Does DefenseWall HIPS now passes/blocks these real malware?

This was in 2006. can DefenseWall HIPS block them now?
http://security.over-blog.com/article-2907976.html
http://security.over-blog.com/article-3024030.html
http://security.over-blog.com/article-2945565.html
http://security.over-blog.com/article-3028090.html
http://security.over-blog.com/article-3088768.html

Pros and cons of DefenseWall HIPS:
http://security.over-blog.com/article-3088768.html

Any improvements by now?

 

Yes significant improvements since these tests were run almost five years ago now. DW has an application firewall that will not allow any malware to call home.
More recent test results: https://www.wilderssecurity.com/showpost.php?p=1857556&postcount=476

 

man defensewall and mbam pro did the best in the test

 

Check out the Malware Research Group's tests. DefenseWall passed everything.

 

From 2006:
DefenseWall does not provide boot sector protection, and most of all, its service/driver is not a boot start but a system start: consequently, the protection during the boot is limited.

Is this now resolved?

Rootkit technology detection: failed.

DefenseWall has not the ability to detect hidden objects.
Is this now resolved?

Rootkit detection with HackerDefender: Failed.

DefenseWall does not detect objects hidden by the rootkit already installed.
Is this now resolved?

With EyeBootRoot : This rootkit/backdoor patches the OS (NDIS.sys) just after the bios, and just before the start of Windows: DefenseWall, which starts with Windows can't prevent and detect this rootkit backdoor: failed

Is this now resolved?


Screencap is launched ‘untrusted (but from C, not form CD, since it does need to record the screenshot it takes in its folder), but it manages to capture the entire screen. Here is the pic it was able to capture : Failed
Is this now resolved?

With Dhello virus : wscript.exe is launched ‘untrusted, but many infected copies of files are created everywhere on the computer (all files in “My Documents”, except the “Secured area”), all shortcuts on Desktop, the only non-affected files are system files (c:WINDOWS, and Program Files). The only files DefenseWall prevented are the files likely to be restarted (according to their location, not that they were made to restart) after a reboot. Failed

Is this now resolved?

DefenseWall doesn’t claim to protect against URL obfuscation. Failed.
Is this now resolved?

The exploit does launch calc.exe and rundll32.exe, but ‘untrusted : Failed.
Is this now resolved?

Here too, the exploit can work, notepad is trying to open the file, while rundll32.exe is running. Failed.
Is this now resolved?

CMD and Privdropper are run as untrusted, but DefenseWall was unable to prevent the deactivation of the SeDebugPrivilege: Failed.
Is this resolved?


SSLSpoofer test:
Since the file needs a service to work, it is stopped by DefenseWall.
The spoofer has to be installed 'trusted to create and launch it's service, and to work; but as doing, DefenseWall is not supposed to prevent it.
If we take only in consideration the spoofing of the certificate, DefenseWall is unable to detect and block this kind of attack: failed.
Is this resolved?


Stuxnet trojan, gpcode?
Cheers and thanks.

 

^I'm afraid you are simply asking too much here.
Have you searched for answers yourself on appropriate fora?
Couldn't you find any answers?
Have you tried finding these very old samples and test them against current version of DW?
Have you tried to find (or asked for) a Stuxnet/gpcode sample and test it against DW?
Or are you expecting/hoping, others will do it for you?
Have you contacted developer Ilya Rabinovich on these old test results?
Do you think these 6 years old findings are still relevant?
Do you know how DW has changed/been developed over the last 5 years?

Like in another post, you asked if anyone could test several HIPS and all other HIPS against current MDL samples.
That's like asking if anyone has tested all current 2011 V8&V10&V12 cars on all 30 major test circuits. You know (or might/should know) no-one has done that.
That's simply asking for the (nearly) impossible. (all imao oc)

 

CoolWebSearch, your questions are irrelevant. What any security program did or didn't do 5 years ago has no bearing on what it can do today. DefenseWall uses policy management to protect a system, it doesn't "detect" threats. It limits the rights of untrusted objects, files and programs to do anything harmful to the system. As others have pointed out, recent tests have verified that DW is very effective, but of course nothing is 100%.

 

No when you allow something to install it is consired trusted, DW intercepts before something untrusted is installed

No when you allow something to install it is consired trusted, DW intercepts before something untrusted is installed

Yes

Yes, though empty folders may exist after using rollback.

Not to my knowledge, protection is problably still directed to downloaded files and programs (which are considered untrusted)

No idea

No when you allow something to install it is consired trusted, DW intercepts before something untrusted is installed

Yes

 

Thanks to all replies, but it really doesn't matter, basically my question was waht are DefenseWall's vulnerabilities and if they have been fixed by now, because I wanted to test DefenseWall's weak points.
As I've seen from the newest test DefenseWall has been greatly improved, but there are malware samples in my collection that I would give a try to see if they can bypass DefenseWall.
Thanks to all.

 

the weak points for defensewall is again the user himself same as other security programs my 2 mexican pesos

 

it's not difficult: just study very well the user manual of DW, so you can understand deeply how it works, and then test it with your samples.
please take care to understand really how DW works, otherwise you will certainly draw wrong conclusions.

Regards

 

kronos