Will my security software prevent my confidential data from being transmitted to a hacker?
Will my security software stop a virus from corrupting or destroying my important documents?
TEST YOUR SECURITY SOFTWARE & find an answer to these questions right here. Learn more.
Let your voice be heard!!
Test your security software and publish your results on this website.
Ghost
Test Description
Generally, when an application access the Internet, a firewall will use the Windows API to retrieve the parent PID and name (the executable which launched the trusted application) After the firewall has obtained this information they 'freeze' it (temporarily block the connection) and ask you what to do (allow/deny).
To avoid detection in the manner described above, Ghost shuts itself down then restarts itself after it has provided the information to the default browser. This allows it to change the PID and continue to send data.
Ghost tries to open a single web page and to send a string to it. Obviously, this string is dummy data in this case. However, if this was
a genuine malware program, then this string could, in theory, be your credit card number.
If the test is a success, this means that your firewall "parent/child network access monitoring" is checking too late that one executable is launching another to access the Internet.
| Test Details | |
|---|---|
| Author | Guillaume Kaddouch |
| Website | http://www.firewallleaktester.com |
| Type of Test | HIPS and Firewall |
| Techniques used | Parent Substitution |
| Operating System(s) | Windows 9x/ Windows Millenium/ Windows NT4/ Windows 2000/ Windows XP |
| Number of Tests | 1 |
| Zip filename | Ghost.zip |