I thought I’d put together a few ways of testing your systems security setup. These are not virus or malware scanners but various ways of testing your current security software.
This is Part One of my Guide – Part Two of the guide covers more.
Virus Test
The Eicar Virus is a harmless virus that contains a string of characters that will be recognised by all Anti-Virus or Anti-Malware vendors. By downloading it your a/v should detect it and attempt to quarantine it. It can be downloaded in various formats (.txt, .zip) and is available here:
The file will test that your antivirus is functioning properly.
Trojan simulator is similar but installs a process and a registry autostart entry that your av package should detect:
Firewall Testing
Inbound
A firewall should be able to block incoming attacks from trojans or hackers. To test this ability it is good to see which ports are hidden on your computer or “stealthed”.
A good website to test your stealthed ports is GRC Shields Up! Follow the link below then click on shields up and follow the simple instructions.
For a firewall to be effective it needs to stop malware from contacting the internet. Malware may connect to upload stolen info, download more malicious software or serve you adverts.
Outbound
To test whether your firewall will allow leaks in different ways you can use the software from Comodo on this page:
Firewall leak testing tools from Comodo
This software when run will try and communicate with the internet in various sneaky ways to try and bypass your firewall. A good firewall should stop these methods. Don’t let your A/V block the file, as it may be detected as a potentially unwanted program but isn’t a virus.
Popups, as well as being really annoying can serve you malware. To test your Browsers Popup stopping ability then try these links:
Online Phishing Sites Testing
PhishTank has a list of recently submitted phishes (website forgeries designed to scam in some way). The confidently brave or secure can check out these by surfing to these links… But be wary of clicking on these sites as they can often serve viruses. If a phish is detected then your security software’s phishing protection should warn you. Firefox and Internet Explorer in built phishing filters should also provide protection or warnings.
Conficker Test
To test whether you have the conficker worm, this website will load an image from some of the websites that the conficker worm attempts to block. The site explains itself better than I can but essentially if you are missing the images you could be infected.
Browser Security Testing
Browsers have various security issues and to test your browser then surf here:
You may only have vulnerabilities if you are not running the latest version of your browser.
Test Your Email Spam Filter
This website will send you a number of emails designed to test your email software’s spam filtering abilities in a variety of ways:
Photo by Wetsun
This is Part One of my Guide – Part Two covers more.
Think of any other ways to test your security setup for free? Let me know in the comments.
Popularity: 100% [?]
Related posts:
Atul
8 months ago
nice post man
Jonny
8 months ago
Thankyou and welcome to Jonnysblog. :)
Pallab
8 months ago
Excellent post. Testing for viruses is hard though. Mainly because pretty much all av vendors make sure that they detect commonly used tests like eicar.
However, the firewall leaktests are good to test your firewall configuration.
Pallab´s last blog ..Dasient Web Antimalware Prevents Websites From Getting Blacklisted
Jonny
8 months ago
Thank you Pallab. Unfortunately your right. It is dificult to test the efficiency of an a.v. or firewall. The Eicar test virus only acts to prod your a.v into detecting something. Matousec do a great job of probing firewalls but not all companies agree with their findings (mainly the ones at the bottom of the list).
Arenlor
8 months ago
May I suggest you add GRC’s Leaktest to the outbound. http://www.grc.com/lt/leaktest.htm Also GRC’s cookie testing: http://www.grc.com/cookies/cookies.htm and don’t forget Kaminsky GRC can test your DNS https://www.grc.com/dns/dns.htm
Jonny
8 months ago
Yeah thanks for sharing these, I believe that the leaktest is passable by nearly all firewalls these days but grc is a great resource. They have a great podcast from there too Security Now.
Tech Thoughts Daily Net News – July 13, 2009 « Bill Mullins’ Weblog – Tech Thoughts
8 months ago
[...] 13, 2009 · Leave a Comment How To Test Your Computers Security – I thought I’d put together a few ways of testing your systems security setup. These are [...]
PC Security
7 months ago
Nice compilation.
Browser is an important application on your PC. You can test the security of your browser here.
http://bcheck.scanit.be/bcheck/index.php.
PC Security´s last blog ..PC Security 2009 – Removal Instructions for Free
esa
7 months ago
Fortunately my linux box doesn’t need all this crap. Just an anti-rookit, that runs automatically with cron, spamassassin and a good knowledge of Iptables.
good luck with your bloatware.
Jonny
7 months ago
Thanks for that! :)
hdolle
2 months ago
what about physical security? faqs, tutorials, and pdfs for tards would make this complete.
Jonny
2 months ago
They would be whole other posts but thanks for the comment, I hope you’ve read Part Two of this guide?
Twitted by InfoSec208
2 months ago
[...] This post was Twitted by InfoSec208 [...]
Jonny
2 months ago
Thanks for sharing on twitter!
How to Check if Your Page Has Been Stumbled.
2 months ago
[...] recently had one of my posts stumbled quite dramatically. This led to a very nice boost in traffic. As an avid user of [...]