
Prologue:

   "In ol' times when Vesselin Vladimirov Bontchev was active in testing
    AV products and Morton Swimmer was around developing his Virus Intrusion
    Detection Expert System (VIDES), and with many more students at the 
    Virus Test Center of Hamburg University`s Faculty for Informatics..."

Although these "ancient times" are not so far back (Vesselin left in July
1995 to work with Fridrik Skulason, and Morton left in January 1996 for
IBMs High Integrity Computing Labs), significant changes have appeared. The
number of boot/file viruses has more than doubled (to reach more than 11,000
file viruses and 700 boot viruses at the end of November 1996). A new species
of viruses has appeared: the MACRO viruses, which soon reached world-wide
distribution within about 1 year, with unlucky assistance of MicroSoft.

Far beyond, the fast development of Local and Wide Area Networks (esp. of
Internet) has been accompanied by more serious threats, including massive 
automated scanning of sites, mail bombing, spoofing, sniffing and data 
hijacking, to mention only few. More recently, malicious agents and "hostile 
applets" (assumed to be impossible by adherents of "SECURE JAVA") enlarge 
Pandora`s Box of malevolent anomalies. The importance of single-system threats,
esp. including "computer viruses" has therefore relatively decreased, though 
these threats grow in absolute figures and in their damaging potential.

With views of their future duties, students are more interested in Network
Test Center (NTC) organized in parallel to VTC for those concentrating on
studies on IT Security and Safety offered in 4-semester courses at Hamburg
University`s Faculty for Informatics (for details, see VTC/NTC homepage). This
is one essential reason that AV Product tests were only resumed 1996 when 
fresh interested students joined VTC asking for new activities. Fortunately, 
VTC's virus database could be updated to again reflect the actual status of 
the threats. Macro viruses provided interesting methods and future job demands,
so allocation of related knowledge and methods seemed promissing.

In this situation, the ol' VTC activities were restarted, with fresh aims.
As VTCs databases are comparatively large, this test was explicitly set-up
to assess not only detection of viruses, both generally and "In-The-Wild".
Moreover, we try to assess the precision and reliability of virus detection.
Both aspects are of major concern for users, esp. as they are prerequistite
for any reliable cleaning. 

These text files result from a a first round of testing on-demand scanning 
on media. It is intended to enlarge the scope of our tests step-by-step,
to also cover testing on-access scanners, virus cleaning as well as virus
detection in memory. Moreover, we also plan to test virus detection on other
platforms such as Windows 95.

As usual in scientific work, we very much welcome critical and constructive
comments. Though we did our best to avoid errors, some may hard to be 
avoided, as our insight into related products may be insufficient (e.g. due
to missing or ill-understood documentation). We will properly analyse any
suggestion and critical comment IF adequate forms and ways are used, though we
will not react on any indecent or flaming attacks.

In presenting these test results, it is NOT our goal to blame any AV producer
for problems of their product.  Nor is it our goal to help any marketing
expert in selling poducts which reach beneficial results. Indeed, it is outside
our possibilities to influence such side-effects. But besides collecting
methodical insights into such test processes, it is our ESSENTIAL GOAL
to help customers orient themselves in jungles of mis-information. If this
test may help some customer in overcoming or avoiding related problems, we
would regard our goals to have been successfully reached.

On behalf of the VTC Test Team:
                 Klaus Brunnstein (February 14, 1997)
             brunnstein@rz.informatik.uni-hamburg.d400.de 

     
