(site map)


On Windows 7 (or Vista) I use

  unlimited administrator's account (57.97%)

  limited administrator's account (16.4%)

  common user's account (13.65%)

  nothing (I do not use Win 7/Vista) (14.23%)




Features of Modern Security Suites – Part 3 (2012/10/01)

The final part of the Features of Modern Security Suites series discusses Web and Browser Protection features and also briefly mentions several minor features of security suites, such as Parental Control, Anti-spam, Vulnerability Protection. The features listed in this part are usually not core parts of security products. Rarely you can find a product that implements all of them. Their implementations among various products differs a lot. This is why we try to cover just the basic principles and aspects that are common.

Features of Modern Security Suites – Part 2 (2012/09/14)

The second part of the Features of Modern Security Suites series is devoted to Behavior Control features. Application behavior and its monitoring and controlling is a topic that is very close to us as it is also the primary focus of our public research as well as our commercial work for security software vendors. In this article we describe basic functionality of Behavior Control features and we enumerate common categories of application behavior that are being controlled by modern security suites.

Features of Modern Security Suites (2012/08/28)

Today's desktop security products for Windows are very complex applications. For end-users, the number of offered proprietary features can be confusing. Each software vendor may use its own original names for the very same features that are available in other products under different names. The confusion might increase when we realize that it is not uncommon to see two different features having the same name in products of two different vendors.

This series of articles is intended to clarify the basics and the real functionality of the most common features of today's Windows desktop security suites. We are going to describe what can you expect from a product that, for example, implements Anti-Malware, Safe Web, or Intrusion Prevention. Using the information in this series you should be able to compare the offered feature sets of products of different vendors and better understand how security suites work.

In the first part of the series, we will discuss two most common components – Anti-Virus Engine and Firewall.

Proactive Security Challenge vs. real malware (2010/11/01)

Proactive Security Challenge is a project devoted mostly to testing abilities of security software to protect against actions of malware. Currently, Proactive Security Challenge consists of 148 different tests. Sometimes we hear people arguing that the techniques used in our tests do not correspond with techniques used by the real malware. In order to find out how much Proactive Security Challenge reflects the real world of malware, we have performed the following research.

We have collected a set of 20 malware samples that were not detected by two popular anti-virus engines. This means that downloading these samples to the computer and executing them would be possible even with a fully updated anti-virus installed. Then we have run the samples and analyzed the techniques they used.

KHOBE – 8.0 earthquake for Windows desktop security software (2010/05/05)

In September 2007, we have published an article about a great disease that affected tens of Windows security products. The article called Plague in (security) software drivers revealed awful quality of kernel mode drivers installed by all the major desktop security products for Windows. The revealed problems could cause random system crashes, freezes and in some cases more severe security issues.

Today, we reveal even more serious problem of the Windows desktop security products that can be exploited to bypass a big portion of security features implemented by the affected products. The protection implemented by kernel mode drivers of today's security products can be bypassed effectively by a code running on an unprivileged user account. If you ever heard of SSDT hooks or similar techniques to implement various security features such as products' self-defense, we will show you how to bypass the protection easily.

Firewall engines connections (2008/04/26)

During the update of our list of personal firewalls and HIPS for Windows we have gained some interesting information about the connections between several products. We have also identified a number of projects that were stopped.

Interview with David (2008/02/26)

David was asked to answer some questions for Security Teacher. If you are interested in his answers to general questions about our group, Internet security and research, just follow the link.

Plague in (security) software drivers (2007/09/18)

During our security analyses of personal firewalls and other security-related software that uses SSDT hooking, we found out that many vendors simply do not implement the hooks in a proper way. This allows local Denial of Service by unprivileged users or even privilege escalations exploits to be created. 100% of tested personal firewalls that implement SSDT hooks do or did suffer from this vulnerability! This article reviews the results of our testing and describes how a proper SSDT hook handler should be implemented. We also introduce BSODhook – a handy tool for every developer that deals with SSDT hooks and a possible cure for the plague in today's Windows drivers world.

Introduction to Firewall Leak-testing (2006/11/25)

This article covers the basics of Firewall Leak-testing. If you do not know what leak-tests are, or why your firewall should be able to stop them, we recommend you to read this article. More skilled readers may be interested in the information about leak-testing techniques and/or in the list of currently available leak-testing software with download links.

Comparison of top five personal firewalls (2006/10/31)

This article is a final report of the first phase of Windows Personal Firewall Analysis project. It is based on our analyses of these five personal firewalls: ZoneAlarm, Kerio, Norton, BlackICE and Outpost. You can find a brief comparison of these products not only from the security point of view in this article. We also mention responses from product vendors and reactions we have received from end users.

ICMP blocking, bad idea or security improvement? (2006/07/19)

Are you invisible to hackers on the Internet? Do your personal firewall hides your computer on the network? Many personal firewalls implement features that hide your computer on the network. You may wonder how this works but have you ever thought about what is this feature good for?

More about personal firewalls (2006/07/12)

What is a personal firewall? Do I need a personal firewall? Do I need it if I already have an antivirus installed? Which personal firewall is the best and how do I recognize a bad personal firewall? What are the main tasks of a personal firewall? How about personal firewalls and non-Windows systems? In the following article you can find lot of information about personal firewalls and also answers on these questions. In short we can say that personal firewalls are very sophisticated software and we do recommend users to use them but we also recommend to choose the final product very carefully.

Design of ideal personal firewall (2006/07/01)

The article describes the design of the ideal Windows personal firewall from programmers point of view. First of all the ideal personal firewall is secure. So, this article is about secure design leaving other features like easy of use in the background. At first we say something about the common concept of personal firewalls and then we show important rules for the security design of personal firewall that should be respected during the development of Windows personal firewalls. During our analyses we examine whether those below mentioned rules, that are important for the security, are respected by tested products. In the following article we often use a term 'firewall' but we always mean 'Windows personal firewall'.