Does anybody know when Matousec's latest findings will be available?
Doc

Sure, ASAP buddy :P

Didn't know there would be a problem with asking.

It is updated regularly. Just keep on tracking their website. www.matousec.com

{QUOTE-> It is updated regularly. Just keep on tracking their website. www.matousec.com <-QUOTE}

Thanks for the info.
Doc

{QUOTE-> It is updated regularly. Just keep on tracking their website. www.matousec.com <-QUOTE}

Hmmm... The last time he posted..... was on 8/1/2007.

IMHO these are not up to date test results. They using a version of Jetico Firewall that is almost five months old!!! And why not use the current version. Most everything else are updated versions.

{QUOTE-> IMHO these are not up to date test results. They using a version of Jetico Firewall that is almost five months old!!! And why not use the current version. Most everything else are updated versions. <-QUOTE}

My theory:

jetico 2.0.0.34 is now better than Comodo's newest released version. he is partial to comodo.
he is stuck on testing a very old version of jetico and doesnt want to admit something is better.
we will have to wait for the test results if they ever get around to testing a newer version, but doesn't look like it will be anytime soon.
they will probably test the new version of comodo when it's released before they test a new version of jetico.

Frankly I am less then impressed with the whole thing. The whole point of "leak" testing is firewalls, leat thats what I thought.

But if some one bought Prosecurity or SSM thinking they were getting a firewall, oops.

One thing to note is that the info on there about KIS7 is false. They testing a pre-ship version build 119. In the shipping build 125, ALL outbound traffic is allowed by default. So it fail all tests with default settings.

{QUOTE-> IMHO these are not up to date test results. They using a version of Jetico Firewall that is almost five months old!!! And why not use the current version. Most everything else are updated versions. <-QUOTE}
I don't take any of the tests too seriously....

Its like the Blind leading the Blind 8) You will Believe Anything you read :shifty:

what's preventing You write email to Matousec group ?
http://www.matousec.com/matousec/contact-us.php

anyway You should consider it takes some time to sync servers with latest builds

These leaktests are the biggest waste of time.

Well I just got a response saying the next results will be out in 2-3 weeks.

Hi Zombini,
{QUOTE-> These leaktests are the biggest waste of time. <-QUOTE}Although I would agree that a need for a firewall with "leak prevention" is certainly not at the top of my list for a firewall function. I would say that at least the "leaktests" show the possiblity of how information/outbound could bypass a firewall. (most of which is due simply to the way windows is built)

My personall direction as always been to prevent the malware (or whatever) from being able to get in and install/run.

As with the results shown for bugs etc,... these are checks made within the OS, I still would like to see how such as "Matousec" would be able to gain entry to my system and make use of these bugs to actually disable/crash (whatever) my firewall/security setup.

Matousec's tests are useful when viewed with common sense. Some folks seem to resent that prerequisite.;)

Matousec posted article with tests based upon new tool (BSODhook) against SSDT hooks ...

seems like tons of applications got 'problem' with :)

http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

and advisories (see vendors were notified in advance)
http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php

Well,... maybe just my own thoughts, as I put forward before.:-

Try and get in my PC to make such exploits

I can certainly myself, kill a number of security applications (bypass kill protection), but I need to have access to the OS. To do this I would need to download and execute (possibly install).

No, sorry, this is, for me, just some form of scare tactics.

{QUOTE-> Well,... maybe just my own thoughts, as I put forward before.:-

Try and get in my PC to make such exploits

I can certainly myself, kill a number of security applications (bypass kill protection), but I need to have access to the OS. To do this I would need to download and execute (possibly install).

No, sorry, this is, for me, just some form of scare tactics. <-QUOTE}

Stem i get Your point as You mainly interested and testing SPI quality of firewalls
(as it should be theirs priority base of operations)

anyway You said You may post some of Your results yet You said it may be issue with TOS of forum ...

what about to create own website (some blog, wiki or else) and link to it ...

btw. i take Matousec results with reserve too but IMHO most of these products he flagged with problems i encoutered to be unstable :)
so guess if nothing it's good indicator of what u may await for problems lol

{QUOTE->
btw. i take Matousec results with reserve too but IMHO most of these products he flagged with problems i encoutered to be unstable :)
so guess if nothing it's good indicator of what u may await for problems lol <-QUOTE}

I've used only a few of the tested products, but I would agree that stability is something I place far more importance on than how vulnerable they might be to exploits. Apparently, SSDT, kernel mode, or ring 3 hooking, or whatever it's called (I'm no expert at all in this) can result in system instability if it's not properly implemented in a given product.

{QUOTE-> Well,... maybe just my own thoughts, as I put forward before.:-

Try and get in my PC to make such exploits

I can certainly myself, kill a number of security applications (bypass kill protection), but I need to have access to the OS. To do this I would need to download and execute (possibly install).

No, sorry, this is, for me, just some form of scare tactics. <-QUOTE}


I couldn't agree more.

Pete

Matousec is obsessed with leak testing.

Before this is relevant, you have to be infected with a zero day attack that your AV misses. It must be hidden by a rootikt, so your AV does not pick it up the next day, or it disabled your AV, and this very sophisticated malware somehow did not disable your firewall, so its leak proof logic can tell you your backside is saved. Is that reality?

{QUOTE-> Matousec is obsessed with leak testing.

Before this is relevant, you have to be infected with a zero day attack that your AV misses. It must be hidden by a rootikt, so your AV does not pick it up the next day, or it disabled your AV, and this very sophisticated malware somehow did not disable your firewall, so its leak proof logic can tell you your backside is saved. Is that reality? <-QUOTE}

The funny part is now is criticizing, all the hooking techiques which vendors have done to pass his leak test. Geesh.

I'm wondering how all of this new info will change the overall test results when Matousec publishes next time.
Will he only score for leak test results or add these in?
Just curious as to why we are just now hearing about this, too.
Regards.
Doc

Looks like Matousec has made a quick change to his list of "vulnerable software". It now appears that Sunbelt's Personal Firewall (4.5.916.0) is O.K. now?
I wonder as to how much "ransome" Sunbelt had to pay...

http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php

{QUOTE-> Looks like Matousec has made a quick change to his list of "vulnerable software". It now appears that Sunbelt's Personal Firewall (4.5.916.0) is O.K. now?
I wonder as to how much "ransome" Sunbelt had to pay...

http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php <-QUOTE}

LoL... strange testing procedure... ;D
Anyway, latest ZA 7.408.000 is not vulnerable.

Cheers,
Fax

{QUOTE-> Looks like Matousec has made a quick change to his list of "vulnerable software". It now appears that Sunbelt's Personal Firewall (4.5.916.0) is O.K. now?
I wonder as to how much "ransome" Sunbelt had to pay...

http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php <-QUOTE}

guess You failed to read , he wrote that in article that 'some' of the vendors fixed it 'since' it was found ...

{QUOTE-> The funny part is now is criticizing, all the hooking techiques which vendors have done to pass his leak test. Geesh. <-QUOTE}
Peter, I disagree. First of all, Matousec mentions products that are very good in his leak tests (e.g. Comodo) while implementing the SSDT hooking in a proper way at the same time. So it is possible to achieve both goals.

But the more important aspect for me is that improper SSDT hooking is not only a security issue (which is not all-to relevant for me - here I agree with Stem), but also a stability issue that could eventually crash Windows. No software should be able to de-stabilize your OS - least of all poorly programmed security software. That's why I find Matousec's warnings absolutely justified although I agree that he tends to magnify some things at times.

{QUOTE->
But the more important aspect for me is that improper SSDT hooking is not only a security issue (which is not all-to relevant for me - here I agree with Stem), but also a stability issue that could eventually crash Windows. No software should be able to de-stabilize your OS - least of all poorly programmed security software. That's why I find Matousec's warnings absolutely justified although I agree that he tends to magnify some things at times. <-QUOTE}

I agree 100%

{QUOTE-> Peter, I disagree. First of all, Matousec mentions products that are very good in his leak tests (e.g. Comodo) while implementing the SSDT hooking in a proper way at the same time. So it is possible to achieve both goals.

But the more important aspect for me is that improper SSDT hooking is not only a security issue (which is not all-to relevant for me - here I agree with Stem), but also a stability issue that could eventually crash Windows. No software should be able to de-stabilize your OS - least of all poorly programmed security software. That's why I find Matousec's warnings absolutely justified although I agree that he tends to magnify some things at times. <-QUOTE}

I don't need him to tell which products are good. The BSOD"s tell the story just fine.;D ;D I've found the stable ones I want.

Hi everybody.
I'm enjoying this thread and have a question or 2.
I've learned from you that passing the leak tests is not the most important aspect of a good firewall.
Stability is probably more important.
But my question falls to this simple thing.
Matousec, for the most part, seems to rate being leak proof very highly.
So where do we find info about ratings of firewalls that are kill proof, more stable etc.?
I can do my own leak tests. But I wouldn't know where to start to test for stability or anything else.
So if I eliminate Matousec, where do we go for test results and non biased info?
Thanks.
J.

{QUOTE-> Hi everybody.
I'm enjoying this thread and have a question or 2.
I've learned from you that passing the leak tests is not the most important aspect of a good firewall.
Stability is probably more important.
But my question falls to this simple thing.
Matousec, for the most part, seems to rate being leak proof very highly.
So where do we find info about ratings of firewalls that are kill proof, more stable etc.?
I can do my own leak tests. But I wouldn't know where to start to test for stability or anything else.
So if I eliminate Matousec, where do we go for test results and non biased info?
Thanks.
J. <-QUOTE}

Unfortunately the only way to determine that is to install and trial them. I would recommend a good recovery program, like FDISR/ROllback or imaging program like Acronis/ShadowProtect/Paragon/IFW so you can insure complete removal.

Pete

{QUOTE-> guess You failed to read , he wrote that in article that 'some' of the vendors fixed it 'since' it was found ... <-QUOTE}

That's funny.... The version number is still the same and has been for some time. So how or when was it "fixed"? To fix a piece of software without providing an update..... Now that's a neat trick! ;D


H

{QUOTE-> That's funny.... The version number is still the same and has been for some time. So how or when was it "fixed"? To fix a piece of software without providing an update..... Now that's a neat trick! ;D
H <-QUOTE}

guess You missed the part of
{QUOTE->
During our security analyses of personal firewalls and other security-related software that uses SSDT hooking... <-QUOTE}

and

{QUOTE->
There were only two personal firewalls that passed our argument validation testing successfully, Comodo Personal Firewall and Sunbelt Personal Firewall. Our tests revealed, that the current versions of these products are probably not vulnerable, but earlier versions of both these personal firewalls contained the bug and they were both fixed after our notifications to their vendors.
<-QUOTE}

simply put while testing firewalls they found this problem, reported to vendors and they fixed it

later they wrote test program and tested multiple products which results into article here discussed

ofc it seems that these who were 'caught' and were 'fixing' the issue seems to be fine atm ...