matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.98%)

  limited administrator's account (16.4%)

  common user's account (13.65%)

  nothing (I do not use Win 7/Vista) (14.21%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 2

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun15
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun15 checks whether a malicious program can make its code persistent in the system by installing itself into the system registry so that it is started every time a user logs in.

Autorun31
Test type: Autorun test
Techniques: disk location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun31 checks whether a malicious program can make its code persistent in the system by copying itself into startup folders.

Autorun7
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun7 checks whether a malicious program can make its code persistent in the system by installing itself as the default shell instead of Windows Explorer.

ECHOtest
Test type: Leak-test
Techniques: direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: ECHOtest finds out whether the tested product filters ICMP traffic.

FileWri1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileWri1 checks whether a malicious program can corrupt files of the tested product.

Jumper
Test type: Leak-test
Techniques: registry location exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Jumper checks whether the tested product protects Internet Explorer's settings that can be misused by malware.

Kill4
Test type: Self-defense test
Techniques: remote thread creation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill4 checks whether a malicious program can create threads in the tested product's processes.

Schedtest
Test type: Leak-test
Techniques: COM interface exploitation, parent process control bypassing
Scoring: Test was prevented to schedule custom task in Task Scheduler – PASSED; test was able to schedule custom task in Task Scheduler – FAILED.
Description: Schedtest checks whether the tested product allows a malicious application to schedule a new task using Task Scheduler COM interface.

Suspend1
Test type: Self-defense test
Techniques: remote thread manipulation
Scoring: No process or thread of the tested product was suspended or damaged – PASSED; at least one of the tested product's processes or threads was suspended or damaged – FAILED.
Description: Suspend1 checks whether a malicious program can suspend the tested product's threads.

Wallbreaker4
Test type: Leak-test
Techniques: trusted process manipulation, parent process control bypassing
Scoring: Test was prevented to schedule custom task in Task Scheduler – PASSED; test was able to schedule custom task in Task Scheduler – FAILED.
Description: Wallbreaker4 checks whether the tested product allows a malicious application to schedule a new task using the system SCHTASKS program.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun7 I. Jumper I. Suspend1 ScoreResult
II. Autorun31 II. FileWri1 II. Schedtest
III. Autorun15 III. ECHOtest III. Kill4 III. Wallbreaker4
III. II. I. III. II. I. III. II. I. III. - -
avast! IS 0 0 0 0 100 0 100 0 100 0 30%FAILED
AVG IS 0 0 0 100 0 0 100 0 100 0 30%FAILED
Avira IS 0 0 100 100 0 0 0 0 100 0 30%FAILED
Bitdefender TS 100 0 100 100 0 0 100 0 100 0 50%PASSED
BullGuard IS 100 100 100 0 0 100 100 0 100 0 60%PASSED
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Dr.Web SS 100 100 100 100 100 0 100 0 100 0 70%PASSED
eScan ISS 100 0 100 0 0 100 0 100 0 100 50%PASSED
ESET SS 100 0 100 100 100 0 100 100 0 100 70%PASSED
F-Secure SAFE IS 0 0 100 100 0 0 0 0 0 0 20%FAILED
Jetico v2 100 0 100 0 100 100 100 0 100 0 60%PASSED
KIS 100 100 100 100 100 100 100 100 100 100 100%PASSED
K7 TS 100 0 100 100 0 100 0 0 0 0 40%FAILED
Norton IS 0 0 0 100 0 0 100 0 100 0 30%FAILED
Outpost SS Free 100 100 100 100 100 0 100 100 100 100 90%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 100 100 100%PASSED
PC Tools IS 0 0 0 100 0 0 0 0 0 0 10%FAILED
Privatefirewall 100 100 100 100 100 100 100 100 100 100 100%PASSED
SpyShelter FW 100 100 100 100 100 100 100 100 100 100 100%PASSED
ThreatFire 0 0 0 0 0 0 0 0 0 0 0%FAILED
Total Defense IS 100 0 0 0 0 100 100 100 100 100 60%PASSED
TrustPort TP 0 0 0 0 0 100 100 100 100 0 40%FAILED
VirusBuster ISS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Webroot SA ISC 100 0 100 0 100 0 100 0 100 0 50%PASSED
ZoneAlarm ES 100 0 100 100 0 0 100 0 100 100 60%PASSED
ZoneAlarm Free AF 100 0 100 100 0 0 100 0 100 100 60%PASSED

Back to contents

Levels