matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.96%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.24%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 3

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun10
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun10 checks whether a malicious program can make its code persistent in the system by changing the debugger settings of the default system application, which initiates users' environment after login.

Autorun4
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun4 checks whether a malicious program can make its code persistent in the system by installing itself into the system registry so that Windows Explorer runs it every time a user logs in.

AWFT4
Test type: Leak-test
Techniques: code injection, remote thread creation, parent process control bypassing
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: AWFT4 checks whether a malicious program can infect Windows Explorer with its code that spawns and manipulate Internet Explorer in order to access the Internet.

ECHOtest2
Test type: Leak-test
Techniques: direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: ECHOtest2 finds out whether the tested product filters ICMP traffic.

FileDel1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileDel1 checks whether a malicious program can delete files and directories of the tested product.

HostsBlock
Test type: Other
Techniques: file/directory manipulation
Scoring: Test was prevented to block access to legitimate Internet servers in HOSTS file – PASSED; test was able to block access to at least one legitimate Internet server in HOSTS file – FAILED.
Description: HostsBlock checks whether the tested product protects the system HOSTS file against malicious manipulation.

Keylog3
Test type: Spying test
Techniques: windows/event hooking exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog3 uses a documented windows hook mechanism to install a low level keyboard input monitor callback to the system.

Kill6
Test type: Self-defense test
Techniques: system object manipulation, remote process manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill6 checks whether a malicious program can attach to the tested product's processes as a debugger.

RegDel1
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegDel1 checks whether a malicious program can delete the tested product's registry keys and values.

Suspend2
Test type: Self-defense test
Techniques: remote process manipulation, remote thread manipulation
Scoring: No process or thread of the tested product was suspended or damaged – PASSED; at least one of the tested product's processes or threads was suspended or damaged – FAILED.
Description: Suspend2 checks whether a malicious program can suspend the tested product's processes.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. AWFT4 I. HostsBlock I. RegDel1 ScoreResult
II. Autorun4 II. FileDel1 II. Kill6
III. Autorun10 III. ECHOtest2 III. Keylog3 III. Suspend2
III. II. I. III. II. I. III. II. I. III. - -
Bitdefender TS 100 0 0 100 0 100 0 100 0 100 50%PASSED
BullGuard IS 0 100 100 0 0 0 0 100 0 100 40%FAILED
Comodo IS 100 100 100 0 100 100 100 100 100 100 90%PASSED
Dr.Web SS 100 100 0 0 100 100 0 100 0 100 60%PASSED
eScan ISS 100 100 100 0 0 100 0 0 0 0 40%FAILED
ESET SS 100 100 100 100 100 100 0 100 100 100 90%PASSED
Jetico v2 100 100 100 0 100 100 0 100 0 100 70%PASSED
KIS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Outpost SS Free 100 100 100 100 100 100 100 0 0 0 70%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 100 100 100%PASSED
Privatefirewall 100 100 100 100 100 100 100 100 100 100 100%PASSED
SpyShelter FW 100 100 100 100 100 100 100 100 100 100 100%PASSED
Total Defense IS 100 100 100 0 0 100 0 0 0 100 50%PASSED
VirusBuster ISS 100 100 100 100 100 100 100 100 0 100 90%PASSED
Webroot SA ISC 0 100 0 0 100 100 100 100 100 100 70%PASSED
ZoneAlarm ES 100 100 100 100 0 100 0 100 0 100 70%PASSED
ZoneAlarm Free AF 100 100 100 100 0 100 0 100 0 100 70%PASSED

Back to contents

Levels