It's a free firewall or leak tester: http://www.atelierweb.com/2014/08/06/awft-5-1-now-free/ I decided to try it, and failed all six tests. I'm using Windows 8.1 firewall with Windows Firewall Control set to medium filtering. Of course I had to install this software in the first place before it could leak... In any case, I thought others here might get a kick out of trying this software. I saw it on Majorgeeks.com so it should be safe. Also, I'd be interested to hear how other firewalls did, or what people here think of this test.
Reviewing the below tests, the only way your going to pass these is if you have a HIPS installed and properly configured. This test is more akin to Matosec's Leak test suite. One: Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs. Two: Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail. Three: Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail. Four: Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.
I find these tests dumb. when I try to run them my security software blocks them, so I have to lower my defenses to get them to run. They they fail. Really dumb
Testing with it is a moot point for me. IE's Smart Screen filter blocked the download from the vendors web site. So it must be really, really bad ......... Also, zip download was only 768K. Don't see how the extracted ver. could end up being 2.1 GB unless that includes the install of .Net 4 which I definitely would not allow it to do. I already have .Net installed. Maybe that is why the download is noticeably smaller.
If your security software blocks them, then I'd say you succeeded in blocking these attacks. Mine failed because recently (last few years) I've been frustrated with security software in general feeling that they've caused me more problems and annoyances than they've solved, and therefore I'm just using Windows Firewall Control and Windows Defender now. Maybe I should add a good standalone HIPS or something like Zemana...
Yeah it was the .net installation. With the security risks associated with .net it does amuse me that we have to install it to test security.
In parallel to your reply javascript has security risks but it must be allowed to run to use online testing tools.
Where are you getting that figure from? I have .net 4.5.2 installed on my machine and it only shows as 38.8 MB
What is all the fuzz about? This test has been around for years, and it's a legit tool to test your firewall/HIPS.
That's the size for the stub version. I have the full ver. on my PC and just its install folder is 700 MB.
.NET is huge of course, and I would not recommend anyone install it just to run this program, but most people already have it installed since lots of programs need it.
I was using an old copy but will check out the new one. http://www.testmypcsecurity.com/sec...5sk1=69d2f6a46ae93ea08aedc6f2baa94c2223bc76e2 http://www.atelierweb.com/products/firewall-tester/awft-download/
I have been using Comodo's Leak Test to "tweak" Eset Smart Security firewall and HIPS since Eset's realtime AV scanner has issues w/AFWT download from the testmypcsecurity web site and IE's Smart Filter blocked download from the atelierweb site. Scored 300/340 using CLT which is good enough for me. Here's a question for all tweakers. How many monitoring HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\* where malware loves to install itself as a service?
For example in Comodo HIPS many Registry keys are monitored by default, and you can add others: see CIS < advanced settings < security settings < HIPS < protected objects < registry keys < important keys and you can add the keys you want.
Obviously, you should disable the AV, or mark the file as clean in order to test it. I don't get it, don't all HIPS monitor this? Is this different then: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Comodo is the only one I know of. Possibly, Outpost also. Monitoring that key is tricky since a lot of Win processes update subordinate keys in that area. So if you use a HIPS that has an option such as "allow all trusted system processes", then monitoring is not a big deal. Not all HIPS's have that option though e.g. Eset HIPS. Actually, anything in ControlSet001\services is copied to CurrentControlSet\Services at boot time. So malware for persistence will use ControlSet001. Updating CurrentControlSet is pointless since registry updates aren't effective until a reboot. Where malware usually writes to is : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\*\Parameters\ServiceDLL\*
I think Online Armor would have passed all these test if it was still around. I had already ran these type of test on OA in the past, and it past them all.
Agreed. I didn't mention it since it no longer is available. Also the AFWT tests appear primarily to be HIPS tests. A good firewall test in CLT is the following: 1/16/2016 6:23:09 PM Detected covert channel exploit in ICMP packet 192.168.1.xx 199.202.238.18 ICMP