PCSL Total Protection Testing 2009 NO
Transcript of PCSL Total Protection Testing 2009 NO
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
PCSL Total Protection Testing
2009 NO.3
Summary Testing Report
March 31, 2009
Author:Jeffrey Wu
Website:http://www.pcsecuritylabs.net
Cooperation Media:PC HOME http://antivirus.pchome.net/
ZOL http://xiazai.zol.com.cn
PConline http://pcedu.pconline.com.cn/
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
Testing Products
� a-squared Anti-Malware 4.0
Emsi Software GmbH
� Avira Premium Security Suite 8
Avira GmbH
� Dr.Web® Security Space
Doctor Web, Ltd.
� F-Secure Internet Security 2009
F-Secure Corporation
� G DATA InternetSecurity 2009
G DATA Software AG.
� IKARUS virus utilities T3
IKARUS Security Software GmbH
� Jiangmin Antivirus KV2009
Jiangmin SciTech
� Kaspersky Internet Security 2009
Kaspersky Lab
� Kingsoft Internet Security 2009
Kingsoft
� Panda Internet Security 2009
Panda Security
� Quick Heal Total Security 2009
Quick Heal Technologies (P) Ltd.
� Trend Micro Internet Security 2009
Trend Micro Incorporated.
� TrustPort PC Security 2009
TrustPort, a.s.
� Twister Anti-TrojanVirus
Filseclab
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
News & Highlights
� G DATA from German announced to officially participate in PCSL Total Protection
Testing since March, 2009.
� Total 15 antivirus vendors officially take part in our public testing and three other
antivirus vendors take part in our internal testing.
� PConline became the third cooperation media after PChome and ZOL
Testing Material and Methodology
� Testing is based on the PC Security Labs Manual(v.200812) and with network
connection
� Update time: 21:00 March 12th,2009 GMT+8
� 200901 Malware-List (2059 different malicious samples) and plenty of clean files
� Marking system=(A+B)/C*100-lg(D+1)
A=Detection number in the static testing
B=Detection number in the dynamic testing
C=Malware-List sample number
D=False positive number
� Final Score:95.00-100.00 5star excellent monthly award
� Final Score:90.00-94.99 4star standard monthly award
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
Detailed Testing Result
※ a-squared Anti-Malware 4.0 (a2 of the following abbreviation) ※
� Vendor:Emsi Software GmbH
� Detailed information:
� Static testing:delete all the detected sample,the detection number=2059-3=2056
� Dynamic testing:run the rest samples,a2 detected 0 samples
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� False positive testing:a2 had 10 false positive
09344655 Virus.Win32.Trojan
0f708ae7 Backdoor.Win32.GrayBird.EJ
337965a9 Trojan-Downloader.Win32.Dadobra
4f893c42 Virus.Win32.Trojan
5480ba8c Trojan.Win32.Agent
6d0717d5 Virus.Win32.Trojan
a3c31a97 Virus.Win32.Crypt.COK
b049ff9e Trojan-Downloader.Win32.VB.abu
f3441c43 Virus.Win32.Agent.RZV
f97a9997 Trojan-Spy.Win32.Qeds.A
� Testing summary
a-squared Anti-Malware 4.0
Detection number in the static testing A=2056
Detection number in the dynamic testing B=0
Malware-List sample number C=2059
False positive number D=10
Final score =(A+B)/C*100-lg(D+1)= (2056+0)/2059*100-lg(10+1)=98.81
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Avira Premium Security Suite 8 (Avira of the following abbreviation) ※
� Vendor:Avira GmbH
� Detailed information:
� Static testing:delete all the detected sample,the detection number =2059-3=2056
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Avira detected 0 samples
� False positive testing:Avira had 3 false positive
09344655 ADSPY/Agent.50688 adware or spyware
79ad6d4b TR/Starter.263 Trojan
b049ff9e TR/Agent.33792.H Trojan
� Testing summary
Avira Premium Security Suite 8
Detection number in the static testing A=2056
Detection number in the dynamic testing B=0
Malware-List sample number C=2059
False positive number D=3
Final score=(A+B)/C*100-lg(D+1)= (2056+0)/2059*100-lg(3+1)=99.25
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Dr.Web® Security Space (Dr.Web of the following abbreviation) ※
� Vendor:Doctor Web
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-152=1907
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Dr.Web detected 49 samples
� False positive testing:Dr.Web had 2 false positive
5480ba8c Win32.HLLW.Gavir.75
79ad6d4b Archive contains infected objects
� Testing summary
Dr.Web® Security Space
Detection number in the static testing A=1907
Detection number in the dynamic testing B=49
Malware-List sample number C=2059
False positive number D=2
Final score=(A+B)/C*100-lg(D+1)= (1907+49)/2059*100-lg(2+1)=94.52
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ F-Secure Internet Security 2009 F-Secure of the following abbreviation ※
� Vendor:F-Secure Corporation
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-35=2024
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,F-Secure detected 25 samples
� False positive testing:F-Secure had 1 false positive
0f708ae7 Trojan.Win32.Genome.ceb
� Testing summary
F-Secure Internet Security 2009
Detection number in the static testing A=2024
Detection number in the dynamic testing B=25
Malware-List sample number C=2059
False positive number D=1
Final score=(A+B)/C*100-lg(D+1)= (2024+25)/2059*100-lg(1+1)=99.21
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ G DATA InternetSecurity 2009 G DATA of the following abbreviation ※
� Vendor:G DATA Software AG.
� Detailed information:
� Static testing:delete all the detected sample,the detection number =2059-2=2057
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,G DATA detected 2 samples
� False positive testing:G DATA had 5 false positive
� Testing summary
G DATA InternetSecurity 2009
Detection number in the static testing A=2057
Detection number in the dynamic testing B=2
Malware-List sample number C=2059
False positive number D=5
Final Score=(A+B)/C*100-lg(D+1)= (2057+2)/2059*100-lg(5+1)=99.22
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ IKARUS virus utilities T3 以下简称 IKARUS ※
� Vendor:IKARUS Security Software GmbH
� Detailed information:
� Static testing:delete all the detected sample,the detection number =2059-3=2056
� Dynamic testing:run the rest samples,IKARUS detected 0 samples
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� False positive testing:IKARUS had 10 false positive
09344655 Virus.Win32.Trojan
0f708ae7 Backdoor.Win32.GrayBird.EJ
337965a9 Trojan-Downloader.Win32.Dadobra
4f893c42 Virus.Win32.Trojan
5480ba8c Trojan.Win32.Agent
6d0717d5 Virus.Win32.Trojan
a3c31a97 Virus.Win32.Crypt.COK
b049ff9e Trojan-Downloader.Win32.VB.abu
f3441c43 Virus.Win32.Agent.RZV
f97a9997 Trojan-Spy.Win32.Qeds.A
� Testing summary
IKARUS virus utilities T3
Detection number in the static testing A=2056
Detection number in the dynamic testing B=0
Malware-List sample number C=2059
False positive number D=10
Final Score=(A+B)/C*100-lg(D+1)= (2056+0)/2059*100-lg(10+1)=98.81
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Jiangmin Antivirus KV2009 (Jiangmin of the following abbreviation) ※
� Vendor:Jiangmin SciTech
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-152=1907
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Jiangmin detected 133 samples
� False positive testing:Jiangmin had 2 false positive
� Testing summary
Jiangmin Antivirus KV2009
Detection number in the static testing A=1907
Detection number in the dynamic testing B=133
Malware-List sample number C=2059
False positive number D=2
Final Score=(A+B)/C*100-lg(D+1)= (1907+133)/2059*100-lg(2+1)=98.60
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Kaspersky Internet Security 2009 Kaspersky of the following abbreviation ※
� Vendor:Kaspersky Lab
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-28=2031
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Kaspersky detected 24 samples
� False positive testing:Kaspersky had 1 false positive
0f708ae7 Trojan.Win32.Genome.ceb
� Testing summary
Kaspersky Internet Security 2009
Detection number in the static testing A=2031
Detection number in the dynamic testing B=24
Malware-List sample number C=2059
False positive number D=1
Final Score=(A+B)/C*100-lg(D+1)= (2031+24)/2059*100-lg(1+1)=99.50
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Kingsoft Internet Security 2009 (Kingsoft of the following abbreviation) ※
� Vendor:Kingsoft
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-337=1722
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Kingsoft detected 165 samples
� False positive testing:Kingsoft had 0 false positive
� Testing summary
Kingsoft Internet Security 2009
Detection number in the static testing A=1722
Detection number in the dynamic testing B=165
Malware-List sample number C=2059
False positive number D=0
Final Score=(A+B)/C*100-lg(D+1)= (1722+165)/2059*100-lg(0+1)=91.65
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Panda Internet Security 2009 (Panda of the following abbreviation) ※
� Vendor:Panda Security
� Detailed information:
� Static testing:delete all the detected sample,the detection number =2059-7=2052
� Dynamic testing:run the rest samples,Panda detected 1 samples
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� False positive testing:Panda had 1 false positive
� Testing summary
Panda Internet Security 2009
Detection number in the static testing A=2052
Detection number in the dynamic testing B=1
Malware-List sample number C=2059
False positive number D=1
Final Score=(A+B)/C*100-lg(D+1)= (2052+1)/2059*100-lg(1+1)=99.41
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Quick Heal Total Security 2009 Quick Heal of the following abbreviation ※
� Vendor:Quick Heal Technologies (P) Ltd.
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-66=1993
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Quick Heal detected 36 samples
� False positive testing:Quick Heal had 4 false positive
of708ae7 Win32.Virtool.DelfInject.Gen!X.5
5480ba8c Trojan.Agent.IRC
a3c31a97 Trojan.Agent.IRC
f3441c43 Trojan.Agent.ATV
� Testing summary
Quick Heal Total Security 2009
Detection number in the static testing A=1993
Detection number in the dynamic testing B=36
Malware-List sample number C=2059
False positive number D=4
Final Score=(A+B)/C*100-lg(D+1)= (1993+36)/2059*100-lg(4+1)=97.84
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Trend Micro Internet Security 2008 (Trend Micro of the following abbreviation) ※
� Vendor:Trend Micro Incorporated.
� Detailed information:
� Static testing:delete all the detected sample,the detection number
=2059-541=1518
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Trend Micro detected 345 samples
� False positive testing:Trend Micro had 2 false positive
09344655 TROJ_GENERIC.APC
283a763c PACKER-GEN.101
� Testing summary
Trend Micro Internet Security 2008
Detection number in the static testing A=1518
Detection number in the dynamic testing B=345
Malware-List sample number C=2059
False positive number D=2
Final Score=(A+B)/C*100-lg(D+1)= (1518+345)/2059*100-lg(2+1)=90.00
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ TrustPort PC Security 2009 ( TrustPort of the following abbreviation) ※
� Vendor:TrustPort, a.s.
� Detailed information:
� Static testing:delete all the detected sample,the detection number =2059-5=2054
� Dynamic testing:run the rest samples,TrustPort detected 1 samples
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� False positive testing:TrustPort had 9 false positive
09344655 Clicker.DQK(Avg)
0f708ae7 W32/Packed_NsPack.I(Norman)
3be77210 VB.FEK(Avg)
4f893c42 SHeur.BAAI(Avg)
5480ba8c Worm/Delf.CKI(Avg)
9bd01461 W32/Malware.FBEF(Norman)
f2f988e1 BScope.Trojan-PSW.OnlineGames(VirusBlokAda)
f3441c43 W32/GrayBird.VAL(Norman)
f97a9997 Worm.Win32.Otwycal.g(VirusBlokAda)
� Testing summary
TrustPort PC Security 2009
Detection number in the static testing A=2054
Detection number in the dynamic testing B=1
Malware-List sample number C=2059
False positive number D=9
Final Score=(A+B)/C*100-lg(D+1)= (2054+1)/2059*100-lg(9+1)=98.81
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
※ Twister Anti-TrojanVirus (Filseclab of the following abbreviation) ※
� Vendor:Filseclab
� Detailed information:
Default setting
� Static testing:delete all the detected sample,the detection number
=2059-398=1661
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
� Dynamic testing:run the rest samples,Filseclab detected 373 samples
� False positive testing:Filseclab had 0 false positive
� Testing summary
Twister Anti-TrojanVirus
Detection number in the static testing A=1661
Detection number in the dynamic testing B=373
Malware-List sample number C=2059
False positive number D=0
Final Score=(A+B)/C*100-lg(D+1)= (1661+373)/2059*100-lg(0+1)=98.79
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
Testing Summary
Vendor Static Dynamic Total Rate FP Score
Avira 2056 0 2056 99.85% 3 99.25
Dr.Web 1907 49 1956 95.00% 2 94.52
Emsisoft 2056 0 2056 99.85% 10 98.81
Filseclab 1661 373 2034 98.79% 0 98.79
F-Secure 2024 25 2049 99.51% 1 99.21
G DATA 2057 2 2059 100.0% 5 99.22
IKARUS 2056 0 2056 99.85% 10 98.81
Jiangmin 1907 133 2040 99.08% 2 98.60
Kaspersky 2031 24 2055 99.81% 1 99.50
Kingsoft 1722 165 1887 91.65% 0 91.65
Panda 2052 1 2053 99.71% 1 99.41
Quick Heal 1993 36 2029 98.54% 4 97.84
Trend Micro 1518 345 1863 90.48% 2 90.00
TrustPort 2054 1 2055 99.81% 9 98.81
Total sample for malware testing:2059
Static=Detection number in the static testing
Dynamic=Detection number in the dynamic testing
Total=Detection number in both static and dynamic testing
Rate=Detection rate in both static and dynamic testing
FP=False positive number
Score=Final Score in PCSL Total Protection Testing
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
Monthly Award
Vendor Monthly Award
PCSL Total Protection Testing 2009 NO.3 Copyright © PC Security Labs 2008-2009
Copyright and Disclaimer It is not allowed to take parts of our testing result into own tests or to use the data ulterior without a written
permission of PC Security Labs. We cannot be made liable for any damage or loss which might occur as a result of,
or in connection with the use of the information provided on our website or testing reports. We try our best to
ensure the correctness of the testing result, but we do not provide any guaranty for the correctness, completeness,
etc. of both the information on our website and our testing reports at any time. You are allowed to download, view,
print and copy the material from our site on the hard disk of your computer and to use it for your own personal,
non-commercial purposes as a personal information resource in good faith only. It is forbidden to transmit or
re-circulate any material obtained from PC Security Labs (including from the email delivered by PC Security Labs) to
any third party without the written agreement of PC Security Labs. We focus on computer security and we try our
best to protect the PC security. All the samples are from the Internet and we are not responsible for the malware
samples. The research is taken in an internal network environment and we all remove the samples' extension in
order to prevent incorrect manipulation by the user. We are not responsible for the damage caused by incorrect
manipulation. In addition, we are also not responsible for the behavior taken by the outlaws. The testing report
from PCSL is for reference only and the copyright of the testing report belongs to PC Security Labs. Any commercial
activity wants to cite our report result please contact Jeffrey through his email address ( [email protected]).
For the monthly award logo, its use on the Internet, marketing materials and user documents by the antivirus
vendor is free of charge. The annual certification logo is free of charge to be used on the Internet, marketing
materials, user documents and the product packaging. For more detailed information about annual certification,
please contact Jeffrey Wu via email: [email protected]. We have the right to withdrawn the license of
monthly award and annual certification due to the improper use of the antivirus vendor.
All related issues about the testing, monthly award, logo, certification, legal notes, disclaimer, copyright, etc will be
based on the latest PC Security Labs Manual. The copyright of this report belongs to Jeffrey Wu, PC Security Labs.