AntiLeak racing insanity?

Discussion in 'other firewalls' started by pandlouk, Jun 18, 2008.

Thread Status:
Not open for further replies.
  1. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Mrk, that's not Neo!
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Oh yes I remember now. UPnP was always such a stupid idea. Bringing back onto topic though, would behavior blockers in firewalls have stopped this PoC?
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    HIPS not likely... Sandboxes yes... Example

    Fax
     
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I'm not quite sure about that. It is a PR article that is quite short on the actual details. Seems to me it suggests that forcefield stops malicious damage to the harddrive and registery. It doesn't tell us if prevents this network based attack using flash.
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    oooh, yes.. sorry wrong example! :)
    That was another vulnerability...lol

    Fax
     
  6. zorbis

    zorbis Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    27
    100% agreed, firewalls are the most overrated piece of software ever, for the average user what i always recommended is a robust combination of antivirus and antispyware applications and rely on the router and OS firewall for inbound protection.
     
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Antiviruses and antispywares are also overrated. The very best examples are always step back against zero-day malwares
     
  8. Liberman

    Liberman Registered Member

    Joined:
    Jul 6, 2008
    Posts:
    4
    A should agree on that. BB or HIPS is "must be" in the current security setup.
     
  9. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Not quite. In many ways the smart behavior blocker is like heuristics. It is a black listing system with algorithms. Classical behavior blocks are just a bitch.

    For the average user, (as I've said many times before) a good AV and user education reduces the risk enough so that it is not a major concern.
     
  10. TigerEyes

    TigerEyes Registered Member

    Joined:
    Aug 2, 2008
    Posts:
    3
    I note that Matousec has ProSecurity as number 4, I asked him why he has a an unobtainable product on the list, his response

    "It should not be possible to purchase ProSecurity now, so we think it is ok
    to have ProSecurity on the list."

    What 'da
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    That makes sense ! :argh:
     
  12. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    That clearly sums up all the nonsense he's been doing
     
  13. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Am I going too far when saying that all the above mentioned refer to keylogging tests as well?
     
    Last edited: Sep 9, 2008
  14. tetsuo55

    tetsuo55 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    126
    I partly agree with the topic.

    I basically believe in Comodo's Mantra.

    Secure, Detect, Insure.

    Secure:
    1. Firewall
    2. HIPS

    Detect:
    1.Malware scanner(virusses\spyware\etc..)

    Insure:
    1.Regular backups and so forth

    Imho each one of these features should be tested on their own without the help of the other 2.

    Sure leaktests and killtests and whatever can all be done. But the program should not try to block these one of the other 2 features.

    For firewall tests i would like to see:
    -Killtests(can the firewall be disabled?)
    -Throughput tests(what is the CPU load and % slowdown with the firewall in place)
    -How well does it stand up to both inbound AND outbound ddos attempts
    -Integration with peerguardian type black/white lists, and how does this list effect performance?
    -What is the memory usage/cpu usage when idle, what about after 24 hours of use?
    -Benchmark results for programs like 3dmark and pcmark to see the difference with and without the firewall to measure system impact.
    -Resistance to malformed packet attacks.
    -all the leaktests, but the results should not count heavily unless the leak-method is something the firewall should be able to stop without a hips.
     
  15. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    Great post!
     
  16. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Antileak tests are very useful and have a justifiable presence. If a security product can´t prevent a special leak it shows weakness that simple.
     
  17. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    With all due respect, it is my understanding that leak tests have a purpose in reference to security products, but I think what most are saying is does it have to be a feature of a firewall rather than another seperate security application? I think the argument as I understand it is what does leaktest ability have to do with the core function of a firewall? I appreciate everything shared here and hope to learn as much as possible from people like yourself and these threads.
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Very simple explaination: Prevention of leakage. The firewalls ultimate goal must be the prevention of intrusions and leakages.
    To reach this aim all means are allowed. (call it firewall add-ons, call it hips or whatever it doesn´t matter)

    Sorry guys this is nonsense stop residing in the past, adapt yourself to the future. Firewall is a block of unwanted in and outbounds. A keylog package that will be prepared for a outbound ftp/tcp transmission is a indirect part of a outbound danger that must be eradicated at the roots and it is a important part of a contemporary firewall to block such attacks. Comodo for example is a paradigm for fast reactions to leakages and like I said call it hips, call it firewall add-ons it doesn´t matter the root idea of a firewall isn´t touched if you see the destination of a keylogger attack.
     
    Last edited: Sep 8, 2008
  19. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    So what your saying is our traditional understanding of the conventional purpose of a firewall needs to change to a more modern scope to include hips, nips, etc as components of the firewall itself. I think I undestand what your trying to tell us. In other words the conventional duties of the firewall needs to change to a more modern role to be effective.
     
  20. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Not necessarily change but extend the basics and maximize efficiency.
     
  21. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,814
    a "FIREWALL" Like any outbound protection can stop the attack and the Leaktests out there still says it fail's.. heck you could pull the internet cord and you still fail the test.

    just seems like a marketing tool to me.

    I don't care if its HIPS or any other type of program if a Firewall is configured right. it is not getting out regardless of the hips or any other function. you really don't add a lot more security.. you just add a lot more pop up's

    Most the people that use hips are the ones that DON'T need it the ones that do need hips will always be the ones the click Allow. period because there sick of the 4 trillion pop ups.
     
    Last edited by a moderator: Sep 8, 2008
  22. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    You talk about bad coded leaktests let´s talk about well coded examples and sort out the rest.
     
  23. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,814
    Ok then quite frankly anyone that knows how to set up rules in a firewall. are just as protected as someone who use's hips. if the firewall is set correct its not getting out anyways. period.
     
  24. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Unfortunately that is wrong. A good leak could unhook or bypass the whole soft firewall and phone out even if your rules are top of the notch. In some cases also hardware firewalls can be fooled with ease with router bypass methods. Security is an illusion but system hardening is a chance.
     
  25. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    Thank you for sharing your thoughts on this. I think I get what your saying now and it does make sense when you step back and think about the fact regardless of the technologies employed within the firewall product, the goal is to block all incoming and outgoing undesired traffic. Extending the role as you say does make sense to me now.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.