Software security Tests

Does someone here know of an internet site or sites that have "dummy" Trojans, Backdoors, Keyloggers, Worms, Viruses, Spyware, Adware and/or Rootkits to test computer security programs?

I googled and found only (~25 sites/6 downloads):

"Test My Firewall" at http://www.testmyfirewall.com/,
"Jason's Toolbox" at http://www.jasons-toolbox.com/TestEmail/MailSent.asp,
"GFI Email Security Testing Zone" at http://www.gfi.com/emailsecuritytest/ (~15 tests)
Symantec Security Check at http://security.symantec.com/sscv6/d...d=ie&venid=sym
PC Security Test download at http://www.pc-st.com/us/index.htm (download.com review 3.5/5 rating)
Audit My PC Firewall, Anonymous, Popup Tests at http://www.auditmypc.com/firewall-test.asp
Shields Up at http://www.grc.com/x/ne.dll?rh1dkyd2 (Several tests.)
Browser Security Test at http://bcheck.scanit.be/bcheck/
Eicar anti-virus test at http://www.eicar.org/anti_virus_test_file.htm (2 yrs old, checks only if AV scanner is running)
Wi-Fi Security Test at http://www.jiwire.com/wifi-security-test.htm
McAfee HackerWatch at http://www.hackerwatch.org/probe/
GRC - Firewall Leak Test download at http://www.grc.com/lt/leaktest.htm
Comodo Online Test download and online at http://www.personalfirewall.comodo.com/onlinetest.html?currency=USD&region=North America&country=US (two tests - any firewall)
MISEC Trojan simulator download at http://www.misec.net/trojansimulator/

Some of them actually work pretty well, but there must/should be others. Such online tests should get zillions of hits -> $$, IMHO. Perfect job for out-of-work hackers.

I'd pay for this service, seriously. There should be as many INDEPENDENT security testing sites as there are security programs. With frequent updates, for two reasons: malware constantly evolves, and the security programs would "update" their programs very quickly to catch the dummies... to improve their scores.

I want to KNOW if all these security programs that I have so diligently researched, installed, configured and updated, and updated, actually work? They offer "Tips" to maximize security efficacy. Not enough. I want tests. Real tests of my security software. Maybe I don't have my security configured properly. Maybe some programs are more efficient at picking up the latest malware. Maybe some are better at not reporting false positives. I want to determine the answers myself.

These tests could certainly be as up-to-date as security software, and possibly more up-to-date, if the "legitimate" hackers were quicker at getting out the "dummies" than the security programs were at getting out their malware blocking updates. It would keep the security programmers on their toes. That could only be a good thing.

And wouldn't it be a kick to make the screen light up and set off sirens and alarm bells when "dummy malware" is detected? That is, of course, if security software actually works.

Reliable, controlled testing of my defenses against an evolving external enemy that could potentially trash my computer, steal my identity, my money, and my personal documents is fundamental AND potentially lucrative. Surely, I am not be the first to see this.

Which leads me to this broader question: Is there a conspiracy to deter the public from testing security software? If so, there can only be one answer to, "Why?"

~~~~~~~~~~~~~~~~~~~~Eat your spinach, dude.~~~~~~~~~~~~~~~~~~~~~~

 

http://wiki.castlecops.com/Lists_of_freeware_security_services

 

For testing prevention, the "real tests" are live exploits in the wild. Sans.org is pretty good about posting advisories on the latest exploits with URLs. You have to be quick because the sites go dead fast these days.

Recently, I listed samples of the different exploits I've encountered. While I was testing Anti-Executable, I discovered in correspondence with fcukdat, who posts here, that he was doing similar with Process Guard. It became evident that if your security includes White Listing, you will see that no binary executables can install. It was during this time that he wrote,

Being real live exploits, you can analyze the code to see how they work. Note that much malware still exploit vulnerabilites long since patched. That should tell you something. For example, iframe is still one of the leading attack vectors.

http://www.urs2.net/rsj/computing/tests/remote/

These are remote code execution exploits - perhaps the most dangerous, since based on the unexpected; yet, the easiest to prevent.


----
rich

 

All righty then...

@ MrBrian.
Wow. Quite a list. I will investigate the sites you referenced and be back, oh, sometime in May or June I expect. Seriously, this is exactly what I asked for.

@ Rmus - rich.
Got it. With some trepidation, I'm off to check out:
1. Sans.org,
2. your recent samples of different exploits,
3. your posts RE: Anti-Executable,
4. fcukdat's posts, RE: Process Guard,
5. remote code execution exploits at http://www.urs2.net/rsj/computing/tests/remote/

(In future, I must be more careful what I ask for.)

Thanks. Brilliant. I'll be back when I actually know something.

~~~~~~~~~~~~~~~~~~~~Eat your spinach, dude.~~~~~~~~~~~~~~~~~~~~~~