firewall test result ?

He means Sandbox Settings > Restrictions / Resource Access / etc. HIPS wouldn't be the best word for it due to lack of prompts and coverage of the host system.

 

Thanks.
I thought I missed something.

 

By default all programs are allowed to run and have internet access.
Sandbox->Restrictions->Start/Run Access being empty.
Sandbox->Restrictions->Internet Access being empty.

If you add even one program the HIPS on that sandbox is turned on for those restrictions respectively. And yes you will get prompted for other things needed. The prompts are SBIE1308 and SBIE1307 and there is told what is blocked and if you want to allow.

For instance in my Firefox sandbox I have only Firefox.exe, plugin-container.exe, FlashPlayerPlugin_11_9_900_117.exe and WerFault.exe needed for Start/Run. Some situations might need dllhost.exe too but normally not, so the windows system files are covered too.

And the first 3 for Internet Access.

I guess for testing you could make a sandbox called Leaktests and allow that testing program. Might do it myself except too lazy at the moment and not sure if those tests are safe. There should also be a browser or some other program you run normally listed to simulate the normal situation of sandboxing it in the Run/Start & Internet Access. But maybe not all your internet accessing apps and their needed exceptions, since the whole point of sandboxing with its HIPS being most protective is to make separate sandboxes for each application.

The free version is quite effective too with its only DefaultBox, though it does not allow the separate sandboxes for each application. What is allowed for say Internet Explorer is then allowed for other browsers and programs too running in that sandbox.

I am sure the HIPS in Sandboxie is quite simple, just program start/run. Makes it easy to handle too. Brings back to my memory the good old ProcessGuard from the XP times. The Internet Access feature I think will cover the local proxy things (like Avast's webshield as an example running itself unsandboxed of course) also possibly existing in those leaktests, that the Windows firewall operated by TinyWall can't handle. Sandboxie's main thing is isolating and keeping your system safe, not leaktests. I bet together those 2 will make a good combination against most of the leaktests.

And I want Tinywall tested with it. There is some restrictions put by TinyWall for svchost.exe limiting it to what is needed. http://www.saunalahti.fi/~jarmos3/TinyWall_rules.jpg . I think some of those HIPS containing firewalls depend too much on their HIPS part and are not packet filtering for instance that one as it should be.

 

Which is not a problem because CHIPS is a nice thing to have. I know we're discussing about firewalls here, but if you just want a packet filtering feature, then Windows built-in firewall and a router is more than enough. So third party firewalls don't offer much. Sure, they have outbound connection control, but it'd be rather pointless if the malware hijacks svchost. That's why the CHIPS component is a worthy addition IMO.

 

You will be surprised to see that packet filtering may be not as easy as you think. So, no... firewalls (hardware or software) have different capability of managing stealthing, fragmented packets, etc... But unfortunately this type of tests are not anymore performed

 

All I know is that I am happy to get fully stealth on the GRC shieldsup tests with my router hardware firewall, and the new UPnP exposure test passed too. They may not matter much but it's always more fun to see a pass than a fail for some reason

 

Then enjoy your state of happiness

 

For the basic needs, they are enough IMO. Of course, third party firewalls have more abilities, which can please the enthusiasts.

Because they are obsolete or because they are unnecessary?

 

Not always true. In a FW we set rules about which executables can connect to the www. If it is properly designed any executable that has NOT be granted that right will fail to connect. If that was the malware execuable you would be right. The FW has stopped the "phone home"

But those who want to phone home have programmed tricks where they borrow the executables which have the connect authority and then they cheat the firewall.

So we need a tool that blocks this trick. Most advanced 3rd party products have this feature.

In my own case FWIW I use OP FW Pro which has this feature called leak control.

There are rouge products out there so ensure you check them out before using.

 

ZA Phone Home

 

Not just the enthusiasts I am afraid, there are relevant penetrations tests but simply too time consuming to perform and not appealing for the masses as you can see from the discussion here.