GRCShieldsUP and leaktest questions

Hi ;


GRC ShieldsUP!..curious..Never really tried it out though I am using a firewall. I just forego it. Hoping to understand it better/further, I decided to ask your opinions on this..leaktest. There are a lot of questions here I hope I won't bore you guys here. A lot are very basic to you gurus but I'd really like to learn more..(this is new to me..thank you). Here goes:

What is a leaktest?

Is there only one type or there are others?(I saw Comodo leaktest/Matousec's but you have to download it to your pc..unlike GRC's which is online...)

Why is there a need for it (leaktest)?

Is there a second opinion testing or a second opinion leaktest?

What's the difference with Comodo leaktest and GRCShieldsUP!

I also looked at Matousec's and found out they have also a leaktest but you have to download it unlike GRC's....Is this(Matousec's) for only grading firewalls they rate at their site or can I use that privately here at home?

Is it safe to use that one that you can download like Matousec's/Comodo? I'm afraid my system will go whack if I use it/them...

Can you give me some inputs and approaches on how to use those leaktest that can be downloaded?

What's the best approach to pass a leaktest?

If you don't avail of the leaktest, what maybe be additional secure ways to be safe online?

Thanks in advance for any inputs!

 

ShieldsUp! tries to establish connections with your computer on each of the ports that it tests (incoming connections). If you're computer replies with anything - even a denied response - the test fails.

Comodo Leak Test Suite is used to test your firewall's outbound protection among other things that are more HIPS related; i.e. interprocess activity, raw disk access, etc.

 

Hi, ShieldsUp isn't a leaktest, but is excellent at showing if your INBOUND security is blocking what you want it to block Remotely.

Leaktests are tests you use Locally to test your OUTBOUND security.

I've used ShieldsUp and all the Matousec etc leaktests

 

Hi,

Only a bit history:

Going back for about 10 years ago to the time when Steve Gibson released his first LeakTest.
It focused on outbound protection by firewalls at that time.
The issue was this:
You did tell your firewall that program-1 (file-x) was allowed to have certain outbound connection.
But how did you know that it was actually indeed that program-1 (file-x) that was having that outbound connection?
- Some malware, program-2, on your system could be masquerading itself as if it were program-1.
- Some malware on your system could have changed that file-x into file-y.
And your firewall couldn't tell the difference. It was "leaking".
One of the solutions was that your firewall somehow stored a HASH checksum ("Cryptographic Signature"; for example the MD5 checksum) of that file-x. And every time that a program, of which your firewall thought that it was program-1, was trying to get outbound connection then its checksum was compared with the stored one of program-1.

Well, that's in short and in basic words the history behind it.
Since those times (10 years is a lot for the internet!) things have changed, and so did LeakTests. I leave that further to others

 

GRC Shields Up = oldie but goodie.

It should be noted though that the port scans will test the outer layer of your security... which would be your router, if you have one. Some people have firewalling/NAT capabilities in their modems too and aren't aware of it, then scratch their heads wondering how they pass the test with their firewalls turned off. So it's important to determine this stuff first to ensure accurate testing.

I still use it once in awhile, just for old times sake. My Shields are still "Up"!

Man it felt good to say that.

 

Hi all;

Thanks very much for the splendid repies! I'm learning already!

@CloneRanger / @Ostradamus;

Now I know the difference between the two. Can you give me some tips/approaches to do the Matousec's / Comodo? What can I do first so I could ensure my pc will be back to where it started...afraid it will ruin my set-up or something..first timer thoughts only..

I intend to check both dial-up and wireless DSL connections so if you have any approaches towards an effective and safe test I'd appreciate all the tips!

Thanks!

@FanJ;

Very nice bit of history there. Very interesting to know that. From there the transition went to testing inbound security.

Thanks!

@lucidream;

That was a second question I was going to ask here in the thread.

I have both a dial-up and a wireless DSL. I do not have a router. The wireless DSL is like a thumbdrive that it inserted and you conect to the internet. How may this be in relation to leaktests? In performing leaktests on both how or what are the approaches to consider and how will I do that?

Thanks!


Anyone who want to give tips/approaches here are very welcome. Lot of learning here!