This setup will pass all leaktests

I have a simple setup that passed all leaktests listed here.

http://www.firewallleaktester.com/

The two programs that I used are
1. Netop Firewall
2. Process Guard

Very simple setup.

1. Netop
goto Tools/ Options and make sure that Enable DNS Auto resolve is unchecked.

2. XP
goto Start/ Run/ "msconfig" / Services and uncheck DNS Client.

3. Process Guard
goto the PROTECTION tab
click Add Application
Add both iexplore.exe and firefox.exe
make sure under the box "Protect this application from" [modification] is checked.
[reboot system]

One note. When running the leaktest against your system, allow PG to run the programs. If you get a popup from the firewall, click do not allow.

I like Netop firewall due to the fact that it is the only driver-centric firewall and in theory your system is protected during startup. More importantly, the only way to turn off the firewall is to uninstall and reboot system.

 

I don't know what you mean by driver centric, but quite a few fiewalls consist of a kernel level driver and a GUI to tell it what to do. Even Kerio 2.15 can be set up to block all traffic when the GUI is terminated.

Not to mention what I think of leak tests...

 

Not to mention what you think of leaktests?? Why should I care what you think? This post is for people who do care about leaktests so take your 2 cents and ......guess you think you are immune to ever getting a trojan.

As for driver centric.. look it up. Here is a clue for you. Try NDIS driver. Kernal level firewalls will leave you open during startup. I love the people here who go on about kernel level firewalls...yawn.

 

Well, if you ask why you should care about what I think, then you may as well ask why would anyone care about what you think.

 

Wow, got me there. I will stop now. I have learned never argue with an xxxxx




word edited by request of a member, very uncalled for . please refrain from useing these kind of words bigc

 

If the personal attacks keep on, this thread will be closed.

bigc

 

Hi BudFox,

Welcome to Wilders'

As Wilders' is a discussion forum, everyone is entitled to their opinions. Discussion and sharing knowledge is what it's all about, but let's keep it on an academic level, there isn't any need for any type of personal comments toward others.

I hope we can all discuss this subject in a civilized manner, based on fact, interpretation of facts, and opinions/merits of such.

I hope you will both enlighten us/share with us with your thoughts on the matter. There of course isn't a need to agree, but an academic debate/discussion, will serve to expand all of our knowledge.

So let's keep this friendly guys

Steve

EDIT: Sorry BigC ... I was in mid response, when you replied. No intention of stepping on your toes, my friend.

 

no problem on this end

bigc

 

I have setups with Kerio 2.15 and Sygate that will pass almost all leak tests thrown at it.

 

could you please tell me how the setups are?
many thanks

 

Hi Polaris,

Combine Kerio+BZ rules with strict implementation of loopback proxy as well as specify ports of all programs that need to to access the net. Combine that with Prevx, Winsonar or Antihook or PG free, and you have a leakproof Kerio. On is own without any other programs, Kerio stops tooleaky and Leaktest and blocks PC Audit and Wallbreaker as well. I dont' use IE and any security conscious person shouldn't' either, so I don't' have any rule for it, this way, it has to ask every time it needs to access the net for some reason.

Best of all, my solutions listed above are all free.

As for driver centric firewall, dont' wish to ruffle any feathers but Sygate free and pro have been offering that for quite a while as well as secure mode and password protection where no programs except DCHP is allowed while the system is loaded or firewall is turned off. Unlike Kerio's reghack secure mode, the Sygate's is superior due to its feature of allowing DCHP broadcasts for setups that need it.

 

Although jetico firewall is still under development, it could pass almost all the leak tests already. I also tried kerio2.15 + process guard and they could pass too. Since the leak test was done on October, 2004, i believe some other FWs also can pass the tests now.

 

Due to the compatibility problem with Firefox, many chinese websites could only browse with ie and i have to stick with it. my choice is GreenBrowser, ie based the web browser including pop-up killer, with activeX and Java disable. Besides that, i also use script defender. So i feel pretty safe when surfing online. but i do use FF if i go to some crack websites.

 

Any driver is actually kernel mode, NDIS or otherwise.. a usermode firewall wouldn't be very effective. Most firewalls do run on a driver in 2k/XP.

As far as leaktests go, do you have something for the likes of WallBreaker and CopyCat, or do you just keep IE on "permit once" in PG? What about Firefox and other internet apps?

 

Have you tried out Opera? I go to quite a lot of Chinese forums and it works nice there with the Chinese language fonts.

 

Thank you very much Arup for the free advice...

 

You are welcome, just forgot to add, if using Sygate, uncheck act as server for all the applications apart from using the supplementary security softwares that I listed.

 

almost all of the good firewalls can be setup to pass all the leak tests it just takes some time patience and learning the program. most good firewall can do this with work some just takes more than others. i am using outpost right now and it will pass everything i throw at it. as did kerio 4.1.3 once configured right

 

Arup-

Even if IE is effectively disabled, couldn't a rouge program launch the default browser and use it to send data outbound?

By the way, the kerio reghack will get around the DHCP problem in most cases if kerio is started from the startup folder, or if you are on a router and can set up your computer for static IP (local IP only , the router gets a dynamic IP from outside.

Chinese? I can't read a word of it.

 

Good question Diver, so far, WB, Tooleaky and others only try and launch IE due to MS's implementation of using IE as gateway to the net for other programs. My default browser is Opera in my system but WB and others never try and lauch that one.

I know about the Kerio reghack workaround, however have to admit that Sygate makes it far easier to implement.

 

opera is not totally free. besides that, there are still lots of chinese websites which don't follow W3C criteria. it's a little off topic.

if people use winxp sp2's ICF and Kav (real time protection with up-to-date extended database), what's the chance to get infected and sent out user's personal info by a malware? I think it is very low and the extra benefit from a better FW, which pass the leak test, will be less than 1%, i guess.

 

The deal with Kerio is it is a program that has not been developed for two years and the reghack is just that, a hack. There are other firewalls that shut down communications when the gui is not running such as 8Signs and Visnetic.

I just checked around here and links in help files do launch IE rather than my default browser, Firefox. And that is how windows works. So, if you don't mind having to give IE explicit permission every time it runs... Not to try and give you a hard time, but I would not want to have to do that myself.

 

Shek-

I tend to agree with you on the 1% or less benefit of "leak proofing". It can even be argued that the additional user interaction required to set up and maintain advanced application controls interfers with the users ability to correctly respond to really important browser or Java warnings such as "do you trust xxx toolbar".

I think the effort should be on prevention. Finding a leak is only detection after the fact. Other means of after the fact detection are programs like Tcpview, process monitors, looking at the hidden devices in device manager, checking start up entries or even a scan with an updated AV signature base.

However, I do notice you have a long list of security apps in your signature in order to cover that 1%. My setup is nearly the hypothetical one you mention. That is, a good AV and a traditional non application filtering firewall. Of course, I use Firefox to browse with Java off unless I need it, and run without administrative rights.

 

Diver,

Since I never or hardly ever use IE, it doesn't really matter to me. True Kerio is 2 years old, but it has been polished and is now a very good and formidable resource light and free alternative to many.

 

The combination of Zone Alarm Pro and Process Guard will defeat all the leaktests cited - with the exception of WallBreaker. I don't know of any FW that will defeat WallBreaker, is Budfox telling us that Netop will?