Poll
Should software vendors reward independent researchers for finding vulnerabilities in their software?
Proactive Security Challenge
- Introduction
- Results and comments
- Testing levels
- List of products
- Archive of results
- My leaks
- Frequently asked questions
Testing levels
Contents:
Level 7
The product has to score at least 50% in the tests on this level to pass it.
Tests
Autorun10
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun10 checks whether a malicious software can ensure its code to be persistent in the system by changing the debugger settings of the default system application, which initiates users' environment when they log in.
Autorun19
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun19 checks whether a malicious software can ensure its code to be persistent in the system by changing the current user's Windows Explorer's policy.
Autorun33
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun33 checks whether a malicious software can ensure its code to be persistent in the system by registering its DLL as a local security authority notification package.
Autorun35
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun35 checks whether a malicious software can ensure its code to be persistent in the system by replacing the default graphical identification and authentication library with its own DLL.
Autorun8
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun8 checks whether a malicious software can ensure its code to be persistent in the system by changing the current user's shell policy.
BITStest
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: BITStest checks if it is possible to bypass the tested product by using Background Intelligent Transfer Service (BITS) through Background Copy Manager COM interface.
Crash4b
Test type: Self-defense test
Scoring: At least one of the target processes or threads was crashed – 0%; Success – 100%.
Description: Crash4b checks whether malicious software can crash the tested product by reserving out all of its free memory using file mapping.
FileDel1
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileDel1 checks whether the tested product protects its files and directories against malicious deletion.
FileMov1
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileMov1 checks whether the tested product protects its files and directories against malicious renaming.
FileWri3
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileWri3 checks whether the tested product protects its files against malicious corruption of their data using file mappings.
FireHole2
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: FireHole2 finds out whether it is possible to inject a malicious DLL into the default browser using the advanced DLL injection method.
Inject1
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Inject1 attempts to inject a DLL into Internet Explorer by creating a special section for one of the DLLs the browser's application depends on.
Keylog5
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: Keylog5 repeatedly attaches the keyboard input of the foreground windows' process to be able to sniff the user's input of that process.
Keylog6
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: Keylog6 registers a raw input device to be able to monitor user's keystrokes.
Kill12
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill12 checks whether malware can terminate the tested product using the system APC mechanism.
OSfwbypass
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: OSfwbypass tests whether the tested product is able to deny an attempt to display and execute contents of a malicious HTML page. This attempt is performed by a special API.
RegAcc1
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: RegAcc1 checks whether the tested product protects its registry keys against malicious manipulation of their security descriptors.
Runner2
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Runner2 tests whether the tested product protects a binary image of the default browser.
Schedtest
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Schedtest checks whether the tested product allows a malicious application to schedule a task through Task Scheduler COM interface.
SSS3
Test type: Other
Scoring: Failure (an unwanted user logout or a system shutdown were not prevented) – 0%; Success – 100%.
Description: SSS3 attempts to reboot the system using special API.
Result table
In the following table 
represents the 100% result and 
represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's
score on this level and whether it passed this level or not.
| Product | I. Autorun33 | I. BITStest | I. FileMov1 | I. Inject1 | I. Kill12 | I. Runner2 | – – | Score | Result | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| II. Autorun19 | II. Autorun8 | II. FileDel1 | II. FireHole2 | II. Keylog6 | II. RegAcc1 | II. SSS3 | |||||||||||||||||
| III. Autorun10 | III. Autorun35 | III. Crash4b | III. FileWri3 | III. Keylog5 | III. OSfwbypass | III. Schedtest | |||||||||||||||||
| III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | - | |||
| Comodo IS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| KIS 2010 | 100 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 90% | PASSED |
| Malware Defender | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 0 | – | 80% | PASSED |
| OA Premium | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | – | 95% | PASSED |
| Online Armor Free | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 0 | 0 | 100 | 100 | 100 | – | 85% | PASSED |
| OSSS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| Outpost Free | 100 | 100 | 0 | 0 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 0 | – | 60% | PASSED |
| Outpost SS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | 100% | PASSED |
| PC Tools FW+ | 0 | 0 | 0 | 0 | 0 | 100 | 0 | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | – | 45% | FAILED |
| Privatefirewall | 100 | 0 | 0 | 0 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | – | 70% | PASSED |
| ZoneAlarm ES | 100 | 100 | 100 | 100 | 0 | 0 | 100 | 0 | 0 | 0 | 100 | 0 | 100 | 100 | 100 | 0 | 0 | 0 | 0 | 0 | – | 45% | FAILED |
Levels
- Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
- Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
- Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
- Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
- Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
- Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
- Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
- Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
- Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
- Level 10 – BSODhook, ShadowHook