1997 Amiga Antivirustest

Virus Test Center
Universität Hamburg
Vogt-Kölln-Str. 30
22527 Hamburg

Introduction
Copyright, License, and Disclaimer.
Detail results
Detection rates
Comments

I. Introduction.

Welcome to the 1997 VTC-Amiga Anti-Virus test report. Programmes in this test:

VT 2.94k Virus Test by Heiner Schneegold (02.02.1997) (VT)

VW 6.4 Virus Workshop by Markus Schmall (12.01.1997) (VW)

VZ II 136 Virus Z II by Georg Hoermann (02.01.1997) (VZ)

Xtruder 3.2 Xtruder by Martin Wulffeld (29.10.1996) (XT)

Why not testing more Amiga-Antivirus products ?

The selection of this products is a subjective view of the actual market. The selection of tested products represents common virus-scanners.

Why not testing ...

...Siegfried AV - They asked us not to do so

...Virusscanner 3.1d - The last update was on 22.7.1996

...VirusChecker 8.04 - The development stopped

...VirusControl - The development stopped

Official release date of this test:

The official release date of this test is the 2.4.1997.

Tested facilities of the products:

This test mainly shows the detection rate of the products. User-interface, styleguide etc.. are no essential topics of this test.

II. Copyright, License, and Disclaimer.

This publication is (C) Copyright 1997 by Sönke Freitag and the Virus Test Center at the University of Hamburg. Permission is granted to everybody to distribute copies of this information in electronic form, provided that this is done for free, the contents of the information is not changed in any way, and the source of the information is clearly mentioned. Those who want to re-publish the information as a whole or in parts in printed form, MUST contact Sönke Freitag or the VTC-Hamburg and obtain permission first. No responsibility is assumed by the publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or idea contained in the material herein.

III. Detail results

Testbase:   7 Multipartite (Bootblock+Link) Files (code a in the table)
          221 Bootblockvirii                      (code b)
          105 Filevirii                           (code f)
           56 Linkvirii                           (code l)
           22 Systemvirii                         (code s)
          178 Trojans                             (code t)
            1 Multipartite (Bootblock+File)       (code z)
          ===
Overall:  590  Virii (about 1 to 50 samples each in over 3000 files)
               in 258 major virus families.

Detail results

IV. Detection rates

Summary (positive results):


Detections by name   (X) !   a !   b !   f !   l !   t !   s !   z ! sum
-------------------------!-----!-----!-----!-----!-----!-----!-----!-----
VT                       !   7 ! 208 !  79 !  48 ! 136 !   4 !   1 ! 483
                         !     !     !     !     !     !     !     !
VW                       !   5 ! 123 !  77 !  48 ! 135 !   5 !   1 ! 394
                         !     !     !     !     !     !     !     !
VZ                       !   7 ! 201 !  86 !  45 ! 136 !   2 !   1 ! 478
                         !     !     !     !     !     !     !     !
XT                       !   4 ! 139 !  76 !  22 !  81 !   8 !   1 ! 331



D.by family o.member(O/o)!   a !   b !   f !   l !   t !   s !   z ! sum
-------------------------!-----!-----!-----!-----!-----!-----!-----!-----
VT                       !   0 !  12 !  26 !   6 !  40 !  18 !   0 ! 102
                         !     !     !     !     !     !     !     !
VW                       !   2 !  96 !  26 !   4 !  35 !  17 !   0 ! 180
                         !     !     !     !     !     !     !     !
VZ                       !   0 !  16 !  12 !   4 !  28 !  19 !   0 !  79
                         !     !     !     !     !     !     !     !
XT                       !   0 !  63 !  12 !   5 !  19 !  12 !   0 ! 111




Det.by other condition(/)!   a !   b !   f !   l !   t !   s !   z ! sum 
-------------------------!-----!-----!-----!-----!-----!-----!-----!-----
VT                       !   0 !   0 !   0 !   0 !   1 !   0 !   0 !   1
                         !     !     !     !     !     !     !     !
VW                       !   0 !   0 !   0 !   4 !   3 !   0 !   0 !   7
                         !     !     !     !     !     !     !     !
VZ                       !   0 !   0 !   0 !   0 !   0 !   0 !   0 !   0
                         !     !     !     !     !     !     !     !
XT                       !   0 !   0 !   0 !   0 !   0 !   0 !   0 !   0

Overall - Detection: (X,O,o,/)

VT: 483 + 102 + 1 = 586

VW: 394 + 180 + 7 = 581

VZ: 478 + 79 + 0 = 557

XT: 331 + 111 + 0 = 442

Summary (negative results):

Not detected samples (.) !   a !   b !   f !   l !   t !   s !   z ! sum
-------------------------!-----!-----!-----!-----!-----!-----!-----!-----
VT                       !   0 !   0 !   0 !   1 !   0 !   0 !   0 !   1
                         !     !     !     !     !     !     !     !
VW                       !   0 !   2 !   2 !   0 !   4 !   0 !   0 !   8
                         !     !     !     !     !     !     !     !
VZ                       !   0 !   4 !   7 !   6 !  14 !   1 !   0 !  32
                         !     !     !     !     !     !     !     !
XT                       !   3 !  16 !  17 !  25 !  73 !   2 !   0 ! 136



Unreliable detections(-) !   a !   b !   f !   l !   t !   s !   z ! sum
-------------------------!-----!-----!-----!-----!-----!-----!-----!-----
VT                       !   0 !   1 !   0 !   1 !   1 !   0 !   0 !   3
                         !     !     !     !     !     !     !     !
VW                       !   0 !   0 !   0 !   0 !   1 !   0 !   0 !   1
                         !     !     !     !     !     !     !     !
VZ                       !   0 !   0 !   0 !   1 !   0 !   0 !   0 !   1
                         !     !     !     !     !     !     !     !
XT                       !   0 !   3 !   0 !   4 !   4 !   0 !   0 !  11



Product Crashes      (!) !   a !   b !   f !   l !   t !   s !   z ! sum
-------------------------!-----!-----!-----!-----!-----!-----!-----!-----
VT                       !   0 !   0 !   0 !   0 !   0 !   0 !   0 !   0
                         !     !     !     !     !     !     !     !
VW                       !   0 !   0 !   0 !   0 !   0 !   0 !   0 !   0
                         !     !     !     !     !     !     !     !
VZ                       !   0 !   0 !   0 !   0 !   0 !   0 !   0 !   0
                         !     !     !     !     !     !     !     !
XT                       !   0 !   0 !   0 !   0 !   1 !   0 !   0 !   1

1. Total number of detected viruses:

                   Detected    by name   by family   by other
                   viruses               or member   condition
                   -------------------------------------------
                             !          !          !
VT 2.94k              586    !   483    !   102    !      1
                             !          !          !
VW 6.4                581    !   394    !   180    !      7
                             !          !          !
VC II 1.36            557    !   478    !    79    !      0
                             !          !          !
XT 3.2                442    !   331    !   111    !      0
                             !          !          !
Best Possible         590    !   590    !     0    !      0 
                             !          !          !

2. Total percentage of detected viruses:

                   Detected    by name   by family  or member
                   viruses               or other condition
                   ------------------------------------------
                             !          ! 
VT 2.94k              99,3 % !   81,9 % !  17,4 %
                             !          ! 
VW 6.4                98,5 % !   66,8 % !  31,7 %
                             !          ! 
VC II 1.36            94,4 % !   81,0 % !  13,4 %
                             !          ! 
XT 3.2                74,9 % !   56,1 % !  18,8 %
                             !          ! 
Best Possible        100,0 % !  100,0 % !   0,0 %
                             !          !

3. Ranking (detection rate, absolute):

blue = Correct detection by name
light-green = Detection by family, member or other condition

1. Virus Test V 2.94k

2. Virus Workshop 6.4

3. Virus Z II 1.36

4. Xtruder 3.2

4. Statistic over the years

V. Comments

The following are some peculiarities about the tested virus scanners. Those comments might be useful to have in mind when selecting one of those products.

* Vectorcheck
  VT:   Checks some vectors, displays their names, knows many patches
  VW:   Checks many vectors, but shows only their offsets, 
        knows many patches
  VZ:   Checks many vectors, knows many patches
  XT:   Checks several vectors

* Reporting functions
  VT:   Very good
  VW:   Does not Report BB-Files, no automatic reporting
  VZ:   Good, but includes ASCII control-characters
  XT:   Good

* Integrity check
  VT:    Yes
  VW:    Yes
  VZ:    No
  XT:    Yes

* Heuristics
  VT:    No
  VW:    Yes (very good)
  VZ:    No
  XT:    No

Other remarks:

VW has a bug when checking bootblocks in files. When scanning the whole testbed VW for ex. reports no detection on files like Bytewarrior, Forpib., etc. After copying those files to an extra directory the check detects those samples. Normal users should have no problem with that, as they usually have BB-virii on the bootblock, and single check is performed anyway. Testing the scanner - nevertheless - is not easy this way.

VZ reports on the screen that it is performing repair even if it is started without the repair option, regardless that in this case repair doesn't actually occur.

XTRUDER is not able to check BB-Data files which makes testing for Bootblock-Viruses very hard. As the detection-brainfile is byte-to-byte identical to the one of our last test, we just copied the results from the 1996 test.

Author of this document:

Sönke Freitag
Virus Test Center
University of Hamburg
Vogt Koelln Str. 30
22527 Hamburg - Germany

Here you can write a E-Mail to Soenke Freitag sfreitag@informatik.uni-hamburg.de

1997 Amiga Antivirustest

Virus Test Center Universität Hamburg Vogt-Kölln-Str. 30 22527 Hamburg