Mar 11 2009, 10:13 PM, updated 17y ago
The security software is testing a total 34 different attacks and manipulations of a computer system running the Microsoft Windows operating system. Depending on the antivirus and firewall software in use some, all or none might spawn alerts.
The software program will display a score in the end. The maximum amount of points is 340, 10 for each test passed. Each test is explained on a local html page that gets downloaded with the software program. Those information can be used to find out why a test has not been passed. It does require some research though as the information provided are only answers to the questions what the test is doing and what the harm is if the test fails.
The leak test can be divided into different categories. It will begin with some rootkits tests followed by invasion, injection, info send, impersonation and hijacking tests.
Comodo Leak Test is a portable security software that will test an antivirus firewall software that is installed on a Windows operating system. It provides the means to find out if your computer system is still - partially or fully - vulnerable to common attacks encountered locally and remotely.
Test Details:
QUOTE
Rootkit Installation 1 - Loads a driver in via ZwSetSystemInformation API. A very old, known and effective way to install a rootkit.
Rootkit Installation 2 - Loads driver by overwriting a standard driver (beep.sys) and starting it with service control manager (e.g. Trojan.Virantix.B).
DLL Injection 1 - Injects DLL into trusted process (svchost.exe) by injecting APC on LoadLibraryExA with "dll.dll" as a param. The string "dll.dll" is not written into process memory, it's from the ntdll.dll export table which has the same address in all processes. The APC is injected into second thread of the svchost.exe which is always in alertable state.
DLL Injection 2 - An old technique. The DLL is injected via remote thread creation in the trusted process, without using WriteProcessMemory.
BITS Hijack - Downloads a file from the internet using "Background Intelligent Transfer Service" which acts from the trusted process (svchost.exe)
Rootkit Installation 2 - Loads driver by overwriting a standard driver (beep.sys) and starting it with service control manager (e.g. Trojan.Virantix.B).
DLL Injection 1 - Injects DLL into trusted process (svchost.exe) by injecting APC on LoadLibraryExA with "dll.dll" as a param. The string "dll.dll" is not written into process memory, it's from the ntdll.dll export table which has the same address in all processes. The APC is injected into second thread of the svchost.exe which is always in alertable state.
DLL Injection 2 - An old technique. The DLL is injected via remote thread creation in the trusted process, without using WriteProcessMemory.
BITS Hijack - Downloads a file from the internet using "Background Intelligent Transfer Service" which acts from the trusted process (svchost.exe)
CODE
http://download.comodo.com/securitytests/CLT.zip
This post has been edited by cybpsych: Mar 11 2009, 10:14 PM
Quote
0.0159sec
1.46
5 queries
GZIP Disabled