Are Look n Stop's leak test results legit?

Discussion in 'other firewalls' started by Soul_Flame, Apr 23, 2002.

Thread Status:
Not open for further replies.
  1. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    A question arose on another forum about this.  the topic revolves around PC Flank's leak testing, and their pronouncement that LnS was the only firewall to be able to stop all 5 variants tested.  Evidently some folks think that this is because LnS is 'hard coded' to look specifically for these rogues and defeat them, but would not perform so well with 'in the wild' variants not so conveniently named.

    It's my understanding that this is a very well thought of firewall application and I would be surprised if the test results were akin to what BlackIce pulled with one of the leaktests.  I've emailed Frederic, the developer, asking him to comment on a similar thread started at the official LnS forum, but I'd appreciate the perspective of some of the security experts here.

    Thanks

    Rick
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Rick,

    IMHO opinion this is bull. I'm quite sure Frederic will state the same. Please post his reply over here, will you?

    regards.

    paul
     
  3. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    Paul......certainly.  Was already planning to.
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Rick,

    Thanks in advance  ;)

    regards.

    paul
     
  5. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    Here is the response I received from Frederic, the developer of Look n Stop.  I need to note his reply first addresses the question I sent him regarding LnS's failure to stop Firehole if you use Opera as your default browser AND if an Opera window is already open.  He first addresses that question, then uses that to answer the question of this thread:

    "Hi Rick,

    Thanks for the information.
    We didn't tested Opera.

    Look 'n' Stop just detects applications that have been started by not known or not allowed applications.
    If Opera is not started by firehole, and firehole is using an already loaded instance of Opera, Look 'n' Stop will not detect Opera because it was started probably
    by Explorer.exe.
    I'm not sure there is a simple way to handle that. And discussion is open to know exactly who is responsible for the security hole: Opera, Windows, Look 'n' Stop
    ?

    By the way, this answers to another of your question about the fact Look 'n' Stop blocks the leaktests by specific code only for these specific leaktests. If it was
    the case, firehole would be detected in any case by Look 'n' Stop. Since it is not the case, this means Look 'n' Stop really detects any application starting another
    one which connects (the "starting" is important...).

    Regards,

    Frederic."


    I feel the question of this thread is now satisfactorily answered, however I am extremely concerned about the Firehole problem.  I will pursue that on the thread I started specifically regarding that issue.
     
  6. Powercow

    Powercow Guest

    No Look N stop doesnt really or rather doesnt always stop the tooleaky test... If you look at how tooleaky works I'm not sure a firewall is what you need to stop it.. probably a sandbox or keyword blocker.

     senerio in which look n stop fails..
    I have a tool bar with internet shortcuts in it on my task bar.. now even though i have already approved IE, whemn I click on a shortcut in my task bar look and stop ask for premission for IE again. A quick look at the rules shows the problem.. my shortcuts call IE "c:\progra~1\interne~1\iexplorer" and the regualar IE icon on my desktop is.. "c:\program files\internet explorer\iexplorer"
    anyway tooleaky calls IE the same way as favorites on your task bar.. so if you have favorites like me on the quick launch bar and have already approve ie being called this way then tooleaky will pass right through. If you dont have favorites then look n stop will appear to stop too leaky cause it complains. I know whats the big deal... the big deal is that it would take 10 seconds to change the way tooleaky calls ie and then it would pass through all the firewalls again.
     
  7. powercow

    powercow Guest

    yep wordpad would be a good firewall but it would still be missing atguards' easy interface, realtime reporting, easy to use ad trash can, and the great way the atguards does rules. you wont have the dashboard I liked. but other than that wordpad might make number 2.
     
Thread Status:
Not open for further replies.