Poll
On Windows 7 (or Vista) I use
Security Software Testing Suite
About the suite
Security Software Testing Suite (SSTS) is a set of tools used for testing Windows security software that implement application-based security – i.e. most of the Internet security suites, HIPS, personal firewalls, behavior blockers etc. SSTS is based on the idea of independent programs that attempt to bypass various features of the security software. Each test of SSTS is directed against a single feature or against a few closely connected features of the security software.
SSTS was used in our Proactive Security Challenge project. This project has been replaced with Proactive Security Challenge 64, in which SSTS64 is used instead of SSTS.
Changelog
- 2011-11-07: Security Software Testing Suite is no longer under development. A new product called Security Software Testing Suite 64 has been released.
- 2010-11-04: Minor bugfixes in improvements.
- 2010-09-25: Minor bugfixes in improvements.
- 2010-01-04: Major improvements and changes. Many new tests were implemented. The main focus was to cover the areas of Windows OS security that were not covered by previous versions. The suite now contains tests that check protection of disk files and folders, registry keys and values and various places in the system that can be used to create autorun entries and several new tests of different kind. Several bugfixes and changes were implemented. SSS, SSS2 and SSS3 were simplified and now check only the ability to perform unwanted reboot/user log out. The current number of the tests in the suite is 145. The suite is now supported by the SSTS Configurator tool that makes it easier to create the correct configuration file.
- 2009-05-20: Kill6 has been improved. Breakout1 has been updated to support Internet Explorer 8.
- 2009-04-23: Minor bugfixes in improvements.
- 2008-11-07: Thirteen new tests have been added to the suite, two tests have been removed, several tests have been improved, some changes have been done to the licence agreement. Kernel1 has been added to the Level 3; Kernel1b has been added to the Level 4; Kernel2, Kernel3 and Crash4 have been added to the Level 5; Kernel4, Crash5 and Crash6 have been added to the Level 6; FireHole2 and Kill12 have been added to the Level 7; Kernel4b and Kernel5 have been added to the Level 8; Crash7 has been added to the Level 9. PerfTCP and PerfUDP have been removed from the suite – mixing the performance and security tests turned out not to be a good idea. The current number of the tests in the suite is 81.
- 2008-06-18: The configuration file has been improved.
- 2008-05-23: All the termination tests have been improved. The new implementation is more reliable and easier to use.
- 2008-05-06: Three new tests have been added to the suite. PerfTCP and PerfUDP have been added to the Level 1, SockSnif to the Level 8.
- 2008-04-24: Seven new tests, namely Keylog1, Keylog2, Keylog3, Keylog4, Keylog5, Keylog6 and Keylog7, have been added.
- 2008-03-18: The first public version that contained 60 tests was released.
Download
Warning: This software is used for testing of security products and should never be used on production machines. Using this software may damage or erase your data. This software is provided "as is" and without warranty of any kind. More information about each test can be found in its source code file and in the shared source code files of the whole suite.
By using SSTS you agree with its licence that is included in the archive in licence.txt.
Download SSTS. The archive is password protected. The password is "ssts".
Contribution
If you are a security researcher, analyst or coder and you have an idea for a test, please share it with us. You can either send us just a description of your idea, a proof of concept or, ideally, a fully integrated test to the SSTS framework. We will analyse it and possibly include to the suite giving you a full credit for the new testing method. If you have such idea, please contact us.
System requirements
SSTS is designed for Windows XP Service Pack 3 with Internet Explorer 8. Various tests may be compatible with other Windows versions and browsers too, but the functionality is not guaranteed there.
Commercial or business related usage
SSTS is distributed free of charge for noncommercial private use only. For the full licence information, read licence.txt file of the SSTS archive. For using SSTS for commercial or business related purposes or for the purpose of creating content of a publicly accessible web site or for extensive or mass software testing, you have to buy a licence and can not use SSTS for free and/or distribute it on the web site. Please contact our sales department to get more information.