Avira Premium Security Suite and leak tests

Discussion in 'other firewalls' started by QBgreen, Nov 29, 2006.

Thread Status:
Not open for further replies.
  1. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    Has anyone ran APSS through the gamut of leak tests yet? If yes, how did it do?
     
  2. jasonago

    jasonago Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    31
    Location:
    Philippines
    As a member of Avira beta testers, I have created tests for the Avira Premium Security - one is leaktesting and the other port stealthing. The reviews was posted in http://betatest.avira.com/

    Here are the results:



    Testing the strength of Avira's different firewall settings
    I used the Symantec's Security scanner, McAfee's hackerwatch.org, and Shields UP!! port and vulnerability scanners...Here are the results...

    LOW:
    Symantec reported that most of the ports are either open or closed but not stealthed.

    As I was trying to test the firewall with hackerwatch, my bandwidth started to stop, which is always happening when I often connect to the net w/o a firewall...Abruptly, I set Avira's firewall to MEDIUM and my bandwidth is all up again...Then to check this again, I turned it again to LOW and my bandwidth is again out...

    Shields UP reported the following: All are closed (not stealthed) except port 135 and 445 which are open!

    MEDIUM:
    At this setting, Symantec reported that all ports were stealthed except port ICMP ping which says it is open. Trojan horse checks reported that all possible ports were stealthed

    Hackerwatch reported that ports 21,23,25,79,80,110,139,143,443 are "Closed but Unsecure" (This port is not being blocked, but there is no program currently accepting connections on this port)

    Shields UP reported that all ports are stealthed except ports 0-9 which is closed.

    HIGH:
    Symantec now reports that all ports including ICMP were stealthed. Same with hackerwatch.org and Shields UP

    Recommendations:
    Set Avira's firewall to HIGH and all is fine...

    By the way, I also tested Zonealarm Pro firewall (HIGH setting) and all the test reported a stealthed ports...Hey, when both set to medium, Avira is better in stealthing than Zonealarm!



    Firewall Leak Testing: Hey, This is not official!
    This leaktests are based on leaktest programs that can be downloaded at http://www.firewallleaktester.com/index.html.

    Note that some of them didn't work on my computer and it's up to you to perform the test again.

    This test also reflects my current settings and NOT the fresh install of Avira. When I performed this test, IE, Firefox, explorer.exe, and many more are already allowed to access the net. That's why most of the leaktest here failed. Besides, Avira's firewall wasn't designed to detect circumvention, bypassing, and injections of codes - Avira's Antivirus modules are for that.

    And because these leaktests are not included in Avira's virus definitions (except thermite), those that injects codes or do some other circumvention are not prevented. Again we can't say that Avira's firewall is substandard because it is not designed to prevent those tricks. But in real world, if a malicious code does those things, avira will readily stopped them...


    Leaktest
    -Passed

    Tooleaky
    -Passed

    FireHole
    -It opened my Firefox but only loads the homepage...
    -Technically Passed

    Yalta
    -Passed
    -Event viewer of Avira revealed Yalta as "Acting as server" or sending data

    Outbound
    -I'm having problems in running this program...
    -Not counted

    PCAudit
    -Passed

    AWFT
    -5/10
    -Technically Passed

    Thermite
    -Thermite was detected as TR/Hijack.Stesal.A by Avira
    -Thermite, unlike other leaktest that injects it's code into another processes via DLL, injects it's code into the target process directly, by creating an additional malicious thread within that process.
    -Failed, firewall didnt detect blocked Thermites connection to net. Able to download securityfocus.html

    CopyCat
    -Failed, firewall didn't warn user, C:\exploited.txt present

    MBtest
    -I'm having problems in running this program...
    -Not counted

    WallBreaker
    -All four test leaked. Able to launch requested site
    -Failed

    PCAudit2
    -I'm having problems in running this program...
    -Not counted

    Ghost
    -Leaked, able to send string "sample" at the specified site
    -Failed

    DNSTester
    -Message box revealed "Your computer has just made a successful recursive DNS
    query for www.microsoft.com using system DNS services. This means that it is possible to transfer information from your computer past personal and network firewalls."
    -Failed

    Surfer
    -Able to connect and download surfer.html, open it to browser
    -Failed

    Breakout v1
    -able to connect and download http://www.dingens.org/breakout.html.en using IE.
    -Failed

    Breakout v2
    -Bullshit test, I almost panicked because my desktop has changed!
    -Failed

    Jumper
    -Kaspersky detected its registry actions. When denied, the test aborts but when we allow the registry changes, jumper.exe successfully killed explorer.exe and upon relaunch, loads IE with the specified site.
    -Failed

    CPIL
    -Able to load COMODO's site
    -Failed

    PCFlank
    -able to transmit string "sampledata"
    -Failed


    Again as we can see, leaktest that "leaked" actually used my browsers to send data. And as I said, my browsers have access to the net. We can't blame Avira's firewall for that.
     
Loading...
Thread Status:
Not open for further replies.