【红包悬赏】测试&分享，你的网络安全防护状况……

arenceyu

红伞p版+OFP(关间谍&关网络控制)+sandboxie
zip     用IE打开压缩文件里的东东小红才有反应
jpg     这项小红安全通过

拒绝服务  又被。。。。

远程代码执行  继续被.......

钓鱼 默哀中.......

恶意代码 无语ing

Java程序  在不报什么希望的情况下居然出现了个小惊喜

ActiveX 控制 通过

网址过滤  这个延时，找不到服务器所以没测试

小结：总的来说本人觉得成绩还不错，个人感觉如果把OFP的网页监控打开成绩可能会有所提高。但楼主给的测试地址实在太。。。。就没做测试了。

wang7812

那个网址打不开

cs0726

360杀毒1。3 beta 和安全卫士v4。4，风云1。27
zip是下载查到。

OK： ZIP、JPG 、Java程序、ActiveX 控制

NO： 拒绝服务、远程代码执行、钓鱼、恶意代码

网址过滤（链接超时）


楼主，你的CA是哪个版本的？我要用

[ 本帖最后由 cs0726 于 2008-10-23 15:42 编辑 ]

铩雨骑士

KV2009
OK：.zip、.jpg、ActiveX 控制、Java程序、恶意代码、拒绝服务
NO：远程代码执行、钓鱼

感觉还可以 金山清理专家网页防护基本没用上……

sanhu35

红伞

helix

Avira Antivir Premium＋Outpost＋AVG anti-spyware+IE7.0
通过：.zip、.jpg、Java程序、ActiveX 控制、网址过滤（无法打开）
未过：拒绝服务、远程代码执行、钓鱼、恶意代码

Avira Antivir Premium＋Outpost＋AVG anti-spyware+Opera9.61
通过：.zip、.jpg、Java程序、ActiveX 控制、拒绝服务、钓鱼、远程代码执行、网址过滤（无法打开）
未过：恶意代码

[ 本帖最后由 helix 于 2008-10-23 16:46 编辑 ]

yogi.chen

Test Name:	Denial of Service (DoS) Demo
Security Status:	You are vulnerable

Details:  Our test indicates that your Web Security policy did not block malicious content from entering your network

Solution:

To block this malicious code from entering your network, make sure to enable the [Block Application Level Vulnerabilities] rule in your security policy

Code:

var a = new ActiveXObject('mhtmlfile'); a.location = http://www.finjan.com;

Test Name:	Remote Code Execution (RCE) Demo
Security Status:	You are vulnerable

Detailes:  Our test indicates that your Web Security policy did not block malicious content from entering your network

Solution:

To block this malicious code from entering your network, make sure to enable the [Block Application Level Vulnerabilities] rule in your security policy

Code:

Set cf = CreateObject("Scripting.FileSystemObject") If Not cf.FolderExists("c:/Finjan/") then     flag=cf.CreateFolder("c:/Finjan/") End if Set s = CreateObject("Shell.Application") s.ShellExecute "cmd.exe /k dir C:>c:/Finjan/FinjanVbsDemo.txt"

Test Name:	Phishing Demo
Security Status:	You are safe

Details:  Our test indicates that your Web Security policy blocked malicious content from entering your network

Security Status:	You are vulnerable
Details:	Our test indicates that your Web Security solution did not block malicious content from entering your network. You can see a sample of the malicious code below. The code did not execute on your browser yet. To simulate a real web attack, click Run Code and the browser will crash due to web vulnerabilities that you are exposed to.
Code:	var t='219215211146...3184'; dcrd+=String.fromCharCode(c-preT); eval(dcrd);

Test Name:	Java Applet
Security Status:	You are safe

Detailes:  Our test indicates that your Web Security policy blocked malicious content from entering your network

Test Name:	ActiveX Control
Security Status:	You are safe

Detailes:  Our test indicates that your Web Security policy blocked malicious content from entering your network

anndyzhou

Vista sp1
Kis 2009+Mp
PASS:zip、jpg、Java、Active
Fail:拒绝服务、远程代码执行、钓鱼、恶意代码
P.S.:在总个过程中MP（开了防火墙）都没有任何反应

dikaios

错误!
无法连接到远程服务器

您尝试访问这个地址 http://www.finjan.com/Content.aspx?id=577，目前不能打开。请确定这个地址（URL）的正确拼写和标点，然后重试。
确定您的网络连接是否激活，并检查是否有其他使用相同连接的程序正在工作。

hseafly

Avira AntiVir+LooknStop
过：.zip、.jpg、Java程序、ActiveX 控制
不过：拒绝服务、远程代码执行、钓鱼、恶意代码