PC SECURITY TEST 2007

Discussion in 'other security issues & news' started by nodyforever, Nov 30, 2007.

Thread Status:
Not open for further replies.
  1. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    HACKING : Detection of open ports

    In exchanging data (sending email or accessing a network, for example), a PC uses
    input/output ports. These ports can also be entry points for hackers
    and certain types of viruses (e.g, Sasser, Blaster, etc)

    You should install a firewall software to protect your computer against these kinds of threats.
    (Windows XP provides a basic firewall)

    A firewall will close unused ports and monitor open ports for intrusion attempts.

    PC Security Test identifies the opened ports.

    The status of each of the major ports on your PC is listed below :
    (a closed port is secure while an opened port represents a security risk)

    Port 0: closed
    Port 21: closed
    Port 22: closed
    Port 23: closed
    Port 25: closed
    Port 79: closed


    HACKING : Simulation of internet attacks (port scanning)

    In exchanging data (sending email or accessing a network, for example), a PC uses
    input/output ports. These ports can also be entry points for hackers
    and certain types of viruses (e.g, Sasser, Blaster, etc)

    You should install a firewall software to protect your computer against these kinds of threats.
    (Windows XP provides a basic firewall)

    A firewall will close unused ports and monitor open ports for intrusion attempts.

    In order to check how "hackproof" your system is,
    PC Security Test simulates a "port scanning attack".

    If you have a firewall installed, it should report the attack as such.

    ---------------

    VIRUS : Adding a "run at Windows startup" entry to the Windows Registry.

    Once a virus has infected your system, it ensures that it will be run automaticaly at every
    Windows startup by adding an entry to the Windows registry.

    This test simualtes adding an entry to the Windows registry in the
    "run at Windows startup" section.

    Please note that this attack may not be detected by basic anti-virus programs.
    This attack is detected and blocked by real-time protection software.



    VIRUS : Simulation of a file infected with a known virus

    During this test, PC Security Test places a infected file into the Windows system directories.
    This is not an actual virus ! This is only a test signature (EICAR).
    The file is automatically removed at the end of the test.

    This is a basic attack that any virus protection software should detect and neutralize


    VIRUS : Simulation of a file infected with an unknown virus

    During this test, PC Security Test places a file containing malicious
    code into the Windows system directory.

    This file has all the characteristics of a virus (size, location, code, profile,
    method of replication).

    Basic anti-virus scanners that only detect known viruses through signature identification
    will not detect the infected file. The file should be detected by heuristic analysis
    anti-virus programs and behavourial analysis anti-virus software.


    VIRUS : Simulation of a virus running in memory


    During this test, PC Security Test runs a infected program in memory.
    The aim of this test is to check that your protection software is able
    to detect viruses in memory.

    Some anti-virus scanners will not detect the program because they only scan files on the harddrive.

    In order to protect your system against this type of threat, you should install
    real-time protection software.


    --------------------------


    SPYWARE : Simulation of spyware being loaded in memory

    Spyware is a small program that installs itself on a PC without the user's knowledge or permission.
    Spyware can be installed from software or a web page.

    A spyware program can:
    - display advertising pop ups when you are browsing the internet
    - collect data on your computer and your browsing habits
    - add unwanted toolbars or buttons to Internet Explorer
    - slow down your computer

    This test simulates the activity of spyware in memory (known spyware CMESYS.EXE).
    Please note that standard anti-virus and spyware scanners will not detect this spyware.
    Standard anti-virus programs do not detect spyware and most spyware scanners do not actively scan memory.

    In order to adequately safeguard your computer, you should install
    a real-time protection program.


    SPYWARE : Simulation of spyware component being added to Internet Explorer


    Microsoft Internet Explorer is the world's most popular web browser.
    It is also a major target for spyware and pop ups.

    Some programs and web sites add components, like web toolbars, to Internet Explorer that can be used to show unwanted web sites and advertising pop ups.
    Others record and transmit your browsing habits.

    During this test, PC Security Test adds an external component to Internet Explorer without user permission.

    This attack should be detected and blocked by real-time protection
    and registry monitoring programs.

    Please note that spyware scanners will not detect this attack.

    If you do not use Internet Explorer, this test is not relevant to you.


    SPYWARE : Unsolicited Internet Explorer start up page change

    Microsoft Internet Explorer is the world's most popular web browser.
    It is also a major target for spyware and pop ups.

    Some programs and web sites add components, like web toolbars, to Internet Explorer that can be used to show unwanted web sites and advertising pop ups.
    Others record and transmit your browsing habits. Some programs can also change the default search
    and start up pages.

    During this test, PC Security Test changes the Internet Explorer home page
    without user permission.

    This attack should be detected and blocked by real-time protection
    and registry monitoring programs.

    Please note that spyware scanners will not detect this attack.

    If you do not use Internet Exporer, this test is not relevant to you.


    iMAGE 1

    EAV+Windows Firewall/ESS

    100% - 30% - 0%



    EAV+Outpost Firewall Pro/Suite 2008

    100% - 30% - 0%

    EAV+Zone Alarm Pro

    100% - 30% - 0%


    Other products:


    KAV/KIS

    100% - 30% - 0%


    AVK/AVK IS

    100% - 30% - 0%


    NAV 2008/NIS 2008

    100% - 30% - 0%


    PANDA AV/PIS

    100% - 30% - 30


    AVIRA PE/AVIRA PE IS

    100% - 30% - 0%


    BITDEFENDER AV/BIS

    100% - 30% - 0%



    iMAGE 2


    EAV+ Comodo Basic Firewall Free v3

    100% - 55% - 50%



    iMAGE 3

    EAV+ Onilne Armor Free

    100% - 80% - 75%



    Conclusion:

    All the suites that include Firewall are very weak in terms of detention and the AVS in this test only managed to detect the tests of the EICAR.


    Note: All the products were tested in his way standard without alterations not even tunings of same.


    See: PCST 2007
     

    Attached Files:

  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    A sticky really needs to be made about meaningless tests like these. Explaining why they're a waste of time becomes boring and repetitive after a while.
     
  3. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon

    I did not understand your affirmation solcroft
     
Loading...
Thread Status:
Not open for further replies.