Statement on PC Answers anti-virus review

January 22, 2002 Sophos Press Release

* Statement from Sophos
* Statement from PC Answers

Statement from Sophos

The February 2002 edition of PC Answers magazine contains a comparative review of anti-virus products.

The review claims that Sophos is incapable of detecting the LoveLetter and Melissa viruses. The review makes similar claims about some other anti-virus products such as Trend PC-Cillin and Panda Software.

Sophos has been in touch with Future Publishing, the publishers of PC Answers, and acquired the samples that were used during the tests.

Detailed examination by Sophos researchers have confirmed that both the Melissa and the LoveLetter sample that PC Answers tested against are not viral.

Melissa is a Word macro virus that infects Microsoft Word documents and distributes itself in the form of a DOC file. The tester at PC Answers cut-and-pasted the viral code from an infected document and saved it as a VBS file (Note: Melissa is not a VBS virus). In the process the tester at PC Answers made the file non-viral. Indeed, if the VBS file is launched an error message is displayed and the file refuses to replicate.

As such, it poses no threat.

Melissa test The error message displayed when the Melissa sample fails to replicate. It is not a virus.

LoveLetter is a Visual Basic Script virus. The file PC Answers tested against to determine whether an anti-virus product could detect LoveLetter was corrupted with carriage returns and line feeds (CR+LF). LoveLetter does not distribute itself in this form and, indeed, the file PC Answers tested against is not a virus. If you try and launch the file PC Answers tested against users are presented with an error message saying "Unterminated string constant", and the file fails to replicate.

LoveLetter test The error message displayed when the LoveLetter sample fails to replicate. It is not a virus.

Sophos was correct not to detect these files as viruses, because they are not viruses - they do not replicate.

It is ironic that Sophos Anti-Virus, and anti-virus products from other vendors, are penalised in this review for not false alarming on these non-viral files.

Sophos has contacted PC Answers with the above information and asked for a retraction and a new review of the anti-virus products on the marketplace with a professional testing methodology against real viruses.

Users wishing to see independent comparative reviews of anti-virus software are invited to consult the following professional anti-virus testing houses which confirm Sophos's ability to detect 100 per cent of the viruses in the wild, including the Melissa and LoveLetter viruses:

Sophos Anti-Virus is recognised for its consistently high virus detection rates by bodies such as the ICSA, Virus Bulletin and West Coast Labs.

ICSA certified Virus Bulletin 100% West Coast Labs Checkmark

[TOP]

Statement from PC Answers

PC Answers would like to clarify that the Melissa and LoveLetter viruses used in the February 2002 issue of PC Answers were not standard versions of these viruses, as described by Sophos.

When the Melissa and LoveLetter viruses are distributed in their normal forms Sophos anti-virus products are perfectly capable of detecting and eliminating these viruses.

PC Answers agrees that the versions of the viruses used in the test are harmless and incapable of duplicating themselves while in that state, and that Sophos anti-virus products ignore these by design. PC Answers will be printing a clarification of this in its March 2002 issue.