
   ͸
                                                            
               INFECTION COUNTDOWN - July 1995              
                                                            
   ;

    by David Smith, Antivirus researcher, Professional programmer
         Authorized vendor of TBAV and InVircible antivirus
               Copyright 1995, All rights reserved
                    E-MAIL: physics@iadfw.net


                   SIX THOUSAND LIVE VIRUSES
                         FIVE SCANNERS
             go head-to-head in a fierce competition



This is a complete analysis of all the virus scanners.  All files were
integrity sealed, and downloaded directly from the Internet plus other
bulletin boards.  Over 6,000 viruses and TEN HOURS of scanning, I
bring you the real results from the real goodies.

Viruses used for the test:

1.  Russian collection
2.  Classic - a well organized and reliable collection
3.  Various dropper files


	Scanners used:

IBM's Antivirus from DOS 7.0
McAfee's SCAN version 2.2.2  (06/15/95)
AvPro 2.2 (registered) with update from 06/30/95
F-Prot 2.18a
Tbav 6.35 (registered)


	Batch File used:


AVP       /t /m /p /b /q /s /y /w=fvirs.ksp
F-PROT    /nomem /list /noboot /nowrap /old /report=fvirs.fpr
SCAN.EXE  /nomem /sub /rpterr /rptcor /report fvirs.sc2
TBSCAN    ld ba el ol lo ll=4 ln=fvirs.tbs
IBMAVSP   -vlog -programs -nb -copenerr -cerr -nrep -nwipe -nfscan -logfvirs.ibm



    BEFORE THE SCAN - COMMENTS

Lots of new scanners this month.  Finally, everybody updated!

At the request of Keith Peer, the AVPRO guy, I set AVPRO to ALARM!
mode (but took off redundant scan, since I do have a life) in order
to maximize its potential to detect zoos.  Not much of a difference...

Also, I fully expect IBM to again suffer greatly at the hands of
these other awesome scanners, and will remove it from testing as of next
month.
If any of you out there know some good scanners to try (that can keep
up with AVPRO, TBAV, etc.), please drop me a line at physics@iadfw.net




THE RESULTS:
------------------------------------------------------------------------



	LAYOUT BY FILES:


      Russian  Classic   Droppers
#       1443     3953      842

AVPRO   1416     3123      755
TBSCAN  1311     3688      696
F-PROT  1322     3642      805
McAfee  1188     3419      263
IBM     n/a      3113      n/a 




	LAYOUT BY PERCENTAGE:

      Russian  Classic   Droppers

AVPRO   98.1     79.0      89.7
TBSCAN  90.8     93.3      82.7
F-PROT  91.6     92.1      95.6
McAfee  82.3     86.5      31.2
IBM     n/a      78.8      n/a 





Best overall:   ???   It's a tie!
Second best:    F-PROT

Worst:          IBM  (as usual)




    AFTER THE SCAN - ANALYSIS:
-------------------------------------------------

Everybody did good on each collection.  AVPRO found all
the Russian viruses, TBSCAN found most of the classic viruses,
and F-PROT found most of the dropper files.
It was close, so I'll just let the results speak for themselves...

Great news:  AVPRO lowered their prices to $60 for a license.
Not a bad deal, and definitely better than F-PROT Professional's prices,
and lower than TBAV's standard price of $70 bucks for DOS and $80 for
DOS/Windows.  All in all, your best bet is to snag a AVPRO license
before they jack the price up again  ;-)









-------------------------------------------------------
1.  Russian collection
-------------------------------------------------------

F-PROT:

Files: 1433  (4.6 MB)
Scanned: 1433  (4.6 MB)
Infected: 1322
Suspicious: 17
Disinfected: 0
Deleted: 0
Renamed: 0

No boot sectors were scanned.

Time: 2:59


AVPRO:

       Detected:  1416 bodies of
                   510 viruses


        Scanned:  1433 files
                    11 packed
                     3 directories
                  4773 Kbytes
      Scan time:     0:20:49
          Speed:     4 Kb/sec


SCAN:

	Analyzed: ..............    1433
	Scanned: ...............    1432
	Possibly Infected: .....    1188
Time: 00:03.54


TBAV:

Found 1433 files in 3 directories, 1252 files seem to be executable.
0 files were checked for changes, 0 files have been changed.

1311 files are infected by one or more viruses



------------------------------------------------------
2.  Classic - a well organized and reliable collection
-------------------------------------------------------
	F-PROT:

Files: 3953  (18.1 MB)
Scanned: 3754  (16.6 MB)
Infected: 3642
Suspicious: 63
Disinfected: 0
Deleted: 0
Renamed: 0

No boot sectors were scanned.

Time: 10:06


	AVPRO:

       Detected:  3123 bodies of
                  1105 viruses

       Warnings:    25
     Suspicious:   225

        Scanned:  3542 files
                   158 packed
                   898 directories
                 17222 Kbytes
      Scan time:     1:32:37
          Speed:     4 Kb/sec


	SCAN:

File(s)
	Analyzed: ..............    3953
	Scanned: ...............    3885
	Possibly Infected: .....    3419
Time: 00:12.34


	TBAV:

Found 3953 files in 1206 directories, 3884 files seem to be executable.
0 files were checked for changes, 0 files have been changed.

3688 files are infected by one or more viruses


-------------------------------------------------------
3.  Various dropper files
-------------------------------------------------------

	F-PROT:

Files: 842  (4.4 MB)
Scanned: 842  (4.4 MB)
Infected: 805
Suspicious: 17
Disinfected: 0
Deleted: 0
Renamed: 0

No boot sectors were scanned.

Time: 0:53


AVPRO:

       Detected:   755 bodies of
                   197 viruses

       Warnings:     8
     Suspicious:    29

        Scanned:   842 files
                   678 packed
                     1 directories
                  4602 Kbytes
      Scan time:     0:26:57
          Speed:     3 Kb/sec


SCAN:

	Analyzed: ..............     842
	Scanned: ...............     842
	Possibly Infected: .....     263
Time: 00:01.14


TBAV:

Found 842 files in 1 directories, 823 files seem to be executable.
0 files were checked for changes, 0 files have been changed.

696 files are infected by one or more viruses






                     FREE ADVERTISEMENT AVAILABLE HERE
                     Contact physics@iadfw.net for info



                   WEST COAST INSTITUTE OF VIRUS RESEARCH
 
                                Worlds Largest!
              100 Megs Of Virus Files, All Strains, All Variations
                Over 7000 Virus With Complete Descriptions Online
                  Over 10,000 .Exe and .Com Virus Files Online
             ASM,Mac,PAS,C,Amiga,Images,Docs,Text,Tdos,Bin,Trojans, etc.
                          =Many Complete Collections=
                     Nukenet 111:714/0, Virus Fido Echos
                       WE Want Your Virus or Collection
                             Researchers WANTED
                                APPLY WITHIN
                     (714) 772-7039, Sysop Falcon/NuKE
            This bbs is dedicated to the research and identification
            of the computer VIRUS.


