Avira Premium Security Suite and leak tests

Has anyone ran APSS through the gamut of leak tests yet? If yes, how did it do?

 

As a member of Avira beta testers, I have created tests for the Avira Premium Security - one is leaktesting and the other port stealthing. The reviews was posted in http://betatest.avira.com/

Here are the results:



Testing the strength of Avira's different firewall settings
I used the Symantec's Security scanner, McAfee's hackerwatch.org, and Shields UP!! port and vulnerability scanners...Here are the results...

LOW:
Symantec reported that most of the ports are either open or closed but not stealthed.

As I was trying to test the firewall with hackerwatch, my bandwidth started to stop, which is always happening when I often connect to the net w/o a firewall...Abruptly, I set Avira's firewall to MEDIUM and my bandwidth is all up again...Then to check this again, I turned it again to LOW and my bandwidth is again out...

Shields UP reported the following: All are closed (not stealthed) except port 135 and 445 which are open!

MEDIUM:
At this setting, Symantec reported that all ports were stealthed except port ICMP ping which says it is open. Trojan horse checks reported that all possible ports were stealthed

Hackerwatch reported that ports 21,23,25,79,80,110,139,143,443 are "Closed but Unsecure" (This port is not being blocked, but there is no program currently accepting connections on this port)

Shields UP reported that all ports are stealthed except ports 0-9 which is closed.

HIGH:
Symantec now reports that all ports including ICMP were stealthed. Same with hackerwatch.org and Shields UP

Recommendations:
Set Avira's firewall to HIGH and all is fine...

By the way, I also tested Zonealarm Pro firewall (HIGH setting) and all the test reported a stealthed ports...Hey, when both set to medium, Avira is better in stealthing than Zonealarm!



Firewall Leak Testing: Hey, This is not official!
This leaktests are based on leaktest programs that can be downloaded at http://www.firewallleaktester.com/index.html.

Note that some of them didn't work on my computer and it's up to you to perform the test again.

This test also reflects my current settings and NOT the fresh install of Avira. When I performed this test, IE, Firefox, explorer.exe, and many more are already allowed to access the net. That's why most of the leaktest here failed. Besides, Avira's firewall wasn't designed to detect circumvention, bypassing, and injections of codes - Avira's Antivirus modules are for that.

And because these leaktests are not included in Avira's virus definitions (except thermite), those that injects codes or do some other circumvention are not prevented. Again we can't say that Avira's firewall is substandard because it is not designed to prevent those tricks. But in real world, if a malicious code does those things, avira will readily stopped them...


Leaktest
-Passed

Tooleaky
-Passed

FireHole
-It opened my Firefox but only loads the homepage...
-Technically Passed

Yalta
-Passed
-Event viewer of Avira revealed Yalta as "Acting as server" or sending data

Outbound
-I'm having problems in running this program...
-Not counted

PCAudit
-Passed

AWFT
-5/10
-Technically Passed

Thermite
-Thermite was detected as TR/Hijack.Stesal.A by Avira
-Thermite, unlike other leaktest that injects it's code into another processes via DLL, injects it's code into the target process directly, by creating an additional malicious thread within that process.
-Failed, firewall didnt detect blocked Thermites connection to net. Able to download securityfocus.html

CopyCat
-Failed, firewall didn't warn user, C:\exploited.txt present

MBtest
-I'm having problems in running this program...
-Not counted

WallBreaker
-All four test leaked. Able to launch requested site
-Failed

PCAudit2
-I'm having problems in running this program...
-Not counted

Ghost
-Leaked, able to send string "sample" at the specified site
-Failed

DNSTester
-Message box revealed "Your computer has just made a successful recursive DNS
query for www.microsoft.com using system DNS services. This means that it is possible to transfer information from your computer past personal and network firewalls."
-Failed

Surfer
-Able to connect and download surfer.html, open it to browser
-Failed

Breakout v1
-able to connect and download http://www.dingens.org/breakout.html.en using IE.
-Failed

Breakout v2
-Bullshit test, I almost panicked because my desktop has changed!
-Failed

Jumper
-Kaspersky detected its registry actions. When denied, the test aborts but when we allow the registry changes, jumper.exe successfully killed explorer.exe and upon relaunch, loads IE with the specified site.
-Failed

CPIL
-Able to load COMODO's site
-Failed

PCFlank
-able to transmit string "sampledata"
-Failed


Again as we can see, leaktest that "leaked" actually used my browsers to send data. And as I said, my browsers have access to the net. We can't blame Avira's firewall for that.