Poll
Should software vendors reward independent researchers for finding vulnerabilities in their software?
Proactive Security Challenge
- Introduction
- Results and comments
- Testing levels
- List of products
- Archive of results
- My leaks
- Frequently asked questions
Testing levels
Contents:
Level 4
The product has to score at least 50% in the tests on this level to pass it.
Tests
Autorun14
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun14 checks whether a malicious software can ensure its code to be persistent in the system by installing itself into the system registry so that the malware is started every time the current user logs in.
Autorun17
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun17 checks whether a malicious software can ensure its code to be persistent in the system by changing the current user's registry settings of the Command Processor.
Autorun26
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun26 checks whether a malicious software can ensure its code to be persistent in the system by installing its DLL as a shell's hooking library.
Autorun36
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun36 checks whether a malicious software can ensure its code to be persistent in the system by changing the current user's screen saver settings.
Autorun37
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun37 checks whether a malicious software can ensure its code to be persistent in the system by installing itself as an application started early during the system boot process.
Autorun6
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun6 checks whether a malicious software can ensure its code to be persistent in the system by installing itself as the system wide default shell instead of Windows Explorer.
Autorun9
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun9 checks whether a malicious software can ensure its code to be persistent in the system by changing the default system application that initiates the users' environment when they log in.
CopyCat
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: CopyCat tests whether the tested product is able to block attempts to manipulate a running instance of the default browser in memory.
CPIL
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: CPIL finds out whether it is possible to bypass the tested product by infecting Windows Explorer with a malicious code that spawns a malicious copy of Internet Explorer.
CPILSuite1
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: CPILSuite1 checks whether the tested product protects a physical memory image from being accessed by malicious user mode applications.
FileRep2
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileRep2 checks whether the tested product protects its files against malicious replacing with hard links.
Inject2
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Inject2 attempts to inject a DLL into Internet Explorer by creating the DLL in the browser's installation directory with a name of one of the system DLLs it depends on.
Inject3
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Inject3 attempts to inject a DLL into Internet Explorer by changing the environment variable and creating the DLL with a name of one of the system DLLs the browser depends on.
Kernel1b
Test type: System integrity test
Scoring: Driver is loaded - 0%; Driver is not loaded - 100%.
Description: Kernel1b checks whether malicious software can load driver to the operating system kernel if it does not touch the registry value "ImagePath", which is usually protected in order to prevent loading the drivers.
Keylog1
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: Keylog1 repeatedly tries to get the current status of key codes and thus obtain the information about keys pressed by the user.
Kill3e
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill3e checks whether the tested product can be terminated by an
untrusted process through sending it a shutdown message.
Kill8
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill8 tests whether the tested product protects its processes against termination from within the critical system processes.
Kill9
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill9 tests whether the tested product protects itself against misuse of job objects.
SSS
Test type: Other
Scoring: Failure (an unwanted user logout or a system shutdown were not prevented) – 0%; Success – 100%.
Description: SSS attempts to log out currently logged on user.
Suspend2
Test type: Self-defense test
Scoring: At least one of the target processes or threads was suspended – 0%; Success – 100%.
Description: Suspend2 checks whether the tested product protects its processes from being suspended.
Result table
In the following table 
represents the 100% result and 
represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's
score on this level and whether it passed this level or not.
| Product | I. Autorun26 | I. Autorun6 | I. CPIL | I. Inject2 | I. Keylog1 | I. Kill9 | – – | Score | Result | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| II. Autorun17 | II. Autorun37 | II. CopyCat | II. FileRep2 | II. Kernel1b | II. Kill8 | II. Suspend2 | |||||||||||||||||
| III. Autorun14 | III. Autorun36 | III. Autorun9 | III. CPILSuite1 | III. Inject3 | III. Kill3e | III. SSS | |||||||||||||||||
| III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | - | |||
| BitDefender | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | – | 45% | FAILED |
| Comodo IS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| Jetico v2 | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | – | 45% | FAILED |
| KIS 2010 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | – | 80% | PASSED |
| Malware Defender | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| Norton IS | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | – | 55% | PASSED |
| OA Premium | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| Online Armor Free | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| OSSS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| Outpost Free | 100 | 0 | 100 | 100 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | – | 80% | PASSED |
| Outpost SS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| PC Tools FW+ | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 55% | PASSED |
| Privatefirewall | 100 | 0 | 100 | 100 | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | – | 65% | PASSED |
| ZoneAlarm ES | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | – | 90% | PASSED |
Levels
- Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
- Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
- Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
- Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
- Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
- Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
- Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
- Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
- Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
- Level 10 – BSODhook, ShadowHook