Comodo Leaktest results for PF and ZA disappointing

well I installed the free version of privatefirewall (turned learning off) and ran the comodo leaktests with a score of 190/340... uninstalled and installed free version of zonealarm and scored 200/340... both of these seem low.

Is there something I am missing that I need to do. Please let me know what other information I can provide to get an idea of why these scores are so low and what I can do about it. I am new to firewalls but have seen videos of people scoring 290-300 using these, do i need the pay version or something? Thanks

 

I am curious as to why anyone would use a test designed for a specific product, use it to evaluate another product, and then accept the result with anything more than a grain of salt?

 

Well for one thing, Zonealarm free does not have full-blown HIPS

 

First, you need to chill. Then, just install either one and learn how to use it. Use their websites, help files, support forum, user guides and any other useful info you can gather to learn about the product.

Don't pay any extra, if you are behind a router, just choose one: Privatefirewall, Zone Alarm, or even Windows built-in are all excellent options.
Forget about those so-called leaktests. If you surf safely, the chances of getting attacked with any of the techniques deployed by these 'tools' are extremely low.

Welcome to Wilders, by the way.

 

Along the lines of what KelvinW4 said, I would point out that the http://personalfirewall.comodo.com/cltinfo.html page refers to it as "HIPS and Firewall Leak Test Suite". Which suggests that it is testing more than just the firewall.

Full-featured software firewalls have the ability to block network activity based on what local "program" is involved. At a high level that would involve 1) using an OS API and/or driver to detect network activity, 2) using OS API and/or some other technique to look up information about which local "program" is associated with the network activity, 3) using some of that information to distinguish different "programs". For example, a firewall could lookup the full pathname of the local main executable file associated with the network activity and apply rules based on that. However, as long as two "programs" have the same full pathname they would be considered the same even though the second one might be totally different and has replaced the first one. A firewall could also factor in the digital signature of the executable file, treating two executable files as the same as long as they were signed by the same company and have the same product name. A firewall could go beyond that and also use hashes of the executable files in order to detect situations where two files have the same higher level characteristics but are different in some other way. I think, but to be frank haven't properly verified, that it is also possible to fingerprint a "program" based on other characteristics such as which DLLs it has loaded and information about those DLLs. Thereby increasing the precision with which the firewall knows what it is applying rules to.

Detecting that a "program" and the related code that is running... that which is associated with network activity... has changed (past tense) is a software firewall function. Detecting that the program and related code is about to be changed (present/future tense) is a HIPS type function.

 

Most of the tests within CLT,were created by third parties unconnected with Comodo.However,as has been pointed out,a lot of the tests relate to HIPS functionality so the OP shouldn't be concerned.

 

Yes, there's one important point you are missing. You are letting the test suite run. The first thing PF will alert you is that an untrusted program wants to run, don't let it and you'll get the best result.
This tests are for dumb people. It is like when an AV tells you that there's something fishy and you don't listen to it. Don't complain later if the result is not what you expected.... you let the program run.
PF has one of the highest scores in the Matousec tests (if that's something you care about).. so...

 

Privatefirewall results with CLT discussed multiple times in this forum section.

Go to the end of this thread and apply those settings and then retest with CLT.

https://www.wilderssecurity.com/showthread.php?t=341544&highlight=privatefirewall+leak+tests

 

Just add SpyShelter and you will get a perfect 340 score.