Leaktest from Gibson Research (GRC) and various firewall results

Discussion in 'other firewalls' started by Tronix74, Feb 17, 2008.

Thread Status:
Not open for further replies.
  1. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Okay something bizarre is happening here. I unplugged the internet cable and did the test as you suggested and it still popped up with that message. I know that this means that something is wrong with the leaktest application and not the firewall. Can any of you tell me why the leaktest claims that it is contacting the server when in fact it's not even trying to access the internet?
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have not known this test to give incorrect result before.

    Clean out your browser cache/ temp folders etc.
     
  3. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Okay I cleaned out the IE cache folder etc... the leaktest program still thinks it's connecting to the server. I wonder why this doesn't happen with other firewall programs...It's obviously impossible for the program to be doing what it's saying if the network cable is unplugged.
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I think it only tries localhost, and NOD32 is conflicting with the fw. Or localhost isn't being monitored.
    I thought it was only PC Flank, but, heh.
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Yes something is wrong on your system.
    Don't know what it could be, hopefully someone here can figure it out for you.
    Here is my results with this test.
    Passed with flying colors. :D
     

    Attached Files:

    • lt1.png
      lt1.png
      File size:
      24.6 KB
      Views:
      446
    • lt.png
      lt.png
      File size:
      29.4 KB
      Views:
      452
  6. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Alright all..I'm now convinced that the firewall is doing its job. Shame on GRC for making a program that doesn't actually call home and then says it is. I tested a program that COMODO put out called CPIL.exe. According to them the program hasn't been blocked by that many firewalls. AO passed the test and was able to intercept the apps attempt to go through IE.

    AO will now be staying on my computer for the time being. I still am curious how well the beta version of the product works. I notice a tiny bit of lag when the application is about to throw up a pop-up box when an app tries to gain internet access for the first time. I wonder if the beta version runs any faster.
     
  7. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Do you use NOD32 on your computer Lonewolf? I think NOD32 is the culprit. The leaktest program is giving a false positive, so no worries. Apparently the program thinks if it can access a local loopback on the system whether or not it actually goes through that it's a test failure. I believe it's NOD32 that is causing the problem and not the AO firewall.
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In Nod32, temporarily uncheck Enable web access protection\Enable HTTP checking and with the cat5 cable pulled, you should receive
    Unable To Connect.

    With the cat 5 still pulled, place the check mark back for Enable web access protection and Enable HTTP checking, you should now see Firewall Penetrated!
     
  9. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Yep..you're right Bubba...This even works with the cable still plugged in. After disabling those options in NOD32, the leaktest program then must ask for access. The question then is, is having these options turned on in NOD32 a security risk or should I leave them on?
     
  10. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    BTW,I found a way to keep the option in NOD32 turned on while still blocking out the leaktest program. In that same section, there is an option called "Protocol Filtering". I changed it from "Ports and Applications marked as Internet browsers or email clients" to "Applications marked as Internet browsers and email clients".
     
  11. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I have NOD32 and OA(not AO) and have no issues. My NOD32 is at default settings. OA at default. This is on 2 pc's. My laptop and desktop.
     
  12. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Interesting- however myself and this other person have experienced the same issue. What version of NOD32 are you uisng?
     
  13. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    NOD32 3.0.621
     
  14. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Strange...I'm not sure why you have no issues but myself and Bubba have experienced the same issues.
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    No. I use what's in my sig.
     
  16. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I fix pc's on the side and right now I am doing a reformat and fresh install of XP. I am writing zeros to the drive so its completely empty. I am installing NOD32 and Online Armor on this persons pc. I will run the leaktest on this machine and I bet it will pass. I will let you know. Keep in mind that I got OA to pass the GRC test. The PC Flank test and the System Shutdown test. I also got Zone Alarm and Comodo to pass the same tests all with NOD32 3.0.621 installed.
     
  17. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Ok guess what everyone. Test passes on another machine with a clean install of XP. Thats 3 machines passing. This is what I did step by step.

    1. Download The GRC Leaktest.
    2. Double click Leaktest.exe.
    3. Online Armor gave me a pop up stating " LT wants to run"
    4. I clicked "allow"
    5. The leaktest box pops up.
    6. I click test for leaks.
    7. Online Armor give me a pop up about "leaktest wanting to connect"
    8. I click "block"
    9. Leaktest box says "unable to connect"
    10. Test passed.

    End of story.
     
  18. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Let's concentrate on the issue rather than what works well on your machine. Most people who are going to use the firewall program aren't going to have the luxury of installing the program on a freshly formatted system. The purpose was to find the cause of the problem. It's great that you have no issues, Dieselman, but this isn't going to fix the underlying cause of the problem. When it comes to computer security, you have to find any possible hole and test the program sometimes under less-than-desirable conditions. I did notice I'm running a tad bit older version of NOD32 so I will install the latest version and see what happens under the default settings.

    NOD32 on my machine has been shown to be the culprit however keep in mind that the leaktest program is also not reporting correctly so this may or may not be a security risk. I ran COMODO's leak test program and it wasn't able to get through even with the default NOD32 options checked. This tells me that the program isn't trying to use the proxy in NOD32 like the other GRC leaktest program. At any rate, resolving this issue rather than trying to prove me wrong may yield more valuable results. :-D
     
  19. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    You may want to review what you said about Comodo failing this test.
     
  20. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Yes, that was one of the first posts that I had made to the forum. I believe the isses with Comodo failing the test are the same reasons that I was led to believe that AO failed the test as well.

    I would like to make clear that my intentions were not to bash a particular firewall but to list my observations with various firewalls which I initially made before realizing that the leaktest program seem to give false positives which is apparent when you physically remove the cable from the computer.

    It was my hope that I could figure out why the leaktest by GRC was appearing to bypass those firewalls and it looks like I found the answer.

    As to my comments made about my personal experiences with each firewall, those I can say are, in fact, reliable.
     
  21. marinegeek59

    marinegeek59 Registered Member

    Joined:
    Mar 9, 2008
    Posts:
    3
    hi,im having the same issue with online armor,i just installed the freware version today and tried the grc leaktest..it blows right throught it,my old firewall sygate/and later filseclab always detected it and asked for a block or allow,im awaitind a response from one of there guys as to if its just a glich or not:oops:
     
  22. jtcst

    jtcst Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    30
    Passed for me

    Clipboard02.jpg

    Clipboard03.jpg
     
  23. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    User error is why this test fails. Any good firewall can pass the GRC test with ease.
     
  24. marinegeek59

    marinegeek59 Registered Member

    Joined:
    Mar 9, 2008
    Posts:
    3
    hey,i tested the grc leaktest again using online armor,in block all network traffic mode.and grc still said connected(i clearly was not connected to the net),so is this a tall emu firewall issue or is this a lame grc test,fyi i tried 20 other leaktests and non of them passed,so im not sure what to make of this....any thoughts cheers robert
     
  25. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    You need to change the entires in OA to ask then delete all entires and reboot.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.