For those interested in leaktest issues...

The PCFlank site has posted:

Personal Firewalls vs. Leak Tests: Part II: "Leak Tests Win Again!" (http://www.pcflank.com/art41a.htm)

Regards,

CrazyM

Ah, the age old debate: default configuration versus adjusted configuration. :-\ It's hard to know what is best, I suppose, in order to perform fair tests. Just as it is hard to know whether the users will actually read the installation recommendations or the help files regarding what settings they should make or change.

-{ Quote: "The other firewalls, such as Sygate and ZoneAlarm Pro, can do much better if properly configured. So users of ZoneAlarm Pro/Plus should enable the “High” level of control to pass more tests. " }-

Interestingly enough ZAP does recommend that the user set Program Control to High after 2 days (or so) of normal Internet use. This enables full program and component control which is the key to monitoring and managing program interaction. ZAP can't control this until each program and its components have been loaded into its program database. But, if ZAP came with that feature set at installation time, the user would literally have to respond to hundreds of component level access requests while ZAP is in this learning mode.

This Advanced Program Control was actually added to ZAP specifically to address the tooleaky exploit method (ie. one program calling another in order to access the network), which in this test ZAP is shown failing because of this initial setting. I'll grant you that ZAP doesn't handle all the known exploits, but it handles many with proper configuration.

As for TPF, with its sandbox it can give you incredible security. But, then we have people saying that the sandbox isn't really part of a firewall, (lesser application controls appear to be, but not a full sandbox), so it isn't a fair test to use it to prevent the exploits. So, TPF fails more tests than any other firewall when it ought to pass most of them. :-\

By the way, for people who don't know the power of a sandbox, just look at any of my threads here or at DSLR where I show just what TTT (the sandbox running separate from the TPF firewall) can do; intercepting and controlling programs calling programs; programs accessing system services or resources; or attempts to terminate other processes; all these things can be controlled completely. But, TTT/TPF is terribly complex. It can't be set by default at installation time because every system is different and the access needs on them are different. Users who wouldn't take the time to configure it properly wouldn't even be able to operate their systems.

I'm glad tools like these exist for those of us who are willing to do more than set it and forget it. If you are willing to put in the effort, you will get back an incredible level of security.

;D http://www.firewallleaktester.fr.st/

Quite right, Mr.Blaze, they were obviously 'inspired' by gkweb's site (somewhere in that article, his site is even linked...) 8)

As LowWaterMark said, it's somewhat dissapointing that they _only_ tested with 'out of the box' settings, which is for most people here quite uninteresting.
Furthermore, they made obviously some mistakes (e.g. how can Kerio block PCAudit...?!), and it is (as always) a bit 'questionable', if a security website as pcflank, which is in some way 'connected' to a certain firewall vendor, makes a comparison test of firewalls, and - surprise! - this certain firewalls performs best (although I see no obvious 'flaws' in Outpost's results... ;) )

So after all, I would still recommend gkweb's site for leaktest references. ;)