VirusInfo 2月份最新測試報告

How we test

The testing of anti-viruses by VirusInfo is powered by free online scanner VirusTotal. Project participants, being practising specialists in the area of computer security, are uploading at VirusTotal the malicious software that they have received form infected machines, and then publish the results of scanning in a special topic on VirusInfo forum. The malicious software should meet the following requirements:

1) The sample should not be detected by the anti-virus software that protects the infected machine.

2) The sample should be found by the consultant him/herself in a real infection case.

3) The sample should not be taken from some other site or from some other collection of malware.

The results of scanning are regularly generalized as a graph of detection level. The graph is prepared in accord with the following principles:

1) The X axis represents the anti-virus software used by VirusTotal at the current moment. The Y axis represents the number of samples uploaded.

2) For each antivirus we mark the number of samples that it has successfully detected using one or another detection method. The graph reflects the general number of detected samples and the each method's part in the general detection.

3) The following detection methods are distinguished:

a) signature detection (detecting already known malware by the signature method)

b) heuristic detection (detecting yet unknown malware by the method of emulation / code analysis / etc. Examples: "Heur.Trojan.Generic"; "a variant of: XXXXX")

c) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious")

d) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted").

Testing results

The latest one is the graph for February, 2008, presented below.



General conclusion

In February, 2008 the leader of the testing is Webwasher-Gateway due to its combination of signature, heuristic and packer / cryptor detection methods. The second and third places belong to F-Secure for its good signature detection combined with heuristic module and AntiVir - by the very same reasons as the leader. The worst product in February was FileAdvisor.

The best percent of each method in the whole detection rate: signature method - F-Secure; heuristics - Prevx1; suspicious - eSafe and Panda, packers / cryptors - AntiVir and WebWasher-Gateway.

Comments on how we test and how to understand the results

The material for testing is collected irregularly and voluntarily. VirusInfo publishes a new graph each month. The testing cannot be regarded as the one which completely reflects the detection abilities of anti-virus software, at the same time the data received are of certain value when comparing antiviruses in a complex way, taking into consideration the results of several independent tests.

Additional info

Materials for testing are collected in the Russian section Antiviruses, anti-Spyware/Adware/Hijackers of VirusInfo forum. In that section the forum members can access the earlier graphs. You may discuss the results of testing in English here.

Licensing

Copyright (c) VirusInfo.
All rights reserved.
Using the materials of this article without mentioning the source is prohibited.

Statistics is collected and processed by Shu_b

» Testing: Previous month