Microsoft Window's Security Test

[Mattimeo]

Really this is a sad security test. I don't think much thought was put into the topic of "Area of attack". Plus, it seems its a bit biased of certain products but more importantly certain known security practices.

[dotRoot]

I use Nessus for a real security check. Although I use it mostly for Linux, there is a Windows version available. Nessus is the most comprehensive client testing application I have ever used. It isn't that hard to use either.

[.KICK]

I scored 82% :)

[velkymx]

Mattimeo - What do you think should be added for "Area of Attack"?

[Long]

I'm sure I replied to a topic about this test before, but it might be deleted or something.

One thing I'd like to state, other than the test doesn't really prove the real security of a system, the name is very misleading. Microsoft Window's Security Test. There is no fact on the survey that this test is conducted by Microsoft for its Windows operating system and has permission from Microsoft. I know the name is trying to suggest this is a security test concerning Microsoft's Windows OS, but it is not an official Microsoft survey it seems.

And the Microsoft one is http://www.microsoft.com/philippines/small...s/sgc/quiz.mspx

Strangely, yours look very familiar to theirs.

[velkymx]

Long - The name of Windows is in fact Microsoft Windows. Hence the name of the test. There is nothing about it that claims to be official.

As for the familiarity, we did a lot of research on a long of test to compile the questions. It should be no suprise that some questions would be pulled from other locations if they were good questions.

[velkymx]

Version 1.03 Uploaded.

[Gongrc]

:cool:

Your Security Rating is Good (87%)!

You've indicated that you don't visit the Windows Update site. Visit Microsoft Windows Update! ( :angry: Kaka!!!)

- use Ghost... :laugh:

[leonx81]

Your Security Rating is Great (90%)!

:)

[Tobey]

Your Security Rating is Good (75%)!

Average User Score: 78.6% from 1131 Users,

It's unbelieveable.......

[velkymx]

Average User Score: 78.6% from 1165 Users

[stromo]

Your Security Rating is Good (81%)!

Yah 4 me... would hate to see a computer with a user score below 50% lol

[mrvc]

I use Power User account in Windows XP. :p But still I chose limited.

Got only 76 because I don't install antispyware software atm.

[velkymx]

Test revised again, there is even a new link!

http://www.synergymx.com/default.asp?T=security

[stopdroproll]

This site sucks. Knock off points because I don't use that crap called Firefox? [ snipped]

Edited April 21, 2005 by stopdroproll

[McLaren_F1]

stopdroproll, please dont flame other ppl (N)

[velkymx]

Why is there such a fan boy mentality about browsers?? You would be surpised how little usine FF vs IE changes your score.

[velkymx]

My favorite is "Firefox SUX - n00b!"

Great feedback!!

[velkymx]

I added a little comments app, much like the comments section of Neowin news.

http://www.synergymx.com/default.asp?T=stuff&ID=19&GC=1

[RightfulSpire]

82%..ssid broadcast..windowsupdate and use a created admin account...oh well...they can have what they can get.

[Yusuf M. Veteran]

Your Security Rating is Great (92%)!

Looks like I scored 92%, that's pretty good.

[velkymx]

Just FYI - this is a best practices test, if you are an expert and are running an exposed system that you know how to handle, this probably isnt for you.

[pacifica]

91%

been in class for a week and now i'm home! ahhhhhhh!!!

[Pete Zaria]

Just FYI - this is a best practices test, if you are an expert and are running an exposed system that you know how to handle, this probably isnt for you.

585814078[/snapback]

Exactly. This test is targeted twards your average home user with little knowledge about security, not network admins/hackers/pros, correct?

Have you thought about writing one for pros? I'd love to see that. If you ever decide to write one like that, let me know. I'd be more than happy to contribute.

Anyway, heres a couple suggestions:

Ask how frequently (if ever) they view their logs, or if they even keep logs?

Ask how frequently they virus/adware scan? (I know you ask about deffinitions, you can have the most up-to-date deffs but still never scan...)

Ask if they have a static/dynamic IP? A static IP obviously makes you more vulnerable...

Ask if they've patched the firmware on their router?

Nice test. Gives a pretty accurate estimate of a normal home user's security.

Peace,

Pete Zaria.

[velkymx]

Great q's pete - now I am going to have to revise the test again! :)

As for an advanced user test, I am going to have to research the MS cert tests. I think many of the questions would be the same, but with more specifics.