Q&A to and from matousec.com

Discussion in 'other security issues & news' started by dfr, Aug 29, 2013.

Thread Status:
Not open for further replies.
  1. dfr

    dfr Registered Member

    Joined:
    Aug 28, 2013
    Posts:
    2
    A recent discussion with matousec.com support (quoted publicly with their permission), which some of you may find interesting and helpful.

    Q 1:

    Why do your test concentrate on outbound traffic instead of inbound, which should be a priority for firewalls? A firewall's primary purpose is to keep out unwanted inbound traffic.

    Do you think that the bad guys can't determine what the tests are and develop work arounds? So what's the value of the tests?

    You have collected a set of 20 malware samples that were not detected by two popular anti-virus engines. But many people are not in the habit of downloading and executing malware.
    So they would find it a more useful, realistic, practical, and interesting challenge to put the malware samples into existing web-based exploits on your test pages and let users go to the page to see if their security can block the download/execution of the exploit.
    It would be easy for you to get a current exploit kit floating around the internet and have the exploits point to your malware samples from your test page.
    Can you do that, please?

    A 1:

    If you refer to Proactive Security Challenge 64 then please note that its focus is not on firewall technology.
    PSC64 is focused on behavioral based protection and control. There are many steps a real life attacker has to take in order to perform a successful attack. The first step is to infect the computer and here you are right that inbound protection and exploit prevention are important.
    However, we focus on the second part, where this first line of protection was bypassed. This is not uncommon.
    Some users download the malware (thinking it is a legitimate software) and run it themselves.
    But some don't. Some of them try to view .doc/.pdf/.chm files that they find in their mail boxes.
    And some users do not that. Some users are infected due to zero day exploits in their browsers, email clients, instant messaging software.
    There are many ways to do that.

    Our focus is on what happens next. All the security products we test in PSC64 implement some kind of behavior based control and protection. We test how solid this kind of protection really is.

    If you refer to something else than PSC64, please specify that.

    Kind Regards,

    --
    www.matousec.com Support

    Q 2:

    So could you please:

    1. Include an easily visible note on your Results and comments page advising that "Proactive Security Challenge 64 focus is not on firewall technology, but on behavioral based protection and control".
    It is in my opinion necessary to include such a note in order not to mislead people who refer to that page. Just reading your FAQ note:
    http://www.matousec.com/projects/proactive-security-challenge-64/faq.php#product-requirements is not sufficient for a layman to determine that this test is not focused on firewall technology. That creates confusion and misunderstanding.

    2. Can you, please, develop new tests to test also firewall technology, including inbound protection and exploit prevention?

    A 2:

    1. This information is mentioned on several places, such as:
    a) The introduction section - http://www.matousec.com/projects/proactive-security-challenge-64/#introduction
    b) The name of the project itself - it is Proactive Security Challenge;
    "proactive security" is a common term used for this kind of technology in many of the products we test.
    c) The methodology section - http://www.matousec.com/projects/proactive-security-challenge-64/#methodology-rules
    d) The FAQ you have mentioned.

    On the other hand, nowhere on our web is written that we focus on firewall technology.
    We believe that even if this information is explicitly included on the result page too, it would not help avoid misinterpretations because many of our visitors just do not read the texts regardless of their position on our website.

    2. Unfortunately, this is not on our roadmap in the near future.

    Kind Regards,

    --
    www.matousec.com Support

    Q 3:

    Why Microsoft's Windows 7 firewall has not been included in Proactive Security Challenge 64 to compare it with 3rd party firewalls? Can you include it please?

    A 3:

    Unfortunately, it is not possible because Windows 7 firewall is not suitable for testing.
    It simply does not meet the criteria mentioned in the project's FAQ:
    http://www.matousec.com/projects/proactive-security-challenge-64/faq.php#product-requirements

    PSC64 does not focus on firewalls. It tests behavioral based protection.

    Kind Regards,

    --
    www.matousec.com Support
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  3. dfr

    dfr Registered Member

    Joined:
    Aug 28, 2013
    Posts:
    2
    I have already ended communication with them and I am busy with other things. But they reply quickly when you post them a message through their web form. So I suggest that you contact them and let us know about their reply. They agree without any problem to post their replies publicly.
     
Loading...
Thread Status:
Not open for further replies.