A new leak test application from COMODO

Discussion in 'other firewalls' started by dah145, Oct 18, 2006.

Thread Status:
Not open for further replies.
  1. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Check here (need registration to access the leaktests from the forums.)

    I just found the leak tests in their Homepage :
    http://www.personalfirewall.comodo.com/onlinetest.html
    Click on Download Comodo Parent Injection Leak Test Suite

    Also I just want to add that currently I am using KIS (kaspersky) and passes 1 and 2 but fails the third one, I also read that Outpost and other firewalls are not passing the leak tests.

    :cool:
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    http://img154.imageshack.us/img154/2121/cpilexedy3.th.jpg

    Test 1: 1.alert, 2. DNS Alert, 3.alert.
    Test 2: 1.alert, 2. DNS Alert, 3.alert.
    Test 3: 1.alert, 2. DNS Alert, 3.alert.

    After the test I had to restart due to cpil.exe still sitting in the memory:
    I got those pops, when I was trying to use IE: 1.alert, 2. DNS Alert, 3.alert.

    Note 1: Explorer.exe crashed during the Test 1 sometimes, I had to restart.
    Note 2: I had "Component Control" and "Enable Alerts" disabled during the test.
    Note 3: I use CPF with "ABA" and "CC" disabled, so I would not pass none of those.
     
  3. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I am using Kerio 215 with PG. Tests 1 & 3 are ok since I do not use IE and is blocked but test 2 goes through whatever browser and PG once you have allowed the initial suite to start does not monitor the dll injection. Searching around the web I came across this link in CastleCops showing the relative merits of HIPS programs. I chose AntiHook and that stops test 2 dead. I knew about A/H but never reckoned I needed it.
     
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Jetico failed 1 of 3. Test 3 crashes explorer.exe on my system with IE7 installed.
     
    Last edited: Oct 19, 2006
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hips programs such as SSM will intercept all 3 tests, as these tests are just (1)"direct memory access" and the injection of (2)"cpil2.dll" and (3)"cpil3.dll". Personally, I dont expect my firewall to block such things.
     
  6. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    This test seams to leave something behind. Each time i restart my PC the explorer comes up with a view of system32 folder. Somebody else has this behaviour?
     
  7. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Isn't that the key? If this were an unknown process attempting to launch, you would have likely blocked it from launching, preventing the leak from occuring in the first place. That said, I do understand you allowing it because you want to see if SSM can stop the actual leak test. This is one I will have to try out later today. I'm using the latest beta paid version.
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Yes. But for me probably from Green border tests:
    http://www.greenborder.com/scan

    What is that?
    Any body got a fix.
    Not happy!
     
  9. wir.sing

    wir.sing Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    60
    Had the same problem. Used Regcleaner (or you can use whatever Regtool you like) and found two strange entries in the Staruplist.

    In Regcleaner StartupList they are just displayed as empty, as in no Program Name in the Program field (if you have Regcleaner you should see what I mean). Deleted those two and the problem was gone.

    Oh yea and Im not responsible if that doesn't work or your windows goes windblows or anything else happens that you didn't want to. :)
     
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Well you are quite right in what you say, however this exploit could be hidden in another app you installed and did not expect to be malicious. I think in this instance PG would fail and A/H stop it. Did not really want to install another security app but .........
     
  11. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Good point. It really does come down to how the malicious process is launched and whether or not SSM can detect this. It would be more reassuring to see SSM stop the attempt after initially allowing the suite.

    According to this http://syssafety.com/product.html it is supposed to monitor code or dll injection. Maybe this leak test is a little more elaborate than this?
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    SSM does intercept all 3 tests as mentioned in my post #5
     
  13. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Confirm that and with the free version :)
     
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i experienced this as well.
     
  15. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Thanks Stem. It works for me too. It looks as though djg05 got conflicting results with the one test.
     
  16. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Don't think I got conflicting results. I stated that test 2 got through my defences. I am beginning to think my trust in PG is misplaced and maybe I ought to try SSM instead of PG. Will try it out later when I get some free time.
     
  17. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    System32 Folder Opens When Logging on to Windows XP, Windows 2000, or Windows NT 4.0

    http://support.microsoft.com/kb/170086/en-us
     
  18. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Well I just thought PG would work the same way as SSM, at least in this case. It probably is worth giving SSM a try. Even the free version stops the leak tests.
     
  19. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    In view of this latest test it does seem that I have had misplaced trust in PG. I have been ignoring the advice going on here about the merits of SSM especially by Stem.

    PG was very difficult to uninstall and had to go to safe mode to do it fully. I now have SSM running and it is a much lighter system with Kerio. The two taking up about 15K.

    Do you find that the paid version gives you a lot more than the free?
     
  20. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    The paid version offers a little more. The comparisons are here

    http://syssafety.com/product.html

    The support and development on it will be better than the free version as well. I just figured: "what the heck, I like the program so much I will buy it". Not only that, but I saw that Paranoid2000 bought it (I know because in the SSM forum members get a "Customer" designation under their usernames), so if it's good enough for him, it's good enough for me too :)
     
Loading...
Thread Status:
Not open for further replies.