While Matousec’s Security Software Testing Suite is designed for 32-bit Windows XP, some of the tests work also on 64-bit Windows 7. I gave them a try and got some troubling results:
Level 4 keylog1 - Failed and CIS didn’t prompt for keyboard access
Level 5 keylog2 - Failed and no prompt
Level 5 breakout1 - Failed (While in console the test reports it passed, IE does browse to the Matousec site and receives the failure message.)
Level 6 ddetest - Passed actually, but only if IE is disallowed to execute its own image iexplore.exe - which IE requires allowing atleast once. No alert about Window Message which I assume there should have been.
Level 6 firehole - Failed and no prompt
Level 7 keylog5 - Failed and no prompt
So it seems keyboard logging is possible and the firewall can be bypassed by taking control of a browser.
Settings used: New installation with Maximum Proactive configuration, Sandbox disabled, Defense+ in Safe Mode and tests repeated in Paranoid Mode, signed applications not trusted. CIS version 4.1.150349.920.
So, bugs or limitations on 64-bit platform? Developers, any comment?
I would not worry too much, every time someone comes in here saying comodo has been bypassed I test it and it has not. I would test these too but I don’t have windows 64 bit to try it out with.
If somebody bear with me and explain me as for dummies how the heck I can use that suite I’ll happily test those bypassed tests. Weekend is started here and I’m bored to death. ;D
Before you laugh at me I’ve downloaded that suite and run exe’s from folders but a brief cmd windows appears and disappears. :o
Quote “SSTS is designed for Windows XP Service Pack 3 with Internet Explorer 8.Various tests may be compatible with other Windows versions and browsers too,but the functionality is not guaranteed there.”
The tests that do work and CIS fails to catch are what matter. They leave observable evidence, not hiding behind a gui that only gives a fail/pass result for each or clean up after themselves including repairing anything they may break. (The particular tests mentioned shouldn’t be damaging but some in the test suite can be.)
You won’t be able to use the test suite to create a full evaluation a la Matousec for Windows 7 64-bit but that’s not the point here. We don’t usually get a chance to ask for a “Windows 7 Ready” sticker from malware either.
Warning: This software is used for testing of security products and should never be used on production machines. Using this software may damage or erase your data. This software is provided “as is” and without warranty of any kind. More information about each test can be found in its source code file and in the shared source code files of the whole suite.
By using SSTS you agree with its licence that is included in the archive in licence.txt.
Download SSTS.
System requirements
SSTS is designed for Windows XP Service Pack 3 with Internet Explorer 8. Various tests may be compatible with other Windows versions and browsers too, but the functionality is not guaranteed there.
It would be interesting to get Dave Matousec’s opinion about these tests being used on Win 7 x64, but then maybe he’s already expressed his opinion on the validity of these tests in this excerpt from his website.
I’ve run the mentioned tests again on 32-bit Windows 7, on which CIS successfully intercepted them, so these issues seem specific to 64-bit CIS and WoW64.
It would be interesting to get Dave Matousec's opinion about these tests being used on Win 7 x64, but then maybe he's already expressed his opinion on the validity of these tests in this excerpt from his website.
Some of them cannot run or work properly because they attempt to load 32-bit drivers or use other too platform specific methods, others can. On 32-bit XP and Win 7, CIS can successfully intercept those methods of DLL hooking, DDE, window messaging and keylogging so something’s amiss. I think that much is valid.
Don’t forget that there are still a few hooks that CIS has not activated on 64bit version…
There must be some post around here, I’ll see if I can find it.
Thanks for the link, either the search has been acting up or I don’t know how I’ve missed that. Do hope that some progress with these issues is made soon.
mmm, i have considered a time to switch to CIS because my KIS2010 licence is closed soon BUT since i read there is not full protection on W7/64 i think i’ll buy KIS2011 (safer for me…).
I’m disappointed about security software in 64bit like OArmor witch work not properly, KIS lost somes features (safe run), CIS lost somes protection, Trend micro Web add-on work not etc etc
And also since i saw the MRG video, i’m very very afraid with CIS… even if i feel CIS is not alone to be vulnerable to an uninstallion attack… (KIS is protected against that i known)
Yes Microsoft made it harder for both parties, their patch guard and other new restrictions on 64bit is a new way to turn for both malware writers and security software vendors…
I personally don’t think these hooks pose “high risk” to your system if you know a little bit on how to stay secure, for a program to key-log it first has to get installed on your system so there should have been alerts already on other parts of the program to prevent that.
If they can Comodo should be able also I hope the next version will have this protection re-instated!
I assume you’ll test it once the beta is released? I don’t have a 64bit version at hand…
