Poll
Should software vendors reward independent researchers for finding vulnerabilities in their software?
Proactive Security Challenge
- Introduction
- Results and comments
- Testing levels
- List of products
- Archive of results
- My leaks
- Frequently asked questions
Testing levels
Contents:
Level 8
The product has to score at least 50% in the tests on this level to pass it.
Tests
Autorun11
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun11 checks whether a malicious software can ensure its code to be persistent in the system by changing the location of the crucial registry key.
Autorun13
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun13 checks whether a malicious software can ensure its code to be persistent in the system by installing a Winlogon's notification.
Autorun23
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun23 checks whether a malicious software can ensure its code to be persistent in the system by replacing one of the DLLs that WinSock2 service depends on.
Autorun34
Test type: Autorun test
Scoring: Failure – 0%; Success – 100%.
Description: Autorun34 checks whether a malicious software can ensure its code to be persistent in the system by registering its DLL as a local security authority security package.
FileDel3
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileDel3 checks whether the tested product protects its files and directories against malicious deletion using a special file opening flag.
FileOpn1
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileOpn1 checks whether the tested product protects its files against malicious corruption using a special file opening flag.
FileOpn2
Test type: Self-defense test
Scoring: At least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – 0%; Success – 100%.
Description: FileOpn2 checks whether the tested product protects its files against malicious corruption using a special file opening flag.
Kernel4b
Test type: System integrity test
Scoring: Driver is loaded - 0%; Driver is not loaded - 100%.
Description: Kernel4b checks whether it is possible to change information about existing driver so that a malicious driver is loaded instead after the reboot. The change itself is made using special registry API functions.
Kernel5
Test type: System integrity test
Scoring: Malicious code was executed in the kernel mode - 0%; Malicious code was not executed in the kernel mode - 100%.
Description: Kernel5 checks whether it is possible for malware to exploit the system debugging functions in order to execute code in the privileged kernel mode.
Kernel5b
Test type: System integrity test
Scoring: Malicious code was executed in the kernel mode - 0%; Malicious code was not executed in the kernel mode - 100%.
Description: Kernel5b attempst to inject its DLL into Print Spooler service and from within its context it tries to exploit the system debugging functions in order to execute code in the privileged kernel mode.
Keylog7
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: Keylog7 uses a DirectX method of receiving the keyboard input to monitor user's keystrokes.
Kill5
Test type: Self-defense test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill5 finds out whether the tested product can be terminated using a standard way to terminate application.
NewClass
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: NewClass checks whether the tested product deals with the OLE objects properly.
Schedtest2
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: Schedtest2 checks whether the tested product allows attempts to use the system scheduler to create a malicious instance of Internet Explorer.
SockSnif
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: SockSnif binds to a local network interface and enables promiscuous mode on it. This allows SockSnif to spy on all the network traffic that goes through the given interface.
SSS4
Test type: Leak-test
Scoring: Failure – 0%; Success – 100%.
Description: SSS4 waits for a system shutdown and then it checks whether the tested product protects your system until all untrusted applications are terminated.
Result table
In the following table 
represents the 100% result and 
represents the 0% result. Other values are displayed as rounded whole numbers. The last two columns summarize the product's
score on this level and whether it passed this level or not.
| Product | I. Autorun23 | I. FileOpn1 | I. Kernel5 | I. Kill5 | I. SockSnif | – – | Score | Result | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| II. Autorun13 | II. FileDel3 | II. Kernel4b | II. Keylog7 | II. Schedtest2 | – – | |||||||||||||||
| III. Autorun11 | III. Autorun34 | III. FileOpn2 | III. Kernel5b | III. NewClass | III. SSS4 | |||||||||||||||
| III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | II. | I. | III. | - | - | |||
| Comodo IS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| KIS 2010 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 0 | 100 | – | – | 81% | PASSED |
| Malware Defender | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 0 | 0 | 100 | – | – | 75% | PASSED |
| OA Premium | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| Online Armor Free | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 94% | PASSED |
| OSSS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 100% | PASSED |
| Outpost Free | 100 | 100 | 100 | 0 | 0 | 0 | 0 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 69% | PASSED |
| Outpost SS | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 94% | PASSED |
| Privatefirewall | 0 | 100 | 100 | 0 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | 100 | – | – | 88% | PASSED |
Levels
- Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
- Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
- Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
- Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
- Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
- Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
- Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
- Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
- Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
- Level 10 – BSODhook, ShadowHook