matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.96%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.24%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 6

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun25
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect applications with its DLL – PASSED; test was able to infect at least one application with its DLL – FAILED.
Description: Autorun25 checks whether a malicious program can make its code persistent in the system by replacing the handler of HTML documents in the registry.

Autorun28
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun28 checks whether a malicious program can make its code persistent in the system by defining itself as a boot verification program.

Autorun36
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun36 checks whether a malicious program can make its code persistent in the system by changing the current user's screen saver settings.

Breakout1
Test type: Leak-test
Techniques: windows messages exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Breakout1 checks whether the tested product protects Internet Explorer from being manipulated by malicious program using windows messages.

Crash3
Test type: Self-defense test
Techniques: remote process memory manipulation
Scoring: No target process or thread was terminated or damaged – PASSED; at least one of the target processes or threads was terminated or damaged – FAILED.
Description: Crash3 checks whether a malicious program can rewrite memory of the tested product's processes.

FileWri3
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileWri3 checks whether a malicious program can corrupt files of the tested product using file mappings.

FireHole2
Test type: Leak-test
Techniques: remote thread creation, DLL injection
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: FireHole2 checks whether it is possible to inject a malicious DLL into the Internet Explorer using the advanced DLL injection method.

Inject2
Test type: Leak-test
Techniques: file/directory manipulation, binary planting, DLL injection
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Inject2 attempts to inject a DLL into Internet Explorer by creating the DLL in its installation directory with a name of one of the system DLLs it depends on.

Keylog5
Test type: Spying test
Techniques: keyboard API exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog5 repeatedly attaches the keyboard input of the foreground window process to be able to sniff on the user's input.

SSS3
Test type: Other
Techniques: system service exploitation
Scoring: Test was prevented to shutdown the system – PASSED; test was able to shutdown the system – FAILED.
Description: SSS3 checks whether a malicious program can shutdown the system using special API.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun36 I. FileWri3 I. Keylog5 ScoreResult
II. Autorun28 II. Crash3 II. Inject2
III. Autorun25 III. Breakout1 III. FireHole2 III. SSS3
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 100 100 100 100 100 0 90%PASSED
ESET SS 100 100 100 0 100 100 100 100 0 0 70%PASSED
Jetico v2 100 100 100 100 100 100 100 0 0 0 70%PASSED
KIS 100 100 100 100 100 100 100 100 100 0 90%PASSED
Outpost SS Free 100 100 100 100 100 100 100 100 100 0 90%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 100 0 90%PASSED
Privatefirewall 100 100 100 100 100 100 100 100 100 0 90%PASSED
SpyShelter FW 100 100 100 100 100 100 100 100 100 0 90%PASSED
Total Defense IS 0 100 100 0 100 0 100 0 0 0 40%FAILED
VirusBuster ISS 100 100 100 100 100 100 100 100 100 0 90%PASSED
ZoneAlarm ES 0 100 100 0 100 0 100 0 0 0 40%FAILED
ZoneAlarm Free AF 0 100 100 0 100 0 100 0 0 0 40%FAILED

Back to contents

Levels