Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: iAWACS 2010 : Rules of the PWN2KILL contest
From: Sergio 'shadown' Alvarez <shadown () gmail com>
Date: Mon, 11 Jan 2010 11:48:48 +0100

Hi,

I see a lot of 'what the participants have to do' and 'what the  
participants have to give away', but I don't see anywhere what the  
winner/s of the contest would win in all this.
Where can I find that information? in order to decide if it is worth  
participating or not.

Thanks in advance.

Cheers,
    sergio

On Jan 11, 2010, at 11:05 AM, Anthony Desnos wrote:

iAWACS 2010 : Rules of the PWN2KILL contest
*****************************
http://www.esiea-recherche.eu/iawacs2010/


The PWN2KILL Contest aims at performing a comparative evaluation of
commercial
antivirus software against actual threats.

An actual threat can be defined as any threat that is operationnally
viable. The
purpose is to show that given fixed actual malware threats, the  
different
existing antivirus software are of inequal quality. While a few of  
them
are able
to proactively detect unknown malware using known malware techniques,
most of
them are just able to detect most of the known malware (not all of  
them).

Moreover, the in-depth analysis of existing antivirus software shows  
that a
significant number of malware technique that have been published -- by
hackers,
malware writers, researchers in computer security and computer  
virology
-- are
still not taken into account by commercial antivirus products while  
those
techniques indeed represent actual threats. Consequently, it is more
than useful
for the end user and the final consumer (since AV software are  
products
that we
buy) to know which antivirus at the less worst and which are the  
worst.

The contest board will be composed of a bailiff, of five professional
journalists from the computer technical press and of three  
personalities
from
the scientific/hacking community renowned for their personal ethics  
and
skills.

His role will be to record the test results, decide of their validity
and elect
the three most efficient attacks.

The contest will be based on the only admissible approach: the
experiment and
the attacker's view.

The rules are very simple:
  1.- A number of computers -- each of them with an antivirus  
installed --
      will be available. The environment will be
      - Windows 7 (in a virtual machine for an easy reconfiguration
purpose).
      - User mode (without privilege).
      - No connection to the Internet (to avoid ``external'' attacks  
or
        manipulation during the contest). However to enable truly
network-based
        attacks (input and/or output data), it will be possible upon
request
        to open temporarily an access to the Internet provided that no
attack
        will be launched from the testing machine towards external  
systems.
      - Common applications installed (Microsoft suite, OpenOffice  
Suite,
        Pdf reader...). Any additional application can be added upon
request
        or can be used through personal USB devices.
      - A printer will be available through the network (spec data
available
        upon request).

  2.- Each participant will come with his (malware) code(s) to test
against
      the antivirus software. He can perform any action that a normal
user can
      do (including rebooting the computer, closing a session, using  
USB
      devices...). In case of ``proactive'' warning from the operating
system
      or from any application, the user is free to follow them or not.
Any user
      has not to be an expert in computers in order to evaluate and
interpret
      technical warnings that sometimes refers to normal behaviours.  
As an
      example, warnings like ``an application is attempting to become
resident.
      Do you allow it?'' has no meaning for a grandmother using a
computer.
      She is free to allow it!

  3.- In order to make a comparative and fair testing, any code must  
be
tested
      against ALL antivirus selected for the challenge. The test will
consist
      in two step~: first the code(s) will be scanned (on demand  
analysis)
      then used as intended (on-access analysis).

  4.- Any participant will have first to announce what effect/attack  
he
intends
      to perform. The board will decide whether this attack is
admissible or
      not. An admissible attack is an attack which affect  
availability,
      integrity and/or confidentiality of the system and/or the data  
(data
      system, user data...).

  5.- Any participant will have to write a short technical summary  
of his
      attack(s) which will be published on the iAWACS website. He will
have to
      present his attack(s) during the contest debriefing. A copy of
its code
      will be given to the organizers of the challenge.

For fairness purposes, no participants working for any AV company or  
any
company sharing common interest with AV companies, will be allowed to
participate. Any participant will thus have to sign an assessment form
confirming he is not working for such companies.

The organizers of iAWACS 2010 and of the PWN2KILL challenge have
selected the
following antivirus software:
  -- Avast
  -- AVG
  -- Avira
  -- BitDefender
  -- DrWeb
  -- FSecure
  -- GData
  -- Kasperky
  -- McAfee
  -- Microsoft AV
  -- NOD 32
  -- Norton Symantec
  -- Trend Micro

Only commercial licences will be tested -- in other words they will be
anonymously bought in public stores/website (no demo or free version).
The antivirus will be updated right before the beginning of the  
challenge.

The organizers will publish a technical summary of the results once
validated
by the contest board. No communication will be done directly towards  
the AV
vendors. Only a technical communication and press conference will be
organized
during the iAWACS event. A technical summary will be available on the
iAWACS
website. The complete data and codes collected will be communicated  
only
to the
French CERT-A for analysis and feedbacks. No code will be neither
published nor
distributed.

Any participant is free to communicate later on about his test/code/ 
attack
performed during the contest. In this case, iAWACS organizers are not
responsible for that communication.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault