RegTest Released - Test your protection

All I'm saying is that if there's a virtualizer in place, it's more than PASS but RegTest reports it as FAIL. Which is very confusing for the user (and all the "testers" out there who rely on RegTest's report).

Cheers
Vlk

 

vlk,
I agree with you. However, people playing with these tests is aware of lot of things
I don´t see the average Norton/McAfee/Trend user playing with security demos/tests.

 

I don't quite agree. The mere goal of the RegTest program is to test certain functionality and report the result of the test to the user.

Now it turns out that for certain classes of programs, the reported result is incorrect. How can then the user tell if that's because the program is really unable to shield registry attack - or rather because RegTest just can't see it?

Take e.g. this test here: http://www.techsupportalert.com/security_HIPS.htm
I'm sure the author RELIED on the results reported by RegTest, without really looking for a reason if an application failed.

Cheers
Vlk

 

If I am going to do some public tests, I must know the inner workings of the products tested and the tools used for testing.

 

Why you r so sure? I don,t think he is not aware of this simple fact.

 

It isn't really my responsibility to ensure people who use RegTest know how it works, and how a HIPS works either. We see this kind of misreporting of software testing in many places. Most people who read RegDefend's forum know a lot more about how HIPS work than most of the reviewers out there.

There is no real way of knowing if you are under a "virtualizer" as you called it or not, unless you specifically try and detect the presence of them. If you were at ring0 (like a driver) you could probably fool the "virtualizer" and get around it's protection, which is why you need protection against driver installations. However since most malware is ring3, I think RegTest serves the purpose of being a generic attack for registry defenders to test themselves against.