WXP.06: Avoidance of False-Positive Alarms is rather well developped, at least for file-FP avoidance. 4 Overall FP-avoiding perfect WXP scanners: BDF,INO,NAV,SCN *************************************************** Concerning file-FP avoidance, 9 (of 10) products are "perfect": AVP,BDF,CMD,FSE,INO,NAV,NVC,RAV,SCN And 1 more product is "excellent": DRW *************************************************** Concerning macro-FP avoidance, these 4 products are "perfect": BDF,INO,NAV,SCN And 1 more product is "excellent": RAV ******************************************************************** Eval WXP.07: Detection of File, Macro and Script Malware under Windows-XP ========================================================================= Since test "1997-07", VTC tests also the ability of AV products to detect non-viral malware. An essential argument for this category is that customers are interested to be also warned about and protected from non-viral and non-wormy malicious objects such as trojans etc, the payload of which may be disastrous to their work (e.g. stealing passwords). Since VTC test "1999-03", malware detection is a mandatory part of VTC tests, both for submitted products and for those downloaded as free evaluation copies. A growing number of scanners is indeed able to detect non-viral malware. The following grid (admittedly with reduced granularity) is applied to classify detection of file and macro malware: - detection rate =100% : scanner is "perfect" - detection rate > 90% : scanner is "excellent" - detection rate of 80-90% : scanner is "very good" - detection rate of 60-80% : scanner is "good enough" - detection rate of < 60% : scanner is "not good enough" Generally, detection of malware needs significant further development, as mean detection rates over platforms show: mean detection rate for file malware: 81.3% for macro malware: 96.6% for script malware: 67.8% Concerning File, Macro AND Script malware detection: ------------------------------------------------------------ "Perfect" file/macro/script malware detectors under WXP: --- ------------------------------------------------------------ "Excellent" file/macro/script malware detectors under WXP: FSE ( 99.3% 100% 97.4%) AVP ( 98.7% 100% 95.7%) SCN ( 92.8% 100% 98.3%) ------------------------------------------------------------ "Very Good" file/macro/script malware detector under WXP: RAV ( 86.1% 99.3% 82.1%) ------------------------------------------------------------ Concerning only file malware detection only: ---------------------------------------------------------- "Perfect" macro malware detectors under WXP: --- "Excellent" macro malware detectors under WXP: FSE(99.2%), AVP(98.7%), SCN(92.8%), CMD(91.0%) "Very Good" macro malware detectors under WXP: RAV(86.1%) ---------------------------------------------------------- Concerning only macro malware detection (relatively best developped): ------------------------------------------------------------- "Perfect" macro malware detectors under WXP: AVP,FSE,SCN(100%) "Excellent" macro malware detectors under WXP: CMD,RAV(99.3%),NVC(98.2%),INO(93.8%), NAV(92.9%),BDF(91.8%),DRW (91.1%) "Very Good" macro malware detectors under WXP: --- ------------------------------------------------------------- An concerning script malware detection only: ------------------------------------------------------------- "Perfect" script malware detectors under WXP: --- "Excellent" script malware detectors under WXP: SCN(98.3%), FSE(97.4%), AVP(95.7%), NAV(91.5%) "Very Good" script malware detectors under WXP: RAV(82.1%) ------------------------------------------------------------- ******************************************************************* Findings WXP.7: File/Macro/Script Malware detection under WXP for ALL platforms needs significant improvement: 0 products are "perfect": --- 3 products are "excellent": FSE,AVP,SCN 1 products is "very good": RAV *************************************************** Concerning only file malware detection, 0 product is "perfect": --- 3 products are "excellent": FSE,AVP,SCN 1 product is rated "very good": RAV *************************************************** Concerning only macro malware detection, 3 products are "perfect": AVP,FSE,SCN 6 products are "excellent": CMD,RAV,NVC,INO,NAV,BDF,DRW 0 product is rated "very good": --- *************************************************** Concerning only script malware detection, 0 products are "perfect": --- 4 products are "excellent": SCN,FSE,AVP,NAV 1 product is rated "very good": RAV ******************************************************************* Eval WXP.SUM: Grading of Windows-XP products: ============================================= Under the scope of VTCs grading system, a "Perfect WXP AV/AM product" would have the following characteristics: Definition (1): A "Perfect AntiVirus (AV) product" -------------------------------------------------- 1) Will detect ALL viral samples "In-The-Wild" AND in at least 99% of zoo samples, in ALL categories (file, boot and script-based viruses), with always same high precision of identification and in every infected sample, 2) Will detect ALL ITW viral samples in compressed objects for all (5) popular packers, and 3) Will NEVER issue a False Positive alarm on any sample which is not viral. Definition (2): A "Perfect AntiMalware (AM) product" ---------------------------------------------------- 1) Will be a "Perfect AntiVirus product", That is: 100% ITW detection AND >99% zoo detection AND high precision of identification AND high precision of detection AND 100% detection of ITW viruses in compressed objects, AND 0% False-Positive rate, 2) AND it will also detect essential forms of malicious software, at least in unpacked forms, reliably at high rates (>90%). ***************************************************************** In VTC test "2003-04", we found *** NO perfect WXP AV product *** and we found *** No perfect WXP AM product *** ***************************************************************** But several products seem to approach our definition on a rather high level (taking into account the highest value of "perfect" defined on 100% level and "Excellent" defined by 99% for virus detection, and 90% for malware detection): Test category: "Perfect" "Excellent" ------------------------------------------------------------------ WXP file ITW test: AVP,DRW,FSE,NAV,SCN INO,RAV WXP macro ITW test: AVP,DRW,FSE,INO,NAV,SCN BDF,CMD,RAV,NVC WXP script ITW test: AVP,CMD,DRW, INO FSE,NAV,NVC,RAV,SCN ------------------------------------------------------------------ WXP file zoo test --- AVP,FSE,SCN WXP macro zoo test: SCN AVP,FSE,CMD,INO, RAV,NAV,NVC,DRW,BDF WXP script zoo test: --- SCN,FSE ------------------------------------------------------------------ WXP file pack test: AVP,FSE,SCN DRW WXP macro pack test: SCN AVP,DRW ------------------------------------------------------------------ WXP file FP avoidance: AVP,BDF,CMD,FSE,INO, DRW NAV,NVC,RAV,SCN WXP macro FP avoidance: BDF,INO,NAV,SCN RAV ------------------------------------------------------------------ WXP file malware test: --- FSE,AVP,SCN WXP macro malware test: AVP,FSE,SCN CMD,RAV,NVC,INO, NAV,BDF,DRW WXP script malware test: --- SCN,FSE,AVP,NAV ------------------------------------------------------------------ In order to support the race for more customer protection, we evaluate the order of performance in this WXP test with a simple algorithm, by counting the majority of places (weighing "perfect" twice and "excellent" once), for the first places: ************************************************************ "Perfect" Windows-XP AntiVirus product: =NONE= (20 points) "Excellent" Windows-XP products: 1st place: SCN (18 points) 2nd place: AVP,FSE (13 points) 4th place: NAV (11 points) 5th place: DRW (10 points) 6th place: INO ( 9 points) 7th place: RAV ( 8 points) 8th place: BDF,CMD,NVC ( 6 points) ************************************************************ "Perfect" Windows-XP AntiMalware product:=NONE= (26 points) "Excellent" Windows-XP AntiMalware product: 1st place: SCN (22 points) 2nd place: AVP,FSE (17 points) 4th place: NAV (13 points) 5th place: DRW (11 points) 6th place: INO (10 points) 7th place: RAV ( 9 points) 8th place: BDF,CMD,NVC ( 7 points) ************************************************************