RegTest is a program which allows to test the effectiveness of your registry protection. RegTest simulates malicious software which infect computers all around the world millions of times a day. It simulates the techniques advanced spyware, viruses and trojans use to infect your system.
GeSWall redirects registry access and application thinks that it modifies registry.
and prevents shutdown by blocking GUI messages (a shatter attack).
Posted in GeSWall's Security Tests
Trojan Simulator has self-describing name.
Runing Trojan Simulator isolated prevents its installation. Regardless of the fact that message “successfully installed” appears, actually trojan is not installed, because GeSWall redirects trojan registry access.
Link: http://vx.nuclearelephant.com/dl/sim/TrojanSimulator.zip
Posted in GeSWall's Security Tests
SoundrelSimulator is a simulator of certain virus activities, such as changing browser homepage, adding auto-start application and etc.
GeSWall successfully prevented all attack probes by redirecting registry access and denying files creation in a startup folder. An attack notification message is displayed on detected malicious activity.
Log records:
scoundrelsimula REDIRECT access to HKU\...\ProgramsTab (Registry)
scoundrelsimula REDIRECT access to HKLM\...\Internet Explorer\Control Panel\ContentTab (Registry)
scoundrelsimula REDIRECT access to HKLM\...\Internet Explorer\Control Panel\GeneralTab (Registry)
scoundrelsimula REDIRECT access to HKU\...\DisableRegistryTools (Registry)
scoundrelsimula DENY access to C:\Documents and Settings\...\Start Menu\Programs\Startup\Scoundrel Simulator.lnk (File)
Posted in GeSWall's Security Tests
This OSR tool loads a kernel driver and crashes and reboots the computer in 1sec.
“You say the drivers you develop aren't doing a good enough job of crashing your system and you need a way to force a system crash? Here's that way: BANG! Run BANG.EXE and a dialog box with a big red button reading "Crash Now!" appears. Click the button and... BANG! Or, change your mind and click on the little "Never Mind" button. Somebody's needed to write this utility for years. And who would you expect it to be other than OSR?”
GeSWall successfully prevents system crash by preventing driver start.
Link: http://www.osronline.com/OsrDown.cfm/BANG_v1.zip?name=BANG_v1.zip&id=153
Posted in GeSWall's Security Tests, Rootkits
Link: http://www.av-comparatives.org
av-comparatives.org project reported the evaluation results of 16 leading AV products.
Proactive detection against 8,745 pieces of modified malware:
- 12 out of 16 products did not recognized even half of test pieces
- the best result is 58%
On-demand detection against 243,671 pieces of known malware:
- One vendor missed over 90,000 pieces of malware
- 4 out of 16 missed over 10,000 of pieces
So, in order to ensure that at least all known pieces of malware are detected you have to install dozens of AVs :-)
Posted in General
XML Feeds