Many people including myself have a router / modem as a firewall. Often by default due to our ISP requirements such as ADSL. These routers offer protection for "inbound" internet traffic only. Also, most users are aware that 'normal' firewalls also offer control of 'outbound' internet traffic i.e. BLOCK / AUTHORIZE I read elsewhere in a thread that there are several security applications/programs that also 'police' outbound traffic as part of there 'duties' yet are not 'firewalls'. Can we post up some examples? The one I read about was Dynamic Security Agent
I use appdefend on a couple of systems to control outbound connections. I also use system safety monitor's basic network firewall on another setup.
A couple threads here re: outbound protection: https://www.wilderssecurity.com/showthread.php?t=147735&highlight=outbound https://www.wilderssecurity.com/showthread.php?t=152879&highlight=outbound https://www.wilderssecurity.com/showthread.php?t=154156&highlight=outbound
What about those "LEAK-TESTS" one hears about? Can PRIVX / SSM etc handle this situation or is a convential FW the only answer?
In regards to the leaktests, SSM will intercept each leaktest before it can run so from a certain point of view it will block all leaktests. If you allow the leak test to run i'm not sure how many ssm would catch, i personally haven't tested ssm this way.
If you allow the leaktest to run, after this SSM does not intercept this leaktest from running because you just have ALLOWED it to run.
I was thinking maybe ssm would pick up some of the activities of certain leak tests after they execute. Not having tested it this way i can only speculate.
Nice Topic tisatashar, Thanks. I am only beginning to review DSA myself but what i've noticed in these few days of my testings is that DSA throws up an ALERT! on DNS attempts, so that policing manner you mentioned seems to fit this app. Of course, it also goes beyond monitoring those type events which has my full attention and some encouragement right now that this is a very worthy addition to my own prevention layers of SHIELDING. Also noticed it also (to my surprise) monitors if certain system files such as csrss.exe is OVERTAXING cpu cycles and will throw up an alert to that event also. Interesting application to say the least from what i gather so far. Looking forward also to reading other's viewpoints to this Dynamic Security Agent program.
DSA is being integrated into their own firewall. quote from here Privacyware Unveils Privatefirewall 5.0 Download
Understand what you mean. As far as I can remember (I have thrown every leaktest of firewallleaktester.com and other sites at SSM and SSM intercepts everyone of these ) when you allow a leaktest to run it will run without further intervention of SSM.
afaik thats not true, but i havent tested it myself. once u allow a leaktest to run, SSM (or other HIPS) could still intercept attempts at dll injection, registry modification, or other behaviors that your HIPS covers.