broe
March 11th, 2008, 07:40 PM
Does someone here know of an internet site or sites that have "dummy" Trojans, Backdoors, Keyloggers, Worms, Viruses, Spyware, Adware and/or Rootkits to test computer security programs?
I googled and found only (~25 sites/6 downloads):
"Test My Firewall" at http://www.testmyfirewall.com/,
"Jason's Toolbox" at http://www.jasons-toolbox.com/TestEmail/MailSent.asp,
"GFI Email Security Testing Zone" at http://www.gfi.com/emailsecuritytest/ (~15 tests)
Symantec Security Check at http://security.symantec.com/sscv6/d...d=ie&venid=sym
PC Security Test download at http://www.pc-st.com/us/index.htm (download.com review 3.5/5 rating)
Audit My PC Firewall, Anonymous, Popup Tests at http://www.auditmypc.com/firewall-test.asp
Shields Up at http://www.grc.com/x/ne.dll?rh1dkyd2 (Several tests.)
Browser Security Test at http://bcheck.scanit.be/bcheck/
Eicar anti-virus test at http://www.eicar.org/anti_virus_test_file.htm (2 yrs old, checks only if AV scanner is running)
Wi-Fi Security Test at http://www.jiwire.com/wifi-security-test.htm
McAfee HackerWatch at http://www.hackerwatch.org/probe/
GRC - Firewall Leak Test download at http://www.grc.com/lt/leaktest.htm
Comodo Online Test download and online at http://www.personalfirewall.comodo.com/onlinetest.html?currency=USD®ion=North%20America&country=US (two tests - any firewall)
MISEC Trojan simulator download at http://www.misec.net/trojansimulator/
Some of them actually work pretty well, but there must/should be others. Such online tests should get zillions of hits -> $$, IMHO. Perfect job for out-of-work hackers.
I'd pay for this service, seriously. There should be as many INDEPENDENT security testing sites as there are security programs. With frequent updates, for two reasons: malware constantly evolves, and the security programs would "update" their programs very quickly to catch the dummies... to improve their scores.
I want to KNOW if all these security programs that I have so diligently researched, installed, configured and updated, and updated, actually work? They offer "Tips" to maximize security efficacy. Not enough. I want tests. Real tests of my security software. Maybe I don't have my security configured properly. Maybe some programs are more efficient at picking up the latest malware. Maybe some are better at not reporting false positives. I want to determine the answers myself.
These tests could certainly be as up-to-date as security software, and possibly more up-to-date, if the "legitimate" hackers were quicker at getting out the "dummies" than the security programs were at getting out their malware blocking updates. It would keep the security programmers on their toes. That could only be a good thing.
And wouldn't it be a kick to make the screen light up and set off sirens and alarm bells when "dummy malware" is detected? That is, of course, if security software actually works.
Reliable, controlled testing of my defenses against an evolving external enemy that could potentially trash my computer, steal my identity, my money, and my personal documents is fundamental AND potentially lucrative. Surely, I am not be the first to see this.
Which leads me to this broader question: Is there a conspiracy to deter the public from testing security software? If so, there can only be one answer to, "Why?"
~~~~~~~~~~~~~~~~~~~~Eat your spinach, dude.~~~~~~~~~~~~~~~~~~~~~~
I googled and found only (~25 sites/6 downloads):
"Test My Firewall" at http://www.testmyfirewall.com/,
"Jason's Toolbox" at http://www.jasons-toolbox.com/TestEmail/MailSent.asp,
"GFI Email Security Testing Zone" at http://www.gfi.com/emailsecuritytest/ (~15 tests)
Symantec Security Check at http://security.symantec.com/sscv6/d...d=ie&venid=sym
PC Security Test download at http://www.pc-st.com/us/index.htm (download.com review 3.5/5 rating)
Audit My PC Firewall, Anonymous, Popup Tests at http://www.auditmypc.com/firewall-test.asp
Shields Up at http://www.grc.com/x/ne.dll?rh1dkyd2 (Several tests.)
Browser Security Test at http://bcheck.scanit.be/bcheck/
Eicar anti-virus test at http://www.eicar.org/anti_virus_test_file.htm (2 yrs old, checks only if AV scanner is running)
Wi-Fi Security Test at http://www.jiwire.com/wifi-security-test.htm
McAfee HackerWatch at http://www.hackerwatch.org/probe/
GRC - Firewall Leak Test download at http://www.grc.com/lt/leaktest.htm
Comodo Online Test download and online at http://www.personalfirewall.comodo.com/onlinetest.html?currency=USD®ion=North%20America&country=US (two tests - any firewall)
MISEC Trojan simulator download at http://www.misec.net/trojansimulator/
Some of them actually work pretty well, but there must/should be others. Such online tests should get zillions of hits -> $$, IMHO. Perfect job for out-of-work hackers.
I'd pay for this service, seriously. There should be as many INDEPENDENT security testing sites as there are security programs. With frequent updates, for two reasons: malware constantly evolves, and the security programs would "update" their programs very quickly to catch the dummies... to improve their scores.
I want to KNOW if all these security programs that I have so diligently researched, installed, configured and updated, and updated, actually work? They offer "Tips" to maximize security efficacy. Not enough. I want tests. Real tests of my security software. Maybe I don't have my security configured properly. Maybe some programs are more efficient at picking up the latest malware. Maybe some are better at not reporting false positives. I want to determine the answers myself.
These tests could certainly be as up-to-date as security software, and possibly more up-to-date, if the "legitimate" hackers were quicker at getting out the "dummies" than the security programs were at getting out their malware blocking updates. It would keep the security programmers on their toes. That could only be a good thing.
And wouldn't it be a kick to make the screen light up and set off sirens and alarm bells when "dummy malware" is detected? That is, of course, if security software actually works.
Reliable, controlled testing of my defenses against an evolving external enemy that could potentially trash my computer, steal my identity, my money, and my personal documents is fundamental AND potentially lucrative. Surely, I am not be the first to see this.
Which leads me to this broader question: Is there a conspiracy to deter the public from testing security software? If so, there can only be one answer to, "Why?"
~~~~~~~~~~~~~~~~~~~~Eat your spinach, dude.~~~~~~~~~~~~~~~~~~~~~~