• BOUNCER by CoreTrace
  • Product Overview
• Benefits of BOUNCER
  • Overview of Benefits
  • Malware Threats
  • Rootkits
  • Memory Exploits
  • Viruses, Worms, and Trojans
  • Keyloggers and Other Spyware
  • Zero-Day Attacks
  • Botnets
  • User-Privilege Threats
  • Configuration Lockdown
• Features of BOUNCER
  • Overview of Features
  • Trusted Change
• Regulatory Compliance
  • Overview of Compliance
  • NERC CIP
  • NERC CIP-003
  • NERC CIP-007
  • NERC CIP-008
  • PCI DSS
  • NIST sp800-53
  • The Sarbanes-Oxley Act
  • HIPAA
• Platform Challenges
  • Overview of Challenges
  • Laptops, Desktops, & Servers
  • Process Control Systems
  • POS Systems, Kiosks, & ATMs
  • Out-of-Support Systems
  • Windows 7
• Roles & Responsibilities
  • Overview of Use by Role
  • IT Administrators
  • IT Managers
  • Executives
• Downloads & Resources

  • Whitepapers
  • Webinars
  • Case Studies
  • Demos
  • Brochures & Briefs
  • Informational Media

• Download EMA Brief "CoreTrace Continues to Knock Down Application Whitelisting Barriers"
• Request a demo of BOUNCER 5
• Register to receive the CoreTrace Newsletter

CoreTrace's application whitelisting solution stops 100% of computer viruses during DEFCON 16 "Race to Zero" competition

BOUNCER submitted as single whitelisting application and outshines traditional antivirus products

Austin, Texas  —  August 14, 2008

CoreTrace, a provider of application whitelisting solutions, announced today the results of the "Race to Zero" contest held at DEFCON 16 in Las Vegas, Nevada. "Race to Zero" contestants were asked to pass various exploits through antivirus engines without detection. CoreTrace's BOUNCER, the only application whitelisting product utilized in the event, was the single-most successful solution for stopping the malware. CoreTrace's BOUNCER stopped 100 percent of the entered viruses while traditional blacklist-based antivirus solutions detected an average of 60 percent.

"Race to Zero" contestants, consisting of both teams and individuals, were asked to pass malicious software and application exploits, remaining undetected, through various antivirus products from companies like McAfee, Trend Micro, Kaspersky and Sophos. The contest utilized ten well-known viruses, some of which have been in the wild for more than a decade. The first contestant to bypass all antivirus engines won that round. Within the "Race to Zero" contest, there were several rounds, each increasing in complexity as the contest progressed.

The winning team was a group of researchers from Mandiant that went by the name of chicagostreetsweepers. chicagostreetsweepers bypassed all the blacklist-based antivirus engines with valid samples in just over six hours. Another team, retem, completed the contest in a little over two hours. Some of their samples were considered "invalid but cleverly out-of-the-box" by the contest organizers.

Overall, the average detection rate of the antivirus engines was 60%. For some of the attacks like Netsky.P and MS07-014, the average plummeted to 15-20%. Among the blacklist-based solutions, McAfee had the best overall detection at 90%, but still only detected 24% and 13% of Netsky.P and MS07-014 variants, respectively.

In contrast to the blacklist-based antivirus engines, CoreTrace's application whitelisting solution, BOUNCER, prevented 100% of the viruses from executing.

"After the blacklist-focused contest was completed, we ran the samples through CoreTrace's whitelisting solution, BOUNCER," said "Race to Zero" organizer, Simon Howard. "By not allowing any of the samples to execute on the host computer, BOUNCER stopped 100% of the viruses. I strongly recommend that companies add application whitelisting solutions like BOUNCER to their arsenal."

"The ‘Race to Zero’ contest demonstrates the difficulties traditional antivirus programs have in detecting progressively more complex malware," said Toney Jennings, CEO of CoreTrace. "In lieu of blacklisting solutions, many companies are moving toward the next generation of endpoint security, whitelisting, in order to defend their IT networks."

About CoreTrace

CoreTrace is leading the movement to the next-generation of endpoint control solutions. The company develops and sells the most flexible and tamper-proof application whitelisting solution, BOUNCER by CoreTrace^™. BOUNCER flips the antivirus model by enforcing a whitelist of good applications rather than relying on a malware blacklist. By only allowing approved applications to execute, BOUNCER stops malware — even zero-day exploits, rootkits, and buffer-overflow attacks.

CoreTrace is a privately held company based in Austin, Texas.

• Company
• Contact
• Support
• Site Map
• Legal
• Privacy Policy