pcAudit Penetration

Printable View

March 10th, 2004, 11:13 AM
Falcon21

pcAudit Penetration

From http://www.pcinternetpatrol.com :

pcAudit™ is a free security evaluation program, for personal computers, developed by Internet Security Alliance, Inc.

How it works

pcAudit™ is a program developed to simulate an attack by a "hacker". To determine the status of security on this computer, pcAudit™ will try to send data from this computer to Internet Security Alliance's server. If successful it means you either do not have a security program installed, or your present program was ineffective in blocking the data sent from your computer to Internet Security Alliance's server (which it absolutely should have). In either case you have a security problem.

A little more technical

Our research shows that ".dll" files sending and receiving data, to and from the Internet, outnumber ".exe" files by 2 to 1 margin.

Using a "dll" file as a "payload", pcAudit™ will test for vulnerabilities exploited by such notorious malicious programs as "Happy99" or recent "Sircam", overlooked by most personal and corporate firewalls.

Download: http://www.pcinternetpatrol.com/downloads/pcaudit.exe

I see that it passed through my sygate firewall and is there anyway to defend against it?
March 10th, 2004, 11:41 AM
moxnix

This is a loaded test. I tried it two different ways.
1) when my Kerion firewall asked permission to run the program, I denied it and absolutely nothing happened. The program didn't load (just as is suppose to do (or not to do)....I am protected)
2) I gave the program the right to run, and it did. Of course I failed the test then, because the information was sent. But I had to give it permission....first.
On number 2, they of course said I had failed their test and then proceded to attempt to sell me their product. The only reason it (so called) failed was that I had already approved the program to run. When I did not preapprove the program, it just doesn't load and you have no indication that you have passed.
Good piece of social engineering to get you to buy their program.
March 10th, 2004, 01:00 PM
valhallen

moxnix I dont think that it is a piece of social engineering to buy their program - the fact that your firewall is flagging up that there is an attempted outgoing connection shows that you have passed

of course by allowing it you will fail that is the whole point! lol

what it is suppoused to show IMHO is those firewalls which are not successful in blocking it (ones where it makes a connection without you needing to allow it) or people who do not have any security in place at all

v_Ln
March 10th, 2004, 01:26 PM
moxnix

v_Ln, I do think it is social engineering, of the marketing type. When not allowing the program to even load, ie. by not giving it permission, there is nothing to tell you that you have passed or failed. You then run it again, this time granting permission for the program to run, because you might figure you did something wrong the first time. Of course you fail the second time, because you allowed it to run. Then,some users, would think...."Well, I have a hole in my security." So they buy the advertized product to help plug that hole.
I don't consider it to be a fair and unbiased test as say 'Shields Up' would be.
March 10th, 2004, 06:57 PM
valhallen

I can see where your coming from but even someone with the most basic of computer knowledge will know that if they have a firewall installed that if they dont want something to have access then dont allow it.

If they have not realised that simple fact then let them buy whatever software is going cause none of it will protect them.

v_Ln