AntiVirus product investigation - AVAR by linxiaoqin


									AntiVirus product investigation                2010/02/19
                                                                                  JCSR Motoi Endo

This documentation summarizes the investigation to the AntiVirus products which can be got in
Japan. The aim of this investigation report is as follows.

1. Introduce the right product and eliminate fake AntiVirus which is malware.
2. Inspect the rate of virus detection and create as a document for judging whether We can use as
     a measure against a virus.
3. Investigate whether the screen reader for people who have inconvenience in a vision operates

According to the time problem, I performed only the antivirus detection rate.

Test coverage

AntiVirus products make applicable to investigation what we have got as of February 19, 2010.
I make the pattern data for virus detection of each product into the newest thing on the same day.
And I investigate a detection rate, connected with the Internet.

This is the point changed from the verify in August as like as a validation of antivirus products
with the virus inquiry functionality by the Internet connectivity is performed correctly.

The product which does not reach 100% of a detection rate in a verify once repeats a network
updation and a verify till 0:00 a.m. of a verify day, and conducts them, and it is being evaluated
which the virus detection of was completed during that day.

About samples

Wildlist samples :
The list item of viruses by The WildList Organization International (
which is in fashion in the world. Based on the report from the wildlist reporter of each country, I
have totaled and announced the list item of computer worms considered to be under the present
This sample is in January, 2010 and the number is 713.

: JCSR sample file
- 415 files of JCSR samples in February, 2010.

- The virus in the notification report which IPA releases, the thing which spreaded greatly in the
past, the worm which is in fashion recently, and Trojan.
- Although the JCSR sample was in fashion in Japan, if the malware of the Spear type attack,
W32/Antinny (Winny virus), etc. remove a part, it will not be only what was in spreaded in
- Although a part of redundancy in what was published to the wildlist items the past or now
exists, I have left as they are by the interpretation that detection importance is higher. - The
extension is renamed in order that a sample file may prevent the infection outage to checking PC.

Results of an investigation

The rate of virus detection

 Product name                           Wildlist samples              JCSR samples
                                        January, 2010                 Febrary, 2010
 G DATA Internet Security 2010                   100.0% (713/713)           100.0% (415/415)
 Norton Internet Security 2010                   100.0% (713/713)            98.8% (410/415)
 Kaspersky Internet Security 2010                 99.4% (709/713)            99.0% (411/415)
 Virus Buster 2010                               100.0% (713/713)            97.8% (406/415)
 Microsoft Security Essentials                   100.0% (713/713)            97.1% (403/415)
 McAfee Total Protection 2009                    100.0% (713/713)            96.9% (402/415)
 Virus Security ZERO                             100.0% (713/713)            92.5% (384/415)
 Virus Doctor Ver.11 basic                        97.5% (695/713)            84.8% (352/415)
 KINGSOFT Internet Security U                     96.6% (689/713)            85.8% (356/415)
 Virus killer zero                                99.2% (707/713)            67.5% (280/415)

The rate of virus detection(Graph)





                                           Wildlist samples January, 2010
        20.0%                              JCSR samples Febrary, 2010



To top