Response to Virus.gr

When looking at http://virus.gr‘s test results, please note the following:

  1. The test is based on “a personal collection of infected files” of the author. Such a practice has never been recognized as professional by the AV industry. Whether each individual file is truly infected is of great uncertainty.
  2. Owing to (1), the way to determine whether a file is infected dominates the results. Surprisingly, virus.gr thinks a file is infected simply if any of the products says so. Take a simple analogy: Suppose there are 10 files in the collection, 5 are infected, 5 are clean. An AV product, say product A, that reports every file as infected will win the test as it will score 100% accuracy. (Please note that product A gives 5 false positives but this is not treated as a fault in virus.gr’s test). On the other hand, another AV product, say product B, correctly identifies 5 files are infected and the other 5 are clean. Under virus.gr’s test, product B will, ironically, score 50% accuracy as it has “missed” 5 infected files as identified by product A.

    Warning: DO NOT UNDER-ESTIMATE FALSE POSITIVES! THEY MAY COST YOU MORE THAN YOU CAN AFFORD! LEARN MORE HERE.

  3. virus.gr says
    All virus samples were unpacked and the only samples that were kept were the ones that were packed using external-dos-packers (that means not winzip, winrar, winace etc.)

    However, this is simply a non-real-scenario. Packed malwares would not be detected if the software does not have unpacking engines.
  4. virus.gr says:
    The virus samples were divided into these categories, according to the type of the virus:

    File = BeOS, FreeBSD, Linux, Palm, OS2, Unix, BinaryImage, BAS viruses, MenuetOS viruses.
    MS-DOS = MS-DOS and HLL*. viruses.
    Windows = Win.*.* viruses.
    Macro = Macro and Formula viruses.
    Malware = Adware, DoS, Constructors, Exploit, Flooders, Nukers, Sniffers,
    Spoofers, Virus Construction Tools, Virus Tools, Droppers, PolyEngines.
    Script = BAT, Corel, HTML, Java, Scripts, VBS, WBS, Worms, PHP, Perl
    viruses.
    Trojans-Backdoors = Trojan and Backdoor viruses.
    Here we can see, again, the more false positives a product gives, the better it is. virus.gr’s test also requests detection of constructors, poly engine virus etc which are not viruses.


To conclude, we highly recommend users not to use the test results in http://virus.gr as a serious reference. These tests just have not been done in a professional, reliable and reasonable manner. For objective AV test results, please visit a well-respected organization Virus Bulletin at http://www.virusbtn.com.

 

Top of Page Back One Page Print this Page