f-secure internet security 2004 beta

@illukka

What do you mean with "passed when ie set to ask"? Does it mean, that there is no allow-rule set for IE (or another browser)?

Then, I wouldn't call it 'pass', but 'fail', because...:
All these leaktests rely on the fact, that there actually _is_ an "allow (almost) all"-rule for at least one process, which is normally the browser. They rely on the fact, that no user is paranoid enough to let the firewall ask for every connection of the browser...

That's why these tests are quite pointless, if you have no allow-rule for your browser - it is impossible for these leaktests to bypass the firewall in this case (which makes me wonder, how FSIS could fail Copycat and partly AWFT under these test conditions... )

So, the interesting question is: does the firewall has something like 'dll-athentication', 'application start control' or whatever to block the known leaks, or is it 'only' a simple paketfilter without any sandbox components, which is quite easy to bypass?

 

AFAIK no firewall seems to pass awft if the browser is not set to ask, if it is zapro wins awft 10-0.. on my home machine i have actually my browser prompted avery time i start, and when a new component(dll) loads, i'm prompted about it. i use zapro and sygate on my home pc...

i'm going to test the f-secure firewall a little further, the leaktests are just that, tests. next i'll try some real life threats, like optix beast asassin etc, trojans with fw kill or fw bypass capabilities... i suppose that it is killable, atleast copycat did crash it.. i have some brand new trojans which im eager to try on it...

and check the site where i d/lled those leaktests.. NO firewall passed all leaktests!!!!!

 

According to gkweb's test results, at least Outpost 2 and Look'n'Stop are able to do so in their "highest settings." This does _not_ mean, that the FW asks for every browser connection! But something like dll-authentication is surely active, cause this is a 'reasonable' (not too annoying) way to block dll-injecting leaktests.

Yes, of course.
All the 'advanced' leaktests make the browser connect instead of themselves. So, if there is no browser rule, the FW will always prompt and 'defeat' the leaktest... but is isn't considered as a 'practical' procedure for the 'average Joe'.

Yep, do it.
But since those FWB-trojans usually are based on the leaktest methods, the results will hopefully be the same.

Well, and Copycat isn't even intended to kill anything!

Tiny would probably pass all of them, but with its full sandbox, it is quite another story...

 

got more mail from f-secure:
at present there is no activeX controls, but this will be there in the future..
the applications are hashed and the checksums are monitored but dll authentication feature as such is not there..
i hope that there will at the least be password protection for the firewall, to protect it against fw-killers..
am i right that sygate and zapro are the only unkillable fw's out there?

zapro actually stops all connections when it's *killed*, tried it last week(not password protected), and the only connection it allowed through was to zone labs help site..

still haven't found anything negative about the av.... it_will_be_a_contender...it has almost all features one would possibly want to have + superior detection abilities

f-secure fw is still a beta so hopefully the release version has all these extra security measures to protect it's users..

tiny is a completely different thing, probably not for everyone... at least i had problems with avp updater when i trialed it...

 

Sygate Pro is a very good firewall. I've switched to LnS but still have my option to return to Sygate.

I've been tempted to try the f secure beta but the beta ends on November 30 and, I assume, after that time antivirus updates end. I'd prefer not to be online without current updates. Wish I'd looked at this thread earlier.

 

you can't rely on the firewall of this beta protectionwise..
i remember something about 60 days of use license when i installed it.