Does DefenseWall HIPS now passes/blocks these real malware?

Discussion in 'other anti-malware software' started by CoolWebSearch, Apr 27, 2011.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,206
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    man defensewall and mbam pro did the best in the test:thumb:
     
  4. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    Check out the Malware Research Group's tests. DefenseWall passed everything. :D :thumb:
     
  5. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,206
    From 2006:
    DefenseWall does not provide boot sector protection, and most of all, its service/driver is not a boot start but a system start: consequently, the protection during the boot is limited.

    Is this now resolved?

    Rootkit technology detection: failed.

    DefenseWall has not the ability to detect hidden objects.
    Is this now resolved?

    Rootkit detection with HackerDefender: Failed.

    DefenseWall does not detect objects hidden by the rootkit already installed.
    Is this now resolved?

    With EyeBootRoot : This rootkit/backdoor patches the OS (NDIS.sys) just after the bios, and just before the start of Windows: DefenseWall, which starts with Windows can't prevent and detect this rootkit backdoor: failed

    Is this now resolved?


    Screencap is launched ‘untrusted (but from C, not form CD, since it does need to record the screenshot it takes in its folder), but it manages to capture the entire screen. Here is the pic it was able to capture : Failed
    Is this now resolved?

    With Dhello virus : wscript.exe is launched ‘untrusted, but many infected copies of files are created everywhere on the computer (all files in “My Documents”, except the “Secured area”), all shortcuts on Desktop, the only non-affected files are system files (c:WINDOWS, and Program Files). The only files DefenseWall prevented are the files likely to be restarted (according to their location, not that they were made to restart) after a reboot. Failed

    Is this now resolved?

    DefenseWall doesn’t claim to protect against URL obfuscation. Failed.
    Is this now resolved?

    The exploit does launch calc.exe and rundll32.exe, but ‘untrusted : Failed.
    Is this now resolved?

    Here too, the exploit can work, notepad is trying to open the file, while rundll32.exe is running. Failed.
    Is this now resolved?

    CMD and Privdropper are run as untrusted, but DefenseWall was unable to prevent the deactivation of the SeDebugPrivilege: Failed.
    Is this resolved?


    SSLSpoofer test:
    Since the file needs a service to work, it is stopped by DefenseWall.
    The spoofer has to be installed 'trusted to create and launch it's service, and to work; but as doing, DefenseWall is not supposed to prevent it.
    If we take only in consideration the spoofing of the certificate, DefenseWall is unable to detect and block this kind of attack: failed.
    Is this resolved?


    Stuxnet trojan, gpcode?
    Cheers and thanks.
     
  6. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    ^I'm afraid you are simply asking too much here.
    Have you searched for answers yourself on appropriate fora?
    Couldn't you find any answers?
    Have you tried finding these very old samples and test them against current version of DW?
    Have you tried to find (or asked for) a Stuxnet/gpcode sample and test it against DW?
    Or are you expecting/hoping, others will do it for you?
    Have you contacted developer Ilya Rabinovich on these old test results?
    Do you think these 6 years old findings are still relevant?
    Do you know how DW has changed/been developed over the last 5 years?

    Like in another post, you asked if anyone could test several HIPS and all other HIPS against current MDL samples.
    That's like asking if anyone has tested all current 2011 V8&V10&V12 cars on all 30 major test circuits. You know (or might/should know) no-one has done that.
    That's simply asking for the (nearly) impossible. (all imao oc)
     
    Last edited: Apr 28, 2011
  7. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    CoolWebSearch, your questions are irrelevant. What any security program did or didn't do 5 years ago has no bearing on what it can do today. DefenseWall uses policy management to protect a system, it doesn't "detect" threats. It limits the rights of untrusted objects, files and programs to do anything harmful to the system. As others have pointed out, recent tests have verified that DW is very effective, but of course nothing is 100%.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No when you allow something to install it is consired trusted, DW intercepts before something untrusted is installed

    No when you allow something to install it is consired trusted, DW intercepts before something untrusted is installed

    Yes

    Yes, though empty folders may exist after using rollback.

    Not to my knowledge, protection is problably still directed to downloaded files and programs (which are considered untrusted)

    No idea

    No when you allow something to install it is consired trusted, DW intercepts before something untrusted is installed

    Yes


     
    Last edited: Apr 28, 2011
  9. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,206
    Thanks to all replies, but it really doesn't matter, basically my question was waht are DefenseWall's vulnerabilities and if they have been fixed by now, because I wanted to test DefenseWall's weak points.
    As I've seen from the newest test DefenseWall has been greatly improved, but there are malware samples in my collection that I would give a try to see if they can bypass DefenseWall.
    Thanks to all.
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    the weak points for defensewall is again the user himself same as other security programs;) my 2 mexican pesos:D
     
  11. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    it's not difficult: just study very well the user manual of DW, so you can understand deeply how it works, and then test it with your samples.
    please take care to understand really how DW works, otherwise you will certainly draw wrong conclusions.

    Regards
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    kronos:thumb:
     
Loading...
Thread Status:
Not open for further replies.