Avira Premium Security Suite and leak tests

Discussion in 'other firewalls' started by QBgreen, Nov 29, 2006.

Thread Status:
Not open for further replies.
  1. QBgreen

    QBgreen Registered Member

    Jan 1, 2005
    Queens County, NY
    Has anyone ran APSS through the gamut of leak tests yet? If yes, how did it do?
  2. jasonago

    jasonago Registered Member

    Oct 28, 2006
    As a member of Avira beta testers, I have created tests for the Avira Premium Security - one is leaktesting and the other port stealthing. The reviews was posted in http://betatest.avira.com/

    Here are the results:

    Testing the strength of Avira's different firewall settings
    I used the Symantec's Security scanner, McAfee's hackerwatch.org, and Shields UP!! port and vulnerability scanners...Here are the results...

    Symantec reported that most of the ports are either open or closed but not stealthed.

    As I was trying to test the firewall with hackerwatch, my bandwidth started to stop, which is always happening when I often connect to the net w/o a firewall...Abruptly, I set Avira's firewall to MEDIUM and my bandwidth is all up again...Then to check this again, I turned it again to LOW and my bandwidth is again out...

    Shields UP reported the following: All are closed (not stealthed) except port 135 and 445 which are open!

    At this setting, Symantec reported that all ports were stealthed except port ICMP ping which says it is open. Trojan horse checks reported that all possible ports were stealthed

    Hackerwatch reported that ports 21,23,25,79,80,110,139,143,443 are "Closed but Unsecure" (This port is not being blocked, but there is no program currently accepting connections on this port)

    Shields UP reported that all ports are stealthed except ports 0-9 which is closed.

    Symantec now reports that all ports including ICMP were stealthed. Same with hackerwatch.org and Shields UP

    Set Avira's firewall to HIGH and all is fine...

    By the way, I also tested Zonealarm Pro firewall (HIGH setting) and all the test reported a stealthed ports...Hey, when both set to medium, Avira is better in stealthing than Zonealarm!

    Firewall Leak Testing: Hey, This is not official!
    This leaktests are based on leaktest programs that can be downloaded at http://www.firewallleaktester.com/index.html.

    Note that some of them didn't work on my computer and it's up to you to perform the test again.

    This test also reflects my current settings and NOT the fresh install of Avira. When I performed this test, IE, Firefox, explorer.exe, and many more are already allowed to access the net. That's why most of the leaktest here failed. Besides, Avira's firewall wasn't designed to detect circumvention, bypassing, and injections of codes - Avira's Antivirus modules are for that.

    And because these leaktests are not included in Avira's virus definitions (except thermite), those that injects codes or do some other circumvention are not prevented. Again we can't say that Avira's firewall is substandard because it is not designed to prevent those tricks. But in real world, if a malicious code does those things, avira will readily stopped them...



    -It opened my Firefox but only loads the homepage...
    -Technically Passed

    -Event viewer of Avira revealed Yalta as "Acting as server" or sending data

    -I'm having problems in running this program...
    -Not counted


    -Technically Passed

    -Thermite was detected as TR/Hijack.Stesal.A by Avira
    -Thermite, unlike other leaktest that injects it's code into another processes via DLL, injects it's code into the target process directly, by creating an additional malicious thread within that process.
    -Failed, firewall didnt detect blocked Thermites connection to net. Able to download securityfocus.html

    -Failed, firewall didn't warn user, C:\exploited.txt present

    -I'm having problems in running this program...
    -Not counted

    -All four test leaked. Able to launch requested site

    -I'm having problems in running this program...
    -Not counted

    -Leaked, able to send string "sample" at the specified site

    -Message box revealed "Your computer has just made a successful recursive DNS
    query for www.microsoft.com using system DNS services. This means that it is possible to transfer information from your computer past personal and network firewalls."

    -Able to connect and download surfer.html, open it to browser

    Breakout v1
    -able to connect and download http://www.dingens.org/breakout.html.en using IE.

    Breakout v2
    -Bullshit test, I almost panicked because my desktop has changed!

    -Kaspersky detected its registry actions. When denied, the test aborts but when we allow the registry changes, jumper.exe successfully killed explorer.exe and upon relaunch, loads IE with the specified site.

    -Able to load COMODO's site

    -able to transmit string "sampledata"

    Again as we can see, leaktest that "leaked" actually used my browsers to send data. And as I said, my browsers have access to the net. We can't blame Avira's firewall for that.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.