matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.96%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.24%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 4

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun19
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun19 checks whether a malicious program can make its code persistent in the system by changing the Windows Explorer's policy.

Autorun20
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect Windows Explorer with its DLL – PASSED; test was able infect Windows Explorer with its DLL – FAILED.
Description: Autorun20 checks whether a malicious program can infect Windows Explorer with its DLL by installing its DLL as a Windows Explorer's task.

Autorun37
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun37 checks whether a malicious program can make its code persistent in the system by installing itself as an application started early during the system boot process.

Crash1
Test type: Self-defense test
Techniques: remote thread manipulation
Scoring: No target process or thread was terminated or damaged – PASSED; at least one of the target processes or threads was terminated or damaged – FAILED.
Description: Crash1 checks whether a malicious program can manipulate contexts of the tested product's threads.

FileMov1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileMov1 checks whether a malicious program can rename files and directories of the tested product.

Keylog4
Test type: Spying test
Techniques: windows/event hooking exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog4 uses a documented windows hook mechanism to install a hook procedure that records input messages posted to the system message queue.

Kill9
Test type: Self-defense test
Techniques: system object manipulation, remote process manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill9 checks whether a malicious program can misuse job objects to attack the tested product's processes.

ProxyTest
Test type: Spying test
Techniques: registry location exploitation
Scoring: Test was prevented to redirect Internet traffic to malicious proxy server – PASSED; test was able to redirect Internet traffic to malicious proxy server – FAILED.
Description: ProxyTest checks whether a malicious program can redirect Internet traffic to a malicious proxy server.

SSS2
Test type: Other
Techniques: system service exploitation
Scoring: Test was prevented to shutdown the system – PASSED; test was able to shutdown the system – FAILED.
Description: SSS2 checks whether a malicious program can shutdown the system.

VBStest
Test type: Leak-test
Techniques: trusted process manipulation, COM interface exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: VBStest checks whether a malicious program can bypass the protection of the tested product using the system Visual Basic script interpret.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun37 I. Keylog4 I. SSS2 ScoreResult
II. Autorun20 II. FileMov1 II. ProxyTest
III. Autorun19 III. Crash1 III. Kill9 III. VBStest
III. II. I. III. II. I. III. II. I. III. - -
Bitdefender TS 100 0 0 100 0 0 100 0 0 0 30%FAILED
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Dr.Web SS 100 0 0 100 100 0 100 0 0 0 40%FAILED
ESET SS 100 100 100 0 100 0 100 0 0 100 60%PASSED
Jetico v2 100 100 100 100 100 0 100 0 0 0 60%PASSED
KIS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Outpost SS Free 100 100 100 100 100 100 100 0 0 0 70%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 0 0 80%PASSED
Privatefirewall 100 100 100 100 100 100 100 100 100 100 100%PASSED
SpyShelter FW 100 100 100 100 100 100 100 0 0 100 80%PASSED
Total Defense IS 100 0 100 100 0 0 100 0 0 100 50%PASSED
VirusBuster ISS 100 100 100 100 0 100 100 0 0 0 60%PASSED
Webroot SA ISC 100 0 0 100 100 0 100 0 0 0 40%FAILED
ZoneAlarm ES 100 100 100 100 0 0 100 0 0 100 60%PASSED
ZoneAlarm Free AF 100 100 100 100 0 0 100 0 0 100 60%PASSED

Back to contents

Levels