Matousec latest

?No-one posted these yet?
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
These are from 24-5-07
Comodo predictably pushing the results and really it is impressive for a free tool.
http://www.comodo.com/news/press_releases/31_05_07.html

Matousec will be testing OA2 in the next few weeks.

NIS looks awful.

 

No big surprises there IMO.
It will be nice to see ESS tested next time.

 

Only strange to see that Lavasoft firewall has a much better score then agnitum pro, but most likely its because of the FPR test..

 

Again no big surprises.

 

Yeah, that's strange indeed. Being a simplified rebrand of Outpost, I never tried Lavasoft's firewall, but I remember that it scored very low on the leak-tests a month or two ago. A significant improvements there. What happened?

 

The version tested was the new v2. I know in v1 it was based on outpost but it may be its own code now because it didn't tie with any other firewall?

 

regarding lavasoft: maybe you should read the test again?

"Although, Lavasoft Personal Firewall 2.0.1019.7604 (700) implements the same unsecure user mode hooks as Outpost, it offers much better protection against leak-tests because it adds extra layer of kernel protection for many methods that Outpost defends only in the user mode. The new score for Lavasoft is 8500 points, which is a Very good level of anti-leak protection. Its older version 1.0.543.5722 (433) scored only 6500 points."

 

I know this has been discussed several times, but. Explain to me how if I'm on the internet and surfing dangerous sites, besides my AV and HIPS (Avira and Prevx2) my Firewall (say Comodo Pro) will also help prevent infections because of it's leak test capabilities. I'm not doubting anything as I want to use Comodo again, but why do I really need to?

 

Will not prevent that you will be infected, but can help you to prevent that some info can pass your firewall without you notice...

 

Good leak-test capabilities will prevent (an example) a keylogger to steal your bank-account password when you type it. Leak-test capabilities are useful when you're already infected.

 

They're also useful when you are in the process of becoming infected (i.e. a downloader loaded in memory trying to deliver its payload).
Your security setup should stop that downloader from even executing and your safe browsing/mailing should keep you generally far away from encountering malicious executables.

 

Why isn't PCTools firewall listed??

 

What if Matousec tested Sygate Personal Firewall 5.6.3408.Debug.Final (both Free and Pro) with the update file 3055 (for Pro) instead of Sygate Personal Firewall 5.6.2808 (Free)? Will there be any difference in the results and rankings? Just wondering...

thanatos

 

Also please test...

Kerio 2.1.5
ZA 2.6.362
ZA 4.5.594.000
ZA 5.5.094

Mike

 

Hello

Good point.

I believe the reason is the rebranding moment. The results would be very similar to Look'n'Stop. They are waiting for some development from PCTools.

I am not aware of the differences between the two builds, but I think the answer is no. Sygate is not designed to pass that leak-tests. A much stronger HIPS is needed...

That would be a disaster...

Cheers.

 

How so? Those old firewalls are recommended all the time.

But, testing old Sygate is OK?

Mike

 

Look how our good ole' Sygate (still one of the best firewalls out there) has passed with leaktests. Pretty bad, huh? A firewall has to be able to monitor all kinds of inter-proocess operations in order to stop the leaking. Most old firewalls were concentrated mainly on packet filtering, and doesn't have a HIPS capable of detecting "process using other process" type of detection. Well, I'm not actually certain how old ZAs would be rated (I haven't used those versions), but "little" Kerio (also still one of the best firewalls) would certainly be a disaster.
These leak-tests are only the proof that a good outbound control is not everything that constitutes a quality firewall. I certainly don't care much about leaktests, as I use a dedicated HIPS as well. Not that I need it at all, but I like constant tinkering with security apps...

Cheers.

 

I guess I was wrong to think a firewall IS a firewall, but not also HIPS, AV, AS, kitchen sink, ...

I have learned a new term here at Wilders... PoC.

See my first response above.

I changed your statement to match what I want.

ME TOO!

Mike

P.S. I guess 'Jetico Personal Firewall 1.0.1.61 Freeware' should not have been tested... it is also old, but rated Very Good.

 

Yes, I am actually sad to see this happening. I always tend to avoid all kinds of suites, and this "firewall merging with other usefull stuff" kind of thing is not my game.

Well, use SSM then. It's pretty light on resources, and it will give you many happy geek hours. It's also a usefull learning tool...

Cheers!

 

Dah, what a good idea!

Mike

 

Thanks Nick.

 

This whole leaktest thing is completely pointless. Once a piece of malicious code is on the machine there are countless ways to send information off the machine, both through silent means as well as social engineering. This matousec thing is a waste of time. Not to mention that even if you are able to detect any leak, its next to impossible to block it outright without prompting the user. The big boys Symantec, McAfee etc have learnt this and I suspect thats why they are not playing the leaktest game. Whats the point of prompting the user.

 

I'd rather have the extra leak test protection as it is part of a layered security approach.

 

I still don't understand why Jetico 2 is not placed as #1.
When It passes more leak tests then Comodo.
Maybe he's partial to Comodo.
Comodo: "The only firewall that doesn't leak" is a little
misleading when it leaks like a sieve.
Even the developers and moderators on there forum know it leaks.
I guess a little false advertising doesn't hurt when its free.

 

I don't think that Matousec is partial to anyone's product. In fact, the only truly positive read that I've seen on his site is one regarding the firewall in KIS7. BTW, please explain what you mean by CPF "leaking like a sieve".