Atelier Web Firewall Tester

Discussion in 'other firewalls' started by pajenn, Jan 9, 2016.

  1. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    It's a free firewall or leak tester: http://www.atelierweb.com/2014/08/06/awft-5-1-now-free/

    I decided to try it, and failed all six tests. I'm using Windows 8.1 firewall with Windows Firewall Control set to medium filtering. Of course I had to install this software in the first place before it could leak...

    In any case, I thought others here might get a kick out of trying this software. I saw it on Majorgeeks.com so it should be safe. Also, I'd be interested to hear how other firewalls did, or what people here think of this test.
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    2.1gb for .net installation to use the tester?

    No thanks
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Reviewing the below tests, the only way your going to pass these is if you have a HIPS installed and properly configured. This test is more akin to Matosec's Leak test suite.

    One:
    Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs.
    Two:
    Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail.
    Three:
    Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail.
    Four:
    Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    I find these tests dumb. when I try to run them my security software blocks them, so I have to lower my defenses to get them to run. They they fail. Really dumb
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Testing with it is a moot point for me. IE's Smart Screen filter blocked the download from the vendors web site. So it must be really, really bad ......... :cautious:

    Also, zip download was only 768K. Don't see how the extracted ver. could end up being 2.1 GB unless that includes the install of .Net 4 which I definitely would not allow it to do. I already have .Net installed. Maybe that is why the download is noticeably smaller.
     
  6. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    If your security software blocks them, then I'd say you succeeded in blocking these attacks.

    Mine failed because recently (last few years) I've been frustrated with security software in general feeling that they've caused me more problems and annoyances than they've solved, and therefore I'm just using Windows Firewall Control and Windows Defender now. Maybe I should add a good standalone HIPS or something like Zemana...
     
  7. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Yeah it was the .net installation.

    With the security risks associated with .net it does amuse me that we have to install it to test security.
     
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    In parallel to your reply javascript has security risks but it must be allowed to run to use online testing tools.
     
  9. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Where are you getting that figure from? I have .net 4.5.2 installed on my machine and it only shows as 38.8 MB
     

    Attached Files:

  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    What is all the fuzz about? This test has been around for years, and it's a legit tool to test your firewall/HIPS.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    That's the size for the stub version. I have the full ver. on my PC and just its install folder is 700 MB.
     
    Last edited: Jan 10, 2016
  12. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    .NET is huge of course, and I would not recommend anyone install it just to run this program, but most people already have it installed since lots of programs need it.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I have been using Comodo's Leak Test to "tweak" Eset Smart Security firewall and HIPS since Eset's realtime AV scanner has issues w/AFWT download from the testmypcsecurity web site and IE's Smart Filter blocked download from the atelierweb site. Scored 300/340 using CLT which is good enough for me.

    Here's a question for all tweakers. How many monitoring HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\* where malware loves to install itself as a service?
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    For example in Comodo HIPS many Registry keys are monitored by default, and you can add others: see CIS < advanced settings < security settings < HIPS < protected objects < registry keys < important keys and you can add the keys you want.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,029
    Location:
    The Netherlands
    Obviously, you should disable the AV, or mark the file as clean in order to test it.

    I don't get it, don't all HIPS monitor this? Is this different then: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Comodo is the only one I know of. Possibly, Outpost also. Monitoring that key is tricky since a lot of Win processes update subordinate keys in that area. So if you use a HIPS that has an option such as "allow all trusted system processes", then monitoring is not a big deal. Not all HIPS's have that option though e.g. Eset HIPS.

    Actually, anything in ControlSet001\services is copied to CurrentControlSet\Services at boot time. So malware for persistence will use ControlSet001. Updating CurrentControlSet is pointless since registry updates aren't effective until a reboot. Where malware usually writes to is :

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\*
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\*\Parameters\ServiceDLL\*
     
    Last edited: Jan 16, 2016
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I think Online Armor would have passed all these test if it was still around. I had already ran these type of test on OA in the past, and it past them all.
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Agreed. I didn't mention it since it no longer is available.

    Also the AFWT tests appear primarily to be HIPS tests. A good firewall test in CLT is the following:

    1/16/2016 6:23:09 PM Detected covert channel exploit in ICMP packet 192.168.1.xx 199.202.238.18 ICMP
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The time when Eset log entry was created; 1/16/2016 6:23:09 PM
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
Loading...