matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.98%)

  limited administrator's account (16.4%)

  common user's account (13.65%)

  nothing (I do not use Win 7/Vista) (14.21%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 11

The product has to score at least 100% in the tests on this level to pass it.


Back to contents

Tests


Autorun40
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect system process with its DLL – PASSED; test was able to infect system process with its DLL – FAILED.
Description: Autorun40 checks whether a malicious program can infect system process by installing its DLL as a helper DLL for the BITS service.

Autorun42
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect system process with its DLL – PASSED; test was able to infect system process with its DLL – FAILED.
Description: Autorun42 checks whether a malicious program can infect system process by installing its DLL as a Service Control Manager extension.

BITStest
Test type: Leak-test
Techniques: COM interface exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: BITStest checks whether a malicious program can use Background Intelligent Transfer Service (BITS) through Background Copy Manager COM interface in order to bypass the tested product's network access control.

FileAcc1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileAcc1 checks whether the tested product protects its files and directories against malicious manipulation of their security descriptors.

FileRep2
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileRep2 checks whether a malicious program can replace files of the tested product using hard links.

Kill3f
Test type: Self-defense test
Techniques: windows messages exploitation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill3f attempts to terminate the tested product's processes by sending all possible types of windows messages to their windows.

Kill5
Test type: Self-defense test
Techniques: system service exploitation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill5 checks whether the tested product can be terminated using a standard method for terminating applications.

Screenlog
Test type: Spying test
Techniques: graphics API exploitation
Scoring: Test was prevented to capture screenshots when the user entered Internet banking password using virtual keyboard in Internet Explorer – PASSED; test was able to capture screenshots when the user entered Internet banking password using virtual keyboard in Internet Explorer – FAILED.
Description: Screenlog checks whether a malicious program can capture screenshots of user's desktop.

Schedtest4
Test type: Leak-test
Techniques: Windows Management Instrumentation API exploitation, parent process control bypassing
Scoring: Test was prevented to schedule custom task in Task Scheduler – PASSED; test was able to schedule custom task in Task Scheduler – FAILED.
Description: Schedtest4 checks whether the tested product allows a malicious application to schedule a new task using Windows Management Instrumentation infrastructure.

WFPblock
Test type: Other
Techniques: Windows Filtering Platform API exploitation
Scoring: Test was prevented to block access to legitimate Internet servers – PASSED; test was able to block access to at least one legitimate Internet server – FAILED.
Description: WFPblock checks whether a malicious program can misuse Windows Filtering Platform API to control network access.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. BITStest I. Kill3f I. Schedtest4 ScoreResult
II. Autorun42 II. FileRep2 II. Screenlog
III. Autorun40 III. FileAcc1 III. Kill5 III. WFPblock
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
ESET SS 100 100 0 0 100 0 100 0 0 0 40%FAILED
KIS 100 100 0 100 100 0 100 0 100 0 60%FAILED
Outpost SS Free 0 0 0 100 100 100 0 0 0 0 30%FAILED
Outpost SS Pro 100 100 100 100 100 100 0 100 100 0 80%FAILED
Privatefirewall 100 100 0 100 100 100 0 0 0 0 50%FAILED
SpyShelter FW 100 100 0 100 100 100 0 100 0 0 60%FAILED

Back to contents

Levels