[brillo]

Does someone here know of an internet site or sites that have "dummy" Trojans, Backdoors, Keyloggers, Worms, Viruses, Spyware, Adware and/or Rootkits to test computer security programs?

I googled and found only (~25 online tests/5 downloads):

"Test My Firewall" at http://www.testmyfirewall.com/,
"Jason's Toolbox" at http://www.jasons-toolbox.com/TestEmail/MailSent.asp,
"GFI Email Security Testing Zone" at http://www.gfi.com/emailsecuritytest/?
Symantec Security Check at http://security.symantec.com/sscv6/d...d=ie&venid=sym
PC Security Test download at http://www.pc-st.com/us/index.htm (download.com review 3.5/5 rating)
Audit My PC Firewall, Anonymous, Popup Tests at http://www.auditmypc.com/firewall-test.asp
Shields Up at http://www.grc.com/x/ne.dll?rh1dkyd2 (Several tests.)
Browser Security Test at http://bcheck.scanit.be/bcheck/
GFI Email Security Testing Zone at http://www.gfi.com/emailsecuritytest/ (~15 tests)
Eicar anti-virus test at http://www.eicar.org/anti_virus_test_file.htm (2 yrs old, checks only if AV scanner is running)
Wi-Fi Security Test at http://www.jiwire.com/wifi-security-test.htm
McAfee HackerWatch at http://www.hackerwatch.org/probe/
GRC - Firewall Leak Test download at http://www.grc.com/lt/leaktest.htm
Comodo Online Test download and online at http://www.personalfirewall.comodo.c...ica&country=US (two tests - any firewall)
MISEC Trojan simulator download at http://www.misec.net/trojansimulator/

Some of them actually work pretty well, but they are mostly focused on email. There must/should be others. Such online tests would get zillions of hits > $$. Perfect job for out-of-work hackers.

I'd pay for this service, seriously. There should be as many INDEPENDENT security testing sites as there are security programs. With frequent updates, for two reasons: malware is constantly evolving, and the security programs would "update" their programs very quickly to catch the dummies... to improve their scores. These tests could certainly be as up-to-date as security software, and possibly more up-to-date, which would keep the security programmers on their toes. That could only be a good thing.

I want to KNOW if all the security programs that I have so diligently researched, installed, configured and updated, and updated, actually work? They offer "Tips" to maximize security efficacy. Not enough. I want tests. Real tests of my security software. Maybe I don't have my security configured properly. Maybe some programs are more efficient at picking up the latest malware. Maybe some are better at avoiding false positive reports.

If I had a dog protecting my hen house, I wouldn't ask the dog if he was doing a good job. I'd hire the cagiest fox I could find to bring me some of my chickens' feathers (but not eat the chickens). If he came back with a paw full of feathers, I'd pay him - and find a better dog.

Wouldn't it be a kick to make the screen light up and set off sirens and alarm bells when "dummy" malware is detected? Good feedback. That is, of course, if security software actually works.

Reliable, controlled, safe testing of my computer's defenses against an evolving external enemy that could potentially trash my computer, steal my identity, my money, and my personal documents is fundamental AND potentially lucrative. Surely, I am not the first to see this.

Which leads me to this broader question: Why aren't there more security software tests? Is there a conspiracy to deter the public from testing security software? If so, there can only be one answer to, "Why?"

~~~~~~~~~~~~~~~~~~~~~~~~Eat your spinach, dude.~~~~~~~~~~~~~~~~~~~~~~~~

[lotuseclat79]

Hi brillo,

Download nmap from here and test out all 1-65535 ports on your computer to see if they are stealthed (not closed). When all of the ports are stealthed - no one can run an nmap port scan and deduce that there is a computer at your ip address, whereas, if any one of them is closed - it advertises that there is a computer at that ip address, and an attacker may chose to target your ports with more vicious kinds of fragmented packets that can probably get through any firewall. If your computer becomes a target, and they want to get in - they probably can if they are sophisticated enough.

If you do not have a hardware firewall, get a hardware router with NAT (network address translation) and SPI (statefull packet inspection), for inbound protection, and run a software firewall like ZoneAlarm Free for outbound protection.

I did not see the website for firewall leaktesting here. It has many more tests that can check to see if your firewall setup can prevent outbound compromises.

Also, check the website here for firewall testing.

One last thing, why pay when you could be using Linux and get everything free? Currently, I have no costs for AV, AS, AT, HIPS, etc. I use an iptables firewall the is very restrictive and all of my ports are stealthed. Further, I have figured out a way to be online in a Live CD environment with 1GB RAM, and none of my hard drives (4) are mounted. I can also throw a command that protects them further by spinning them down. The result is that none of my disks are exposed to the Internet when I am online.

When I power down, any malware that makes it past my firewall is toast! I've been doing this for over a year now, and no malware has come even close to my hard drives - and this is all done surfing virtually naked (with no security software other than my firewall) in a Linux environment.

-- Tom

[brillo]

lotuseclat79 - Tom,

I reviewed the research results from Matousec.com (firewall testing) for BSODhook 1.0.0 at http://www.matousec.com/projects/win...odhook-utility.

Their results strongly suggest that "Almost every software that implements SSDT hooks is vulnerable to the bug we introduce in this article. BlackICE PC Protection, G DATA InternetSecurity, Ghost Security Suite, Kaspersky Internet Security, Norton Internet Security, Online Armor Personal Firewall, Outpost Firewall Pro, Privatefirewall, ProcessGuard, ProSecurity, ZoneAlarm Pro, Process Monitor, RegMon are just a few examples of... vulnerable software. There were only two personal firewalls that passed our argument validation testing successfully, Comodo Personal Firewall and Sunbelt Personal Firewall. The only [other] product that passed the tests was Daemon Tools."

and this, "one could say that having security software installed makes your machine unstable and more vulnerable than without it..."

You suggested, "run a software firewall like ZoneAlarm Free for outbound protection." I noticed from the BSODhook discussion that ZoneAlarm tested vulnerable, but Comodo passed the test. I use Comodo. I assume you just mentioned ZA, and don't have a particular reason to favor it over Comodo. Correct?

Your suggested an entirely different security solution:
1. use Linux - eliminate AV, AS, AT, HIPS, etc, costs
2. use an iptables firewall
3. keep all ports stealthed
4. go online in a Live CD environment with 1GB RAM and no hard drives mounted
5. throw a command that spins down the HDs - further protecting them

I like this idea. Linux has been flirting with me for some time. So many programs are now written for Linux and then I saw that Walmart sells a system (laptop?) with Linux for $200... I like the idea of going over the biggest waterfall in the smallest, simplest boat - and surviving. I am this close to going Linux. Maybe you just pushed me over the edge.

I apologize that my ignorance is showing, but could you provide reference(s) for #4 and #5. like how to do these steps? I really want to try this!

Also, I know that there are IPTables script and configuration files available for Linux and programs that generate the script. This appears straight forward. Is it?

Oh, one more thing. The BSODhook discussion says, "this application and its driver cannot be stable or safe to use by its nature." But it also says, "for most hooks of most software we have tested, BSODhook was able to do its job and catch BSODs correctly." In your experience, is this thing safe (with/without the .dll) to test the "usual culprits"? On a scale of 1- 10, what's your opinion?

Bree

[lotuseclat79]

For #4 wait until about mid-April to go here to order the new release of Hardy Heron (8.04) Ubuntu LTS (long term support) [due to be released on April 24] for free shipped to you via snail mail - I always get one of the regular release there, and one of the kubuntu release here. The difference is the environment being either Gnome or KDE.

For #5, the command is sdparm - fetch and potentially change SCSI device attributes. Send commands. Google it to find the man page (man pages document commands in Unix/Linux, and on a Unix/Linux system to see a command's man page, you would issue the command: man sdparm). As I recall, the command was not default on the Live CD, and I had to install it from the Synaptic Package Manager.

You can visit the Linux forum here and look at the description of what I do in the thread entitled "Secure Surfing in a Live CD Environment" here.

Wal-Mart has taken the Linux PCs off the shelves or their brick-and-mortar stores, but as I understand from this article still sells them from their website.

Just to note, you only discussed the results from the matousec.com website, but not the other link I provided to the firewallleaktester.com website - which I consider to be the best one for that purpose. Also, I would recommend you visit the Other Firewalls forum in the Security Software section here for expert discussions on the issues you expressed.

-- Tom

[lotuseclat79]

Hi Bree,

I no longer run my WinXP Pro SP2 setup, so I cannot run the BSODhook utility. When I was running WinXP, however, I did have a number of tools, such as: RootkitHookAnalyzer, RootkitRevealer, and BlackLight, and a couple of tools from the invisiblethings.org website, in addition to some of the tools from Windows SysInternals.

If Comodo performs better than ZA in the tests - go with it in a Windows environment.

My opinion on the BSODhook utility is unless you have the specific Windows kernel versions they cite as providing support for the bugcheck catching mechanism - I would not try it.

The iptables script setup is straight-forward - look for my threads on iptables over in the Unix/Linux TSG forum - there is one that provides a link to a Beginner's firewall with iptables, and a different one to an advanced setup, in addition to another with all of the nuts and bolts detail.

-- Tom

[lunarlander]

You can hire a penetration test team to prod your defences.

Here's the first amongst many companies from google offerrng the service.
http://www.7safe.com/penetration_testing.html