matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.97%)

  limited administrator's account (16.4%)

  common user's account (13.65%)

  nothing (I do not use Win 7/Vista) (14.23%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 10

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun39
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun39 checks whether a malicious program can make its code persistent in the system by installing itself as a new Accessibility application.

Autorun44
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect system processes with its DLL – PASSED; test was able to infect at least one system process with its DLL – FAILED.
Description: Autorun44 checks whether a malicious program can infect system processes by installing its DLL as a new security provider.

Cliplog
Test type: Spying test
Techniques: windows clipboard API exploitation
Scoring: Test was prevented to grab user's password entered to Internet Explorer via system's clipboard – PASSED; test was able to grab user's password entered to Internet Explorer via system's clipboard – FAILED.
Description: Cliplog checks whether a malicious program can spy on user's data, especially user's passwords, transfered through system's clipboard.

FileOpn2
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileOpn2 checks whether a malicious program can corrupt files of the tested product using a special file opening flag.

Inject1
Test type: Leak-test
Techniques: system object manipulation, DLL injection
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Inject1 attempts to inject a DLL into Internet Explorer by creating a special section for one of the DLLs it depends on.

Keylog2
Test type: Spying test
Techniques: keyboard API exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog2 repeatedly tries to get the previous status of key codes and thus obtain the information about keys pressed by the user.

Kill3e
Test type: Self-defense test
Techniques: windows messages exploitation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill3e checks whether a malicious program can terminate the tested product's processes by sending all possible types of windows messages to them.

OSfwbypass
Test type: Leak-test
Techniques: COM interface exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: OSfwbypass checks whether the tested product is able to deny an attempt to display and execute contents of a malicious HTML page. This action is performed using a special API.

RegAcc1
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegAcc1 checks whether the tested product protects its registry keys against malicious manipulation of their security descriptors.

SockSnif
Test type: Spying test
Techniques: network API exploitation
Scoring: Test was prevented to capture network traffic – PASSED; test was able to capture inbound or outbound network traffic – FAILED.
Description: SockSnif checks whether a malicious program can act as a packet sniffer on a local network interface and thus capture the network traffic that goes through the given interface.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Cliplog I. Keylog2 I. RegAcc1 ScoreResult
II. Autorun44 II. Inject1 II. OSfwbypass
III. Autorun39 III. FileOpn2 III. Kill3e III. SockSnif
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 0 100 100 100 100 100 90%PASSED
ESET SS 100 100 0 100 0 0 0 0 100 100 50%PASSED
Jetico v2 0 0 0 100 0 0 0 100 0 100 30%FAILED
KIS 100 100 0 100 0 100 100 0 100 100 70%PASSED
Outpost SS Free 0 0 0 100 0 100 100 0 100 100 50%PASSED
Outpost SS Pro 100 100 0 100 0 100 100 100 100 100 80%PASSED
Privatefirewall 100 100 0 100 0 100 100 0 100 100 70%PASSED
SpyShelter FW 100 100 100 100 100 100 100 0 0 100 80%PASSED
VirusBuster ISS 0 0 0 100 0 100 100 0 0 100 40%FAILED

Back to contents

Levels