matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.96%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.24%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 5

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun24
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun24 checks whether a malicious program can make its code persistent in the system by replacing the path to Task Manager in the registry.

Autorun26
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect Windows Explorer with its DLL – PASSED; test was able infect Windows Explorer with its DLL – FAILED.
Description: Autorun26 checks whether a malicious program can infect Windows Explorer with its DLL by installing its DLL as a shell hooking library.

Autorun29
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun29 checks whether a malicious program can make its code persistent in the system by changing the system startup group policy scripts settings in the registry.

CopyCat
Test type: Leak-test
Techniques: code injection, remote thread manipulation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: CopyCat checks whether a malicious program can infect a running instance of Internet Explorer in memory and use it to send data to Internet server.

Crash2
Test type: Self-defense test
Techniques: remote process memory manipulation
Scoring: No target process or thread was terminated or damaged – PASSED; at least one of the target processes or threads was terminated or damaged – FAILED.
Description: Crash2 finds out whether the tested product can be crashed by invalidating its memory pages.

DDEexec
Test type: Leak-test
Techniques: registry location exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: DDEexec attempts to send data to Internet server by manipulating settings of handling HTTP protocol addresses.

FileWri2
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileWri2 checks whether a malicious program can corrupt files of the tested product by setting their end of file positions to zero offsets.

Keylog7
Test type: Spying test
Techniques: keyboard API exploitation, windows/event hooking exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog7 uses a DirectX library to receive the keyboard input to monitor user's keystrokes.

RegSet1
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegSet1 checks whether a malicious program can corrupt registry values of the tested product.

Schedtest2
Test type: Leak-test
Techniques: network management API exploitation, parent process control bypassing
Scoring: Test was prevented to schedule custom task in Task Scheduler – PASSED; test was able to schedule custom task in Task Scheduler – FAILED.
Description: Schedtest2 checks whether the tested product allows a malicious application to schedule a new task using Network Management Functions.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun29 I. DDEexec I. RegSet1 ScoreResult
II. Autorun26 II. Crash2 II. Keylog7
III. Autorun24 III. CopyCat III. FileWri2 III. Schedtest2
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
ESET SS 100 100 100 100 100 100 100 0 100 0 80%PASSED
Jetico v2 100 100 100 100 100 0 100 0 0 0 60%PASSED
KIS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Outpost SS Free 100 100 100 100 100 0 100 100 100 0 80%PASSED
Outpost SS Pro 100 100 100 100 100 0 100 100 100 0 80%PASSED
Privatefirewall 100 100 100 100 100 100 100 100 100 100 100%PASSED
SpyShelter FW 100 100 100 100 100 100 100 100 100 100 100%PASSED
Total Defense IS 100 100 0 100 100 0 0 100 0 0 50%PASSED
VirusBuster ISS 100 100 100 100 100 0 100 100 0 0 70%PASSED
ZoneAlarm ES 100 100 100 100 100 0 0 0 0 0 50%PASSED
ZoneAlarm Free AF 100 100 100 100 100 0 0 0 0 0 50%PASSED

Back to contents

Levels