Poll
Should software vendors reward independent researchers for finding vulnerabilities in their software?
Proactive Security Challenge
- Introduction
- Results and comments
- Testing levels
- List of products
- Archive of results
- My leaks
- Frequently asked questions
Testing levels
Contents:
Level 2
The product has to score at least 50% in the tests on this level to pass it.
Tests
Autorun12
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun12 checks whether a malicious software can ensure its code to be persistent in the system by changing a registry entry that contains a list of DLLs loaded to the most of the started applications in the system.
Autorun2
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun2 checks whether a malicious software can ensure its code to be persistent in the system by installing itself into the system registry so that Windows Explorer runs the malware next time the user logs in.
Autorun20
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun20 checks whether a malicious software can ensure its code to be persistent in the system by installing its DLL as a Windows Explorer's task.
Autorun30
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun30 checks whether a malicious software can ensure its code to be persistent in the system by copying itself into the system startup folder.
AWFT1
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: AWFT1 checks whether the tested product allows an untrusted process to launch and modify the default browser in memory.
DNStest
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: DNStest finds out whether the tested product can distinguish between a clean Service Host process and an infected Service Host process.
FileMov2
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileMov2 checks whether the tested product protects its files and directories against malicious renaming using a special feature of the system Session Manager.
Ghost
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Ghost tests whether the tested product implements parent process checking properly.
HostsBlock
Test type: Other
Scoring: Failure – 0%; Success – 100%.
Description: HostsBlock checks whether the tested product protect the system HOSTS file against malicious manipulation.
Jumper
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Jumper checks whether the tested product protects Internet Explorer's settings.
Kill3
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill3 checks whether the tested product can be terminated by an untrusted process through sending it a shutdown message.
Kill3b
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill3b is almost the same as Kill3, it only uses a different technique to send the message.
Kill6
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill6 tests whether the tested product allows to attach a debugger into its processes.
RegDel1
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: RegDel1 checks whether the tested product protects its registry keys and values against malicious deletion.
Wallbreaker3
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Wallbreaker3 finds out whether the tested product controls launching malicious instance of Windows Explorer through the system console shell.
Wallbreaker4
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Wallbreaker4 checks if it is possible to bypass the tested product using the system AT command. This command can be used to schedule a task that creates a malicious instance of the Internet browser.
Result table
In the following table 
represents the 100% result and 
represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's
score on this level and whether it passed this level or not.
| Product | I. Autorun20 | I. DNStest | I. HostsBlock | I. Kill3b | I. Wallbreaker3 | – – | Score | Result | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| II. Autorun2 | II. AWFT1 | II. Ghost | II. Kill3 | II. RegDel1 | – – | |||||||||||||||
| III. Autorun12 | III. Autorun30 | III. FileMov2 | III. Jumper | III. Kill6 | III. Wallbreaker4 | |||||||||||||||
| III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | - | - | |||
| BitDefender | 0 | 0 | 0 | 0 | 100 | 100 | 0 | 100 | 0 | 0 | 100 | 100 | 100 | 0 | 100 | 100 | – | – | 50% | PASSED |
| CA ISS | 100 | 100 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 0 | 0 | 0 | 0 | 0 | 100 | 100 | – | – | 56% | PASSED |
| Comodo IS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| F-Secure | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 0 | 0 | 0 | 100 | 0 | 0 | – | – | 44% | FAILED |
| Jetico v2 | 100 | 100 | 0 | 0 | 100 | 100 | 0 | 100 | 0 | 0 | 100 | 100 | 100 | 0 | 100 | 0 | – | – | 56% | PASSED |
| KIS 2010 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | – | – | 88% | PASSED |
| Malware Defender | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 94% | PASSED |
| Norton IS | 100 | 0 | 0 | 0 | 100 | 100 | 0 | 100 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 63% | PASSED |
| OA Premium | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 94% | PASSED |
| Online Armor Free | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 94% | PASSED |
| OSSS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| Outpost Free | 100 | 100 | 100 | 0 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | – | – | 81% | PASSED |
| Outpost SS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| PC Tools FW+ | 0 | 0 | 0 | 0 | 100 | 100 | 0 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | – | – | 56% | PASSED |
| Privatefirewall | 100 | 0 | 100 | 0 | 100 | 100 | 0 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | – | – | 69% | PASSED |
| Trend Micro IS Pro | 100 | 100 | 0 | 0 | 100 | 0 | 0 | 100 | 100 | 100 | 0 | 0 | 0 | 0 | 0 | 100 | – | – | 44% | FAILED |
| ZoneAlarm ES | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 0 | 100 | 100 | 0 | 0 | 100 | 0 | 0 | 0 | – | – | 56% | PASSED |
| ZoneAlarm Free | N/A | N/A | N/A | N/A | 0 | 0 | N/A | 0 | N/A | 0 | 100 | 100 | 100 | N/A | 0 | 0 | – | – | 33% | FAILED |
Levels
- Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
- Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
- Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
- Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
- Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
- Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
- Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
- Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
- Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
- Level 10 – BSODhook, ShadowHook