TESTS

AWFT must score 10 (100%) with the Windows Firewall, but according to impartial results none of the popular firewalls passes all AWFT tests without some tweaking.
You must test within 32-bit Operating Systems with AWFT 32-bit and within 64-bit Operating Systems with AWFT 64-bit.

Tests:

One:

Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs.

Two:

Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail.

Three:

Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail.

Four:

Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.

Five:

Performs an heuristic search for proxies and other running software authorized to access the Internet, loads a copy and patches it in memory before execution from within a thread on Windows Explorer. Very difficult test for PFWs!

Six:

Performs an heuristic search for proxies and other running software authorized to access the Internet, requests the user to select one of them, then creates a thread on the select process. Another difficult nut to crack for PFWs!

AWFT FAQ

Q: What influence Internet Explorer 7.0 (or later) in Protect Mode has on the results obtained by AWFT?

A: AWFT is not defeated. Protected Mode does not prevent a trojan horse that understands the Protected Mode rules from hijacking IE7 (or later).

Q: Does AWTF 4 perform the same tests as previous releases?

A: We have not changed the tests.

Q: My Firewall protects me from inbound attacks and I know what I have inside my computer. What is this trojan horse story all about?

A: After ten years had passed without the Greeks being able to capture Troy, Epeus, advised by Athene, constructed a wooden horse of astonishing proportions.
Menelaus, Ulixes, Diomedes, Thessander, Sthenelus, Acamas, Thoas, Machaon, and Neoptolemus were concealed inside it; then, having written on the horse THE GREEKS HAND THIS OVER AS A GIFT TO MINERVA, they removed their camp to Tenedos.
When the Trojans saw this they thought that their enemies had departed. Priam ordered that the horse be brought into the temple of Minerva, and declared that they should celebrate.
When the prophetess Cassandra cried that the enemy were within, no one believed her.
After they had set it up in the temple and, come nightfall, had fallen asleep, exhausted by wine and celebration, the Greeks emerged from the horse, which had been opened by Sinon, and killed the guards on the gates. Sending a signal, their allies returned and they took possession of Troy.

Q: My PFW with default configuration is scoring 10 on the tests, my friend has the same brand of PFW which is scoring 0? Can you explain?

A: You have been able to configure properly your PFW software! Still, we are unaware of any PFW that scores 10 in the default configuration.

Q: Do AWFT testings cover all possible ways a trojan or spyware can use for outbound connections?

A: No, they don’t. The tests provide an indication of how advanced the PFW software is in the domain of stopping unauthorized outbound connection ttempts.

Q: In some test AWFT asks me to surf a little, I surf but it ask again.

A: AWFT is looking for applications that have recently connected to the internet (not only a web browser, but also email, ftp, online games, voip clients and others). After you surf with your web browser, it may ask again when you have “surfed” to some URL that was cached by the browser.