matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (58.03%)

  limited administrator's account (16.51%)

  common user's account (13.67%)

  nothing (I do not use Win 7/Vista) (14.07%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 1

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun12
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect applications with its DLL – PASSED; test was able to infect at least one application with its DLL – FAILED.
Description: Autorun12 checks whether a malicious program can infect other applications by changing a registry entry that contains a list of DLLs loaded to the most of the applications that starts in the system.

Autorun3
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun3 checks whether a malicious program can make its code persistent in the system by installing itself into the system registry so that Windows Explorer runs it every time a user logs in.

Autorun9
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun9 checks whether a malicious program can make its code persistent in the system by changing the default system application that initiates the users' environment after login.

Coat
Test type: Leak-test
Techniques: in-process data substitution, direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Coat checks whether the tested product identifies the trusted processes properly. Test attempts to change its identification to look like Internet Explorer and send data to Internet server.

FileDel2
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileDel2 checks whether a malicious program can delete files and directories of the tested product using a special system call.

Kill1
Test type: Self-defense test
Techniques: remote process manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill1 checks whether the tested product protects its processes against termination. If it fails this test, it is likely that it does not implement self-defense mechanisms at all.

Kill2
Test type: Self-defense test
Techniques: remote thread manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill2 checks whether the tested product protects threads of its processes against termination.

Leaktest
Test type: Leak-test
Techniques: direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Leaktest checks whether the tested product filters outbound TCP traffic.

Tooleaky
Test type: Leak-test
Techniques: trusted process manipulation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Tooleaky checks whether a malicious program can launch malicious instances of Internet Explorer.

Yalta
Test type: Leak-test
Techniques: direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Yalta checks whether the tested product filters outbound UDP traffic.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun9 I. Kill1 I. Tooleaky ScoreResult
II. Autorun3 II. FileDel2 II. Leaktest
III. Autorun12 III. Coat III. Kill2 III. Yalta
III. II. I. III. II. I. III. II. I. III. - -
Ad-Aware TS 0 0 0 100 0 0 0 100 0 100 30%FAILED
AhnLab V3 IS 0 0 0 0 100 0 0 100 0 0 20%FAILED
Arcabit IS 100 100 100 0 0 0 0 100 0 0 40%FAILED
avast! IS 0 0 0 100 100 100 100 100 0 100 60%PASSED
AVG IS 0 0 0 100 0 100 100 100 0 100 50%PASSED
Avira IS 0 0 100 100 100 100 100 100 0 100 70%PASSED
Bitdefender TS 100 100 100 100 0 100 100 100 0 100 80%PASSED
BullGuard IS 0 100 100 100 0 100 100 100 100 100 80%PASSED
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Dr.Web SS 100 100 100 100 100 100 100 100 0 100 90%PASSED
eScan ISS 100 100 100 100 0 0 0 100 100 0 60%PASSED
ESET SS 100 100 100 100 100 100 0 100 100 100 90%PASSED
FortKnox PFW 100 0 0 100 0 0 0 100 0 100 40%FAILED
F-Secure SAFE IS 0 0 0 100 0 100 100 100 0 100 50%PASSED
G Data TP 0 0 100 100 0 0 0 100 0 100 40%FAILED
Jetico v2 100 100 100 100 100 100 100 100 100 0 90%PASSED
KIS 100 100 100 100 100 100 100 100 100 100 100%PASSED
K7 TS 0 100 100 100 0 100 0 100 0 100 60%PASSED
McAfee TP 0 0 0 100 0 0 0 100 0 100 30%FAILED
Norman SS PRO 0 100 0 100 0 0 0 100 0 100 40%FAILED
Norton IS 0 0 0 100 100 100 100 100 100 100 70%PASSED
Outpost SS Free 100 100 100 100 100 100 100 100 100 100 100%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 100 100 100%PASSED
Panda GP 0 0 0 0 100 0 0 0 0 0 10%FAILED
PC Tools IS 100 100 100 100 0 0 0 100 0 100 60%PASSED
Privatefirewall 100 100 100 100 100 100 100 100 100 100 100%PASSED
Rising PF 0 0 0 100 0 0 0 100 0 100 30%FAILED
SpyShelter FW 100 100 100 100 100 100 100 100 100 100 100%PASSED
ThreatFire 100 100 100 100 0 0 0 100 100 0 60%PASSED
Total Defense IS 100 100 100 100 0 100 100 100 100 0 80%PASSED
TrustPort TP 0 0 0 100 0 100 100 100 0 100 50%PASSED
UnThreat IS 0 0 0 100 0 0 0 100 0 100 30%FAILED
VIPRE IS 0 0 0 100 0 0 0 100 0 0 20%FAILED
VirusBuster ISS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Webroot SA ISC 100 100 100 100 100 100 100 100 0 100 90%PASSED
Zillya! IS 0 0 0 100 0 0 0 100 0 0 20%FAILED
ZoneAlarm ES 100 100 100 100 0 100 100 100 100 100 90%PASSED
ZoneAlarm Free AF 100 100 100 100 0 100 100 100 100 100 90%PASSED

Back to contents

Levels