Poll
On Windows 7 (or Vista) I use
Proactive Security Challenge 64
- Introduction
- Results and comments
- Testing levels
- List of products
- Archive of results
- My leaks
- Frequently asked questions
Testing levels
Contents:
Level 1
The product has to score at least 50% in the tests on this level to pass it.
Tests
Autorun12
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect applications with its DLL – PASSED; test was able to infect at least one application with its DLL – FAILED.
Description: Autorun12 checks whether a malicious program can infect other applications by changing a registry entry that contains a list of DLLs loaded to the most of the applications that starts in the system.
Autorun3
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun3 checks whether a malicious program can make its code persistent in the system by installing itself into the system registry so that Windows Explorer runs it every time a user logs in.
Autorun9
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun9 checks whether a malicious program can make its code persistent in the system by changing the default system application that initiates the users' environment after login.
Coat
Test type: Leak-test
Techniques: in-process data substitution, direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Coat checks whether the tested product identifies the trusted processes properly. Test attempts to change its identification to look like Internet Explorer and send data to Internet server.
FileDel2
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileDel2 checks whether a malicious program can delete files and directories of the tested product using a special system call.
Kill1
Test type: Self-defense test
Techniques: remote process manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill1 checks whether the tested product protects its processes against termination. If it fails this test, it is likely that it does not implement self-defense mechanisms at all.
Kill2
Test type: Self-defense test
Techniques: remote thread manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill2 checks whether the tested product protects threads of its processes against termination.
Leaktest
Test type: Leak-test
Techniques: direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Leaktest checks whether the tested product filters outbound TCP traffic.
Tooleaky
Test type: Leak-test
Techniques: trusted process manipulation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Tooleaky checks whether a malicious program can launch malicious instances of Internet Explorer.
Yalta
Test type: Leak-test
Techniques: direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Yalta checks whether the tested product filters outbound UDP traffic.
Result table
In the following table 
represents the 100% result and 
represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's
score on this level and whether it passed this level or not.
| Product | I. Autorun9 | I. Kill1 | I. Tooleaky | – – | Score | Result | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| II. Autorun3 | II. FileDel2 | II. Leaktest | – – | |||||||||||
| III. Autorun12 | III. Coat | III. Kill2 | III. Yalta | |||||||||||
| III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | - | - | |||
| avast! IS | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | – | – | 80% | PASSED |
| AVG IS | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 30% | FAILED |
| Avira IS | 0 | 0 | 0 | 100 | 100 | 0 | 0 | 100 | 0 | 100 | – | – | 40% | FAILED |
| Bitdefender TS | 0 | 0 | 100 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | – | – | 60% | PASSED |
| BullGuard IS | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 30% | FAILED |
| CIS Premium | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| Dr.Web SS | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | – | – | 80% | PASSED |
| ESET SS | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | – | – | 90% | PASSED |
| FortKnox PF | 100 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | – | – | 50% | PASSED |
| F-Secure IS | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 30% | FAILED |
| G Data TS | 0 | 0 | 100 | 100 | 0 | 100 | 0 | 100 | 0 | 100 | – | – | 50% | PASSED |
| Jetico v2 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | – | – | 90% | PASSED |
| Kaspersky IS | 100 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | – | – | 70% | PASSED |
| McAfee TP | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 30% | FAILED |
| Norman | 100 | 100 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 50% | PASSED |
| Norton IS | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 70% | PASSED |
| Outpost SS Pro | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| Panda GP | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 30% | FAILED |
| PC Tools IS | 100 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 60% | PASSED |
| Privatefirewall | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| Rising IS | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | – | – | 30% | FAILED |
| TrustPort TP | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | – | – | 50% | PASSED |
| Webroot SAC | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | – | – | 50% | PASSED |
| ZoneAlarm ES | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | – | – | 90% | PASSED |
Levels
- Level 1 – Autorun12, Autorun3, Autorun9, Coat, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Yalta
- Level 2 – Autorun15, Autorun31, Autorun7, ECHOtest, FileWri1, Jumper, Kill4, Schedtest, Suspend1, Wallbreaker4
- Level 3 – Autorun10, Autorun4, AWFT4, ECHOtest2, FileDel1, HostsBlock, Keylog3, Kill6, RegDel1, Suspend2
- Level 4 – Autorun19, Autorun20, Autorun37, Crash1, FileMov1, Keylog4, Kill9, ProxyTest, SSS2, VBStest
- Level 5 – Autorun24, Autorun26, Autorun29, CopyCat, Crash2, DDEexec, FileWri2, Keylog7, RegSet1, Schedtest2
- Level 6 – Autorun25, Autorun28, Autorun36, Breakout1, Crash3, FileWri3, FireHole2, Inject2, Keylog5, SSS3
- Level 7 – Autorun17, Autorun23, Autorun41, Crash4, FileCtl1, FireHole, Keylog6, Kill8, RegDel2, Svckill
- Level 8 – Autorun38, Autorun5, Autorun8, Crash5, DDEtest, FileDel3, Flank, NewClass, Runner2, SSS4
- Level 9 – Autorun34, Autorun43, CPILSuite2, Crash6, DNStester, FileMov2, FileRep1, Keylog1, Kill12, Schedtest3
- Level 10 – Autorun39, Autorun44, Cliplog, FileOpn2, Inject1, Keylog2, Kill3e, OSfwbypass, RegAcc1, SockSnif
- Level 11 – Autorun40, Autorun42, BITStest, FileAcc1, FileRep2, Kill3f, Kill5, Screenlog, Schedtest4, WFPblock