Free Security Test

[sujay]

Did anybody performed the free security test by trustware.com?
http://www.trustware.com/Free-Security-Test/
It's really cool.
It bypassed comodo firewall...

[hellnoire]

I don't think Comodo was designed to stop something like this... this strikes me more as a virtualization type software.

[sujay]

But the demo trojan was design to stole information from "Documents" folder like well known spywares does. I think a heuristic scanner should detect that.

During our simulation we will:
Launch your Windows Calculator.
Abort your Internet Explorer.
Access several sensitive files (no harm will actually be done), and scan your "My Documents" folder where you most likely keep your private information.
We will place your sensitive file names (names only!) on our server. Your firewall may notify you of our demo trying to access your system. This means that our simulation was successful and is reporting its findings to our server.

[leofelix]

Did anybody performed the free security test by trustware.com?
http://www.trustware.com/Free-Security-Test/
It's really cool.
It bypassed comodo firewall...

Is "Defense +" enabled?

[sujay]

Is "Defense +" enabled?

Yes.. Comodo indeed restricted the demo trojan to do other things except reading contents of My Documents.

[hellnoire]

Again, I think that would be better suited for an anti-malware, not a Firewall with Heuristics.. Comodo's AV stinks, so it's not suited for any testing

[sujay]

Right now I am using Avast... I have tested this demo trojan with many security suite. Only KIS Win7 with maximum protection (which places new executable to 'High Restricted') detects that. But highest protection is always annoying. I have not tested this trojan with Comodo's paranoid mode yet..

[Ceyfer √]

------ Files Attack test ------
Attacking C:\WINDOWS\system32\TASKMGR.EXE: SUCCESS!
Attacking C:\WINDOWS\system32\TELNET.EXE: SUCCESS!
Attacking C:\WINDOWS\system32\FTP.EXE: SUCCESS!

Don't be too paranoid on this simple trojan demo. Simply... don't execute any unknown file you've downloaded and your harms away. LUA+SRP is enough to stop this.

See Bufferzone Review conducted by PC mag.

[sujay]

LUA+SRP is enough to stop this

what's that..

[andyman35]

what's that..

He is referring to Limited User Account and Software Restriction Policy

Info:
http://ask-leo.com/are_limited_user_accounts_effective.html
http://technet.microsoft.com/en-us/library/bb457006.aspx