frisk@rhi.hi.is (Fridrik Skulason) (05/14/91)
What follows is a table comparing several virus scanners. I am obviously not unbiased, being the author of one of the programs, but the table was not compiled by me, but rather Franz Swoboda in Austria. He does not list all anti-virus programs known today - only those on the market in Austria. Also, he is testing the programs against his personal collection, which may not represent accurately the world's virus scene. The table lists the programs, the "hit rate" and the time required for scanning. Findviru 2.0 (S&S) 97% 75 sec F-FCHK 1.14A 93% 259 sec Virusdet 3.00 (Puls) 85% 223 sec Watchdog 4.16 (KDT) 82% 512 sec Scanv75 (McAfee) 80% 260 sec Unvirus 3.08 (Elia Shim) 73% 65 sec Stopvir 2.31 73% 96 sec Virutest 1.0 (JP Landen) 66% 518 sec Pro-scan 2.1 65% 184 sec Norton 1.00 62% 130 sec VU-Advanced 1.03 61% 479 sec Viru-Spy 4.0 58% 178 sec AVsearch 2.23 57% 750 sec TBscan 1.7 46% 105 sec TNTvirus 7.00A (Carmel) 45% 190 sec Virscan 1.45 38% 200 sec Note that in many cases the products compared are not the latest versions, but according to Swoboda, they were the latest available in Austria. - -frisk Fridrik Skulason Technical Editor of the Virus Bulletin (UK) (author of F-PROT) E-Mail: frisk@rhi.hi.is Fax: 354-1-28801
CHESS@YKTVMV.BITNET (David.M.Chess) (05/14/91)
> From: frisk@rhi.hi.is (Fridrik Skulason) > > ... > Virscan 1.45 [very bad numbers] > ... I hope that's not IBM's VIRSCAN? If it is, it's a version from *last June* (and an internal, not a product, version at that). If that's "available" in Austria, it shouldn't be. On the other hand, there are a few different products in the world called "Virscan", so perhaps this line is about something else. It might be helpful if the manufacturer were listed for all the programs named in lists like this. (It's also in general not a good idea to do timing-tests on infected files; IBM's scanner, for instance, stops for a good half-second to "beep" when it finds an infected file, which will add greatly to the timings if infected files are used for tests! Real users, of course, probably don't care how long it takes to scan infected files, just clean (normal) ones.) DC