Down at the bottom of the results page on the well known Matousec site there is a reply from Sunbelt software that slams leak testing. The points raised are: The game is already lost after malware has executed and nothing on the box can be trusted anyway. Pop-up fatigue or as some others call it, lazy click syndrome. Reliance on simulator programs produces tests designed around the limitations of the simulator programs. I believe it is important to question the value of leak testing, as software firewalls have almost no value to the desktop computer behind a router user other than outbound control. Matousec leak tests HIPS programs, some of which are not monitoring network connections. I don't know how valid this is as it can be argued that simply running LUA/SRP will stop all leaks. After all, with LUA/SRP the user can write only to areas from which no file may be executed. This prevents accidental infections. IMO, there is no foolproof automated way to prevent infection by intentionally executing malware with administrative rights that is not in the user's AV signature database. Its possible to improve the odds with behavior based detection, but this is relatively new and untested. I don't consider HIPS to be automated. All of this makes me wonder what is an improvement. A program like Comodo 3 has a powerful HIPS but suffers from pop-up fatigue. Once any firewall starts to alert the user about events that are not network related pop-up fatigue sets in. Moreover, any firewall (or other security utility) that is not quiet produces the same bad result as an AV false alarm. In an office someone has to stop working and call the help desk. My thoughts for the morning. I would be out diving but for the rain here in paradise.