rtravsky@CORRAL.UWYO.EDU (Richard W Travsky) (05/31/91)
The May 27th Network World has a nice article on viruses and networks/lans. It talks about how viruses have progressed from an annoyance to a major problem (surely news to everyone here), quoting a study by Certus International where 50% of 2500 selected sites (with 400 or more micros) had reported problems with viruses. Lans are stated to be a major conributor to the spread of viruses. The section of the article of some interest to me was a test of 21 virus scanning packages conducted by the NCSA. An accompanying chart shows the percentage of detection by the packages against 921 viruses. Here's how the rankings went (only 15 of the 21 were reported for some reason): Package Percentage of Viruses Recognized ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ F-Prot V. 1.14A 92% Sophos, Ltd. Vaccine V. 4.23 91% Solomon Software Toolkit 4.25 89% Thijssen HTScan 1.12 78% Thijssen HTScan 1.11 73% McAfee Assoc. Pro-Scan V. 2.01 73% Symantec Corp. Norton AntiVirus V. 1.0.0 72% WorldWide Software, Inc. Vaccine 3.0 70% Microcom, Inc. VPCScan V. 1.1A 69% IBM VirScan V 1.3 66% EliaShim Microcomputers ViruSafe 3.06/7 63% McAfee Assoc. Pro-Scan V. 1.4 62% Certus International Corp. V 2.1 61% EliaShim Microcomputers Inc. ViruSafe 3.05 57% IBM VirScan V 1.0 25% Hopefully there are no typos. I just report 'em, the interpretations are your job. Some of these packages I've never heard of. Towards the end of the article they spend a few paragraphs talking about SiteLock and its virus protection features for lans. Richard Travsky Division of Information Technology RTRAVSKY @ CORRAL.UWYO.EDU University of Wyoming (307) 766 - 3663 / 3668
padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) (05/31/91)
>From: rtravsky@CORRAL.UWYO.EDU (Richard W Travsky) >An accompanying chart shows the percentage of detection by the packages >against 921 viruses. Here's how the rankings went (only 15 of the 21 were >reported for some reason): Interesting: when you eliminate the older versions of the products, you are actually left with 10 programs and all appear to be scanners, not validation programs (Enigma-Logic's Virus-Safe, McAfee's VSHIELD ,etc. were not included) so it is difficult to tell just what they are evaluating. Just to provide "apples vs apples" tests, possibly in conjunction with the public domain viral list, we should make a stab at a weighted test (e.g. Jerusalem 1000 pts for detection, Pentagon 1 pt.) if we can come up with a probability function for infection it would certainly be better than "We can detect 900 viruses". We can start with David's list, flesh it out a bit, and apply a bit of Quattro's "What If" (there goes some more negative free time - what we need is a national laboratory). Warmly, Padgett