Best against Leaks?

Discussion in 'other firewalls' started by LnSuser, Oct 19, 2005.

Thread Status:
Not open for further replies.
  1. LnSuser

    LnSuser Guest

    Which one is best against Leaks: LooknStop 2.05p2, Outpost PRO 3, ZoneAlarm PRO 6 or BlackICE PC Protection?
     
  2. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    'Out of the box' I believe Zonealarm Pro 6 is better against leaks due to it's new 'OS Firewall'. But that doesn't mean to say it's the best firewall though :D
     
  3. webmedic

    webmedic Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    123
    Location:
    just curious how much info you can get into here a
  4. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Too funny . LOL . ZAP does do well NOW . I think OP would be a very good bet as well . Do not know about BlackIce as I never used it .

    Just remember : ZAP does well but , that doesn't mean to say it's the best firewall though
     
  5. Bluebird

    Bluebird Registered Member

    Joined:
    Oct 4, 2005
    Posts:
    7
    You may/will the URLs below of interest. They have information on testing your firewall and some of the authors testing of firewalls.

    http://grc.com/lt/leaktest.htm?PersonalInfoGoesHere."

    http://www.firewallleaktester.com/ ?? This one did not work for me! However, it does have some discussion on the subject. Yardbird
     
  6. manzz

    manzz Registered Member

    Joined:
    Oct 6, 2005
    Posts:
    55
    Hi
    I hope this is still on thread:-
    "vsmon" in ZA, which cannot be placed into the apps, so cannot be controlled, is actively connecting to "zone labs". Could this be considered a leak,(as for possible hijack?").
    Please advise, as I removed, and refuse to use ZA after finding these connections (that are not logged in ZA)


    Regards
     
  7. Arup

    Arup Guest

    Turn off auto update and send anonymous stats to Zone Labs and it will go away, no hijacking or spy stuff there, this has been discussed in detail at the Zone Labs forum.

    As for leak tests, ZAP 6 passes all of them for now and best thing is it has good SPI, rule making is where it needs improvement drastically.
     
  8. manzz

    manzz Registered Member

    Joined:
    Oct 6, 2005
    Posts:
    55
    Hi
    Auto updates where off, no anonymous stats allowed, but connection to zone labs still active.
    I did have a look at the forum (zonelabs) but at that time (some time ago now), no answers.
    Will of course now re-check.
    Many thanks for the reply.

    Regards

    EDIT
    Is "vsmon" now controllable in ZA or is it still a case of "sniffing"
     
    Last edited: Oct 21, 2005
  9. Arup

    Arup Guest

    Try blocking ZL client in your programs zone in ZAP 6. Only thing is that spyware updates then gets blocked.
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Hi Yardbird,

    The firewallleaktester.com website is not the same online as the grc.com website for testing your firewall for leaktests - i.e. you have to download the leaktests and run them on your computer. If you do this, then you should be able to run them.

    Note: some of them may be quarantined by your AV realtime, and may be difficult to download unless it is zipped and your AV toggled temporarily to not check zipped files downloaded.

    -- Tom
     
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
  12. Rostek

    Rostek Guest

    Hello. Few month's ago I ran all tests from firewallleaktester which did not need IE (I did not have it) with Jetico. All of them were detected by it's "Process Attack" module.
     
  13. Hi...
    Over te years I've been a big fan of ZA, especially older versions which I still use on some of my machines.

    OutPost I like(d) even more, because it seems to me the best available all in one firewall.

    Having said that, I have to state, as some others have already done in this BBS Forum, that there's currently one, and only one, combination I know of which does SYSTEMATICALLY succeed and pass ALL (absolutely all) leaktests... In fact, it logically will also pass the future ones.

    Windows XP SP firewall (inbound) combined with SSM for outbound connection-trials is the winning choice.

    Try that. The rest is only that - the rest ;)

    Sorry to sound so pragmatic. I know that tweaking firewalls is fun, and that hoping that one's favorite firewall next version will be the ultimate and perfect firewall, dreaming about it and so on.... But again, pragmatism shows that the combination I'm talking about above is the real succes.

    Cheers :cool:
     
  14. And please, accept my apologies for my horrible spelling in the previous post ;)

    Even [SP2Firewall + SSM] does not correct spelling before sending posts... :D

    Cheers
     
  15. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Guru Hoov has already addressed this in the sticky post "Spurious communications between ZoneAlarm and ZoneLabs servers and how to stop them". You should have a read of it here:
    http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=9675#M9675

    Take note with the newer features in ZA 6.0, you would also have to turn-off automatic updating of your antispyware. Take not that disabling communication between ZA and Zone Labs will prevent certain features from working as mentioned in Hoov's thread. Also take note note that no personal information is sent to Zone Labs without your knowledge and consent.
     
  16. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    ZA behave like a real trojan, only difference - that it spy for Zone Labs ( or government? ). There is no need to connect to Zone Lab's servers. And ZL officials lie about this in manner: connect? - can't be; after some time - oh, it can be, but it is harmless bug or something. You can check an old thread about this in DSLreports.
     
  17. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    No mention of Tiny here? i know Tiny is hard to use, but isn't it the best against leaks? I hear good things about jetico too, but for the life of me i couldn't get it to remember my answers to it's requests (saving my configuration didn't work either)
     
  18. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Tiny was not mentioned in the opening question . That is why . My goodness though . You brought it up so , here ya go : Tiny is excellent against leaktests . Hard to go wrong with Tiny
     
  19. Arup

    Arup Guest

    If worried about Zone Lab spying, block its client in the programs zone.
     
  20. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    I think people are getting real paranoid for no reason. If I am right, Iggy (a pretty vocal Team Z member) on DSLReports had to squash these claims. Zone Labs is a legitimate comapny just like many other companie out there. ZA has features that contact Zone Labs server to help users make full use of the software: updates for the antispyware and antivirus components, checking for updates to the ZA software and providing users with advice on how to configure permissions through its Smart Defence Advisor. In return, ZL only collect certain stuff like what programs has ZA prompted about and the permission the user gave. This allows Zone Labs researchers to determine which programs should be investigated and added to the Smart Defence database first.

    If you are worried, you should read the EULA first which addresses the information collection policy. If you don't agree, you always don't have to install ZA or you can call Zone Labs up to clarify with them. Even if you have ZA, you still have the option of blocking communication to Zone Labs. Zone labs does not forced people to connect to their servers if they don't want to. To call ZA a trojan or spyware without full proof would be like calling the president or prime minister of a country a terrorist without the proof and the leader could sue you for defamation. If ZA was truly a trojan or spyware, I think many anti-trojan companies and antspyware companies would have added ZA into their definitions list.
     
  21. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    actually the beta version of KAV 2006 (Antivirus) with Proactive Defense (sandbox features) enabled seems very promising as to defend against leaktests. Then either you can use a third party firewall, or use the whole Kaspersky package "KIS" if you want to use their firewall KAH. Of course products such as Process Guard are still unique and can be used in addition (execution protection, physical memory access control, etc...)

    Notice that for now it's still beta stage, only install and use it to report bugs, do not rely on beta version to protect you, but it will definitely deserves a look when the final version will be out :)

    Regards,

    gkweb.
     
  22. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    This doesn't work.

    Problem is, that ZA connects, despite disabling all updates etc. And no warning like " Sorry, dude, we need to send some info to Zone LAbs ".

    Yes, right, only who can imagine, that after agreeing you lose control of own PC. Anyway, this is for average Joe not important.

    Regards,
    Velnias
     
  23. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    One thing to keep in mind is compatiblity though:
    for example, you cannot get process guard to work with punkbuster. It is impossible. Get a trial version fo w/e software you want to buy and run all your applicaitons and make sure htey are compatible with the firewall.
     
  24. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Velnias, if you still find ZA making connections to ZL even after following Hoov's instructions, you should contact ZL with the prooof so that they can rectify the any bugs if present. So far you are the only guy I know who still has the problem even after following Hoov's instructions. I am sure that ZL takes their customer's privacy very seriously. It'd be very strange for ZL to even include privacy features in their ZA products if they were going to collect it in the first place.

    Again if ZA was making such a communication, antivirus, anti-trojan and antispyware companies would have already plonked ZA into their definitions. For example, Kaspersky is already working to add Sony's CD copy protection into their definitions. If you feel that ZA is doing such a thing, you should contact one of the anti-something companies like Kaspersky and ask if they deem this to be a riskware/malware.
     
    Last edited: Nov 4, 2005
  25. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Eh? SSM is great for Windows process control, but it is not a firewall and does not offer any control over network activity. Yes, it will allow you to block leaktests by preventing them from running, but this is not a proper security test since in reality, you would not know in advance if a file you downloaded contained such exploits (and would therefore choose to allow it to run).
    There is a workaround - see Running PunkBuster with ProcessGuard.

    It is interesting to note that the best performers in respect of leaktests are those products including Windows process control/filtering - and in KIS2006's case, its success is as much due to the Proactive Defense component of KAV than the improvements to Anti-Hacker so running KAV2006 with other firewalls should also provide enhanced leaktest performance.
     
Thread Status:
Not open for further replies.