RegTest Released - Test your protection

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Mar 9, 2005.

  1. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    603
    All I'm saying is that if there's a virtualizer in place, it's more than PASS but RegTest reports it as FAIL. Which is very confusing for the user (and all the "testers" out there who rely on RegTest's report).

    Cheers
    Vlk
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    vlk,
    I agree with you. However, people playing with these tests is aware of lot of things :)
    I don´t see the average Norton/McAfee/Trend user playing with security demos/tests.
     
  3. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    603
    I don't quite agree. The mere goal of the RegTest program is to test certain functionality and report the result of the test to the user.

    Now it turns out that for certain classes of programs, the reported result is incorrect. How can then the user tell if that's because the program is really unable to shield registry attack - or rather because RegTest just can't see it?

    Take e.g. this test here: http://www.techsupportalert.com/security_HIPS.htm
    I'm sure the author RELIED on the results reported by RegTest, without really looking for a reason if an application failed.

    Cheers
    Vlk
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If I am going to do some public tests, I must know the inner workings of the products tested and the tools used for testing.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,013
    Location:
    Saudi Arabia/ Pakistan
    Why you r so sure? I don,t think he is not aware of this simple fact.
     
  6. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    It isn't really my responsibility to ensure people who use RegTest know how it works, and how a HIPS works either. We see this kind of misreporting of software testing in many places. Most people who read RegDefend's forum know a lot more about how HIPS work than most of the reviewers out there.

    There is no real way of knowing if you are under a "virtualizer" as you called it or not, unless you specifically try and detect the presence of them. If you were at ring0 (like a driver) you could probably fool the "virtualizer" and get around it's protection, which is why you need protection against driver installations. However since most malware is ring3, I think RegTest serves the purpose of being a generic attack for registry defenders to test themselves against.