Home > Projects > Proactive Security Challenge 64

Proactive Security Challenge 64

• Introduction
• Results and comments
• Testing levels
• List of products
• Archive of results
• My leaks
• Frequently asked questions

Introduction

Contents:

• Latest news
• Introduction
• Methodology and rules
• How you can help us
• For vendors
• News archive

Latest news

• 2012-02-17: New results have been published for:
  • Bitdefender Total Security 2012 15.0.36.1530
  • Norman Security Suite PRO 9.00
  • Norton Internet Security 2012 19.5.0.145
  • Rising Internet Security 2011 23.00.55.71

  There is nothing much to comment about today's results. They were just worse than expected. Bitdefender Total Security was expected to reach the highest levels but failed to do so. The excellent score that its previously tested 2011 version reached in the former Proactive Security Challenge, which tested products on the 32-bit Windows XP platform, is gone. On the 64-bit Windows 7, the performance of Bitdefender Total Security 2012 version is incomparable – 9 %. Similarly, the final score of 10 % for Norton Internet Security is a bit of a disappointment. Norman Security Suite PRO also finished on the second level and it scored 6 % – only basic level of protection.

  The worst results have been measured for Rising Internet Security, its 3% score is just another unpleasant surprise considering its much better results on the 32-bit platform.

• 2012-01-16: Responses from Comodo Security Solutions, Inc., the vendor of Comodo Internet Security Premium, and PWI, Inc., the vendor of Privatefirewall, have been added.
• 2012-01-13: New results have been published for:
  • Comodo Internet Security Premium 5.9.219863.2196
  • F-Secure Internet Security 2012 12.44.110
  • G Data TotalSecurity 2012 22.1.0.0
  • Privatefirewall 7.0.25.5

  Comodo Internet Security did it again! There were few tests that it failed this time and it is probably just a matter of time for this product to reach the perfect score in our challenge again. Comodo Internet Security outclassed all products that have been tested in Proactive Security Challenge 64 so far. With 94% score its position on the top of the table is stronger than ever before. Congratulations!

  Privatefirewall looked very promising on lower levels, but harder tests on higher levels did not allow this popular free product to get to the top. 56% score currently means 3rd place in Proactive Security Challenge 64. Privatefirewall's core is solid, its self-protection is almost perfect and the autorun protection control is very good. Having long term experience with this product, we expect that Privatefirewall will be improved in the future and will strengthen its position on the top of the result table.

  F-Secure Internet Security 2012 and G Data TotalSecurity 2012 did not surprise us. Although G Data TotalSecurity performed little better than F-Secure Internet Security, its final score is as low as 5 %. The implementation of many of its features is incomplete – for example the autorun control or the self-defense features. F-Secure Internet Security then passed even less tests and finished with 3% score.

• 2011-12-21: New results have been published for:
  • AVG Internet Security 2012.0.1890
  • avast! Internet Security 6.0.1367
  • Avira Internet Security 2012 12.0.0.832
  • PC Tools Internet Security 2012 9.0.0.898

  This time we wanted to give you a product that scores better than others, possibly attacks the 80% bar. This is why we included PC Tools Internet Security in this update. It was a big and unpleasant surprise that its performance in Proactive Security Challenge 64 was extremely poor. If you remember its excellent results from Proactive Security Challenge, you must be surprised too. On 64-bit Windows 7 SP1 platform, the tested version of PC Tools Internet Security 2012 succeeded against just a few tests and its final score is as low as 6 %. We hope that the related issues in its protection will be solved quickly and that PC Tools Internet Security will strike back among the top products soon.

  Since PC Tools Internet Security performed poorly, it was avast! Internet Security that finished with the best score among the products tested this time. Yet still its performance is not good enough. It offers only a basic protection against some of the attacking techniques leaving malware plenty of ways to bypass its protection. Its final score is 15 %, still deep in the red zone.

  AVG Internet Security and Avira Internet Security remain consistent in their poor results. Nothing new on this field – 3% score for AVG, 4% for Avira. Both products pass only the most trivial tests.

Introduction

This project examines security software for Windows OS that implement application-based security model – i.e. most of the products called Internet security suites, personal firewalls, HIPS, behavior blockers, and similar products on the market. A product must meet some fixed criteria in order to be included in this project. The list of products suitable for this project that we are aware of is available on the product list page.

The goal of this project is to evaluate various abilities of security products to protect the user's data and the operating system based on the application behavior control and similar features. A product that succeeds in Proactive Security Challenge 64 is able to block well known techniques used by malware to steal or corrupt the user's identity or data, to infect and persist in the system, to participate in botnets, and to circumvent the protection implemented by the security product itself.

Methodology and rules

Installation and configuration

The tested products are installed on a virtual machine running Windows 7 Service Pack 1 with Internet Explorer 9 set as the default browser and with UAC turned off. The products are configured to their highest usable security settings and tested with this configuration only. We define the highest usable security settings as follows. The user must be able to do the configuration of the product without need of expert knowledge of the operating system and the computer security. This means that the user, with the skills and knowledge we assume, is able to go through all forms of the graphic user interface of the product and enable or disable or choose among several therein given options, but is not able to think out names of devices, directories, files, registry entries etc. to add to various table of protected objects manually, not even if such a configuration is suggested on the product's support forum or website. The product is configured to interact with the user as much as possible, reducing the number of automatic decisions made by the product as much as possible. To meet the usability requirement it must be possible to use the computer with the configured product for all legitimate tasks as if there was no security product installed. It is also required that the user is not forced to predict behavior of any unknown application and that under normal circumstances (i.e. no malware attack is in the progress) and once the product is set up properly, the product does not bother the user too often.

Testing levels

There are several testing levels in Proactive Security Challenge 64. Each level contains a selected set of tests and it also contains a score limit that is necessary to pass this level. All products are tested with the level 1 set of tests. Products that reach the score limit of level 1 and thus pass this level will be tested in level 2 and so on until they reach the highest level or until they fail a limit of some level.

Testing suite and scoring

Proactive Security Challenge 64 uses tests from Security Software Testing Suite 64 only. All the tests in this suite are available with source codes. Using the open set of tests makes the testing transparent as much as possible. For each test the tested product can get a score between 0 % and 100 %. Currently, all the tests can be simply passed or failed only and so the product can get 0 % or 100 % score only. It should be noted that the testing programs are not perfect and in many cases they use methods that do not guarantee recognizing whether the tested product passes or fails the test. This means that it might happen that the testing program reports that the tested system passed the test even if it failed, this is called a false positive result. The official result of the test is always determined by an experienced human tester in order to filter false positive results. The opposite situations of false negative results are rare and are also eliminated by the human tester.

All tests on the levels a tested product reaches are run at least once. If a product passes a test, this test is repeated at least once in order to mitigate false passing. For more information about the testing process see the testing guidelines.

Every test has a defined type. Tests of the same type usually attempt to achieve the same goal. Here is a list of the defined types and their goals:

• Leak-test: Leak-tests attempt to send data to the Internet server, this is called leaking. Most of the leak-tests from Security Software Testing Suite 64 are configured to use a script on our website that logs leaks to our database by default. For such tests, you can use the My leaks page to see whether the test was able to transmit the data. For leak-tests that do not use this script, we use a packet sniffer in unclear situations. In order to pass many leak-tests, the tested product has to implement various host protection features.
• Spying test: These tests attempt to spy on users' input or data. Keyloggers and packet sniffers are typical examples of spying tests. Every piece of the data they obtain is searched for a pattern, which is defined in the configuration file. These tests usually succeed if the given pattern has been found.
• Autorun test: These tests attempt to install themselves to the system in order to ensure they will be started again. The most common goal of autorun tests is to survive the reboot. Such a system infection is typical for almost all kinds of malware. The tested product fails the autorun test if the test is able to ensure that it, or its part, code, or action, will be started in the future again.
• Self-defense test: This category of tests include various attacks against the security product itself. Termination tests are the first subtype of tests that belongs in this category. These tests attempt to terminate or somehow damage processes of the tested product or their parts. The termination test usually succeeds if at least one of the target processes, or at least one of their parts, was terminated or damaged. Besides processes and threads, the security software usually relies on various files and registry entries. Tests that attempt to remove, destroy or corrupt these critical objects for the security product also belong to this category.
• Other: Tests that do not fit any of the previously defined types are of this type. For example, tests that maliciously modify the system can be found in this category.

The types of tests are defined for information purposes only. They do not determine the process of evaluation of whether the test was passed or failed. Each test implements one or more attacking techniques that can be used for various malicious purposes. A test implemented as a leak-test may use a more general technique that can be used to permanently infect the system. A tested product may be able to block the leak-testing part of the test and it still may fail the test because the core technique of the test may be usable for a different malicious purpose. It happens quite often that we use modified version of tests in order to check whether the tested product really protects against the specific attacking technique of the test or is just able to prevent the current test's implementation from succeeding.

All tests are equal to the intent that their scores are not weighted by their level or something else. The total score of the tested product is counted as follows. For all tests in all levels that the product did not reach, the product's score is 0 %. For all other tests the score is determined by the testing. The total score of the product is a sum of the scores of all tests divided by the number of all tests and rounded to a whole number. It may happen that a new test is added to Proactive Security Challenge 64 when some products already have their results. In such case, the result of this test for already tested products is set to N/A, which means that it is not counted for this product and does not affect its score or level passing. Neither the number of the tests, nor the number of levels is final. We may create new tests and levels in the future. We are also open to your ideas of new testing techniques or even complete tests.

Product's selection and vendors rights

Products for testing are selected from those that were requested for tests by their vendors or often suggested for tests by our visitors, more times than other products. If there are no such products, we will select products for tests ourselves, preferentially taking products that have not been tested at all yet and have a real chance to succeed in our tests. Every vendor has a right for its product to be tested in Proactive Security Challenge 64 for free once in a six months period and this right is valid only for stable and publicly available versions of the products. If a vendor offers more than one product it still has a right of only one free test per six months. Moreover, next free testing of a product will be performed no sooner than three months after the last free testing. This rule should prevent vendors from using Proactive Security Challenge 64 testing as a free beta testing service. We reserve the right to postpone the testing request and in exceptional cases also to completely refuse the testing request with or without a reason. The only exception from the free testing request rule is for vendors that offer a product with an anti-virus or an anti-malware engine and mark any of the tests of Security Software Testing Suite 64 as a virus, an infected code, an unwanted or a malicious application, or offend any part of the suite directly using pattern recognitions or any other form of blacklisting, or offend the Proactive Security Challenge 64 project in any other way. This approach deceives the users of such anti-virus or anti-malware engines and make the testing more difficult for us. The vendors who offend the testing suite have no right for free testing at all but can still request a paid testing.

Paid testing

Every vendor has a right to request the paid Proactive Security Challenge 64 testing, in which case its product will be tested in all levels regardless the results on each of the levels. After the vendor receives the results of the paid testing, it can either keep them private or request their publishing on our website, but such a request will be satisfied only if the previously published results for the tested product, if any, are at least one month old and if the tested version of the product is stable and publicly available. There are no limits of the frequency of the paid tests.

How you can help us

Do you enjoy Proactive Security Challenge 64? Do you want to help us but you do not consider yourself to be a security expert? Still you can help us! If you intend to buy a security software, you may be interested to buy one of the products we recommend in Proactive Security Challenge 64. Have a look at Products' ratings on the results page. The Recommendation column in the table contains links to the online stores or products' web pages of the vendors that we have affiliate agreements with. If you click on any of these links and then buy the tested product or other product offered on the target webpage, we will profit from it. So, if you are going to buy a security software and you like our projects, you can help us! Even if you have the licence already, we can profit if you prolong the licence after you visit the vendor's website through our recommendation links. Thank you!

The rules for the recommended products are simple. The first condition is that the product's Protection level is at least Very good, which means that its final score is at least 80 %. The second condition is that we have an affiliate agreement with its vendor. It is important to note that if the recommended product is retested and does not reach the 80 % limit, it will not be recommended anymore, at least not until the next retesting.

For vendors

We provide various services to vendors of security software. Besides the above mentioned paid Proactive Security Challenge 64 testing, we provide commercial testing based on the original methodology for advanced analyses. We also offer consulting services and research related to Windows internals, implementation of security software, design of security software, reverse engineering and malware analyses. Get more information about the services we offer.

News archive

• 2012-02-17: New results have been published for:
  • Bitdefender Total Security 2012 15.0.36.1530
  • Norman Security Suite PRO 9.00
  • Norton Internet Security 2012 19.5.0.145
  • Rising Internet Security 2011 23.00.55.71

  There is nothing much to comment about today's results. They were just worse than expected. Bitdefender Total Security was expected to reach the highest levels but failed to do so. The excellent score that its previously tested 2011 version reached in the former Proactive Security Challenge, which tested products on the 32-bit Windows XP platform, is gone. On the 64-bit Windows 7, the performance of Bitdefender Total Security 2012 version is incomparable – 9 %. Similarly, the final score of 10 % for Norton Internet Security is a bit of a disappointment. Norman Security Suite PRO also finished on the second level and it scored 6 % – only basic level of protection.

  The worst results have been measured for Rising Internet Security, its 3% score is just another unpleasant surprise considering its much better results on the 32-bit platform.

• 2012-01-16: Responses from Comodo Security Solutions, Inc., the vendor of Comodo Internet Security Premium, and PWI, Inc., the vendor of Privatefirewall, have been added.
• 2012-01-13: New results have been published for:
  • Comodo Internet Security Premium 5.9.219863.2196
  • F-Secure Internet Security 2012 12.44.110
  • G Data TotalSecurity 2012 22.1.0.0
  • Privatefirewall 7.0.25.5

  Comodo Internet Security did it again! There were few tests that it failed this time and it is probably just a matter of time for this product to reach the perfect score in our challenge again. Comodo Internet Security outclassed all products that have been tested in Proactive Security Challenge 64 so far. With 94% score its position on the top of the table is stronger than ever before. Congratulations!

  Privatefirewall looked very promising on lower levels, but harder tests on higher levels did not allow this popular free product to get to the top. 56% score currently means 3rd place in Proactive Security Challenge 64. Privatefirewall's core is solid, its self-protection is almost perfect and the autorun protection control is very good. Having long term experience with this product, we expect that Privatefirewall will be improved in the future and will strengthen its position on the top of the result table.

  F-Secure Internet Security 2012 and G Data TotalSecurity 2012 did not surprise us. Although G Data TotalSecurity performed little better than F-Secure Internet Security, its final score is as low as 5 %. The implementation of many of its features is incomplete – for example the autorun control or the self-defense features. F-Secure Internet Security then passed even less tests and finished with 3% score.

• 2011-12-21: New results have been published for:
  • AVG Internet Security 2012.0.1890
  • avast! Internet Security 6.0.1367
  • Avira Internet Security 2012 12.0.0.832
  • PC Tools Internet Security 2012 9.0.0.898

  This time we wanted to give you a product that scores better than others, possibly attacks the 80% bar. This is why we included PC Tools Internet Security in this update. It was a big and unpleasant surprise that its performance in Proactive Security Challenge 64 was extremely poor. If you remember its excellent results from Proactive Security Challenge, you must be surprised too. On 64-bit Windows 7 SP1 platform, the tested version of PC Tools Internet Security 2012 succeeded against just a few tests and its final score is as low as 6 %. We hope that the related issues in its protection will be solved quickly and that PC Tools Internet Security will strike back among the top products soon.

  Since PC Tools Internet Security performed poorly, it was avast! Internet Security that finished with the best score among the products tested this time. Yet still its performance is not good enough. It offers only a basic protection against some of the attacking techniques leaving malware plenty of ways to bypass its protection. Its final score is 15 %, still deep in the red zone.

  AVG Internet Security and Avira Internet Security remain consistent in their poor results. Nothing new on this field – 3% score for AVG, 4% for Avira. Both products pass only the most trivial tests.

• 2011-12-01: New results have been published for:
  • ESET Smart Security 5.0.94.0
  • Jetico Personal Firewall 2.1.0.10.2451
  • McAfee Total Protection 2012 11.0.623
  • Panda Global Protection 2012 5.01.00

  Jetico Personal Firewall has a solid protection base. It is strong against process related attacks and also against techniques manipulating files. Its coverage of autorun locations is also very good. Jetico Personal Firewall is not able to prevent spying techniques such as keylogging and it also loses facing more advanced attacking techniques. Its indirect relativeness feature could also create more problems than benefits. Still, its final 59% score is and will be much better than the average.

  ESET Smart Security 5 is the first serious attempt of ESET to implement HIPS features into their security suite. There are many good things implemented in ESET Smart Security, especially its coverage of autorun locations is very solid, but it will take a long time for this product to make it on the top – at least on the field of host protection features. ESET Smart Security covers basic techniques well but loses against more advanced attacks. Final score 33 %.

  Both McAfee Total Protection and Panda Global Protection scored as little as 3 % this time. The protection features are half-baked. For example McAfee Total Protection's self-protection covers only some of the components of this products; and some features of Panda Global Protection seems to rely on unsafe user mode hooks. Both solutions pass only the most simple tests.

• 2011-12-01: Proactive Security Challenge 64 has been started. It replaces Proactive Security Challenge.

valid HTML 4.01 · valid CSS 2 · optimized for you · design by martina · powered by jan · generated on February 23, 2012