========================================= File 7 mEVAALL.TXT ----------------------------------------- Comparison of detection results under ALL (W32 and LINUX) platforms ========================================= Formatted with non-proportional font (Courier) ****************************************************************** Content of this file: ****************************************************************** Comp ALL: Comparison of Detection rates under ALL platforms: ****************************************************************** Background of this test Test Hypothesis: "Trans-Platform Excellency in engine and malware base design, implementation and maintanance" Eval ALL-Harmonicity: Equality of results for ALL platforms Eval ALL-SUM: Grading of Trans-Platform Excellency ****************************************************************** This part of VTC "2004-07" test report evaluates the detailed results as given in section (file): 6ncmpALL.TXT Comparison of Detection Quality of Scanning Engines under ALL (Win-2000 / Win-XP / LINUX) platforms Background of this test: ======================== While W32 products may be designed, implememnted and maintained in forms reusable for all different "variations" of W32 platforms (such as W-NT, W-2000 and W-XP), such "harmonical" behaviour is (while not theoretically impossible, if based on a suitable meta-platform) unlikely with contemporary products. Consequently, design and implementation of engines for such diverse platforms as W32 and LINUX will be performed by different teams and hence differ in quality of implementation and maintenance. If properly planned and done, at least databases (signatures etc) may be shared between different platforms. On the other side, it will be an indication of good planning, work and quality assurance at one AV/AM producer´s sites if its products acting under different ALL different platforms produce similar if not identical detection results. This leads us to the following Test Hypothesis: "Trans-Platform harmonical behaviour: ========================================================= Equal detection on ALL platforms is regarded as indication of excellent design, implementation and maintenance of engines and malware bases. We call a product behaving according to this hypothesis "Trans-Platform harmonical" Eval "Trans-Platform Excellency": Equality of results for ALL platforms: =========================================== A detailed analysis produces an interesting result: Trans-platform harmonicity holds for several products for ITW (both virus and object) detection under ALL platforms, and it also holds for several products for file virus detection under ALL platforms. BUT trans-platform harmonicity does NOT hold for any product for file, macro and script ZOO virus and malware detection. In most cases, detection rates of LINUX products are lower than those of W32 products. Equal detection trans-platform harmonical -----------------------------+---------------- of zoo file viruses: 5 (of 9) of zoo infected files: 4 (of 9) of ITW file viruses: 8 (of 9) of ITW infected files: 8 (of 9) of zoo file malware: 0 (of 9) Equal detection trans-platform harmonical -----------------------------+---------------- of zoo macro viruses: 7 (of 9) of zoo infected macro objects: 7 (of 9) of ITW macro viruses: 8 (of 9) of ITW infected macro files: 8 (of 9) of zoo macro malware: 6 (of 9) Equal detection trans-platform harmonical -----------------------------+---------------- of zoo script viruses: 2 (of 9) of zoo script viral objects: 2 (of 9) of ITW script viruses: 9 (of 9) of ITW script viral objects: 9 (of 9) of ITW script malware: 2 (of 9) Findings Trans-Platform Excellency: --------------------------------------------------------------- Concerning detection of FILE viruses: several products (5 of 9) behave "trans-platform harmonical": ANT,AVP,FSE,SCN,SWP Concerning file malware detection, NO products behaves "trans-platform excellent" --- --------------------------------------------------------------- Concerning detection of MACRO viruses: several products (7 of 9) behave "trans-platform harmonical": ANT,AVP,CMD,DRW,FPR,FSE,SCN Concerning macro malware detection, ALL 25 products behave in W32-harmonical form: AVP,DRW,FPR,FSE,SCN,SWP --------------------------------------------------------------- Concerning detection of SCRIPT viruses: only ONE product (1 of 9) behaves "W32-harmonically" in all categories: AVP Concerning script malware detection: few products (2 of 9) behave "W32-harmonically" in all categories: AVP,SCN --------------------------------------------------------------- ******************************************************** Conclusion concerning trans-platform harmonicity: ------------------------------------------------- Much work and esp. much more Quality Assurance must be invested into AV product (suites) to achieve comparable (if not equal) detection rates ón all different platforms aka "trans-platform harmonicity". At the present stage, users are ill advised to move from one platform to a different platform as AV/AM products will behave very differently. ********************************************************* Grading ALL-Harmonicity: Grading of trans-platform excellent products: ====================================================================== The following grid is used to grade products concerning their ability for IDENTICAL detection for ALL categories on ALL platforms: A "perfect trans-platform-harmonical" AV product will yield IDENTICAL results for all categories (file, macro and script viruses). (Assigned value: 5). A "perfect trabns-platform harmonical" AM product will be a perfect AV product and yield IDENTICAL results for all categories (file, macro and script malware). (Assigned value: 2). Grading trans-platform harmonical AntiVirus products: =========================================================== Grade: "Perfect" trans-platform harmonical detection: = NO PRODUCT= =========================================================== Grading trans-platform AntiMalware products: =========================================================== Grade: "Perfect" trans-platform harmonical detection: = NO PRODUCT= ===========================================================