matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.98%)

  limited administrator's account (16.4%)

  common user's account (13.65%)

  nothing (I do not use Win 7/Vista) (14.21%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 7

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun17
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun17 checks whether a malicious program can make its code persistent in the system by changing registry settings of the Command Processor.

Autorun23
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect applications with its DLL – PASSED; test was able to infect at least one application with its DLL – FAILED.
Description: Autorun23 checks whether a malicious program can infect various system processes with its DLL by replacing WinSock2 catalog entry of one of the DLLs that this service depends on.

Autorun41
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect system processes with its DLL – PASSED; test was able to infect at least one system process with its DLL – FAILED.
Description: Autorun41 checks whether a malicious program can infect system processes by installing its DLL as an RPC extension.

Crash4
Test type: Self-defense test
Techniques: remote process memory manipulation
Scoring: No target process or thread was terminated or damaged – PASSED; at least one of the target processes or threads was terminated or damaged – FAILED.
Description: Crash4 checks whether a malicious program can crash the tested product by reserving out all of its free memory.

FileCtl1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileCtl1 checks whether a malicious program can erase the tested product's files using a special file system control.

FireHole
Test type: Leak-test
Techniques: windows/event hooking exploitation, DLL injection
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: FireHole checks whether it is possible to inject a malicious DLL into the Internet Explorer using windows hook mechanism.

Keylog6
Test type: Spying test
Techniques: keyboard API exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog6 registers a raw input device to be able to monitor user's keystrokes.

Kill8
Test type: Self-defense test
Techniques: code injection, remote thread creation, trusted process manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill8 checks whether the tested product protects its processes against termination from within the critical system processes, or whether the critical system processes are prevented from being infected by malicious code.

RegDel2
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegDel2 checks whether a malicious program can delete the tested product's registry keys and values using a special registry restoring technique.

Svckill
Test type: Self-defense test
Techniques: system service exploitation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: Svckill checks whether a malicious program can manipulate the tested product's services and drivers.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun41 I. FireHole I. RegDel2 ScoreResult
II. Autorun23 II. FileCtl1 II. Kill8
III. Autorun17 III. Crash4 III. Keylog6 III. Svckill
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
ESET SS 100 100 100 100 100 0 0 100 100 0 70%PASSED
Jetico v2 100 100 0 100 100 0 0 100 0 100 60%PASSED
KIS 100 100 100 100 100 100 100 100 100 100 100%PASSED
Outpost SS Free 100 100 0 100 100 100 100 100 0 0 70%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 100 100 100%PASSED
Privatefirewall 100 100 100 100 100 100 100 100 100 0 90%PASSED
SpyShelter FW 100 100 100 100 100 100 100 100 100 100 100%PASSED
VirusBuster ISS 100 100 0 100 100 100 100 100 100 0 80%PASSED

Back to contents

Levels