Läcktest

[JoWa]

Jag har utfört läcktest av några brandväggs- och/eller HIPS-program, för att se vilka sårbarheter de har. Som testprogram har jag använt Comodo Leaktest 1.1.0.3, som omfattar 34 test:

1. RootkitInstallation: MissingDriverLoad

What does it do ? Tries to find a driver entry in the registry that does not have the corresponding file on the disk and puts itself as the missing file.

What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges.

2. RootkitInstallation: LoadAndCallImage

What does it do ? Tries to use a device driver loading API, that is commonly, almost always, used by rootkit developers.

What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges.

3. RootkitInstallation: DriverSupersede

What does it do ? Tries to overwrite an already existing driver on the disk and load itself as a device driver.

What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges.

4. RootkitInstallation: ChangeDrvPath

What does it do ? Tries to change the path of an already existing driver by using service control manager.

What is the risk ? A malicious device driver loaded can be as dangerous as it can be due to the fact that it acts as a part of the operating system with the maximum privileges

5. Invasion: Runner

What does it do ? Tries to modify the default browser on the disk and connect to the internet.

What is the risk ? This is a common infection method that can evade firewalls that do not check the integrity of the applications.

6. Invasion: RawDisk

What does it do ? Tries to access the disk directly and modify its contents.

What is the risk ? This is a common infection method that could open many holes including boot sector infection and device driver loading.

7. Invasion: PhysicalMemory

What does it do ? Tries to access the physical memory directly and modify its contents.

What is the risk ? Accessing the physical memory directly creates many security holes by bypassing standard protection enforced by the operating system.

8. Invasion: FileDrop

What does it do ? Tries to drop itself to system32 directory.

What is the risk ? If the virus can drop itself into the system32 folder, it can easily infect one of the critical files in it too.

9. Invasion: DebugControl

What does it do ? Tries to access the physical memory directly and modify its contents.

What is the risk ? Accessing the physical memory directly creates many security holes by bypassing standard protection enforced by the operating system.

10. Injection: SetWinEventHook

What does it do ? Tries to inject the malicious DLL using a windows accessibility API, SetWineventHook.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

11. Injection: SetWindowsHookEx

What does it do ? Tries to inject the malicious DLL using a common windows API, SetWindowsHookEx.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

12. Injection: SetThreadContext

What does it do ? Tries to inject the malicious DLL by using a slightly different method from ProcessInject.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

13. Injection: Services

What does it do ? Tries to modify “Services” key in registry in order to have itself launched as a service.

What is the risk ? The malware is going to have itself automatically started with windows. The key can be used to install a rootkit or boot driver that can be used to takeover the operating system.

14. Injection: ProcessInject

What does it do ? Tries to inject the malicious DLL using one of the most common methods malware writers use.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

15. Injection: KnownDlls

What does it do ? Being one of the most difficult to detect infection technique, it tries to modify an operating system object in memory to make itself loaded into the trusted processes.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

16. Injection: DupHandles

What does it do ? Tries to access the memory of another process by stealing the handles from a trusted process which already has it.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

17. Injection: CreateRemoteThread

What does it do ? Tries to inject the malicious DLL by using a slightly different method from ProcessInject.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process.

18. Injection: APC dll injection

What does it do ? Tries to inject the malicious DLL by using a slightly different method from ProcessInject.

What is the risk ? A DLL/Code injected into another process acts as the part of the process it is loaded and has the same privileges. Malware commonly exploit this method to present itself as a trusted process

19. Injection: AdvancedProcessTermination

What does it do ? Tries to terminate a process by using debugging APIs.

What is the risk ? A process can be terminated in an unexpected manner.

20. InfoSend: ICMP Test

What does it do ? Tries send the information to the Internet by ICMP protocol.

What is the risk ? If a firewall does not filter ICMP protocol, it can miss the Trojans that transmit data using ICMP protocol.

21. InfoSend: DNS Test

What does it do ? Tries send the information to the Internet by using Windows DNS APIs.

What is the risk ? Windows DNS APIs use trusted processes to make DNS queries causing firewalls to miss the actual process behind these requests.

22. Impersonation: OLE automation

What does it do ? Tries to start MS Internet Explorer then attempts to control this instance using OLE automation to transfer information to the Internet server.

What is the risk ? Firewalls can be bypassed and malicious files can be downloaded

23. Impersonation: ExplorerAsParent

What does it do ? Tries use explorer.exe to connect to the Internet.

What is the risk ? Firewalls may miss the real applications behind the internet connection requests.

24. Impersonation: DDE

What does it do ? Tries to use Direct Data Exchange (DDE) to control IE's behavior and transfer data to the Internet server

What is the risk ? Firewalls can be bypassed and malicious files can be downloaded from the trusted browser process.

25. Impersonation: Coat

What does it do ? Tries use rename itself as the default browser in memory and connect to the Internet.

What is the risk ? Firewalls may think the actual process behind the Internet connection request is the trusted browser.

26. Impersonation: BITS

What does it do ? Tries use Windows Background Intelligent Transfer(BITS) service to connect to the Internet.

What is the risk ? Firewalls can be bypassed and malicious files can be downloaded by using the trusted windows services.

27. Hijacking: WinlogonNotify

What does it do ? Tries to modify “WinlogonNotify” key in registry in order to have itself launched with the logon process.

What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted operating system processes.

28. Hijacking: Userinit

What does it do ? Tries to modify “Userinit” key in registry in order to take the place of userinit.exe, the process responsible for initialization of the user data after the logon.

What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for, increases the chance of malware survival.

29. Hijacking: UIHost

What does it do ? Tries to modify “UIHost” key in registry in order to take the place of logonui.exe, the process executed before the logon.

What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for, increases the chance of malware survival.

30. Hijacking: SupersedeServiceDll

What does it do ? Tries to modify “ServiceDll” key in registry in order to have itself launched with the trusted operating system process svchost.exe.

What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted operating system processes.

31. Hijacking: StartupPrograms

What does it do ? Tries to modify “StartupPrograms” key in registry in order to have itself launched when the windows starts.

What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival.

32. Hijacking: ChangeDebuggerPath

What does it do ? Tries to modify “Debugger” key in registry in order to have itself launched when a program crashes.

What is the risk ? The malware is going to have itself automatically started every time a program crashes. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted processes.

33. Hijacking: AppinitDlls

What does it do ? Tries to modify “AppInitDlls” key in registry in order to have itself injected into every process.

What is the risk ? The malware is going to have itself automatically started every time a program starts. The fact that this key is not a common startup key that an average diagnostics utility would look for increases the chance of malware survival. This key is also used to inject a DLL into the trusted processes

34. Hijacking: ActiveDesktop

What does it do ? Tries to change the windows active desktop wallpaper.

What is the risk ? An embedded HTML file can allow transmitting the data by using the trusted process explorer.exe and can be used to steal confidential information.

Testet har utförts på Windows XP SP3 med alla uppdateringar. Administratörskonto har använts, men också kombinationen begränsad användare + Windowsbrandväggen har testats. Alla program har varit konfigurerade för maximal säkerhet, eller jag har åtminstone försökt konfigurera dem så, men jag är inte expert på alla program.

Full poäng (340/340) kan man rimligen endast vänta sig att ett program med både brandvägg och HIPS.

Edited November 1, 2009 by JoWa

[JoWa]

Här är resultatet av läcktestet:

Comodo Internet Security 5.0.162636.1135

340/340

Sårbart: —

Outpost Security Suite Free 7.0.4 (3416.520.1244)

340/340

Sårbart: —

Online Armor Free 4.5.1.431

Med Run Safer: 340/340

Sårbart: —

Utan Run Safer: 330/340

Sårbart:

8. Invasion: FileDrop Vulnerable

Outpost Firewall Pro 7.0.2 (3377.514.1238)

340/340

Sårbart: —

DefenseWall Peronal Firewall 3.09

330/340

Sårbart:

8. Invasion: FileDrop Vulnerable

Netchina System Security and Safety (S3)

330/340 (valde Untrust i första varningen)

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

320/340 (genom att spärra varje aktivitet)

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

13. Injection: Services Vulnerable

Outpost Firewall Free 2009 (6.51)

320/340

Sårbart:

8. Invasion: FileDrop Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

Outpost Security Suite Pro 2009 (6.7.1)

320/340

Sårbart:

8. Invasion: FileDrop Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

Kaspersky Internet Security 2010 (9.0.0.736)

320/340

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

15. Injection: KnownDlls Vulnerable

Malware Defender 2.4.3

310/340

Sårbart:

6. Invasion: RawDisk Vulnerable

26. Impersonation: BITS Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Kör som, ”Skydda min dator och mina filer från otillåtna programfunktioner”

310/340

Sårbart:

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

21. InfoSend: DNS Test Vulnerable

DefenseWall 2.56

300/340

Sårbart:

8. Invasion: FileDrop Vulnerable

21. InfoSend: DNS Test Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

25. Impersonation: Coat Vulnerable

Privatefirewall 7.0.22.8

290/340

Sårbart:

6. Invasion: RawDisk Vulnerable

15. Injection: KnownDlls Vulnerable

26. Impersonation: BITS Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

Begränsat användarkonto + Windowsbrandväggen

250/340

Sårbart:

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

21. InfoSend: DNS Test Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Jetico Personal Firewall 2.1.0.6

240/340 (konfiguration: Optimal Protection)

Sårbart:

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

15. Injection: KnownDlls Vulnerable

22. Impersonation: OLE automation Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

ZoneAlarm Pro 9.1.008.000

240/340

Sårbart:

8. Invasion: FileDrop Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

PC Tools Firewall Plus 7.0.0.77 Beta 3

230/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

15. Injection: KnownDlls Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

ZoneAlarm Internet Security Suite 9.1.008.000

230/340

Sårbart:

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

8. Invasion: FileDrop Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

F-Secure Internet Security 2010

230/340

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

F-Secure Internet Security 2011 beta (9.20.15330.0)

230/340

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Lavasoft Personal Firewall 3.0.2293

200/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

PC Tools Firewall Plus 6.0.0.74

190/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

13. Injection: Services Vulnerable

15. Injection: KnownDlls Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

Rising Internet Security 2009 (21.66.31)

180/340

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

CA Personal Firewall 11.0.0.576

170/340

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

13. Injection: Services Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

25. Impersonation: Coat Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

GesWall 2.9 Freeware

170/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

15. Injection: KnownDlls Vulnerable

21. InfoSend: DNS Test Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Rising Antivirus Free Edition 2009 (21.65.32)

160/340

Sårbart:

4. RootkitInstallation: ChangeDrvPath Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

21. InfoSend: DNS Test Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

3D EQSecure 4.2 Professional

150/340

Sårbart:

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

21. InfoSend: DNS Test Vulnerable

22. Impersonation: OLE automation Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

DriveSentry ProtectionPLUS 1.0.0.5

110/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

21. InfoSend: DNS Test Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

29. Hijacking: UIHost Protected

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

AVS Firewall 2.1.2.241

100/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

5. Invasion: Runner Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

FortKnox Personal Firewall 5.0.905.0

100/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

Safe’n’Sec 3.5.1.7

100/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

21. InfoSend: DNS Test Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Sunbelt Personal Firewall 4.6

100/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Avira Premium Security Suite 9.0.0.381

90/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

15. Injection: KnownDlls Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Spyware Terminator 2.6.4.165

80/340

Sårbart:

3. RootkitInstallation: DriverSupersede Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

21. InfoSend: DNS Test Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Trend Micro Internet Security Pro 17.0.1305

70/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

BullGuard Internet Security 8.7

60/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

FortiClient 4.1

60/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Eset Smart Security 4.0.314

60/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

ZoneAlarm Free Firewall 9.1.007.002

60/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Norton Internet Security 2011, 18.1.0.37

60/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Ashampoo FireWall Free 1.2

50/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

5. Invasion: Runner Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

24. Impersonation: DDE Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

AVG Internet Security 9.0.697

40/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Panda Internet Security 2010 (15.01.00)

40/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Ashampoo FireWall Pro 1.14

40/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

avast! Internet Security 5.0.396

30/340

Sårbart:

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

5. Invasion: Runner Vulnerable

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

22. Impersonation: OLE automation Vulnerable

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Edited January 8, 2011 by JoWa

[JoWa]

Och som ”komplement” till mitt lilla test (), senaste Proactive Security Challenge.

[aok]

öööö.. försöker ladda nerprogramet via länken Comodo Leaktest.. så stoppar mitt antivirus detta och säger "win32 trojan downloader" !?!? va e det frågan om?

[JoWa]

Falsklarm. Bör rapporteras till AV-utgivaren.

[Mickilina]

Vad ska man tänka om det här:

COMODO Leaktests v.1.1.0.3

Date 18:34:18 - 2009-10-10

OS Windows XP SP3 build 2600

1. RootkitInstallation: MissingDriverLoad Protected

2. RootkitInstallation: LoadAndCallImage Vulnerable

3. RootkitInstallation: DriverSupersede Vulnerable

4. RootkitInstallation: ChangeDrvPath Vulnerable

5. Invasion: Runner Protected

6. Invasion: RawDisk Vulnerable

7. Invasion: PhysicalMemory Vulnerable

8. Invasion: FileDrop Vulnerable

9. Invasion: DebugControl Vulnerable

10. Injection: SetWinEventHook Vulnerable

11. Injection: SetWindowsHookEx Vulnerable

12. Injection: SetThreadContext Vulnerable

13. Injection: Services Vulnerable

14. Injection: ProcessInject Vulnerable

15. Injection: KnownDlls Vulnerable

16. Injection: DupHandles Vulnerable

17. Injection: CreateRemoteThread Vulnerable

18. Injection: APC dll injection Vulnerable

19. Injection: AdvancedProcessTermination Vulnerable

20. InfoSend: ICMP Test Protected

21. InfoSend: DNS Test Vulnerable

22. Impersonation: OLE automation Protected

23. Impersonation: ExplorerAsParent Vulnerable

24. Impersonation: DDE Vulnerable

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Vulnerable

27. Hijacking: WinlogonNotify Vulnerable

28. Hijacking: Userinit Vulnerable

29. Hijacking: UIHost Vulnerable

30. Hijacking: SupersedeServiceDll Vulnerable

31. Hijacking: StartupPrograms Vulnerable

32. Hijacking: ChangeDebuggerPath Vulnerable

33. Hijacking: AppinitDlls Vulnerable

34. Hijacking: ActiveDesktop Vulnerable

Score 40/340

[JoWa]

Gå till:

Brandvägg, Avancerat, Nätverkspolicy. Ta bort CLT.exe.

Systemskydd, Avancerat, Datorsäkerhetspolicy. Ta bort CLT.exe.

Byt konfiguration till Proactive Security, enklast genom att högerklicka på CIS-ikonen i meddelandefältet, Konfiguration, COMODO - Proactive Security

Och avslå allt, utom då explorer.exe försöker att starta CLT.exe, förstås, annars blir det inget test.

[Mickilina]

Gå till:

Brandvägg, Avancerat, Nätverkspolicy. Ta bort CLT.exe.

Systemskydd, Avancerat, Datorsäkerhetspolicy. Ta bort CLT.exe.

Byt konfiguration till Proactive Security, enklast genom att högerklicka på CIS-ikonen i meddelandefältet, Konfiguration, COMODO - Proactive Security

Och avslå allt, utom då explorer.exe försöker att starta CLT.exe, förstås, annars blir det inget test.

Jag?

[JoWa]

Ja, om du vill ha maximal säkerhet och bästa resultat.

[Mickilina]

Ja, om du vill ha maximal säkerhet och bästa resultat.

Var bara osäker om du menade mig med tidigare inlägg

[OlleBull]

En gång i tiden fanns bara ZoneAlarm och MC Affe och precis som med öl och läsk fanns bara pilsner och sockerdricka. Idag överöses man av skyddsprogram och likaså när man går in i en ICA-butik, öl och dricka i mängder.

Jag vet inte om det är bara jag som är trött på detta eviga säkerhetstänkande. Det vore väl på tiden att Microsoft som nu har konstruerat ett så bra och lovordat OS som Windows 7 ska vara också tog tag i säkerheten. Finns något som heter Windows Security Essentials och jag har tittat på det i Windows 7, men blir inte klokare för det.

Är det meningen att vi måste testa och kolla alla dessa säkerhetsprogram, när vi köpt en ny dator, är det inte på tiden att vi kunde lita på Microsofts nya säkerhetsprogram och lägga allt onödigt kollande åt sidan och använda våra datorer till det dom är till för och veta att det här nya programmet Windows Security Essentials skyddar mot ohyran och att vi inte behöver några extra brandväggar. Det finns ju redan i Windows, vad är det till för annars?

Edited October 10, 2009 by OlleBull

[e-son]

Jag vet inte om det är bara jag som är trött på detta eviga säkerhetstänkande. Det vore väl på tiden att Microsoft som nu har konstruerat ett så bra och lovordat OS som Windows 7 ska vara också tog tag i säkerheten. Finns något som heter Windows Security Essentials och jag har tittat på det i Windows 7, men blir inte klokare för det.

Är det meningen att vi måste testa och kolla alla dessa säkerhetsprogram, när vi köpt en ny dator, är det inte på tiden att vi kunde lita på Microsofts nya säkerhetsprogram och lägga allt onödigt kollande åt sidan och använda våra datorer till det dom är till för och veta att det här nya programmet Windows Security Essentials skyddar mot ohyran och att vi inte behöver några extra brandväggar. Det finns ju redan i Windows, vad är det till för annars?

Måste hålla med dig i sak... men om Microsoft (eller någon annan) lyckades ta fram ett heltäckande och idiotsäkert system, skulle den miljardindustri som säkerhetsföretagen utgör, utan tvekan gå i putten. Något som storkapitalet inte kan tillåta! Så länge det finns pengar att tjäna, kommer man att fortsätta blåsa oss!

[JoWa]

Så länge det finns pengar att tjäna, kommer man att fortsätta blåsa oss!

Både mitt lilla test, och det jag länkade till, visar glädjande nog att man kan få den starkaste proaktiva säkerheten utan att bli blåst på några stålar alls.

[Mickilina]

Nu ser det mycket vettigare ut, tack JoWa för tipset, hur man gör:

COMODO Leaktests v.1.1.0.3

Date 19:36:03 - 2009-10-10

OS Windows XP SP3 build 2600

1. RootkitInstallation: MissingDriverLoad Protected

2. RootkitInstallation: LoadAndCallImage Protected

3. RootkitInstallation: DriverSupersede Protected

4. RootkitInstallation: ChangeDrvPath Protected

5. Invasion: Runner Protected

6. Invasion: RawDisk Protected

7. Invasion: PhysicalMemory Protected

8. Invasion: FileDrop Protected

9. Invasion: DebugControl Protected

10. Injection: SetWinEventHook Protected

11. Injection: SetWindowsHookEx Protected

12. Injection: SetThreadContext Protected

13. Injection: Services Protected

14. Injection: ProcessInject Protected

15. Injection: KnownDlls Protected

16. Injection: DupHandles Protected

17. Injection: CreateRemoteThread Protected

18. Injection: APC dll injection Protected

19. Injection: AdvancedProcessTermination Protected

20. InfoSend: ICMP Test Protected

21. InfoSend: DNS Test Protected

22. Impersonation: OLE automation Protected

23. Impersonation: ExplorerAsParent Protected

24. Impersonation: DDE Protected

25. Impersonation: Coat Vulnerable

26. Impersonation: BITS Protected

27. Hijacking: WinlogonNotify Protected

28. Hijacking: Userinit Protected

29. Hijacking: UIHost Protected

30. Hijacking: SupersedeServiceDll Protected

31. Hijacking: StartupPrograms Protected

32. Hijacking: ChangeDebuggerPath Protected

33. Hijacking: AppinitDlls Protected

34. Hijacking: ActiveDesktop Protected

Score 330/340

© COMODO 2008

[e-son]

Både mitt lilla test, och det jag länkade till, visar glädjande nog att man kan få den starkaste proaktiva säkerheten utan att bli blåst på några stålar alls.

Mjo... egentligen är det inte det minsta svårt. Behövs egentligen bara ett script som säger... "Tillåt INGENTING, som jag inte utryckligen har godkänt"...! Sen måste jag ju tillstå att jag är allt för okunnig för att fixa detta i praktiken. Men jag är övertygad om att det går...!

[JoWa]

Det svåra är nog att göra det rimligt lättanvänt och inte orimligt störande, utan att kompromissa med säkerheten.

[e-son]

Det svåra är nog att göra det rimligt lättanvänt och inte orimligt störande, utan att kompromissa med säkerheten.

Jo så är det helt säkert. Jag sätter en slant på "whitelisting"... det enda rätta enligt mitt förmenande!

[JoWa]

Vitlista och digitala signaturer. En svartlista är ett bra komplement…

[e-son]

En svartlista är ett bra komplement…

...därom tvista de lärde...!

Personligen tycker jag vi kan förpassa svartlistan till HOSTS...

[JoWa]

Att ha en svartlista (virusdefinitioner) för program som är kända som skadliga gör det lättare för användaren att avgöra om ett program skall tillåtas att exekvera och/eller få tillgång till olika delar av systemet eller inte. En kombination av proaktivt och reaktivt skydd, och jag anser att det förra är det primära, och det senare det kompletterande (det är ju alltid bristfälligt).

[JoWa]

Har nu också testat F-Secure Internet Security 2010 (resultatlistan uppdaterad): 220/330. Vet inte varför inte alla 34 testen kördes. Försökte att konfigurera så proaktivt som möjligt. Brandväggen var inställd på Blockera allt. DeepGuard ställde en fråga, och fattade sedan sina egna beslut, verkar det som.

Coat.dll detekterades som Trojan.Generic.2478252

[JoWa]

Hm, då det inte går att ignorera en virusvarning i F-Secure, fick jag inaktivera realtidsskanning. Sedan kunde hela testet köras: 230/340.

[si3rra]

öööö.. försöker ladda nerprogramet via länken Comodo Leaktest.. så stoppar mitt antivirus detta och säger "win32 trojan downloader" !?!? va e det frågan om?

Blockeras även av AVG.

Potentially harmful program Logger.FRZ

[Nicklas]

JoWa du som har vanan inne skulle du kunna tänka dig att köra ett test av ESET Smart Security också? Det finns att hämta 30 dagars test gratis på deras hemsida. Har hört att brandväggen inte ska vara så bra men kör med det ändå för att jag tycker det är så användarvänligt och inbillar mig att det duger som komplement till mitt sunda förnuft.

[si3rra]

Saknar lite info i denna tråd om hur testet utfördes.

Men antar att det utfördes (med säkerhetspaketen), då med avstängd Windows brandvägg, hur skulle det se ut med Windows Firewall på samt, en 3dje parts brandvägg?

borde inte de flesta få ett högre betyg då, för det är väl denna konfiguration som är vanligast?