matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.96%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.24%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 8

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun38
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun38 checks whether a malicious program can make its code persistent in the system by installing itself as a host process for a DLL that implements one of the Control panel's objects.

Autorun5
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun5 checks whether a malicious program can make its code persistent in the system by installing itself into the system registry so that it is started every time an executable binary is started.

Autorun8
Test type: Autorun test
Techniques: registry location exploitation
Scoring: Test was prevented to survive the reboot – PASSED; test was able to survive the reboot – FAILED.
Description: Autorun8 checks whether a malicious program can make its code persistent in the system by changing the current user's shell policy.

Crash5
Test type: Self-defense test
Techniques: remote process handles manipulation
Scoring: No target process or thread was terminated or damaged – PASSED; at least one of the target processes or threads was terminated or damaged – FAILED.
Description: Crash5 checks whether a malicious program can crash the tested product by closing all its handles remotely.

DDEtest
Test type: Leak-test
Techniques: DDE exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: DDEtest checks whether the tested product protects Internet Explorer from being manipulated by a malicious application via DDE protocol.

FileDel3
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileDel3 checks whether a malicious program can delete files and directories of the tested product using a special file opening flag.

Flank
Test type: Leak-test
Techniques: COM interface exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Flank checks whether the tested product protects Internet Explorer against manipulation performed through Web Browser COM interface.

NewClass
Test type: Leak-test
Techniques: registry location exploitation, parent process control bypassing
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: NewClass checks whether a malicious program can misuse the system COM objects mechanisms to bypass protection of the tested product.

Runner2
Test type: Leak-test
Techniques: file/directory manipulation, direct network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Runner2 tests whether the tested product protects Internet Explorer's binary images.

SSS4
Test type: Leak-test
Techniques: system service exploitation
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: SSS4 waits for a system shutdown and then it checks whether the tested product protects your system when the system shutdown is in progress.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. Autorun8 I. FileDel3 I. Runner2 ScoreResult
II. Autorun5 II. DDEtest II. NewClass
III. Autorun38 III. Crash5 III. Flank III. SSS4
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
ESET SS 100 100 100 0 0 100 0 100 100 100 70%PASSED
Jetico v2 100 100 100 100 100 100 100 100 0 100 90%PASSED
KIS 100 100 100 100 0 100 0 100 100 100 80%PASSED
Outpost SS Free 0 100 100 0 100 100 0 100 100 100 70%PASSED
Outpost SS Pro 100 100 100 100 100 100 100 100 100 100 100%PASSED
Privatefirewall 100 100 100 100 100 100 0 100 100 100 90%PASSED
SpyShelter FW 100 100 100 100 100 100 0 100 100 0 80%PASSED
VirusBuster ISS 0 100 100 100 100 100 0 100 100 100 80%PASSED

Back to contents

Levels