看来大家都还是理性对待这次测试的,至少在本区是这样。官方论坛对次测试反响颇多,有几个“官人”的回复和大家分享下:
”We have reviewed the results. Dont worry. There are 3 issues to be highlighted here.
1 - There is a single bug in CIS/CFP which affects the previsous versions too.
This bug allows CFP/CIS to fail to detect a special type of handle duplication operation. And thats why it cause CFP/CIS to fails the following tests:
Kill1.exe kill2.exe: kill9.exe kill12.exe crash1.exe crash2.exe crash3.exe crash4.exe crash5.exe crash6.exe
Do not worry. We have fixed the bug and you will be receiving the update on Tuesday(2/12/2008).
简单的说就是12月2号有新版本啦 , 会修复一些导致没通过以上项目的bug
2 - There are errors in the test report:
CFP/CIS does not fail the following tests: kill3b.exe kill3f.exe kill3e.exe kill5.exe SSS2.exe SSS3.exe
It is unclear why CFP is reported as failed in these tests. You might try yourself and see. Attachment contains ssts.conf file with which you can test CFP/CIS.
CFP/CIS intercepts system shutdown privilege elevation requests and hence effective blocks sss2.exe and sss3.exe tests.
CFP/CIS can not be terminated by any of those kill tests.
这条申明测试结果有误
3 - There are some insignificant tests that do not pose any real threat and hence we will not do anything about them.
--------------
CFP/CIS is marked as failed in the following tests: SSS.exe i.e. System Shutdown Simulation tests.
--------------
It has been scored 50% because CFP/CIS does not intercept system shutdown requests. This is the testing methodology of the tester.
System shutdown poses no real threat. The malware waits for system shutdown to perform its harmful actions. So whether you intercept or not, it can attack the user when the user manually logs out. Original System Shutdown Simulation tests do care about this fact.
So we do not plan to add this redundant protection to pass any tests.
--------------
socksnif.exe: This test is designed to test if a malware can snif your network connection or not.
--------------
If "\Device\Afd\EndPoint" is added to the Defense+ My Protected Files list, this can be easily intercepted. Adding this entry to the protected files means, making Defense+ to alert you for each and every application which tries to access Windows Sockets. (个人的My protected File里只有*.* ,拦截过这个,估计全盘监控的朋友们通过相关测试肯定没问题 )
However, we do not plan to add this to our default protected files. Because
* It poses no real threat. Malware can not sniff your everyday bank transactions because everything is already SSL encrypted,
* This is basically no different than sniffing your network traffic from another computer,
* It will increase the number of popups unnecessarily,
--------------
crash7.exe: This test tries to allocate all the memory of the computer to crash applications including the security software
--------------
It might be possible for an application to crash if there is no more computer memory available. This is usually a random case. We do not plan to make any changes to pass this test because
* The crash can be random, intermittent and ubiquitous
* Assuming CFP/CIS processes also crashed, there is no real threat to the system because by terminating CFP/CIS, malware will not gain any advantage for byapssing Defense+.
So in summary: by terminating CFP/CIS, Defense+ will not be able to be bypassed.“
官方人认为以上三种测试所假想情况并不会带来实质性的危险,并不打算为对此做出改动。(相当“固执” 啊)
CEO 的部分回复:
”We hope he will correct it soon. We also hope as a goodwill gesture he will test the bug fixed version and update his results accordingly.
This shows that its important not to rely on a single person's test results and use a full test application like testmypcsecurity.com in order to avoid the human error.“
貌似这个测试是由个人而非小组完成的?疏忽纰漏在所难免。 |
发表于 2008-11-30 19:54:37
楼主
大致的都了解了,毛豆反泄露还是不错的。
