Virus Morphology
Three different sets of viruses were tested: the Wild collection, which represents a cross-section of those viruses known to be spreading on users' machines; the Zoo, a collection of a large number of different viruses; and the SMEG test, which is a test against a single polymorphic virus known to be in the real world. (Polymorphic viruses appear to be different with every replication, although they are functionally identical. Thus, they are difficult to detect, because they can't be identified with a simple hexadecimal scan string. Only by analyzing the virus carefully or by testing against a large number of replications can you ensure reliable detection.)
The performance of the product in the boot sector (against such viruses as the infamous Michaelangelo virus) and on the Wild tests is of paramount importance, as these are the viruses you're most likely to encounter in the real world. If these scanners are to be useful, they must score high on these tests. The results from the Zoo tests measure the product's overall performance and the developer's ability to track and keep up with the growing threat. The SMEG test gives a measure of the thoroughness of a developer's testing.
The virus-scanner tests were conducted by placing virus-infected disks in the A drive of a clean machine and running each scanner in its default mode.
