Personal Firewalls vs. Leak Tests: Part II

Ah, the age old debate: default configuration versus adjusted configuration. It's hard to know what is best, I suppose, in order to perform fair tests. Just as it is hard to know whether the users will actually read the installation recommendations or the help files regarding what settings they should make or change.

Interestingly enough ZAP does recommend that the user set Program Control to High after 2 days (or so) of normal Internet use. This enables full program and component control which is the key to monitoring and managing program interaction. ZAP can't control this until each program and its components have been loaded into its program database. But, if ZAP came with that feature set at installation time, the user would literally have to respond to hundreds of component level access requests while ZAP is in this learning mode.

This Advanced Program Control was actually added to ZAP specifically to address the tooleaky exploit method (ie. one program calling another in order to access the network), which in this test ZAP is shown failing because of this initial setting. I'll grant you that ZAP doesn't handle all the known exploits, but it handles many with proper configuration.

As for TPF, with its sandbox it can give you incredible security. But, then we have people saying that the sandbox isn't really part of a firewall, (lesser application controls appear to be, but not a full sandbox), so it isn't a fair test to use it to prevent the exploits. So, TPF fails more tests than any other firewall when it ought to pass most of them.

By the way, for people who don't know the power of a sandbox, just look at any of my threads here or at DSLR where I show just what TTT (the sandbox running separate from the TPF firewall) can do; intercepting and controlling programs calling programs; programs accessing system services or resources; or attempts to terminate other processes; all these things can be controlled completely. But, TTT/TPF is terribly complex. It can't be set by default at installation time because every system is different and the access needs on them are different. Users who wouldn't take the time to configure it properly wouldn't even be able to operate their systems.

I'm glad tools like these exist for those of us who are willing to do more than set it and forget it. If you are willing to put in the effort, you will get back an incredible level of security.