SECURITASK 2005

Publié le par Kareldjag aka Michel



SecuriTask2005








Securitask 2005 is a french product which is considered as a firewall application by its authors.


This software prevent unwanted process from running on the system.


Securitask2005 has also the ability to block/lock unwanted/untrusted services from installing or being modified.





The installation is easy, quick and requires a reboot.



SecuriTask has also a protection of Internet Explorer modules against spywares.







Securitask 2005 is a paid product which costs 49.95 euros.





TEST:



Configuration:



-on " interactive mode" (alert for each executable),

-all features are enabled and test files are run as unknown process (not integrated on Securitask2005 list as trusted or blocked).





***Execution protection with Leaktests:



Securitask2005 detects Copycat, DNSTester and Ghost and has the ability to block them.

ST2005 is the winner.




***Process Termination:



SecuriTask.exe is easily terminated but any new launched application can't be executed (even the hour on the systray is still bloked).

The process is terminated but the system's still protected: SecuriTask is the winner.




***Dll injection/implant:



SecuriTask2005 failed against Zapass and Copycat.





















***Process Hijacking:



SecuriTask2005 failed.











***API Manipulation:



-with APISpy32: ST2005 failed.



-with ExecuteHook: ST2005 failed (just detects the noptepad's hooks).


-with Kapimon: ST2005 failed.



SecuriTask2005 failed against API Manipulations tests.




***Finjan Tests:



-F.Demo: ST2005 failed.

-F.VBS: ST2005 failed (but detects Windows Host Scripting).


-F.JPG: ST2005 failed (just detects the packager).





SecuriTask2005 failed against Finjan Tests.




***Registry Tests:



-with Regtest 1 and 2: ST2005 failed.



-with Scoundrel Simulator: ST2005 failed.



Others registry tests are unnecessary.



SecuriTask 2005 failed against Resgistry Tests.




***Trojan Simulator:



SecuriTask2005 detects the action launched by the trojan Simulator and can block the installation: SecuriTask 2005 is the winner.


***Memory Manipulation:



-with UH: ST2005 can't prevent its own process to be read and written.

SecuriTask2005 failed.





-with Physmem: ST2005 failed.



SecuriTask2005 failed against Memory Manipulations tests.




***Data Theft:



ST2005 can just detect that Trojan demo has launched calc.exe, but can't detect all others actions (attempt to folders...).

SecuriTask2005 failed against Data theft test.




***Service/driver Manipulation:



-installation: ST2005 is the winner.







-termination: not possible (does not work as a service).



-modification: not possible.



-unloading a driver: ST2005 is the winner.



I consider that Securitask2005 is the winner against driver/service manipulation.


***CDROM autorun:


SecuriTask2005 is the winner.






***Fakes/Jokes:



-open/close the CDRom drive: SecuriTask2005 failed.



-launch several applications at the same time: SecuriTask2005 is the winner.





SecuriTask2005 is the winner against Fakes/Jokes test.




***Buffer/Heap Overflow:



SecuriTask2005 failed.




***Deactivation Methods (with Autorun3):



-trashcan: ST2005 failed.



-blacklisting: ST2005 failed (automatically wiped/erased by Autorun3).



SecuriTask2005 failed against deactivation Methods.





CONCLUSION:
















***The Pros:




-effective as a firewall application,



-effective protection against unauthorized service installation (usual rootkit method) with the "Lock services" option ,

NB. For installing a new software or conguring Windows services settings on the Control Panel, it's recomended to disable this option.


-real and effective integrity protection of Internet Explorer modules (verified with a special test with Kapimon),



-Very easy to use and to configure,



-hidden hook modules,







-three administration mode (interactive, restrictive, permissive),


- provide an effective protection on secure mode (restrictive): any unknown application (not integrated on the configuration) can't be run: according to authors, this mode was tested with success during a risky surf (no AV/AT/AS/Firewall/Windows unpatched/porn and warez sites) and no infection was noticed (but i've not verified this affirmation).


-can cover scripts,


-nice graphic interface.






***The Cons:




-does not protect against advanced attacks/threats (interactive mode),



-expensive, in comparison with the features and others products,



-the "lock service" option is not configurable (no list of allowed or blocked service): if we run a new program which works as a service, then SecuriTask block it



-Slowing down of the system (consume too much resources),



-no help file or pdf manual, but just a poor little faq on the web site: a shame regarding the price.


-try to connect to internet.







COMMENTS:




SecuriTask2005 is a young product which is a little bit similar to ProcessGuard (Gui, service locking feature) but less powerfull and effective.

Securitask2005 is very easy to use and to configure: that's its first quality.



Therefore, this product can be used by beginners and classicals users which have IE as default browser.



Securitask provides a high degree of security only on restrictive mode (any unknown code execution is killed).

But the price is really a major default, especially regarding others products which provide a best value for money.




NB: In order to download the latest version, i've entered my email on the dowload area, and then i've been automatically subscribed to Securitask mailing list.

This kind of manner is scandalous and could be considered as a privacy violation.


I keep the sense of humour and i will not call the police or alert Interpol.



But it's my turn to be incorrect: on the next links, trial versions of SecuriTask2005 are available (exe and zip file) and you don't need to subscribe to the mailing list.



Securitask2005 A

SecuriTask2005 B



Hashes for .exe:

Hashes for .zip:



COMMENTAIRES:


SecuriTask2005 est un produit récent d'une petite société française.

Son pricipal atout réside dans la protection de l'integrité d'Internet Explorer, mais également dans sa fonction efficace de contrôleur d'activitées.


SecuriTask2005 intégre aussi une protection contre l'installation non autorisée de service/drivers (méthode utilisée par les rootkits).

En mode "sécurisé", SecuriTask2005 offre une protection efficace et peut empêcher automatiquement l'exécution de processus inconnus.


Le pricipal inconvénient reste son prix élevé (49.95 euros), sachant que d'autres produits offrent une protection plus complète mais avec un meilleur rapport qualité-prix.


Toutefois SecuriTask2005 peut interésser les utilisateurs ne pouvant se passer du navigateur de Microsoft et soucieux de disposer d'un outil aisé aussi bien à configurer qu'à utiliser.



RATING: 7/10

Publié dans HOST INTRUSION and PREVENTION SYSTEM TESTS

Pour être informé des derniers articles, inscrivez vous :
Vous aimerez aussi :
ABUSE SHIELD
ABUSE SHIELD
ALL-SEEING EYE
ALL-SEEING EYE
PODIUM and OVERALL
PODIUM and OVERALL
SOFTCLAN INTEGRITY 2005
SOFTCLAN INTEGRITY 2005
GENERAL POINTS
SAFE'N'SEC
Commenter cet article