AntiVirus product investigation 2010/02/19
JCSR Motoi Endo
This documentation summarizes the investigation to the AntiVirus products which can be got in
Japan. The aim of this investigation report is as follows.
1. Introduce the right product and eliminate fake AntiVirus which is malware.
2. Inspect the rate of virus detection and create as a document for judging whether We can use as
a measure against a virus.
3. Investigate whether the screen reader for people who have inconvenience in a vision operates
According to the time problem, I performed only the antivirus detection rate.
AntiVirus products make applicable to investigation what we have got as of February 19, 2010.
I make the pattern data for virus detection of each product into the newest thing on the same day.
And I investigate a detection rate, connected with the Internet.
This is the point changed from the verify in August as like as a validation of antivirus products
with the virus inquiry functionality by the Internet connectivity is performed correctly.
The product which does not reach 100% of a detection rate in a verify once repeats a network
updation and a verify till 0:00 a.m. of a verify day, and conducts them, and it is being evaluated
which the virus detection of was completed during that day.
Wildlist samples :
The list item of viruses by The WildList Organization International (http://www.wildlist.org/)
which is in fashion in the world. Based on the report from the wildlist reporter of each country, I
have totaled and announced the list item of computer worms considered to be under the present
This sample is in January, 2010 and the number is 713.
: JCSR sample file
- 415 files of JCSR samples in February, 2010.
- The virus in the notification report which IPA releases, the thing which spreaded greatly in the
past, the worm which is in fashion recently, and Trojan.
- Although the JCSR sample was in fashion in Japan, if the malware of the Spear type attack,
W32/Antinny (Winny virus), etc. remove a part, it will not be only what was in spreaded in
- Although a part of redundancy in what was published to the wildlist items the past or now
exists, I have left as they are by the interpretation that detection importance is higher. - The
extension is renamed in order that a sample file may prevent the infection outage to checking PC.
Results of an investigation
The rate of virus detection
Product name Wildlist samples JCSR samples
January, 2010 Febrary, 2010
G DATA Internet Security 2010 100.0% (713/713) 100.0% (415/415)
Norton Internet Security 2010 100.0% (713/713) 98.8% (410/415)
Kaspersky Internet Security 2010 99.4% (709/713) 99.0% (411/415)
Virus Buster 2010 100.0% (713/713) 97.8% (406/415)
Microsoft Security Essentials 100.0% (713/713) 97.1% (403/415)
McAfee Total Protection 2009 100.0% (713/713) 96.9% (402/415)
Virus Security ZERO 100.0% (713/713) 92.5% (384/415)
Virus Doctor Ver.11 basic 97.5% (695/713) 84.8% (352/415)
KINGSOFT Internet Security U 96.6% (689/713) 85.8% (356/415)
Virus killer zero 99.2% (707/713) 67.5% (280/415)
The rate of virus detection(Graph)
Wildlist samples January, 2010
20.0% JCSR samples Febrary, 2010