BufferZone trojan test

Anybody tried Trojan test from BufferZone. I tried it with DefenceWall, GesWall, KIS, and Prevx, but none of them was able to stop it, done with default settings mostly.

http://www.trustware.com/security_test_disclaimer.htm

 

Hi Aigle,

I'd just like to give you the Prevx view on this one. If you try BufferZone with Prevx in ABC or Pro mode it will be allowed to run. The reason for this is simple. This is not a Trojan, it is a demo of what a trojan might do. It is therefore a legitimate application - it does exactly what it's authors have told you it does. As such it has a Good rating in the Prevx database.

If you run in Expert mode, you will be queried to allow it to report back home - essentially allowing you to stop the "attack" if you wish.

We have had a number of Tools like this where part of the user community want it to be treated as Malware as it "acts like malware" but others want it to be treated as Good as it's just a tool. In this case, we opted for the latter as the authors are explicit to its behaviour - it does what it says on the tin. It doesn't use any sneaky techniques, exploits or silent downloaders. It simply isn't Bad.

 

U say it is just a tool. What is the function of this tool.

 

I´ve tried it and Appdefend stops it, or atleast you get an alert every step the trojdemo takes, then it is up to you to decide.
Tiny Personal Firewall 6 stops it too. Default settings.

 

I've tried this Trojan Test. It was runned as untrusted under network connections switched on and off. In case network is switched on test reports that defense is failed, other case- tests is passed. As I haven't seen it's source code I may accume it is network defense test, not HIPS one.

 

Although this thread is a bit old, I would like to mention this test may not be reliable. I have tested it with a few firewalls.

When I pressed on the "attack result", the firewall will warn me. If I press "deny", nothing is displayed. However if I press "allow", my personal files are displayed on the page. Anyway, no matter what I do, the test still says "my system is not secured".

Any thoughts?

 

I tried this test with my documents set as confidential in GesWall.
GW passes the test.

 

Yes I have tried it and it failed. I use Neoava Guard latest Beta version and I set up My Documents to be protected under "My Protected Files" I ticked aginst open read, write & delete & notify.

When I ran the test it disclosed the names of all my files in My Documents.

The only software I had that protected me was Hide Files and Folders.

I reported it on the Neoava Guard Web Site. but the developer does not seem to respond (from previous post experience).

Also reported it in the Wilders Other Anti Malware Software

Terry

 

By "It" u mean GW or the so called Trojan itself.

 

I mean the trojan itself. As I said I set up Neoava Guard to protect My Documents because there is a specific feature that allows you to do it. So I thought I would try it. I was disappointed because I did not expect a security application of this calibre to fail. I reported under your thread because the common element is the trojan which seems quite robust given the damage it is causing (See other threads on the web) also it appears that there is confusion about how to treat it (the trojan) in some software applications.

The problem is my confidence has been knocked with Neova Guard given its failure and I don't know of any other vulnerability testing to throw at NG to see if its just the BufferZone test that is a bit canny or just that Neova Guard needs a lot more development

Hope this clarifies

Terry

 

I don,t know if the HIPS prevent reading files/ docs or not?

 

Actually it is just a partial pass since the test claims that your taskmgr.exe has been invaded successfully.

However I doubt the reliability of this test. See my test results for details.

 

It did started my calculator ( ?via task manager-- I did not see it running) but as I said this test can,t kill anything on my machine via task manager as Task manager will run isolated in GesWall.
I can,t see ur results!!!
Test does seem a bit buggy.

 

Aigle


I tried the BufferZone Trojan Test with GesWall and got some odd results

a) TaskMgr.exe, TelNet.exe, FTP.exe all passed ie the trojan WAS NOT successful HOWEVER the calculator showed.

b) It highlighted all the files in my confidential folder in My Documents

I thought GesWall BY Default protected the Confidential folder?

If so what did you do/add to change it. Could you detail it for me please

Thanks
Terry

 

GW protects the confidential folder by default. I was having nothing in it so I made all MY Documents confidential( just change Confidential to My Documents in resources properties of Confidential.( it is just for the test otherwise I put it back to default with ofcourse changing the name of Confidential folder to make it unattractive at teh same time changing to same name in resources properties as well-- I hope I am able to make it clear).
I used latest beta version of GW. If u amke all my documents confidential, u will get many pop ups that ur browser is trying to access confidential folders, deny all the access( In order to deny, u have to press Yes button here in the pop up).
BTW I will say again that test is a bit buggy, results are not reproducible sometimes.

 

It is just above - my first post of ths thread.

Anyway, click on https://www.wilderssecurity.com/attachment.php?attachmentid=183152&stc=1&d=1158147509 and see the result.

 

Opened with a BZ'd IE, it just said I had passed the security test, (it did open Calculator with Red Border).

Same test opened in an un-BZ'd Firefox also opened Calculator and then needed "Allow" from ZoneAlarm.

This was the entire "[Attack Result]"

"...communication attack: SUCCESS!..."

Does that refer to the fact that I 'allowed' the connection?