Firewall testing only

Is there any company/website that just tests the firewall component, not the HIPS part?
I have use the top rated FW according to "matousec" and used a few others, the others not in the top of list seem to be blocking more (such as attacks) then the top rated one. Proof is in the logs.
I know "matousec" judges HIPS.

 

Where are the logs?

At least drop some names.

Cheers

 

Since you ask (I did not want to criticize a company), Online armor++ shows a couple of blocked events mainly ICMP and that is it! Outpost Pro on the other hand shows blocked packets, attacks, ICMP galore. Both are the paid for versions.

My main question is there a website that does firewall testing without HIPS

 

Believing Matousec was your first mistake.

 

http://www.icsalabs.com
They're primarily focused on corporate firewalls (hardware n software)
but they might have tested some PC software firewalls.
(Vendors apply & pay for testing to have products "certified")

 

A firewalls packet logging ability does not show proof of its packet filtering ability.

A number of firewalls will show packets going to a closed port as an "Attack prevention" when the packet could simply be (as simple examples) a late dns reply or a reply made from a server to an already closed connection on the host.

Dont be fooled into thinking you have more protection/better packet filtering simply based on the fact more is logged.


- Stem

 

But all that being said, are there some tests of just firewalls such as LooknStop or such?

Regards,
Jerry

 

Then tell me which one has the most protection, Firewall component only
Your opinion.

 

I know you do a lot of testing of different firewalls and good understanding of what makes a good firewall based on a packet filttering. Your not interested to do a test suite, comparison of firewalls.

 

Until testing or answers come seeing (more is logged) is believing.

 

Generally speaking,we only can test firewall through some firewall test websites.But most of firewalls in the world could pass.That means all the firewalls are the best and we can't find their differences?

 

Out of all the security products the Firewall in my opinion is the most important, so why isn't a thorough testing being done? I am talking software not hardware, and only the firewall, not the other bloat-ware thrown in.

 

Mainly because is extremly time consuming.
For properly testing you will need several hours only for setting the testbed (software and hardware) and even more time for veryfing the results.

Panagiotis

 

So "matousec" does not test the firewall. Just read this on their site:

"Firewall Challenge has been renamed to Proactive Security Challenge. There were several reasons why we decided to rename this project. We wanted to stress out the fact that this project always focused on security products that implement application-based security model and behavior blocking features – i.e. most of Internet security suites, HIPS, personal firewalls and behavior blockers on the market. We want to mitigate misunderstanding and criticism of our project by eliminating the word firewall from its name and web pages."

 

He never did... and that was the reason of the critisism..

Panagiotis

 

I never trusted "matousec" to begin with although I do look at their site.
Hopefully one day my wish will come true. I believe all of the security programs running on all of our computers are only as strong as the weakest link (which could be the firewall since no one is doing testing on this).

 

I do test the packet filtering ability of firewalls.

As put forward by pandlouk, that is time consuming, not only in making the tests (to test/ re-test and then confirm), but can also be time consuming on the forum in having to explain the tests results are correct.
Have a look at the DNS Attack thread (concerning outpost). I posted results from basic packet filtering tests. During that thread I was basically accused of manipulating the tests and concealing aspects of the results. Do you think I really want to continue posting results of tests when such accusations then ensue.


.

 

Sad part about that is with all your help with firewalls over the past year I been around, I'm surprised people would do that or believe you have any interest but the truth. But I guess once you show a product in a bad light that someone believes in, it's easier to accuse you of foul play then it is to just admit it or "Fix" the problem.

 

It is sad, but is something that always will happen... mostly because most users simple do not have the knowledge to understand (for not talking about verifing) the results of similar tests.

Panagiotis

 

Protection against what?
Incoming traffic your Router/Hardware FW has already dropped?
Outgoing traffic of running malware on your machine?

I have tested a lot of FWs for my Windows 7 setup, but I'm just an ordinary user.
Well, most have very strange predefined rules with a lot of stuff allowed by default.
Which is understandable, as they should work on every setup.
Now to change or delete these rules takes much more time than creating the rules I need manually, like for DNS etc.
But only this way I am aware of every new/unwanted connection.

Finally I ended up with Malware Defender and Windows Firewall.
Malware Defender does not really offer a full featured Firewall, but it has a nice interface to create manual rules easily.
In first place for outbound rules, as unwanted incoming traffic is blocked by the Windows Firewall anyway.
And I do not really care about this attack detection stuff, like Intrusion.Win.MSSQL.worm.Helkern.

But... there is also the application protection from Malware Defender, which monitors the behavior of apps.
Which want to start, control other processes, create network connections etc.
And this is as important as the Firewall rules or protection, because if every app can replace or hijack your browser, even the best Firewall component will be most likely bypassed.

Cheers

 

Protection against what?

Protection against everything that a FW should be doing blocking out hackers/crackers/spies, and anything bad inbound or outbound. Leave out the Router/Hardware FW, that way if you use "Router/Hardware FW" even better.
I am still with XP SP-3 and will stay there till my rig breaks down.
I understand if I download something and run it I am at risk.
Malware Defender is HIPS, not interested and that is changing the subject, only Firewall.
If there is a FW that can't be or close too being penetrated then you would not need all the countless security apps.

Thanks for your reply.

 

How often has your Firewall been penetrated?
And what to you mean with countless apps.

Cheers

 

Not sure, it could be penetrated don't know? I think thorough FW tests would calm my concerns, you know like all the AV tests and HIPS tests that they have out.

Sanboxie, appdefender, Defensewall, MalwareDefender, SAS, on and on...

 

As far as I know home users are virtually never a target of attacks by hackers or the like, except for you made some really impudent remarks.

Yes, like these sedative AV tests and HIPS tests these FW tests will calm your concerns... like tranquillizers.

Cheers

 

Thanks for your professional answers.
If you can not answer the question of the title of this thread why respond with an answer like that.
im·pu·dent
1 obsolete : lacking modesty
2 : marked by contemptuous or cocky boldness or disregard of others

Sorry if I made you feel this way. Just want answers, yes, no, or other, with Professional opinions. Not with im·pu·dent remarks.
Thank you.