Matousec

Does anybody know when Matousec's latest findings will be available?
Doc

 

Sure, ASAP buddy

 

Didn't know there would be a problem with asking.

 

It is updated regularly. Just keep on tracking their website. www.matousec.com

 

Thanks for the info.
Doc

 

Hmmm... The last time he posted..... was on 8/1/2007.

 

IMHO these are not up to date test results. They using a version of Jetico Firewall that is almost five months old!!! And why not use the current version. Most everything else are updated versions.

 

My theory:

jetico 2.0.0.34 is now better than Comodo's newest released version. he is partial to comodo.
he is stuck on testing a very old version of jetico and doesnt want to admit something is better.
we will have to wait for the test results if they ever get around to testing a newer version, but doesn't look like it will be anytime soon.
they will probably test the new version of comodo when it's released before they test a new version of jetico.

 

One thing to note is that the info on there about KIS7 is false. They testing a pre-ship version build 119. In the shipping build 125, ALL outbound traffic is allowed by default. So it fail all tests with default settings.

 

I don't take any of the tests too seriously....

 

Its like the Blind leading the Blind You will Believe Anything you read

 

what's preventing You write email to Matousec group ?
http://www.matousec.com/matousec/contact-us.php

anyway You should consider it takes some time to sync servers with latest builds

 

These leaktests are the biggest waste of time.

 

Well I just got a response saying the next results will be out in 2-3 weeks.

 

Hi Zombini,

Although I would agree that a need for a firewall with "leak prevention" is certainly not at the top of my list for a firewall function. I would say that at least the "leaktests" show the possiblity of how information/outbound could bypass a firewall. (most of which is due simply to the way windows is built)

My personall direction as always been to prevent the malware (or whatever) from being able to get in and install/run.

As with the results shown for bugs etc,... these are checks made within the OS, I still would like to see how such as "Matousec" would be able to gain entry to my system and make use of these bugs to actually disable/crash (whatever) my firewall/security setup.

 

Matousec's tests are useful when viewed with common sense. Some folks seem to resent that prerequisite.

 

Matousec posted article with tests based upon new tool (BSODhook) against SSDT hooks ...

seems like tons of applications got 'problem' with

http://www.matousec.com/projects/wi...lysis/plague-in-security-software-drivers.php

and advisories (see vendors were notified in advance)
http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php

 

Well,... maybe just my own thoughts, as I put forward before.:-

Try and get in my PC to make such exploits

I can certainly myself, kill a number of security applications (bypass kill protection), but I need to have access to the OS. To do this I would need to download and execute (possibly install).

No, sorry, this is, for me, just some form of scare tactics.

 

Stem i get Your point as You mainly interested and testing SPI quality of firewalls
(as it should be theirs priority base of operations)

anyway You said You may post some of Your results yet You said it may be issue with TOS of forum ...

what about to create own website (some blog, wiki or else) and link to it ...

btw. i take Matousec results with reserve too but IMHO most of these products he flagged with problems i encoutered to be unstable
so guess if nothing it's good indicator of what u may await for problems lol

 

I've used only a few of the tested products, but I would agree that stability is something I place far more importance on than how vulnerable they might be to exploits. Apparently, SSDT, kernel mode, or ring 3 hooking, or whatever it's called (I'm no expert at all in this) can result in system instability if it's not properly implemented in a given product.

 

Matousec is obsessed with leak testing.

Before this is relevant, you have to be infected with a zero day attack that your AV misses. It must be hidden by a rootikt, so your AV does not pick it up the next day, or it disabled your AV, and this very sophisticated malware somehow did not disable your firewall, so its leak proof logic can tell you your backside is saved. Is that reality?

 

I'm wondering how all of this new info will change the overall test results when Matousec publishes next time.
Will he only score for leak test results or add these in?
Just curious as to why we are just now hearing about this, too.
Regards.
Doc