Tested Firewalls & Leaktests

Discussion in 'other firewalls' started by Rilla927, Nov 28, 2006.

Thread Status:
Not open for further replies.
  1. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I guess Sygate
     
  2. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Interesting , but it seems every leak-test has different results. I must admit I am a huge fan of Jetico (great leak-test results, ran about 7.5 in memory). But I feel that most security apps can be bypassed by stupidity.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    It does not matter what firewall I use, I always pass the leaktests. Passing leak tests has nothing to do with a specific brand of firewall you're running. It can be any of dozens of Linux-based firewalls. Or even Windows firewalls.
    Mrk
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    yes, with a HIPS you can pass leaktests
    Also, if you block execution of untrusted executables, scripts, etc most leaktests fail to execute
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Lucas, you fail to see my point.
    It is I that pass the leaktests - not the software.
    Mrk
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Being you this was what I imagined :D
    I agree with you, of course, but that´s not the point
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Just to make things clear:

    http://www.interhack.net/pubs/fwfaq/

    And thie script below is a firewall:

    #!/bin/bash

    iptables -P INPUT DROP
    iptables -P FORWARD DROP

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

    More fun reading:

    http://en.wikipedia.org/wiki/Internet_protocol_suite

    http://en.wikipedia.org/wiki/OSI_model

    http://en.wikipedia.org/wiki/Firewall_(networking)

    http://www.vicomsoft.com/knowledge/reference/firewalls1.html

    Especially this, from the above article:

    What can't a firewall do?
    A firewall cannot prevent individual users with modems from dialling into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls ...

    Mrk
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I really didn´t know that Comodo was this good when it comes to leaktests, also nice to see that ZA Pro is stil doing OK. Of course a lot of these leaktests can be defeated by using a HIPS.
    But I have to say that the graphic is very hard to read. Also, I wonder if ZoneLabs already fixed the quite serious bugs that Matousec found months ago? :rolleyes:
     
  9. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549

    The 'blather' these days is actually "It doesn't matter since my seperate HIPS will catch it".

    That's not quite true though.
     
  10. Nature

    Nature Registered Member

    Joined:
    Nov 28, 2006
    Posts:
    13
    Some say that it's only the user that can stop the leaks, but i don't think it's true. You can't stop anything you don't get a popup for...
    If you use XP firewall, you will never know that you have a leak, so you can't stop it...



    Those of you that haven't read the termination test, can read it on this link.
    Termination test

    ZA, Outpost and Comodo did well in that test.

    Comodo's version 3 of their firewall will have HIPS as well.
    Coming around new year I think.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Care to explain this DA? :)
     
  12. bizzyb0t

    bizzyb0t Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    2
    All this talk about which firewall is the BEST and which ones pass the leaktest, etc. :gack:

    The fact of the matter is that a firewall alone is useless without the know-how to configure it.

    I think that COMODO is a very good firewall. I think it's snazzy-looking and does it's job very well. However, if you've got an older machine and have no need to upgrade to something faster and more powerful, that firewall will eat a lot of resources. I tried to install COMODO PF on a friends computer and it caused his computer to chug when he used a torrent client. Some firewalls may be the "best" at network protection but at the cost of network stability.

    My personal favorite, for the few years, has been Sygate Personal Firewall Pro (along with NOD32) and this combo has served me well for a few years now. I'm currently using the SPFP 5.6 build 3408 which fixes the bugs that were in build 2808 (the one they used to leaktest :cautious:) and even though it's officially not supported, I'll continue using it until I come across something better. Also, having a good NAT enabled hardware firewall configured correctly makes it all the better.

    Sometimes, you want to sacrifice some security for performance. As a side note. I have yet to get a infected with any trojans, viruses or worms since I've used the SPFP & NOD32 combo. It doesn't interfere with what I want to do and SPFP doesn't buckle under the load of massive connections (ie, filsharing software). And don't preach to me about filesharing :p Like I said, never infected using those two.

    My previous FW and AV combo was Avast! Pro and Tiny Personal Firewall Pro 5.5 (at the time, awesome combo) and they served me well until I got infected with a worm when I let my sister use AIM on my comp :doubt: and Avast and Tiny didn't protect me.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Syggie is a nice little workhorse.
    Didn't try the unreleased builds though, what's on the menu compared to 2808?
    Mrk
     
  14. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Vulnerable Softwares?

    Hi, folks: Remember matousec? the fellow who used to create a great deal of attentions and controversaries here on Wilders a while back regarding his finding of firewalls? Has released a A-bomb claiming the following polpular programs having big holes: Antihook, AVG AV+FW,Comodo,Filseclab, Look'n'Stop,and Sygate. Details can be found at his own website. Your opinions?:rolleyes:
     
  15. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Re: Vulnerable Softwares?

    Are you referring the test results that are posted on the weblinks?

    http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

    http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php

    Oddly, in the Matousec firewall survey, Antihook is listed. But on the Antihook website, the authors make a statement that the program is not a firewall.

    Edit to the previous statement. HIPS programs are included in the survey. My oversight.
     
    Last edited: Dec 15, 2006
  16. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
  17. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Re: Vulnerable Softwares?

    From the website:

     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Vulnerable Softwares?

    The test against Antihook (by "ex-coat") is memory modification. Does Antihook say that their program protects against this?
     

    Attached Files:

  19. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Vulnerable Softwares?

    At the link you gave, the info does state:
    Now I am uncertain if the "Process modification" does mean "Process Memory Modification(write to applications memory)".
     
  21. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Re: Vulnerable Softwares?

    Does the screenshot indicate I passed or failed the test?? It would appear to be a "pass". I had to allow the test to run from the alert generated by SSM, otherwise it was not "getting off the ground". I did not get any further alerts from SSM between allowing the command to run and the final "TEST FAILED!" text. It looks like it got as far as opening the pid 504 (explorer.exe), allocated memory in the target process @ 0X00F90000, then failed to go any further. Ran the test twice more with the exact same results.

    What I found really puzzling, however, is I then disabled both SSM and Outpost Pro, ran the test again and still ended up with the exact same results, the only difference being i didn't get the alert from SSM to all/deny the command. I ran the test under my limited (power user) XP Pro account. So, I'm not sure what to think of this test o_O
     

    Attached Files:

  22. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Vulnerable Softwares?

    You should of been given an alert, OR, have you set up SSM to silently block?

    I allowed the program to run, and was given alert (pic from Jetico2 alert)
     

    Attached Files:

    • test.jpg
      test.jpg
      File size:
      16.5 KB
      Views:
      475
    Last edited: Dec 15, 2006
  23. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Re: Vulnerable Softwares?

    SSM alerted me on my attempt to launch the command so I allowed it, otherwise the test was not going to run. There were no more alerts after that, and the results are in the screenshot. Still, I'm very puzzled that the same results occured with both SSM and Outpost disabled!

    I'll experiment a bit more.
     
  24. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Re: Vulnerable Softwares?

    Nope, same results, even after putting Outpost's "Component Control" to maximum and ensuring "Allow injection of shared components" was disabled. There was not a single prompt from Outpost (ver 4.0). I'm quite pleased with the alert from SSM regarding the launch of the test, but did you get that alert plus another one from PS, Stem?

    I may have some setting too liberal in SSM, but I don't see it at the moment. I have the (?) prompt set for darn near everything in SSM.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Attached are the 2 alerts given by PS. The first I allowed, the second I blocked.

    BUT, I allowed both on my last test, but the test said it had failed. So the test looks a bit buggy. But SSM should still intercept the memory modification.
    Which SSM build are you using (and free or full?) I will install to check what popups I am given by SSM.
     

    Attached Files:

    • test.jpg
      test.jpg
      File size:
      45.5 KB
      Views:
      454
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.