PC SECURITY TEST 2007

[nodyforever]

HACKING : Detection of open ports

In exchanging data (sending email or accessing a network, for example), a PC uses
input/output ports. These ports can also be entry points for hackers
and certain types of viruses (e.g, Sasser, Blaster, etc)

You should install a firewall software to protect your computer against these kinds of threats.
(Windows XP provides a basic firewall)

A firewall will close unused ports and monitor open ports for intrusion attempts.

PC Security Test identifies the opened ports.

The status of each of the major ports on your PC is listed below :
(a closed port is secure while an opened port represents a security risk)

Port 0: closed
Port 21: closed
Port 22: closed
Port 23: closed
Port 25: closed
Port 79: closed


HACKING : Simulation of internet attacks (port scanning)

In exchanging data (sending email or accessing a network, for example), a PC uses
input/output ports. These ports can also be entry points for hackers
and certain types of viruses (e.g, Sasser, Blaster, etc)

You should install a firewall software to protect your computer against these kinds of threats.
(Windows XP provides a basic firewall)

A firewall will close unused ports and monitor open ports for intrusion attempts.

In order to check how "hackproof" your system is,
PC Security Test simulates a "port scanning attack".

If you have a firewall installed, it should report the attack as such.

---------------

VIRUS : Adding a "run at Windows startup" entry to the Windows Registry.

Once a virus has infected your system, it ensures that it will be run automaticaly at every
Windows startup by adding an entry to the Windows registry.

This test simualtes adding an entry to the Windows registry in the
"run at Windows startup" section.

Please note that this attack may not be detected by basic anti-virus programs.
This attack is detected and blocked by real-time protection software.



VIRUS : Simulation of a file infected with a known virus

During this test, PC Security Test places a infected file into the Windows system directories.
This is not an actual virus ! This is only a test signature (EICAR).
The file is automatically removed at the end of the test.

This is a basic attack that any virus protection software should detect and neutralize


VIRUS : Simulation of a file infected with an unknown virus

During this test, PC Security Test places a file containing malicious
code into the Windows system directory.

This file has all the characteristics of a virus (size, location, code, profile,
method of replication).

Basic anti-virus scanners that only detect known viruses through signature identification
will not detect the infected file. The file should be detected by heuristic analysis
anti-virus programs and behavourial analysis anti-virus software.


VIRUS : Simulation of a virus running in memory

During this test, PC Security Test runs a infected program in memory.
The aim of this test is to check that your protection software is able
to detect viruses in memory.

Some anti-virus scanners will not detect the program because they only scan files on the harddrive.

In order to protect your system against this type of threat, you should install
real-time protection software.


--------------------------


SPYWARE : Simulation of spyware being loaded in memory

Spyware is a small program that installs itself on a PC without the user's knowledge or permission.
Spyware can be installed from software or a web page.

A spyware program can:
- display advertising pop ups when you are browsing the internet
- collect data on your computer and your browsing habits
- add unwanted toolbars or buttons to Internet Explorer
- slow down your computer

This test simulates the activity of spyware in memory (known spyware CMESYS.EXE).
Please note that standard anti-virus and spyware scanners will not detect this spyware.
Standard anti-virus programs do not detect spyware and most spyware scanners do not actively scan memory.

In order to adequately safeguard your computer, you should install
a real-time protection program.


SPYWARE : Simulation of spyware component being added to Internet Explorer


Microsoft Internet Explorer is the world's most popular web browser.
It is also a major target for spyware and pop ups.

Some programs and web sites add components, like web toolbars, to Internet Explorer that can be used to show unwanted web sites and advertising pop ups.
Others record and transmit your browsing habits.

During this test, PC Security Test adds an external component to Internet Explorer without user permission.

This attack should be detected and blocked by real-time protection
and registry monitoring programs.

Please note that spyware scanners will not detect this attack.

If you do not use Internet Explorer, this test is not relevant to you.


SPYWARE : Unsolicited Internet Explorer start up page change

Microsoft Internet Explorer is the world's most popular web browser.
It is also a major target for spyware and pop ups.

Some programs and web sites add components, like web toolbars, to Internet Explorer that can be used to show unwanted web sites and advertising pop ups.
Others record and transmit your browsing habits. Some programs can also change the default search
and start up pages.

During this test, PC Security Test changes the Internet Explorer home page
without user permission.

This attack should be detected and blocked by real-time protection
and registry monitoring programs.

Please note that spyware scanners will not detect this attack.

If you do not use Internet Exporer, this test is not relevant to you.


iMAGE 1

EAV+Windows Firewall/ESS

100% - 30% - 0%



EAV+Outpost Firewall Pro/Suite 2008

100% - 30% - 0%

EAV+Zone Alarm Pro

100% - 30% - 0%


Other products:

KAV/KIS

100% - 30% - 0%


AVK/AVK IS

100% - 30% - 0%


NAV 2008/NIS 2008

100% - 30% - 0%


PANDA AV/PIS

100% - 30% - 30


AVIRA PE/AVIRA PE IS

100% - 30% - 0%


BITDEFENDER AV/BIS

100% - 30% - 0%



iMAGE 2

EAV+ Comodo Basic Firewall Free v3

100% - 55% - 50%



iMAGE 3

EAV+ Onilne Armor Free

100% - 80% - 75%



Conclusion:

All the suites that include Firewall are very weak in terms of detention and the AVS in this test only managed to detect the tests of the EICAR.


Note: All the products were tested in his way standard without alterations not even tunings of same.


See: PCST 2007

[solcroft]

A sticky really needs to be made about meaningless tests like these. Explaining why they're a waste of time becomes boring and repetitive after a while.

[nodyforever]

Quote:

Originally Posted by solcroft

A sticky really needs to be made about meaningless tests like these. Explaining why they're a waste of time becomes boring and repetitive after a while.

I did not understand your affirmation solcroft