2013년 1월 21일 월요일

Matousec - Proactive Security Challenge 64 (2013년 1월)

Matousec - Proactive Security Challenge 64 (2013년 1월) - http://www.matousec.com/projects/proactive-security-challenge-64/results.php

* Matousec 사전 방역 성능 테스트에 대한 설명 (물여우님 블로그) - http://arrestlove.tistory.com/167



The best product tested against the latest set of tests and the Proactive Security Challenge 64 leader is currently Comodo Internet Security Premium 6.0.260739.2674 with excellent 92% score.

Comodo Internet Security Premium 6.0.260739.2674 보고서 다운로드

* 테스트 환경 - Windows 7 Service Pack 1, Internet Explorer 9 , 64bit
* CIS의 Sandbox 기능을 OFF 한후 테스트 되었습니다.
* 아래의 한글로 된 설명은 정확하지 않을수 있습니다.


 
RegDel1
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegDel1 checks whether a malicious program can delete the tested product's registry keys and values.
(악성 코드가 프로그램의 레지스트리 키값을 삭제할수 있습니다.)



RegSet1
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegSet1 checks whether a malicious program can corrupt registry values of the tested product.
(악성코드가 프로그램에 레지스트리 값을 변경할수 있습니다.)



 SSS3
Test type: Other
Techniques: system service exploitation
Scoring: Test was prevented to shutdown the system – PASSED; test was able to shutdown the system – FAILED.
Description: SSS3 checks whether a malicious program can shutdown the system using special API.
(악성코드가 특별한 API를 사용하는 시스템을 정지 시킬수 있습니다.)



Schedtest3
Test type: Leak-test
Techniques: COM interface exploitation, parent process control bypassing
Scoring: Test was prevented to schedule custom task in Task Scheduler – PASSED; test was able to schedule custom task in Task Scheduler – FAILED.
Description: Schedtest3 checks whether the tested product allows a malicious application to schedule a new task using Task Scheduler 2.0 interface.
(악성코드가 윈도우의 작업 예약 시스템에 새로운 작업을 등록시킬수 있습니다.)

 

nject1
Test type: Leak-test
Techniques: system object manipulation, DLL injection
Scoring: Test was prevented to send data to Internet server – PASSED; test was able to send data to Internet server – FAILED.
Description: Inject1 attempts to inject a DLL into Internet Explorer by creating a special section for one of the DLLs it depends on.
(의존성을 가진 DLL에 특별한 섹션을 생성함으로 IE에 속해있는 DLL에 inject를 시도하는 테스트입니다.)

RegAcc1
Test type: Self-defense test
Techniques: registry key/value manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: RegAcc1 checks whether the tested product protects its registry keys against malicious manipulation of their security descriptors.
(악성코드가 보안 프로그램의 레지스트리 값을 조작할수 있는지에 대한 테스트입니다.)

 

FileAcc1
Test type: Self-defense test
Techniques: file/directory manipulation
Scoring: All components and processes of the tested product run properly after the reboot, no component or process of the tested product was disabled, limited to do its job, or damaged – PASSED; at least one of the tested product's processes or components is not loaded, is damaged, is limited to do its job, or does not work properly after the reboot – FAILED.
Description: FileAcc1 checks whether the tested product protects its files and directories against malicious manipulation of their security descriptors.
(악성코드가 보안 프로그램의 파일과 폴더를 조작할수 있는지에 대한 테스트입니다.)

Kill3f
Test type: Self-defense test
Techniques: windows messages exploitation
Scoring: No process or thread of the tested product was terminated or damaged – PASSED; at least one of the tested product's processes or threads was terminated or damaged – FAILED.
Description: Kill3f attempts to terminate the tested product's processes by sending all possible types of windows messages to their windows.
(가능한 모든 형식의 Windows message를 보내 실행중인 프로그램을 종료시키는 테스트입니다.)

WFPblock
Test type: Other
Techniques: Windows Filtering Platform API exploitation
Scoring: Test was prevented to block access to legitimate Internet servers – PASSED; test was able to block access to at least one legitimate Internet server – FAILED.
Description: WFPblock checks whether a malicious program can misuse Windows Filtering Platform API to control network access.
(악성코드가 네트워크 접속을 제어하는 Windows Filtering Platform API를 오용할수 있습니다.)

댓글 없음:

댓글 쓰기