Thanks to www.virus.gr for the publication

This article is located at : http://www.virus.gr/english/fullxml/default.asp?id=82

> 15-25 August 2006 (NEW!!!)
 

  • The test was made on 15-25 August 2006, using Windows XP Professional SP1 on a P4 2800 Mhz, 512MB DDRAM.
  • All programs tested had the latest versions, upgrades and updates and they were tested using their full scanning capabilities e.g. heuristics, full scan etc. The default settings of each program were not used, in order for each program to achieve its maximum detection rate. Because of this, there is a possibility for the tested programs to detect a few false positives.
  • The 147184 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, Nod32, Dr.Web, BitDefender and McAfee antivirus programs. Each virus sample was unique by virus name, meaning that AT LEAST 1 antivirus program detected it as a new virus.
  • ALL virus samples were unpacked and the only samples that were kept were the ones that were packed using external-dos-packers (that means not winzip, winrar, winace etc).
  • The virus samples had the correct file extension using a special program (Renexts) and were unique, according to checksum32 filesize.
  • Most of the virus samples used were not previously replicated at the time the test was made, which means that some of them, although probably only a few, may be false positives. The procedure of testing each and every virus sample is still under process.
  • The programs MKS_VIR , PER and IPArmor were not tested because there was no english demo version available.
  • The programs WinAntivirus , Anti-Hacker Expert , Command , Extendia AVK , GDATA AVK , BOClean , VET and Freedom were not tested because there was no demo version available.
  • Thourough mode was not used in VBA32 due to extremely slow scan process.
  • Advanced heuristics were not used in Tauscan due to extremely slow scan process.
  • VirusBuster uses the exact same engine as Vexira.
  • TheShield uses the exact same engine as VirobotExpert.
  • Avira uses the exact same engine as AntiVir.
  • Fire uses the exact same engine as Solo.
  • MKS_VIR uses the exact same engine as ArcaVir.
  • BullGuard uses the exact same engine as BitDefender free edition.
  • The program InVircible did not include a "typical" scanner-function and could not be tested.
  • The program V-Catch checks only mail accounts and could not be tested.
  • The program PC Tools kept crashing while testing the samples.
  • DOS-Based scanners were not tested.

The following file types were used.

SH, ELF, COM, EXE, PL, BAT, PRC, DOC, XLS, BIN, MDB, IMG, PPT, VBS, MSG, VBA, OLE, HTM, INI, SMM, TD0, REG, CLASS, HTA, JS, VI_, URL, PHP, WMF, HLP, XML, SCR, PIF, SHS, WBT, CSC, MAC, DAT, CLS, STI, INF, HQX, XMI, SIT.

The virus samples were divided into these categories, according to the type of the virus :

  • File = BeOS, FreeBSD, Linux, Mac, Palm, OS2, Unix, BinaryImage, BAS viruses, MenuetOS.
  • MS-DOS = MS-DOS viruses.
  • Windows = Win.*.* viruses.
  • Macro = Macro, Multi and Formula viruses.
  • Malware = Adware, DoS, Constructors, Exploit, Flooders, Nukers, Sniffers, SpamTools, Spoofers, Virus Construction Tools, Droppers, PolyEngines.
  • Script = ABAP, BAT, Corel, HTML, Java, Scripts, MSH, VBS, WBS, Worms, PHP, Perl, Ruby viruses.
  • Trojans-Backdoors = Trojan and Backdoor viruses.

Rank

1. Kaspersky version 6.0.0.303 - 99.62%
2. Active Virus Shield by AOL version 6.0.0.299 - 99.62%
3. F-Secure 2006 version 6.12.90 - 96.86%
4. BitDefender Professional version 9 - 96.63%
5. CyberScrub version 1.0 - 95.98%
6. eScan version 8.0.671.1 - 95.82%
7. BitDefender freeware version 8.0.202 - 95.57%
8. BullGuard version 6.1 - 95.57%
9. AntiVir Premium version 7.01.01.02 - 95.45%
10. Nod32 version 2.51.30 - 95.14%
11. AntiVir Classic version 7.01.01.02 - 94.26%
12. ViruScape 2006 version 1.02.0935.0137 - 93.87%
13. McAfee version 10.0.27 - 93.03%
14. McAfee Enterprise version 8.0.0 - 91.76%
15. F-Prot version 6.0.4.3 beta - 87.88%
16. Avast Professional version 4.7.871 - 87.46%
17. Avast freeware version 4.7.871 - 87.46%
18. Dr. Web version 4.33.2 - 86.03%
19. Norman version 5.90.23 - 85.65%
20. F-Prot version 3.16f - 85.14%
21. ArcaVir 2006 - 83.44%
22. Norton Professional 2006 - 83.18%
23. AVG Professional version 7.1.405 - 82.82%
24. AVG freeware version 7.1.405 - 82.82%
25. Panda 2007 version 2.00.01 - 82.23%
26. Virus Chaser version 5.0a - 81.47%
27. PC-Cillin 2006 version 14.10.1051 - 80.90%
28. VBA32 version 3.11.0 - 79.12%
29. ViRobot Expert version 4.0 - 76.22%
30. UNA version 1.83 - 75.44%
31. Rising AV version 18.41.30 - 73.60%
32. Sophos Sweep version 6.0.2 - 69.48%
33. Ikarus version 5.19 - 63.22%
34. Antiy Ghostbusters version 5.1.3 - 61.55%
35. Digital Patrol version 5.00.12 - 54.29%
36. Vexira 2006 version 5.002.45 - 52.66%
37. V3Pro 2004 version 6.1.1.2.640 - 52.38%
38. Ewido Premium version 4.0.0.172 - 51.27%
39. Ewido freeware version 4.0.0.172 - 51.27%
40. ClamWin version 0.88.4 - 51.23%
41. E-Trust version 7.2.0.0 - 50.36%
42. ZoneAlarm with VET Antivirus version 6.5.722.000 - 44.65%
43. A Squared Anti-Malware version 2.0 - 43.28%
44. A Squared Free version 2.0 - 43.28%
45. Zondex Guard version 5.4.2 - 41.73%
46. Comodo version 1.0.0.4 - 41.02%
47. Solo 4.0 version 3.1.0 - 40.83%
48. Protector Plus version 7.2.H03 - 37.04%
49. Quick Heal version 8.00 - 33.66%
50. PC Door Guard version 4.2.0.35- 24.13%
51. AntiTrojan Shield version 2.1.0.14 - 24.11%
52. VirIT version 6.1.9 - 21.39%
53. Trojan Hunter version 4.2.924 - 13.44%
54. Trojan Remover version 6.5.1 - 8.00%
55. Tauscan version 1.70.1414 - 7.70%
56. The Cleaner version 4.2.4319 - 6.03%
57. Hacker Eliminator version 1.2 - 1.70%
58. Abacre version 1.4 - 0.00%

Heuristics-only detection   
(includes only antivirus software that allowed heuristics NOT to be used during the scan)

What are heuristics: They analyze the code of each file with generic methods and detect new viruses that have not yet been included in the virus database of the antivirus software.

Why are heuristics important: Because they help the antivirus software to discover a new unknown virus and thus protect the pc from being infected, even though the specific virus has not yet been included in the virus database of the antivirus software. 

Rank Antivirus - Detected using only heuristics (this is the total of samples that would not be detected by each antivirus if heuristics were not used and not the total of samples that are detected by each antivirus using heuristics!)

1 Nod32 2.51.30 - 41503
2 Vba32 3.11.0 - 32911
3 VirIT 6.1.9 - 16469
4 AVG 7.1.405 Professional - 13624
5 AVG 7.1.405 freeware - 13624
6 Rising AV 18.41.30 - 12214
7 McAfee 10.0.27 - 10708
8 Ikarus 5.19 - 7191
9 F-Prot 6.0.4.3 beta - 6247
10 Ukrainian National Antivirus 1.83 - 5506
11 ArcaVir 2006 - 4987
12 Digital Patrol 5.00.12- 4760
13 Panda 2007 2.00.01- 4191
14 Norton 2006 Professional - 4004
15 Trojan Hunter 4.2.924 - 3766
16 AntiVir 7.01.01.02 Premium - 3697
17 AntiVir 7.01.01.02 Classic - 3594
18 Dr. Web 4.33.2 - 3575
19 Norman 5.90.23 - 3272
20 F-Prot 3.16f - 2493
21 McAfee Enterpise 8.0.0 - 991
22 Sophos Sweep 6.0.2 - 869
23 BullGuard 6.1 - 511
24 BitDefender 8.0.202 freeware - 511
25 AntiTrojan Shield 2.1.0.14 - 386
26 BitDefender 9 Professional - 353
27 ZoneAlarm 6.5.722.000 with VET Antivirus - 124
28 PC Door Guard 4.2.0.35 - 52
29 eScan 8.0.671.1 - 45
30 Comodo 1.0.0.4 - 0
31 Quick Heal 8.00 - 0