http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

	Backdoor.alm	Bifrost	Rootkit FQ	Rootkit EZ	Small.emw	Rootkit EY 1	Rootkit EY 2
ProSecurity	OK	OK	OK	OK	OK	OK	OK
AntiHook	1/2	OK	OK	OK	OK	OK	OK
Online Armor	OK	OK	OK	OK	OK	1/2	OK
Dynamic Security Agent	1/2	OK	OK	1/2	FAIL	1/2	FAIL
EQsecure	OK	FAIL	FAIL	FAIL	FAIL	OK	OK
Process Guard	OK	FAIL	FAIL	FAIL	FAIL	OK	OK
SystemSafety	OK	FAIL	FAIL	FAIL	FAIL	OK	OK
Prevx	OK	FAIL	FAIL	FAIL	FAIL	1/2	OK
CyberHawk	1/2	FAIL	FAIL	FAIL	FAIL	FAIL	OK
PR SafeConnect	FAIL	FAIL	FAIL	FAIL	FAIL	FAIL	FAIL

Ratings：

1st : ProSecurity 1.30 > 7 on 7 > Excellent

2nd ex-aequo : AntiHook 3.0 and Online Armor 2 > 6,5 on 7 > Very Good

3rd : Dynamic Security Agent > 3,5 on 7 > Average

4th ex-aequo : EQSecure 3.3, Process Guard 3.410 and System Safety Monitor 2.4.0 > 3 on 7 > Poor

5th : Prevx 2 > 2,5 on 7 > Poor

6th : CyberHawk 2.0.4 > 1,5 on 7 > Very Poor

7th : Primary Response SafeConnect 2.1 > 0 on 7 > None


------------------------------------------------------------------------------------------------------------

The programs tested

10 HIPS were included in this test. (Comparatives results are available in the last page, see below).

One of them, Dynamic Security Agent (freeware), was tested in another review, here : http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm  The tests against these samples are located in the bottom of the page. Other programs are :

Process Guard Full 3.4  Tests : process_guard_unhook.htm

Online Armor 2.0.1.203  Tests : online_armor_unhook.htm

CyberHawk Pro 2.0.4  Tests : cyberhawk_unhook.htm

ProSecurity 1.30  Tests : prosecurity_unhook.htm

System Safety Monitor 2.4.0.618  Tests : syssafety_unhook.htm

Prevx 2 (v 1.0.2 build 56)  Tests : prevx_unhook.htm

EQSecure 3.3 (freeware)  Tests : eqsecure_unhook.htm

Primary Response SafeConnect 2.1.0.661  Tests : [url=http://membres.lycos.fr/nicmtest ... econnect_unhook.htm]prsafeconnect_unhook.htm[/url]

AntiHook 3.0  Tests : antihook_unhook.htm

[ 本帖最後由 Roger 於 2007-7-27 08:44 編輯 ]

這個測試所使用的樣本規格太高了
拿去給主流防毒軟體測試也會讓他們死的很難看
cyberhawk將在下個版本作出對這些樣本的抵禦

樣本在哪

引用:

原帖由 天氣預報 於 2007-7-27 09:26 發表
樣本在哪

您先玩玩看這隻吧！
http://www.badongo.com/cn/file/3661018

運行prueba.exe，發現下列行為，被EQ-Secure RC4攔截！

引用:

2007-07-27 10:01:10    创建文件      操作:允许
进程路径:D:\desktop\virus\prueba.exe
文件路径:C:\Documents and Settings\HungAndy\Application Data\Sandbox\DefaultBox\user\current\Application Data\addon.dat
触发规则:黑名单->白名單->C:\Documents and Settings\HungAndy\Application Data\Sandbox\*


2007-07-27 10:01:11    直接操作系统内核      操作:阻止
进程路径:D:\desktop\virus\prueba.exe

触发规则:所有程序规则->*

1.它會在C:\Documents and Settings\HungAndy\Application Data\生成
   addon.dat
2.它會直接操作系统内核

[ 本帖最後由 Roger 於 2007-7-27 10:07 編輯 ]

EQ的兔總版說，3.4版可以全部通過了

http://www.eqspywatch.com/bbs/read.php?tid=5349&page=2&fpage=1







[ 本帖最後由 Roger 於 2007-7-27 17:08 編輯 ]

看起來DSA FREE相當強悍啊。在matousec的Leak-tests也名列前茅。可是為何很少人提及的樣子？操作不方便嗎？

楼主的测试标准是什么
EQ不至于这么差吧

引用:

原帖由 紅心王子 於 2007-7-29 09:46 發表
楼主的测试标准是什么
EQ不至于这么差吧

那個網站是用EQ 3.3版測試，所以無法攔截！