matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.98%)

  limited administrator's account (16.4%)

  common user's account (13.65%)

  nothing (I do not use Win 7/Vista) (14.21%)

more

results

Proactive Security Challenge 64

Testing levels

Contents:


Back to contents

Level 9

The product has to score at least 50% in the tests on this level to pass it.


Back to contents

Tests


Autorun34
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect system process with its DLL – PASSED; test was able to infect system process with its DLL – FAILED.
Description: Autorun34 checks whether a malicious program can infect a core system process by registering its DLL as a local security authority security package.

Autorun43
Test type: Autorun test
Techniques: registry location exploitation, DLL injection
Scoring: Test was prevented to infect system process with its DLL – PASSED; test was able to infect system process with its DLL – FAILED.
Description: Autorun43 checks whether a malicious program can infect system process by installing its DLL as a local security authority extension.

CPILSuite2
Test type: Leak-test
Techniques: windows/event hooking exploitation, DLL injection, parent process control bypassing
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: CPILSuite2 finds out whether it is possible to inject a malicious DLL into Windows Explorer using the events hook mechanism and use its context to send data to Internet server.

Crash6
Test type: Self-defense test
Techniques: remote process handles manipulation
Scoring: No target process or thread was terminated or damaged – PASSED; at least one of the target processes or threads was terminated or damaged – FAILED.
Description: Crash6 checks whether malicious program can crash the tested product by flooding its handle table remotely.

DNStester
Test type: Leak-test
Techniques: indirect network access
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: DNStester tries to determine whether the tested product filters DNS queries from untrusted processes.

FileMov2
Test type: Self-defense test
Techniques: registry location exploitation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileMov2 checks whether a malicious program can rename files and directories of the tested product using a special feature of the system Session Manager.

FileRep1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileRep1 checks whether a malicious program can replace files of the tested product.

Keylog1
Test type: Spying test
Techniques: keyboard API exploitation
Scoring: Test was prevented to log user's keystrokes – PASSED; test was able to log user's keystrokes – FAILED.
Description: Keylog1 repeatedly tries to get the current status of key codes and thus obtain the information about keys pressed by the user.

Kill12
Test type: Self-defense test
Techniques: remote thread manipulation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill12 checks whether a malicious program can terminate the tested product's processes using the system APC mechanism.

Schedtest3
Test type: Leak-test
Techniques: COM interface exploitation, parent process control bypassing
Scoring: Test was prevented to schedule custom task in Task Scheduler – PASSED; test was able to schedule custom task in Task Scheduler – FAILED.
Description: Schedtest3 checks whether the tested product allows a malicious application to schedule a new task using Task Scheduler 2.0 interface.


Back to contents

Result table

In the following table 100 represents the 100% result and 0 represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's score on this level and whether it passed this level or not.


 
Product I. CPILSuite2 I. FileMov2 I. Kill12 ScoreResult
II. Autorun43 II. DNStester II. Keylog1
III. Autorun34 III. Crash6 III. FileRep1 III. Schedtest3
III. II. I. III. II. I. III. II. I. III. - -
Comodo IS 100 100 100 100 100 100 100 100 100 100 100%PASSED
ESET SS 100 100 0 0 0 100 100 0 100 0 50%PASSED
Jetico v2 100 0 0 100 0 100 100 0 100 0 50%PASSED
KIS 100 100 100 100 0 100 100 100 100 0 80%PASSED
Outpost SS Free 100 0 100 0 0 100 100 100 100 0 60%PASSED
Outpost SS Pro 100 100 100 100 0 100 100 100 100 0 80%PASSED
Privatefirewall 100 100 100 100 0 100 100 100 100 0 80%PASSED
SpyShelter FW 100 100 100 100 100 100 100 100 100 0 90%PASSED
VirusBuster ISS 100 0 100 100 0 100 100 100 100 0 70%PASSED

Back to contents

Levels