NEW SUPPORT FORUMS FOR ATELIER SECURITY PRODUCTS

http://www.atelierweb.com/products.htm

PRODUCTS - AWPTA - AWSPS - AWRC - AWFT - AWSMS - AWCAPI - VisiAGRA - ComboBoxEx

SUPPORT FORUMS AT:
http://users.boardnation.com/~mickeytheman/index.php?board=36

 

Thanks Mickey

I'm glad that Jose has now again his support forum; he deserves it!

Cheers, Jan.

PS: I fixed the link to the support-forum

 

Thank You Mickey

I tried the firewall check with Sygate and only pass number 3
all the rest fail

 

Controler, i don't use your firewall, but any good firewall should have no problem passing at least first 3.
Try this : Set your default browser to be another one than the one you are actually using and block it's access to the net.


Technique 1 Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs.

Technique 2: Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail.

Technique 3: Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail.

Technique 4: Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.

Technique 5: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, loads a copy and patches it in memory before execution from within a thread on Windows Explorer. Very difficult test for PFWs!

Technique 6: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, requests the user to select one of them, then creates a thread on the select process. Another difficult nut to crack for PFWs!

 

Hi MtM,

I think to be significant, the test has to be run in normal conditions and not "cheating"

BTW : OP says there is no way to pass #1 : OP 2 alpha passes the tests 10/10 according to Mikhail Zakhryapin.

I think it could be a flaw in the test : I re-ran it and now I get 10/10 FW or no FW at all and no proxy

Rgds,

 

Jack, normal conditions for me is NOT to allow set default browser to access internet. Been like that way before advent of AWFT.
MYIE is my browser and OPERA has been set as default.
So if anything needs to access opera, i get alerted immeditely + access is denied.

 

Hi Mickey

You are rather machiavelic lool

One of the test needs IE open (# 2 I think).

Take in consideration too that when a real trojan uses a trick (maskerading, dll injection, etc...) most of the time it would target IE and not you default browser (Opera or other) and MyIE which I use too when not using Opera 7.01 is just a layer on IE.

Rgds,

 

Test needs default browser open, which never is

 

Hi Mickey,

If you want to run "these" tests, you have to respect what the tests are done for "Test needs default browser open", otherwise no test is ran, you may get a 10/10 it has no meaning at all : the test is distorted and that says absolutely nothing about your FW capabilities.

BTW : IMHO this test might or might not indicate some weaknesses in FWs but as nothing to do with real conditions, like all other leaktests.

Rgds,

 

In other words, i should change my usual security settings just to please a test ?... i don't think so.
Would my firewall pass ? I don't know and i don't care either.
A test is only valid for me as long as it can bypass my usual normal security settings. If it can, it wins, if not i do. As simple as that.
If i altered my settings, then yes it would be cheating and defeating the purpose of testing in the first place.
But when i get message from awft that it needs default browser opened for it's test, i just wink and say no thank you and know that in real life situation the same would apply.

 

Hi MTH

Right : that's exactely why I added the remark "BTW"

Same apply to some other leaktests : first you must install
some *.dll only seldom used with some sniffers, would be stupid just install them to see if there is a leak when installed as there is no leak when you don't have those *.dll

I ran the test just out of curiosity. It's rather an issue for FW developpers.
I just got an answer from Sergey Podolsky (SSM) : it will be fixed in SSM2.

I just meant if you want to see your FW capabilities about this tests, you need to play fair game, if you don't accept the test rules and apply your own ones, useless to run it : it gives no hints about your FW abilities

After running the test I rolled back to my usual settings and the test cannot be of any use (always 10/10), no harm done, no dangerous *.dll or drivers installed, but I know a bit more about OP Pro.

No time to run the tests on other FWs, but I would be pleased to know their scores when compelling to the tests rules.

Best regards,