Poll
On Windows 7 (or Vista) I use
Proactive Security Challenge
- Introduction
- Results and comments
- Testing levels
- List of products
- Archive of results
- My leaks
- Frequently asked questions
Testing levels
Proactive Security Challenge has been replaced with Proactive Security Challenge 64!
Contents:

Level 6
The product has to score at least 50% in the tests on this level to pass it.

Tests
Autorun22
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun22 checks whether a malicious software can ensure its code to be persistent in the system by installing its DLL as current user's shell service object.
Autorun25
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun25 checks whether a malicious software can ensure its code to be persistent in the system by replacing the handler of HTML documents in the registry.
Autorun27
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun27 checks whether a malicious software can ensure its code to be persistent in the system by changing settings of system Winlogon service.
Autorun29
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun29 checks whether a malicious software can ensure its code to be persistent in the system by changing the system startup group policy scripts settings in the registry.
Autorun32
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun32 checks whether a malicious software can ensure its code to be persistent in the system by registering its DLL as a local security authority authentication package.
Autorun7
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun7 checks whether a malicious software can ensure its code to be persistent in the system by installing itself as the current user's default shell instead of Windows Explorer.
CPILSuite3
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: CPILSuite3 finds out whether it is possible to inject a malicious DLL into Windows Explorer using the events hook mechanism.
Crash5
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Crash5 checks whether malicious software can crash the tested product by closing all its handles remotely.
Crash6
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Crash6 checks whether malicious software can crash the tested product by flooding its handle table remotely.
DDEtest
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: DDEtest checks whether the tested product protects Internet Explorer from being manipulated by a malicious application via DDE protocol.
ECHOtest2
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: ECHOtest2 finds out whether the tested product filters ICMP traffic.
FileWri2
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileWri2 checks whether the tested product protects its files against malicious corruption of their data by setting their end of file positions to zero offsets.
FireHole
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: FireHole finds out whether it is possible to inject a malicious DLL into the default browser using windows hook mechanism.
Flank
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Flank tests whether the tested product protects Internet Explorer against manipulation performed through Web Browser COM interface.
Kernel4
Test type: System integrity test
Scoring: Driver is loaded - 0%; Driver is not loaded - 100%.
Description: Kernel4 checks whether it is possible to change information about existing driver so that a malicious driver is loaded instead after the reboot.
Keylog3
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: Keylog3 uses a documented windows hook mechanism to install a low level keyboard input monitor callback to the system.
Keylog4
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: Keylog4 uses a documented windows hook mechanism to install a hook procedure that records input messages posted to the system message queue.
Kill10
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill10 checks whether the tested product allows to inject a DLL into its processes using the windows hook mechanism.
Kill11
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill11 is similar to Kill10, it just uses the events hook mechanism.
Runner
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Runner tests if the tested product allows a malicious application to replace the default browser's executable and launch it. If the tested product fails the test, it means that it does not perform a proper identification of the trusted applications.

Result table
In the following table
represents the 100% result and
represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's
score on this level and whether it passed this level or not.
Product | I. Autorun27 | I. Autorun7 | I. Crash6 | I. FileWri2 | I. Kernel4 | I. Kill10 | – – | Score | Result | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
II. Autorun25 | II. Autorun32 | II. Crash5 | II. ECHOtest2 | II. Flank | II. Keylog4 | II. Runner | |||||||||||||||||
III. Autorun22 | III. Autorun29 | III. CPILSuite3 | III. DDEtest | III. FireHole | III. Keylog3 | III. Kill11 | |||||||||||||||||
III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | - | |||
BitDefender IS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
CIS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
Jetico v2 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
KIS 2012 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
Malware Defender | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | – | 90% | PASSED |
OSSS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
Outpost SS Free | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
Outpost SS Pro | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
PC Tools IS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 95% | PASSED |
Privatefirewall | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
ZoneAlarm ES | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 85% | PASSED |

Levels
- Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
- Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
- Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
- Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
- Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
- Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
- Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
- Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
- Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
- Level 10 – BSODhook, ShadowHook