Microsoft Window's Security Test

[velkymx]

Think you know Windows Security? Think again. Test you knowledge of Microsoft Windows with our online quiz.

The Microsoft Window's Security Test is designed to test you overall knowledge of security within the Microsoft Windows environment. Special care has been taken to break down the areas of testing and the patterns of security within each person. It not only tests the user's software setup, it also asks general knowledge questions and even online habits.

Question Categories include: General Knowledge, System Information, Online Habits, Are You Infected?, Window User Accounts, and Security Setup.

Test you skills and see where you stack up against others who have taken the test before you.

New:

6 New questions!

More recommendations

Improved scoring and statistics

The Test: http://www.synergymx.com/security.asp

Go Digg It!

http://digg.com/security/Test_Your_Window_...urity_Knowledge

Please post any feedback!!! ;)

Edited October 20, 2006 by velkymx

[5Horizons]

66%

"Browser the internet more safely" -> "Browse"

Nice graphics, and the test is much better this time around.

[velkymx]

:whistle: Fixed.

Thanks - I did a ton of research on the new questions to make it more diverse.

[whitedragon]

95% :D

[5Horizons]

I think that it would probably be nice to have an explanation for each item the user picks that would represent "bad" security, like an overview when the test is over explaining how each section is graded and what the best practice is for that particular thing. Kind of an expansion of the bottom bulleted items. Assuming that this is geared for more novice-level users, that is.

[JustGeorge]

83% I'm not a big fan of Automatic updates because its unreliable and slow. Broadcasting SSID isn't much of a security risk if your network is encrypted.

[velkymx]

Yeah - but that would take the fun out of re-taking the test! Not to mention that is why there are recommendations.

I think I am going to put together an article on how to lock down windows accounts.

[velkymx]

denzilla - Automatic updates and frequency of visiting the Window's update site are both taken into account.

[bfoos]

81% Would have been higher but I don't use automatic updates and I don't use a limited user account nor is it passworded.

Gramatical error on question #11

"frequest" should be frequent ;)

Nice little test ya got there. (Y)

Also, how does surfing pr0n sites and using p2p for warez affect your score? Maybe you could add a more advanced option for filesharing, such as usenet?

[Hexlord]

I got this:

Your Security Rating is Good (74%)!

[velkymx]

frequent fixed.

[Cancenk]

Your Security Rating is Good (86%)!

Better test this time, however under Do you have firewall and/or router? It does not give an option if you select both for a hardware router/firewall and software firewall besides the windows xp software/router. What about third party apps and router/firewall?

Other than that very very good.

[velkymx]

Not p0rn - adult content!

[+Xinok Subscriber²]

83%

[Pete Zaria]

I like the general idea. It's quite well written, but tailored more twards home users than professionals (there are obviously no in-detail questions about IDS systems, any OS besides Windows [cough I use linux on half my machines cough], etc...)

My nitpicks:

"26. Do you have firewall and/or router?

Yes, Both Firewall Only Router Only No Unknown

26a. Select your setup:Software Firewall (ZoneAlarm, Norton, etc.)

Windows XP Firewall

Windows XP Firewall with router

Router with integrated hardware Firewall

Windows XP Firewall with Router and hardware Firewall"

Well I have Sygate on all my Windows boxes and Shorewall on all my Linux boxes, plus a Linux firewall (SmoothWall) guarding my whole network. You don't really leave me an accurate answer.

You should also consider asking if people have updated their firewall / router's firmware. Old firmware on your router/firewall is a huge security risk.

Under Wireless, I'd consider including "Are you using MAC authentication?"

Under Online Habits, you might want to ask how frequently users erase their tracks and how throughly? I.E., I do surf porn sometimes, but I use TweakXP and a few other utilities to completely erase my surfing tracks. I also use 3 different anti-spyware programs on my Windows boxes (linux doesn't seem to have any problem with spyware... :D ), so I don't think my online habits pose any security risk.

Maybe ask if they host any server of any kind (ftp, web, game, basically anything that would leave ports open) ?

This looks pretty good all in all. It provides a reasonably accurate idea about how secure you are (for a home user, that is). Have you considered including a basic java port scanner, or a utility to check what personal data your browser is "leaking", and including this info in the score?

I got an 83 and I'm not sure why. The only "negative" things I answered would be:

I use IE as my primary browser on my Windows boxes, and Outlook for my email. Obviously using mainstream Microsoft progs like this is a slight risk, but behind my firewalls and with my setup, I really don't think its a problem. So maybe you should factor firewall/spyware/antivirus/etc... into rather using these programs is a "risk" or not? I don't even know if you could do that with asp.

I "frequent adult sites", but erase my tracks carefully. Again, I don't think this is a risk, but if you didn't know how to erase your tracks properly, it deffinately could be.

I do use p2p programs, but I have one machine dedicated to p2p and isolated from the rest of my network to prevent any security risks there. I have no idea how you'd factor that into your quiz.

All these are just suggestions. I don't mean to critisize your work, just help you improve it. Keep it up, dude.

Peace,

Pete Zaria.

[velkymx]

Thx Pete! (Y)

[bfoos]

Not p0rn - adult content!

585701182[/snapback]

Whatever you say sir. :) I fail to see how using filesharing apps to dl music, movies etc. Should deminish your overall security rating. Not everyone who uses them are n00bs. There also needs to be more diversity in choices for answers on many of your questions. Not everything is as cut and dry as a definite yes or no. I may look at sites with adult content but to say no to that question would be false and to say I frequent them would be an overstatement. Like I said before it's a nice test. It just needs some tweaking. In it's present state, I don't feel it's a very acurate rating of my security awareness. Keep it up man, it'll get there! :)

[velkymx]

Jaded1 - its all about the risk. If you are using P2P for example, you do open yourself up to a greater risk then someone who does not.

[Caledai]

Noticed a prob. I got 85% - I listed as visiting windows update freq and got a recomendation that i don't visit windows update.

[sandman45654]

Very nice quiz :yes: . I got a 79%. I have three possible suggestions for you. I think question 7 should ask if you read mail in plain text. On 21 you may want to ask about password length. I don't use both letters and numbers but my password is almost thirty letters long lol. You may consider asking if you use NTFS & EFS.

[bfoos]

Jaded1 - its all about the risk. If you are using P2P for example, you do open yourself up to a greater risk then someone who does not.

585701262[/snapback]

Well the thing is, I do use a file sharing protocol but it's not p2p. I don't think usenet is opening me up to much of anything. I do retract my comments about the adult content though. I'm on medication and drifting in and out. I misinterpreted the question. I still don't see what browsing a bit of skin using firefox is putting myself at risk though.

The question about what kind of user account you use needs another option though. I don't use the default admin account, nor do I use a limited account. My account is however in the admin group. You lose points if you pick admin (default).

[Pete Zaria]

Very nice quiz :yes: . I got a 79%.  I have three possible suggestions for you. I think question 7 should ask if you read mail in plain text. On 21 you may want to ask about password length. I don't use both letters and numbers but my password is almost thirty letters long lol. You may consider asking if you use NTFS & EFS.

585701433[/snapback]

I don't mean to turn this into a security/hacking topic, but...

With RainbowTables (more info at http://www.antsight.com/zsl/rainbowcrack/ ) I could (not can or will, but "could") crack any all-letters password in under a minute. One with uppercase and lowercase letters, numbers, and symbols, might take a few minutes though.

I always start my passwords with Z9, because that's the last combination a brute-force password cracker would try.

Remember nothing that's connected to the Internet is 100% secure, but some things are 99.9999% :) Strong passwords help.

Peace,

Pete Zaria.

[L3thal Veteran]

Your Security Rating is Good (83%)!

Average User Score: 78.1% from 170 Users.

I should've clicked no for pr0n sites :shifty:

[rogerlb]

Your Security Rating is Great (90%)!

[kawasabi]

Your Security Rating is Good (74%)!