================================================= aVTC Test "2004-07" (File 6iW2k.TXT): ------------------------------------------------- Detailed results of File, Macro and Script Virus related on-demand scanner tests under Windows 2000 (W2K) ================================================= (Formatted with non-proportional font: Courier) In this part of VTC test "2004-07", the following ============= 25 products ============= participated (for details of products esp. including engine, signatures and company information: see A2SCNLS.txt): ================================================================ ANT = Antivir v:6.18.0.1 H+B EDV Datentechnik Germany AVA = Avast! v:0301-9 ALWIL Software Czech Republic AVG = AVG Antivirus System v:6.0.456 GriSoft Czech Republic AVK = AntiVirenKit 10 v.12.0.3 GData Software Germany AVP = Kaspersky Anti-Virus (KAV), v:4.0.5.37 Kaspersky Lab Russia BDF = BitDefender Professional v:7.0 build 2473 SOFTWIN Romania CMD = Command Antivirus v:4.74.3 Command Software Systems USA DRW = Dr. Web v:v4.29b DialogueScience Russia FIR = Fire Anti-virus Kit v:2.7 Prognet Technologies India FPR = F-PROT v:3.12d Frisk Software Iceland FSE = F-SECURE v:1.02.2410 F-Secure Corporation Finland GLA = Gladiator AV v:3.0.0 "Gladiator" IKA = Ikarus Virus Utilities v:2.27 IKARUS Software Austria INO = eTrust AV v:6.0.102 Computer Associates USA NAV = Norton Antivirus v:8.00.9374 Symantec USA NVC = Norman Virus Control v:5.50 Norman Data Defense Norway PAV = Power AV v: 11.0.5 GData Software Germany PER = Peruvian AntiVirus v:7.90 PER Systems Peru PRO = Protector v:7.2.D01 Proland Software India QHL = Qhickheal 6.08 Cat Computer Services India RAV = RAV Antivirus v8 v:8.3.1 GeCAD Software Romania SCN = McAfee ViruScan v4.1.60 Network Associates USA SWP = Sophos AV v:3.66 Sophos UK VBR = VirusBuster v:2 Leprechaun Australia VSP = VirScanPlus v:12.762 Ralph Roth Germany ================================================================ The following tables summarize detection and identification quality concerning FILE, MACRO and SCRIPT viruses as well as selected FILE, MACRO and SCRIPT MALWARE, both in full "zoo" virus collection and for viral In-The-Wild testbeds, under Windows-2000. Moreover, results for detection of viruses in objects compressed with 6 popular packing methods are also given. A new category (marked "+") was introduced in this test where detection of ITW viruses archived with 6 popular scanners is measured and compared with results of "direct" (un-archived) detection. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 7EVAL2i.txt. As usual, results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- W2k.F1: "FileVirus 1": Results of "full" Zoo test for file viruses W2k.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses W2k.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR 1.5, WinRAR 3.0 and CAB W2k.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW file objects packed with PKZIP, LHA, ARJ, RAR 1.5, WinRAR 3.0 and CAB + W2k.F3R: "Detection of aRchives infected with Packed File In-The-Wild viruses" under Windows 2000 + W2k.F3L: "Detection Loss in Archives (=number of viruses NOT detected in Archives) for File In-The-Wild viruses packed with different archivers under Windows 2000 W2k.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP W2k.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA W2k.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ W2k.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR 1.5 W2k.F3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 3.0 W2k.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB W2k.F4: "False Positive" File Virus Detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives" W2k.F5: "File-Malware": Results of "full" Zoo test for file-related (non-viral) malware W2k.M1: "MacroVirus 1": Results of "full" test for macro viruses W2k.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses W2k.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR 1.5, WinRAR 3.0 and CAB W2k.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR 1.5, WinRAR 3.0, CAB + W2k.M3R: "Detection of aRchives infected with Packed Macro In-The-Wild viruses" under Windows 2000 + W2k.M3L: "Detection Loss in Archives (=number of viruses NOT detected in Archives) for Macro In-The-Wild viruses packed with different archivers under Windows 2000 W2k.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP W2k.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA W2k.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ W2k.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR 1.5 W2k.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WinRAR 3.0 W2k.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB W2k.M4: "False Positive" detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" W2k.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware W2k.S1: "ScriptVirus 1": Results of "full" test for script viruses (VBS, JS etc) W2k.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses W2k.S5: "Script-Malware": Results of "full" zoo test for Script-related malware Table W2k.F1: "FileVirus 1": Results of "full" Zoo Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 23209 100.0% 166327 100.0% ------------------------------------------------------------ ANT 21090 90.9 6265 27.0 763 3.3 152870 91.9 AVA 22214 95.7 968 4.2 306 1.3 161271 97.0 AVG 18527 79.8 2615 11.3 472 2.0 140021 84.2 AVK 23208 100.~ 933 4.0 3 0.~ 166321 100.~ AVP 23201 100.~ 884 3.8 4 0.~ 166309 100.~ BDF 19590 84.4 2246 9.7 961 4.1 144442 86.8 CMD 22891 98.6 514 2.2 60 0.3 164861 99.1 DRW 18325 79.0 679 2.9 264 1.1 135529 81.5 FIR 17503 75.4 509 2.2 4877 21.0 91938 55.3 FPR 23096 99.5 373 1.6 31 0.1 166069 99.8 FSE 23208 100.~ 530 2.3 2 0.~ 166321 100.~ GLA 9437 40.7 703 3.0 1390 6.0 59417 35.7 IKA 21071 90.8 4812 20.7 876 3.8 151335 91.0 INO 22235 95.8 912 3.9 274 1.2 162888 97.9 NAV 23058 99.3 4062 17.5 569 2.5 162773 97.9 NVC 22041 95.0 5841 25.2 464 2.0 160606 96.6 PAV 23204 100.~ 1090 4.7 10 0.~ 166294 100.~ PER 8330 35.9 77 0.3 1112 4.8 58628 35.2 PRO 15600 67.2 1077 4.6 2268 9.8 111236 66.9 QHL 13700 59.0 1808 7.8 7483 32.2 58930 35.4 RAV 23080 99.4 1506 6.5 156 0.7 165538 99.5 SCN 23198 100.~ 1112 4.8 3 0.~ 166310 100.~ SWP 22782 98.2 1383 6.0 181 0.8 164343 98.8 VBR 15887 68.5 1103 4.8 2105 9.1 117661 70.7 VSP 3391 14.6 1110 4.8 494 2.1 22444 13.5 ------------------------------------------------------------ Mean: 82.7% 81.4% Rate>10%: 82.7% 81.4% ------------------------------------------------------------ Remark: decimal ~ indicates that result is rounded: (100.~ up to 100.0%, 0.~ down to 0.0%). Table W2k.F2: "FileVirus 2": Results of "In-The-Wild" Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 107 100.0 16 15.0 4 3.7 631 98.9 AVA 106 99.1 6 5.6 3 2.8 632 99.1 AVG 106 99.1 10 9.3 4 3.7 631 98.9 AVK 106 99.1 5 4.7 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 106 99.1 10 9.3 3 2.8 623 97.6 CMD 106 99.1 19 17.8 5 4.7 629 98.6 DRW 106 99.1 5 4.7 0 0.0 637 99.8 FIR 89 83.2 4 3.7 20 18.7 505 79.2 FPR 106 99.1 3 2.8 0 0.0 637 99.8 FSE 106 99.1 24 22.4 0 0.0 637 99.8 GLA 61 57.0 4 3.7 10 9.3 289 45.3 IKA 106 99.1 6 5.6 7 6.5 617 96.7 INO 106 99.1 8 7.5 2 1.9 635 99.5 NAV 106 99.1 13 12.1 0 0.0 637 99.8 NVC 106 99.1 11 10.3 5 4.7 628 98.4 PAV 106 99.1 8 7.5 0 0.0 637 99.8 PER 71 66.4 5 4.7 15 14.0 438 68.7 PRO 106 99.1 11 10.3 13 12.1 618 96.9 QHL 103 96.3 10 9.3 6 5.6 611 95.8 RAV 106 99.1 8 7.5 0 0.0 637 99.8 SCN 107 100.0 11 10.3 0 0.0 638 100.0 SWP 106 99.1 6 5.6 2 1.9 635 99.5 VBR 103 96.3 8 7.5 14 13.1 552 86.5 VSP 3 2.8 1 0.9 0 0.0 104 16.3 ------------------------------------------------------------ Mean: 91.5% 91.0% Rate>10%: 95.2% 94.1% ------------------------------------------------------------ Table W2k.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ================================================================ This includes Viruses detected per packer -------+------------+-----------+-----------+-----------+-----------+----------- ARJ % CAB % LHA % RAR1.5 % WRAR3.0 % ZIP % Testbed 107 100.0% 107 100.0% 107 100.0% 107 100.0% 107 100.0% 107 100.0% -------+------------+-----------+-----------+-----------+-----------+----------- ANT 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% AVA 106 99.1% 106 99.1% 0 0.0% 106 99.1% 106 99.1% 106 99.1% AVG 106 99.1% 0 0.0% 0 0.0% 106 99.1% 0 0.0% 106 99.1% AVK 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% AVP 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% BDF 106 99.1% 106 99.1% 105 98.1% 106 99.1% 106 99.1% 106 99.1% CMD 106 99.1% 106 99.1% 106 99.1% 24 22.4% 0 0.0% 106 99.1% DRW 106 99.1% 106 99.1% 0 0.0% 106 99.1% 106 99.1% 106 99.1% FIR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% FPR 106 99.1% 106 99.1% 106 99.1% 23 21.5% 0 0.0% 106 99.1% FSE 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% GLA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 61 57.0% IKA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% INO 106 99.1% 106 99.1% 105 98.1% 1 0.9% 0 0.0% 106 99.1% NAV 106 99.1% 106 99.1% 105 98.1% 0 0.0% 0 0.0% 106 99.1% NVC 106 99.1% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 106 99.1% PAV 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% 106 99.1% PER 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 71 66.4% PRO 106 99.1% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 106 99.1% QHL 103 96.3% 103 96.3% 0 0.0% 103 96.3% 103 96.3% 103 96.3% RAV 106 99.1% 106 99.1% 101 94.4% 106 99.1% 106 99.1% 106 99.1% SCN 107 100.0% 107 100.0% 107 100.0% 107 100.0% 0 0.0% 107 100.0% SWP 106 99.1% 0 0.0% 106 99.1% 106 99.1% 0 0.0% 106 99.1% VBR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% VSP 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% -------+------------+-----------+-----------+-----------+----------+------------ Mean: 71.3% 55.4% 47.3% 49.3% 35.6% 76.2% Rate>10%: 99.0% 99.0% 98.5% 87.9% 98.8% 95.3% ------------------------------------------------------------------------------- Table W2k.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================== This includes Viral objects detected per packer -------+------------+-----------+-----------+-----------+-----------+----------- ARJ % CAB % LHA % RAR1.5 % WRAR3.0 % ZIP % Testbed 638 100.0% 638 100.0% 638 100.0% 638 100.0% 638 100.0% 638 100.0% -------+------------+-----------+-----------+-----------+-----------+----------- ANT 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% AVA 604 94.7% 630 98.7% 0 0.0% 632 99.1% 629 98.6% 629 98.6% AVG 631 98.9% 0 0.0% 0 0.0% 631 98.9% 0 0.0% 617 96.7% AVK 637 99.8% 637 99.8% 637 99.8% 637 99.8% 637 99.8% 637 99.8% AVP 637 99.8% 637 99.8% 637 99.8% 637 99.8% 637 99.8% 637 99.8% BDF 593 92.9% 623 97.6% 619 97.0% 623 97.6% 623 97.6% 623 97.6% CMD 629 98.6% 629 98.6% 628 98.4% 29 4.5% 0 0.0% 629 98.6% DRW 635 99.5% 637 99.8% 0 0.0% 637 99.8% 637 99.8% 637 99.8% FIR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% FPR 637 99.8% 637 99.8% 620 97.2% 28 4.4% 0 0.0% 637 99.8% FSE 637 99.8% 637 99.8% 637 99.8% 637 99.8% 637 99.8% 637 99.8% GLA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 289 45.3% IKA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% INO 605 94.8% 635 99.5% 105 16.5% 2 0.3% 0 0.0% 635 99.5% NAV 637 99.8% 637 99.8% 629 98.6% 0 0.0% 0 0.0% 637 99.8% NVC 598 93.7% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 628 98.4% PAV 637 99.8% 637 99.8% 619 97.0% 637 99.8% 637 99.8% 637 99.8% PER 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 438 68.7% PRO 618 96.9% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 618 96.9% QHL 603 94.5% 605 94.8% 0 0.0% 605 94.8% 605 94.8% 605 94.8% RAV 637 99.8% 637 99.8% 602 94.4% 637 99.8% 637 99.8% 637 99.8% SCN 638 100.0% 638 100.0% 638 100.0% 638 100.0% 0 0.0% 638 100.0% SWP 635 99.5% 0 0.0% 635 99.5% 635 99.5% 0 0.0% 635 99.5% VBR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% VSP 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% -------+------------+-----------+-----------+-----------+-----------+----------- Mean: 70.5% 55.5% 43.9% 47.9% 35.6% 75.7% Rate>10%: 97.9% 99.1% 91.5% 85.5% 98.9% 94.7% ------------------------------------------------------------------------------- Table W2k.F3R: Detection of aRchives infected with "Packed File ITW viruses" under Windows 2000 ============================================== Total number of detected files in all archives ----------------------------- Testbed 642 100.0% ----------------------------- ANT 108 16.8% AVA 530 82.6% AVG 318 49.5% AVK 636 99.1% AVP 636 99.1% BDF 635 98.9% CMD 448 69.8% DRW 530 82.6% FIR 0 0.0% FPR 447 69.6% FSE 636 99.1% GLA 63 9.8% IKA 0 0.0% INO 424 66.0% NAV 423 65.9% NVC 212 33.0% PAV 636 99.1% PER 71 11.1% PRO 212 33.0% QHL 515 80.2% RAV 631 98.3% SCN 535 83.3% SWP 424 66.0% VBR 0 0.0% VSP 1 0.2% ----------------------------- Mean: 56.5% ----------------------------- Table W2k.F3L: Detection Loss in Archives (=number of viruses NOT detected in Archives) for "Packed File In-The-Wild" viruses packed with different archives under Windows 2000 ============================================================================== Number of files not detected in archives (but uncompressed) -------+------------+-----------+-----------+-----------+-----------+----------- ARJ % CAB % LHA % RAR1.5 % WRAR3.0 % ZIP % Testbed 638 100.0% 638 100.0% 638 100.0% 638 100.0% 638 100.0% 638 100.0% -------+------------+-----------+-----------+-----------+-----------+----------- ANT 631 100.0% 631 100.0% 631 100.0% 631 100.0% 631 100.0% 631 100.0% AVA 28 4.4% 2 0.3% 632 100.0% 0 0.0% 3 0.5% 3 0.5% AVG 0 0.0% 631 100.0% 631 100.0% 0 0.0% 631 100.0% 14 2.2% AVK 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% AVP 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% BDF 30 4.8% 0 0.0% 4 0.6% 0 0.0% 0 0.0% 0 0.0% CMD 0 0.0% 0 0.0% 1 0.2% 600 95.4% 629 100.0% 0 0.0% DRW 2 0.3% 0 0.0% 637 100.0% 0 0.0% 0 0.0% 0 0.0% FIR 505 100.0% 505 100.0% 505 100.0% 505 100.0% 505 100.0% 505 100.0% FPR 0 0.0% 0 0.0% 17 2.7% 609 95.6% 637 100.0% 0 0.0% FSE 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% GLA 289 100.0% 289 100.0% 289 100.0% 289 100.0% 289 100.0% 0 0.0% IKA 617 100.0% 617 100.0% 617 100.0% 617 100.0% 617 100.0% 617 100.0% INO 30 4.7% 0 0.0% 530 83.5% 633 99.7% 635 100.0% 0 0.0% NAV 0 0.0% 0 0.0% 8 1.3% 637 100.0% 637 100.0% 0 0.0% NVC 30 4.8% 628 100.0% 628 100.0% 628 100.0% 628 100.0% 0 0.0% PAV 0 0.0% 0 0.0% 18 2.8% 0 0.0% 0 0.0% 0 0.0% PER 438 100.0% 438 100.0% 438 100.0% 438 100.0% 438 100.0% 0 0.0% PRO 0 0.0% 618 100.0% 618 100.0% 618 100.0% 618 100.0% 0 0.0% QHL 8 1.3% 6 1.0% 611 100.0% 6 1.0% 6 1.0% 6 1.0% RAV 0 0.0% 0 0.0% 35 5.5% 0 0.0% 0 0.0% 0 0.0% SCN 0 0.0% 0 0.0% 0 0.0% 0 0.0% 638 100.0% 0 0.0% SWP 0 0.0% 635 100.0% 0 0.0% 0 0.0% 635 100.0% 0 0.0% VBR 552 100.0% 552 100.0% 552 100.0% 552 100.0% 552 100.0% 552 100.0% VSP 104 100.0% 104 100.0% 104 100.0% 104 100.0% 104 100.0% 104 100.0% -------+------------+-----------+-----------+-----------+-----------+----------- Mean: 28.8% 44.0% 55.9% 51.7% 64.1% 20.1% -------+------------+-----------+-----------+-----------+-----------+----------- Remark: Values in this table represent the difference between unpacked ITW virus samples found and those found when compressed. Ideally, "0" implies that all viruses found ITW are also found in compressed archives, whereas "100%" implies that none of those ITW viruses detected in uncompressed form was found in compressed archives. Negative values imply that MORE ITW viruses are found in packed archives than in unpacked samples. Table W2k.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 106 99.1 12 11.2 4 3.7 629 98.6 AVG 106 99.1 6 5.6 15 14.0 617 96.7 AVK 106 99.1 8 7.5 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 106 99.1 10 9.3 3 2.8 623 97.6 CMD 106 99.1 19 17.8 5 4.7 629 98.6 DRW 106 99.1 5 4.7 0 0.0 637 99.8 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 106 99.1 3 2.8 0 0.0 637 99.8 FSE 106 99.1 25 23.4 0 0.0 637 99.8 GLA 61 57.0 4 3.7 10 9.3 289 45.3 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 106 99.1 8 7.5 2 1.9 635 99.5 NAV 106 99.1 13 12.1 0 0.0 637 99.8 NVC 106 99.1 11 10.3 5 4.7 628 98.4 PAV 106 99.1 5 4.7 0 0.0 637 99.8 PER 71 66.4 5 4.7 15 14.0 438 68.7 PRO 106 99.1 11 10.3 13 12.1 618 96.9 QHL 103 96.3 7 6.5 9 8.4 605 94.8 RAV 106 99.1 8 7.5 0 0.0 637 99.8 SCN 107 100.0 11 10.3 0 0.0 638 100.0 SWP 106 99.1 6 5.6 2 1.9 635 99.5 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 76.1% 75.7% Rate>10%: 95.3% 94.7% ----------------------------------------------------------- Table W2k.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 106 99.1 5 4.7 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 105 98.1 9 8.4 6 5.6 619 97.0 CMD 106 99.1 19 17.8 6 5.6 628 98.4 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 106 99.1 3 2.8 1 0.9 620 97.2 FSE 106 99.1 24 22.4 0 0.0 637 99.8 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 105 98.1 0 0.0 63 58.9 105 16.5 NAV 105 98.1 13 12.1 2 1.9 629 98.6 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 106 99.1 5 4.7 2 1.9 619 97.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 101 94.4 8 7.5 0 0.0 602 94.4 SCN 107 100.0 11 10.3 0 0.0 638 100.0 SWP 106 99.1 6 5.6 2 1.9 635 99.5 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------ Mean: 47.3% 43.9% Rate>10%: 98.5% 91.5% ------------------------------------------------------------ Table W2k.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 106 99.1 13 12.1 4 3.7 604 94.7 AVG 106 99.1 10 9.3 4 3.7 631 98.9 AVK 106 99.1 8 7.5 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 106 99.1 10 9.3 5 4.7 593 92.9 CMD 106 99.1 19 17.8 5 4.7 629 98.6 DRW 106 99.1 5 4.7 2 1.9 635 99.5 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 106 99.1 3 2.8 0 0.0 637 99.8 FSE 106 99.1 24 22.4 0 0.0 637 99.8 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 106 99.1 8 7.5 4 3.7 605 94.8 NAV 106 99.1 13 12.1 0 0.0 637 99.8 NVC 106 99.1 11 10.3 7 6.5 598 93.7 PAV 106 99.1 5 4.7 0 0.0 637 99.8 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 106 99.1 11 10.3 13 12.1 618 96.9 QHL 103 96.3 7 6.5 11 10.3 603 94.5 RAV 106 99.1 8 7.5 0 0.0 637 99.8 SCN 107 100.0 11 10.3 0 0.0 638 100.0 SWP 106 99.1 6 5.6 2 1.9 635 99.5 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 71.3% 70.5% Rate>10%: 99.0% 97.2% ----------------------------------------------------------- Table W2k.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR 1.5: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 106 99.1 12 11.2 3 2.8 632 99.1 AVG 106 99.1 10 9.3 4 3.7 631 98.9 AVK 106 99.1 5 4.7 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 106 99.1 10 9.3 3 2.8 623 97.6 CMD 24 22.4 4 3.7 13 12.1 29 4.5 DRW 106 99.1 5 4.7 0 0.0 637 99.8 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 23 21.5 0 0.0 12 11.2 28 4.4 FSE 106 99.1 24 22.4 0 0.0 637 99.8 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 1 0.9 0 0.0 1 0.9 2 0.3 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 106 99.1 5 4.7 0 0.0 637 99.8 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 103 96.3 7 6.5 9 8.4 605 94.8 RAV 106 99.1 8 7.5 0 0.0 637 99.8 SCN 107 100.0 11 10.3 0 0.0 638 100.0 SWP 106 99.1 6 5.6 2 1.9 635 99.5 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 49.3% 47.9% Rate>10%: 87.9% 85.5% ----------------------------------------------------------- Table W2k.F3e: "WINRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 3.0: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 106 99.1 12 11.2 6 5.6 629 98.6 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 106 99.1 8 7.5 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 106 99.1 10 9.3 3 2.8 623 97.6 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 106 99.1 5 4.7 0 0.0 637 99.8 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FSE 106 99.1 24 22.4 0 0.0 637 99.8 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 106 99.1 5 4.7 0 0.0 637 99.8 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 103 96.3 7 6.5 9 8.4 605 94.8 RAV 106 99.1 8 7.5 0 0.0 637 99.8 SCN 0 0.0 0 0.0 0 0.0 0 0.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 35.6% 36.0% Rate>10%: 98.8% 98.9% ----------------------------------------------------------- Table W2k.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 107 100.0% 638 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 106 99.1 12 11.2 5 4.7 630 98.7 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 106 99.1 5 4.7 0 0.0 637 99.8 AVP 106 99.1 5 4.7 0 0.0 637 99.8 BDF 106 99.1 10 9.3 3 2.8 623 97.6 CMD 106 99.1 19 17.8 5 4.7 629 98.6 DRW 106 99.1 5 4.7 0 0.0 637 99.8 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 106 99.1 3 2.8 0 0.0 637 99.8 FSE 106 99.1 24 22.4 0 0.0 637 99.8 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 106 99.1 8 7.5 2 1.9 635 99.5 NAV 106 99.1 13 12.1 0 0.0 637 99.8 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 106 99.1 5 4.7 0 0.0 637 99.8 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 103 96.3 7 6.5 9 8.4 605 94.8 RAV 106 99.1 8 7.5 0 0.0 637 99.8 SCN 107 100.0 11 10.3 0 0.0 638 100.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 55.4% 55.5% Rate>10%: 99.0% 99.1% ----------------------------------------------------------- Table W2k.F4: "False Positive" file virus detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives": ============================================================= False positive Scanner detection ----------------------------- Testbed 721 100.0% ----------------------------- ANT 0 0.0 AVA 0 0.0 AVG 0 0.0 AVK 0 0.0 AVP 0 0.0 BDF 0 0.0 CMD 0 0.0 DRW 0 0.0 FIR 0 0.0 FPR 0 0.0 FSE 0 0.0 GLA 0 0.0 IKA 0 0.0 INO 0 0.0 NAV 0 0.0 NVC 0 0.0 PAV 0 0.0 PER 0 0.0 PRO 0 0.0 QHL 0 0.0 RAV 0 0.0 SCN 0 0.0 SWP 0 0.0 VBR 0 0.0 VSP 0 0.0 ----------------------------- Mean: 0.0% ----------------------------- Table W2k.F5: "File-Malware": Results of "full" Zoo Test for File-related malware: ==================================================== This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 12368 100.0% 28621 100.0% ------------------------------------------------------------ ANT 8370 67.7 762 6.2 726 5.9 17029 59.5 AVA 6777 54.8 355 2.9 506 4.1 18281 63.9 AVG 6745 54.5 612 4.9 513 4.1 13720 47.9 AVK 12329 99.7 1328 10.7 30 0.2 28515 99.6 AVP 12141 98.2 1236 10.0 114 0.9 28112 98.2 BDF 9176 74.2 739 6.0 789 6.4 19733 68.9 CMD 11008 89.0 5676 45.9 319 2.6 24976 87.3 DRW 703 5.7 42 0.3 30 0.2 1249 4.4 FIR 6713 54.3 219 1.8 1062 8.6 10953 38.3 FPR 12233 98.9 6395 51.7 66 0.5 28308 98.9 FSE 12347 99.8 6228 50.4 17 0.1 28574 99.8 GLA 5711 46.2 176 1.4 858 6.9 10292 36.0 IKA 8397 67.9 1211 9.8 736 6.0 17409 60.8 INO 10331 83.5 898 7.3 749 6.1 22644 79.1 NAV 11482 92.8 4252 34.4 533 4.3 25579 89.4 NVC 8329 67.3 3209 25.9 704 5.7 18220 63.7 PAV 12277 99.3 1336 10.8 43 0.3 28442 99.4 PER 856 6.9 11 0.1 254 2.1 1495 5.2 PRO 5690 46.0 199 1.6 915 7.4 10233 35.8 QHL 1602 13.0 212 1.7 279 2.3 2968 10.4 RAV 6618 53.5 1110 9.0 147 1.2 18316 64.0 SCN 12087 97.7 390 3.2 30 0.2 28228 98.6 SWP 11013 89.0 836 6.8 670 5.4 24558 85.8 VBR 5354 43.3 162 1.3 631 5.1 9831 34.3 VSP 4634 37.5 794 6.4 217 1.8 6675 23.3 ----------------------------------------------------------- Mean: 65.6% 62.1% Rate>10%: 70.8% 67.1% ----------------------------------------------------------- Table W2k.M1: "MacroVirus 1": Results of "full" zoo test for macro viruses under Windows-2000: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 7796 100.0% 27370 100.0% ----------------------------------------------------------- ANT 7632 97.9 295 3.8 49 0.6 26757 97.8 AVA 7630 97.9 47 0.6 46 0.6 26829 98.0 AVG 7638 98.0 61 0.8 26 0.3 26920 98.4 AVK 7795 100.~ 162 2.1 1 0.~ 27367 100.~ AVP 7795 100.~ 161 2.1 2 0.~ 27364 100.~ BDF 7648 98.1 181 2.3 31 0.4 26964 98.5 CMD 7787 99.9 81 1.0 7 0.1 27348 99.9 DRW 7750 99.4 101 1.3 14 0.2 27253 99.6 FIR 6700 85.9 246 3.2 185 2.4 23369 85.4 FPR 7790 99.9 77 1.0 7 0.1 27352 99.9 FSE 7795 100.~ 90 1.2 0 0.0 27368 100.~ GLA 118 1.5 0 0.0 19 0.2 375 1.4 IKA 7526 96.5 607 7.8 181 2.3 26500 96.8 INO 7787 99.9 150 1.9 12 0.2 27317 99.8 NAV 7789 99.9 1205 15.5 7 0.1 27340 99.9 NVC 7737 99.2 176 2.3 45 0.6 27041 98.8 PAV 7795 100.~ 188 2.4 2 0.~ 27364 100.~ PER 5441 69.8 150 1.9 70 0.9 19235 70.3 PRO 5698 73.1 211 2.7 223 2.9 19113 69.8 QHL *** no report - see problem list *** RAV 7784 99.8 384 4.9 11 0.1 27328 99.9 SCN 7795 100.~ 1078 13.8 4 0.1 27360 100.~ SWP 7773 99.7 120 1.5 8 0.1 27331 99.9 VBR 7669 98.4 313 4.0 32 0.4 27078 98.9 VSP 8 0.1 0 0.0 8 0.1 9 0.~ ----------------------------------------------------------- Mean 88.1% 88.1% Rate>10%: 96.1% 96.0% ----------------------------------------------------------- Table W2k.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses under Windows-2000: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ----------------------------------------------------------- ANT 74 100.0 10 13.5 0 0.0 976 100.0 AVA 74 100.0 1 1.4 4 5.4 971 99.5 AVG 74 100.0 9 12.2 1 1.4 975 99.9 AVK 74 100.0 6 8.1 0 0.0 976 100.0 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 14 18.9 0 0.0 976 100.0 CMD 74 100.0 5 6.8 1 1.4 975 99.9 DRW 74 100.0 8 10.8 0 0.0 976 100.0 FIR 71 95.9 8 10.8 12 16.2 923 94.6 FPR 74 100.0 5 6.8 1 1.4 975 99.9 FSE 74 100.0 6 8.1 0 0.0 976 100.0 GLA 3 4.1 0 0.0 1 1.4 18 1.8 IKA 74 100.0 19 25.7 3 4.1 970 99.4 INO 74 100.0 5 6.8 1 1.4 975 99.9 NAV 74 100.0 15 20.3 0 0.0 976 100.0 NVC 74 100.0 10 13.5 7 9.5 965 98.9 PAV 74 100.0 8 10.8 0 0.0 976 100.0 PER 64 86.5 8 10.8 7 9.5 873 89.4 PRO 74 100.0 19 25.7 5 6.8 969 99.3 QHL 74 100.0 9 12.2 4 5.4 948 97.1 RAV 74 100.0 16 21.6 1 1.4 975 99.9 SCN 74 100.0 14 18.9 0 0.0 976 100.0 SWP 74 100.0 14 18.9 0 0.0 976 100.0 VBR 73 98.6 13 17.6 0 0.0 971 99.5 VSP 1 1.4 0 0.0 1 1.4 1 0.1 ----------------------------------------------------------- Mean 91.5% 91.2% Rate>10%: 99.2% 99.0% ----------------------------------------------------------- Table W2k.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WRAR3.0 % ZIP % -------+------------+-----------+-----------+-----------+-----------+---------- Testbed 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% -------+------------+-----------+-----------+-----------+-----------+---------- ANT 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% AVA 74 100.0% 74 100.0% 0 0.0% 74 100.0% 74 100.0% 74 100.0% AVG 74 100.0% 0 0.0% 0 0.0% 74 100.0% 0 0.0% 74 100.0% AVK 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% AVP 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% BDF 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% CMD 74 100.0% 74 100.0% 74 100.0% 2 2.7% 0 0.0% 74 100.0% DRW 74 100.0% 74 100.0% 0 0.0% 74 100.0% 74 100.0% 74 100.0% FIR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% FPR 74 100.0% 74 100.0% 74 100.0% 2 2.7% 0 0.0% 74 100.0% FSE 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% GLA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 3 4.1% IKA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% INO 74 100.0% 74 100.0% 74 100.0% 0 0.0% 0 0.0% 74 100.0% NAV 74 100.0% 74 100.0% 74 100.0% 0 0.0% 0 0.0% 74 100.0% NVC 74 100.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 74 100.0% PAV 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% 74 100.0% PER 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 64 86.5% PRO 74 100.0% 74 100.0% 0 0.0% 0 0.0% 0 0.0% 74 100.0% QHL 74 100.0% 74 100.0% 0 0.0% 74 100.0% 74 100.0% 74 100.0% RAV 74 100.0% 74 100.0% 64 86.5% 74 100.0% 74 100.0% 74 100.0% SCN 74 100.0% 74 100.0% 74 100.0% 74 100.0% 0 0.0% 74 100.0% SWP 74 100.0% 0 0.0% 74 100.0% 74 100.0% 0 0.0% 74 100.0% VBR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% VSP 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% -------+------------+-----------+-----------+-----------+-----------+---------- Mean 72.0% 60.0% 47.5% 48.2% 36.0% 75.2% Rate>10%: 100.0% 100.0% 98.9% 100.0% 100.0% 99.3% -------+------------+-----------+-----------+-----------+-----------+---------- Table W2k.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================= This includes Viral objects detected per packer -------+------------+-----------+-----------+-----------+-----------+----------- ARJ % CAB % LHA % RAR % WRAR3.0 % ZIP % -------+------------+-----------+-----------+-----------+-----------+----------- Testbed 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% -------+------------+-----------+-----------+-----------+-----------+----------- ANT 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% AVA 971 99.5% 971 99.5% 0 0.0% 971 99.5% 971 99.5% 971 99.5% AVG 975 99.9% 0 0.0% 0 0.0% 975 99.9% 0 0.0% 973 99.7% AVK 975 99.9% 976 100.0% 976 100.0% 976 100.0% 975 99.9% 975 99.9% AVP 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% BDF 976 100.0% 976 100.0% 969 99.3% 976 100.0% 976 100.0% 976 100.0% CMD 975 99.9% 975 99.9% 974 99.8% 4 0.4% 0 0.0% 975 99.9% DRW 976 100.0% 976 100.0% 0 0.0% 976 100.0% 976 100.0% 976 100.0% FIR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% FPR 975 99.9% 975 99.9% 974 99.8% 4 0.4% 0 0.0% 975 99.9% FSE 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% GLA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 18 1.8% IKA 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% INO 975 99.9% 975 99.9% 975 99.9% 0 0.0% 0 0.0% 975 99.9% NAV 976 100.0% 976 100.0% 976 100.0% 0 0.0% 0 0.0% 976 100.0% NVC 965 98.9% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 965 98.9% PAV 976 100.0% 976 100.0% 749 76.7% 976 100.0% 976 100.0% 976 100.0% PER 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 873 89.4% PRO 969 99.3% 969 99.3% 0 0.0% 0 0.0% 0 0.0% 969 99.3% QHL 948 97.1% 948 97.1% 0 0.0% 948 97.1% 948 97.1% 948 97.1% RAV 975 99.9% 975 99.9% 810 83.0% 975 99.9% 975 99.9% 975 99.9% SCN 976 100.0% 976 100.0% 976 100.0% 976 100.0% 0 0.0% 976 100.0% SWP 976 100.0% 0 0.0% 976 100.0% 976 100.0% 0 0.0% 976 100.0% VBR 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% VSP 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% -------+------------+-----------+-----------+-----------+-----------+----------- Mean 71.8% 59.8% 46.3% 47.9% 35.9% 75.4% Rate>10%: 99.7% 99.7% 96.5% 99.7% 99.6% 99.1% -------+------------+-----------+-----------+-----------+-----------+----------- Table W2k.M3R: Detection of aRchives infected with "Packed Macro In-The-Wild viruses" under Windows 2000 ==================================================================== Product Total number of detected files in all archives ----------------------------- Testbed 444 100.0% ----------------------------- ANT 74 16.7% AVA 370 83.3% AVG 222 50.0% AVK 444 100.0% AVP 444 100.0% BDF 444 100.0% CMD 298 67.1% DRW 370 83.3% FIR 0 0.0% FPR 298 67.1% FSE 444 100.0% GLA 3 0.7% IKA 1 0.2% INO 296 66.7% NAV 296 66.7% NVC 148 33.3% PAV 444 100.0% PER 64 14.4% PRO 222 50.0% QHL 370 83.3% RAV 434 97.7% SCN 370 83.3% SWP 296 66.7% VBR 0 0.0% VSP 0 0.0% ----------------------------- Mean: 57.2% ----------------------------- Table W2k.M3L: Detection Loss in Archives (=number of viruses NOT detected in Archives) for "Packed Macro In-The-Wild" viruses packed with different archives under Windows 2000 ============================================================================== Number of files not detected in archives (but uncompressed) -------+------------+-----------+-----------+-----------+-----------+----------- ARJ % CAB % I LHA % I RAR % I WRAR3.0 % I ZIP % -------+------------+-----------+-----------+-----------+-----------+----------- ANT 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% 976 100.0% AVA 0 0.0% 0 0.0% 971 100.0% 0 0.0% 0 0.0% 0 0.0% AVG 0 0.0% 975 100.0% 975 100.0% 0 0.0% 975 100.0% 2 0.2% AVK 1 0.1% 0 0.0% 0 0.0% 0 0.0% 1 0.1% 1 0.1% AVP 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% BDF 0 0.0% 0 0.0% 7 0.7% 0 0.0% 0 0.0% 0 0.0% CMD 0 0.0% 0 0.0% 1 0.1% 971 99.6% 975 100.0% 0 0.0% DRW 0 0.0% 0 0.0% 976 100.0% 0 0.0% 0 0.0% 0 0.0% FIR 923 100.0% 923 100.0% 923 100.0% 923 100.0% 923 100.0% 923 100.0% FPR 0 0.0% 0 0.0% 1 0.1% 971 99.6% 975 100.0% 0 0.0% FSE 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0% GLA 18 100.0% 18 100.0% 18 100.0% 18 100.0% 18 100.0% 0 0.0% IKA 970 100.0% 970 100.0% 970 100.0% 970 100.0% 970 100.0% 970 100.0% INO 0 0.0% 0 0.0% 0 0.0% 975 100.0% 975 100.0% 0 0.0% NAV 0 0.0% 0 0.0% 0 0.0% 976 100.0% 976 100.0% 0 0.0% NVC 0 0.0% 965 100.0% 965 100.0% 965 100.0% 965 100.0% 0 0.0% PAV 0 0.0% 0 0.0% 227 23.3% 0 0.0% 0 0.0% 0 0.0% PER 873 100.0% 873 100.0% 873 100.0% 873 100.0% 873 100.0% 0 0.0% PRO 0 0.0% 0 0.0% 969 100.0% 969 100.0% 969 100.0% 0 0.0% QHL 0 0.0% 0 0.0% 948 100.0% 0 0.0% 0 0.0% 0 0.0% RAV 0 0.0% 0 0.0% 165 16.9% 0 0.0% 0 0.0% 0 0.0% SCN 0 0.0% 0 0.0% 0 0.0% 0 0.0% 976 100.0% 0 0.0% SWP 0 0.0% 976 100.0% 0 0.0% 0 0.0% 976 100.0% 0 0.0% VBR 971 100.0% 971 100.0% 971 100.0% 971 100.0% 971 100.0% 971 100.0% VSP 1 100.0% 1 100.0% 1 100.0% 1 100.0% 1 100.0% 1 0.1% -------+------------+-----------+-----------+-----------+-----------+----------- Mean: 28.0% 40.0% 53.6% 52.0% 64.0% 16.0% -------+------------+-----------+-----------+-----------+-----------+----------- Remark: Values in this table represent the difference between unpacked ITW virus samples found and those found when compressed. Ideally, "0" implies that all viruses found ITW are also found in compressed archives, whereas "100%" implies that none of those ITW viruses detected in uncompressed form was found in compressed archives. Negative values imply that MORE ITW viruses are found in packed archives than in unpacked samples. Table W2k.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP under Windows-2000: ======================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 74 100.0 6 8.1 4 5.4 971 99.5 AVG 74 100.0 9 12.2 3 4.1 973 99.7 AVK 74 100.0 17 23.0 1 1.4 975 99.9 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 14 18.9 0 0.0 976 100.0 CMD 74 100.0 5 6.8 1 1.4 975 99.9 DRW 74 100.0 8 10.8 0 0.0 976 100.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 74 100.0 5 6.8 1 1.4 975 99.9 FSE 74 100.0 8 10.8 0 0.0 976 100.0 GLA 3 4.1 0 0.0 1 1.4 18 1.8 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 74 100.0 5 6.8 1 1.4 975 99.9 NAV 74 100.0 15 20.3 0 0.0 976 100.0 NVC 74 100.0 10 13.5 7 9.5 965 98.9 PAV 74 100.0 6 8.1 0 0.0 976 100.0 PER 64 86.5 8 10.8 7 9.5 873 89.4 PRO 74 100.0 18 24.3 5 6.8 969 99.3 QHL 74 100.0 9 12.2 4 5.4 948 97.1 RAV 74 100.0 16 21.6 1 1.4 975 99.9 SCN 74 100.0 14 18.9 0 0.0 976 100.0 SWP 74 100.0 14 18.9 0 0.0 976 100.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 75.6% 75.4% Rate>10%: 99.3% 99.1% ----------------------------------------------------------- Table W2k.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 74 100.0 6 8.1 0 0.0 976 100.0 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 13 17.6 7 9.5 969 99.3 CMD 74 100.0 5 6.8 2 2.7 974 99.8 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 74 100.0 5 6.8 2 2.7 974 99.8 FSE 74 100.0 6 8.1 0 0.0 976 100.0 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 74 100.0 5 6.8 1 1.4 975 99.9 NAV 74 100.0 15 20.3 0 0.0 976 100.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 74 100.0 6 8.1 1 1.4 749 76.7 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 64 86.5 15 20.3 1 1.4 810 83.0 SCN 74 100.0 14 18.9 0 0.0 976 100.0 SWP 74 100.0 14 18.9 0 0.0 976 100.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 47.5% 46.3% Rate>10%: 98.9% 96.5% ----------------------------------------------------------- Table W2k.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 74 100.0 6 8.1 4 5.4 971 99.5 AVG 74 100.0 9 12.2 1 1.4 975 99.9 AVK 74 100.0 17 23.0 1 1.4 975 99.9 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 14 18.9 0 0.0 976 100.0 CMD 74 100.0 5 6.8 1 1.4 975 99.9 DRW 74 100.0 8 10.8 0 0.0 976 100.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 74 100.0 5 6.8 1 1.4 975 99.9 FSE 74 100.0 6 8.1 0 0.0 976 100.0 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 74 100.0 5 6.8 1 1.4 975 99.9 NAV 74 100.0 15 20.3 0 0.0 976 100.0 NVC 74 100.0 10 13.5 7 9.5 965 98.9 PAV 74 100.0 6 8.1 0 0.0 976 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 74 100.0 18 24.3 5 6.8 969 99.3 QHL 74 100.0 9 12.2 4 5.4 948 97.1 RAV 74 100.0 16 21.6 1 1.4 975 99.9 SCN 74 100.0 14 18.9 0 0.0 976 100.0 SWP 74 100.0 14 18.9 0 0.0 976 100.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 72.0% 71.8% Rate>10%: 100.0% 99.7% ----------------------------------------------------------- Table W2k.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR 1.5 under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 74 100.0 6 8.1 4 5.4 971 99.5 AVG 74 100.0 9 12.2 1 1.4 975 99.9 AVK 74 100.0 7 9.5 0 0.0 976 100.0 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 14 18.9 0 0.0 976 100.0 CMD 2 2.7 0 0.0 2 2.7 4 0.4 DRW 74 100.0 8 10.8 0 0.0 976 100.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 2 2.7 0 0.0 2 2.7 4 0.4 FSE 74 100.0 6 8.1 0 0.0 976 100.0 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 74 100.0 6 8.1 0 0.0 976 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 74 100.0 9 12.2 4 5.4 948 97.1 RAV 74 100.0 16 21.6 1 1.4 975 99.9 SCN 74 100.0 14 18.9 0 0.0 976 100.0 SWP 74 100.0 14 18.9 0 0.0 976 100.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 48.2% 47.9% Rate>10%: 100.0% 99.7% ----------------------------------------------------------- Table W2k.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WinRAR 3.0: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 74 100.0 6 8.1 4 5.4 971 99.5 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 74 100.0 17 23.0 1 1.4 975 99.9 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 14 18.9 0 0.0 976 100.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 74 100.0 8 10.8 0 0.0 976 100.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FSE 74 100.0 6 8.1 0 0.0 976 100.0 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 74 100.0 6 8.1 0 0.0 976 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 74 100.0 9 12.2 4 5.4 948 97.1 RAV 74 100.0 16 21.6 1 1.4 975 99.9 SCN 0 0.0 0 0.0 0 0.0 0 0.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 36.0% 35.9% Rate>10%: 100.0% 99.6% ----------------------------------------------------------- Table W2k.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 74 100.0% 976 100.0% ------------------------------------------------------------ ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 74 100.0 6 8.1 4 5.4 971 99.5 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 74 100.0 7 9.5 0 0.0 976 100.0 AVP 74 100.0 6 8.1 0 0.0 976 100.0 BDF 74 100.0 14 18.9 0 0.0 976 100.0 CMD 74 100.0 5 6.8 1 1.4 975 99.9 DRW 74 100.0 8 10.8 0 0.0 976 100.0 FIR 0 0.0 0 0.0 0 0.0 0 0.0 FPR 74 100.0 5 6.8 1 1.4 975 99.9 FSE 74 100.0 6 8.1 0 0.0 976 100.0 GLA 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 74 100.0 5 6.8 1 1.4 975 99.9 NAV 74 100.0 15 20.3 0 0.0 976 100.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 74 100.0 6 8.1 0 0.0 976 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 74 100.0 18 24.3 5 6.8 969 99.3 QHL 74 100.0 9 12.2 4 5.4 948 97.1 RAV 74 100.0 16 21.6 1 1.4 975 99.9 SCN 74 100.0 14 18.9 0 0.0 976 100.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 VBR 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 60.0% 59.8% Rate>10%: 100.0% 99.7% ----------------------------------------------------------- Table W2k.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" under Windows-2000: ================================================================= False positive Scanner detection ----------------------------------------- Testbed 329 100.0% ----------------------------------------- ANT 0 0.0 AVA 0 0.0 AVG 0 0.0 AVK 2 0.6 AVP 1 0.3 BDF 0 0.0 CMD 2 0.6 DRW 29 8.8 FIR 30 9.1 FPR 2 0.6 FSE 2 0.6 GLA 0 0.0 IKA 11 3.3 INO 0 0.0 NAV 0 0.0 NVC 3 0.9 PAV 1 0.3 PER 3 0.9 PRO 0 0.0 QHL *** no report - see problem list *** RAV 1 0.3 SCN 0 0.0 SWP 0 0.0 VBR 151 45.9 VSP 0 0.0 ----------------------------------------- Mean 3.1% ----------------------------------------- Table W2k.M5: "Macro-Malware": Results of "full" test for Macro-related malware under Windows-2000: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 485 100.0% 792 100.0% ------------------------------------------------------------ ANT 419 86.4 18 3.7 7 1.4 696 87.9 AVA 465 95.9 6 1.2 12 2.5 724 91.4 AVG 379 78.1 1 0.2 6 1.2 644 81.3 AVK 485 100.0 2 0.4 0 0.0 792 100.0 AVP 485 100.0 1 0.2 1 0.2 791 99.9 BDF 467 96.3 9 1.9 9 1.9 750 94.7 CMD 485 100.0 5 1.0 0 0.0 792 100.0 DRW 480 99.0 5 1.0 4 0.8 783 98.9 FIR 378 77.9 2 0.4 15 3.1 599 75.6 FPR 485 100.0 4 0.8 0 0.0 792 100.0 FSE 485 100.0 5 1.0 0 0.0 792 100.0 GLA 14 2.9 0 0.0 0 0.0 15 1.9 IKA 444 91.5 48 9.9 9 1.9 725 91.5 INO 482 99.4 6 1.2 5 1.0 774 97.7 NAV 477 98.4 89 18.4 2 0.4 777 98.1 NVC 471 97.1 14 2.9 3 0.6 736 92.9 PAV 485 100.0 3 0.6 1 0.2 791 99.9 PER 277 57.1 7 1.4 10 2.1 463 58.5 PRO 271 55.9 2 0.4 12 2.5 425 53.7 QHL 370 76.3 11 2.3 11 2.3 620 78.3 RAV 481 99.2 29 6.0 2 0.4 784 99.0 SCN 484 99.8 109 22.5 1 0.2 790 99.7 SWP 477 98.4 6 1.2 3 0.6 771 97.3 VBR 460 94.8 55 11.3 3 0.6 749 94.6 VSP 1 0.2 0 0.0 0 0.0 1 0.1 ----------------------------------------------------------- Mean 84.2% 83.7% Rate>10%: 91.4% 90.9% ----------------------------------------------------------- Table W2k.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 959 100.0% 2222 100.0% ------------------------------------------------------------ ANT 839 87.5 95 9.9 101 10.5 1796 80.8 AVA 851 88.7 86 9.0 80 8.3 1916 86.2 AVG 654 68.2 59 6.2 69 7.2 1566 70.5 AVK 957 99.8 176 18.4 1 0.1 2218 99.8 AVP 956 99.7 134 14.0 2 0.2 2216 99.7 BDF 904 94.3 165 17.2 61 6.4 2008 90.4 CMD 945 98.5 153 16.0 39 4.1 2136 96.1 DRW 915 95.4 90 9.4 39 4.1 2080 93.6 FIR 728 75.9 61 6.4 119 12.4 1434 64.5 FPR 952 99.3 166 17.3 17 1.8 2191 98.6 FSE 959 100.0 187 19.5 1 0.1 2219 99.9 GLA 475 49.5 21 2.2 74 7.7 1096 49.3 IKA 879 91.7 165 17.2 71 7.4 1955 88.0 INO 935 97.5 146 15.2 32 3.3 2147 96.6 NAV 947 98.7 180 18.8 12 1.3 2185 98.3 NVC 828 86.3 105 10.9 78 8.1 1794 80.7 PAV 956 99.7 246 25.7 2 0.2 2216 99.7 PER 220 22.9 6 0.6 73 7.6 632 28.4 PRO 675 70.4 57 5.9 112 11.7 1464 65.9 QHL 279 29.1 12 1.3 56 5.8 832 37.4 RAV 956 99.7 165 17.2 17 1.8 2192 98.6 SCN 959 100.0 82 8.6 3 0.3 2218 99.8 SWP 928 96.8 106 11.1 49 5.1 2099 94.5 VBR 445 46.4 112 11.7 70 7.3 1127 50.7 VSP 801 83.5 148 15.4 112 11.7 1614 72.6 ----------------------------------------------------------- Mean 83.2% 81.6% Rate>10%: 83.2% 81.6% ----------------------------------------------------------- Table W2k.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 22 100.0% 178 100.0% ------------------------------------------------------------ ANT 22 100.0 3 13.6 7 31.8 154 86.5 AVA 22 100.0 2 9.1 3 13.6 174 97.8 AVG 22 100.0 4 18.2 4 18.2 169 94.9 AVK 22 100.0 6 27.3 0 0.0 178 100.0 AVP 22 100.0 5 22.7 0 0.0 178 100.0 BDF 22 100.0 4 18.2 3 13.6 172 96.6 CMD 22 100.0 4 18.2 3 13.6 174 97.8 DRW 22 100.0 2 9.1 3 13.6 174 97.8 FIR 21 95.5 1 4.5 9 40.9 137 77.0 FPR 22 100.0 6 27.3 1 4.5 177 99.4 FSE 22 100.0 7 31.8 0 0.0 178 100.0 GLA 12 54.5 1 4.5 4 18.2 113 63.5 IKA 22 100.0 6 27.3 2 9.1 176 98.9 INO 22 100.0 7 31.8 1 4.5 177 99.4 NAV 22 100.0 10 45.5 0 0.0 178 100.0 NVC 22 100.0 3 13.6 4 18.2 168 94.4 PAV 22 100.0 8 36.4 0 0.0 178 100.0 PER 15 68.2 0 0.0 8 36.4 104 58.4 PRO 22 100.0 2 9.1 6 27.3 151 84.8 QHL 21 95.5 0 0.0 6 27.3 154 86.5 RAV 22 100.0 8 36.4 1 4.5 177 99.4 SCN 22 100.0 4 18.2 0 0.0 178 100.0 SWP 22 100.0 2 9.1 2 9.1 168 94.4 VBR 16 72.7 6 27.3 4 18.2 129 72.5 VSP 20 90.9 2 9.1 7 31.8 145 81.5 ----------------------------------------------------------- Mean 95.1% 91.3% Rate>10%: 95.1% 91.3% ----------------------------------------------------------- Table W2k.S5: "Script-Malware": Results of "full" test for Script-related malware under Windows-2000: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 330 100.0% 1103 100.0% ------------------------------------------------------------ ANT 195 59.1 18 5.5 60 18.2 394 35.7 AVA 286 86.7 39 11.8 52 15.8 782 70.9 AVG 75 22.7 2 0.6 31 9.4 183 16.6 AVK 325 98.5 82 24.8 9 2.7 1085 98.4 AVP 324 98.2 72 21.8 17 5.2 1075 97.5 BDF 223 67.6 23 7.0 73 22.1 441 40.0 CMD 255 77.3 74 22.4 60 18.2 577 52.3 DRW 220 66.7 17 5.2 70 21.2 634 57.5 FIR 101 30.6 5 1.5 34 10.3 168 15.2 FPR 294 89.1 110 33.3 39 11.8 868 78.7 FSE 325 98.5 136 41.2 10 3.0 1086 98.5 GLA 62 18.8 2 0.6 26 7.9 128 11.6 IKA 183 55.5 29 8.8 41 12.4 393 35.6 INO 252 76.4 34 10.3 54 16.4 688 62.4 NAV 296 89.7 138 41.8 36 10.9 967 87.7 NVC 95 28.8 10 3.0 38 11.5 212 19.2 PAV 323 97.9 88 26.7 16 4.8 1074 97.4 PER 15 4.5 1 0.3 5 1.5 18 1.6 PRO 134 40.6 8 2.4 44 13.3 235 21.3 QHL 42 12.7 1 0.3 20 6.1 141 12.8 RAV 308 93.3 66 20.0 44 13.3 922 83.6 SCN 324 98.2 22 6.7 4 1.2 1067 96.7 SWP 241 73.0 23 7.0 65 19.7 648 58.7 VBR 84 25.5 9 2.7 18 5.5 106 9.6 VSP 130 39.4 6 1.8 42 12.7 197 17.9 ----------------------------------------------------------- Mean 62.0% 51.1% Rate>10%: 64.4% 53.2% -----------------------------------------------------------