Comodo Leaktest results for PF and ZA disappointing

Discussion in 'other firewalls' started by Skibbs, Apr 11, 2013.

Thread Status:
Not open for further replies.
  1. Skibbs

    Skibbs Registered Member

    Joined:
    Apr 11, 2013
    Posts:
    1
    well I installed the free version of privatefirewall (turned learning off) and ran the comodo leaktests with a score of 190/340... uninstalled and installed free version of zonealarm and scored 200/340... both of these seem low.

    Is there something I am missing that I need to do. Please let me know what other information I can provide to get an idea of why these scores are so low and what I can do about it. I am new to firewalls but have seen videos of people scoring 290-300 using these, do i need the pay version or something? Thanks
     
  2. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    I am curious as to why anyone would use a test designed for a specific product, use it to evaluate another product, and then accept the result with anything more than a grain of salt?
     
  3. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Well for one thing, Zonealarm free does not have full-blown HIPS
     
  4. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    First, you need to chill. Then, just install either one and learn how to use it. Use their websites, help files, support forum, user guides and any other useful info you can gather to learn about the product.
    Don't pay any extra, if you are behind a router, just choose one: Privatefirewall, Zone Alarm, or even Windows built-in are all excellent options.
    Forget about those so-called leaktests. If you surf safely, the chances of getting attacked with any of the techniques deployed by these 'tools' are extremely low.

    Welcome to Wilders, by the way. ;)
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    Along the lines of what KelvinW4 said, I would point out that the http://personalfirewall.comodo.com/cltinfo.html page refers to it as "HIPS and Firewall Leak Test Suite". Which suggests that it is testing more than just the firewall.

    Full-featured software firewalls have the ability to block network activity based on what local "program" is involved. At a high level that would involve 1) using an OS API and/or driver to detect network activity, 2) using OS API and/or some other technique to look up information about which local "program" is associated with the network activity, 3) using some of that information to distinguish different "programs". For example, a firewall could lookup the full pathname of the local main executable file associated with the network activity and apply rules based on that. However, as long as two "programs" have the same full pathname they would be considered the same even though the second one might be totally different and has replaced the first one. A firewall could also factor in the digital signature of the executable file, treating two executable files as the same as long as they were signed by the same company and have the same product name. A firewall could go beyond that and also use hashes of the executable files in order to detect situations where two files have the same higher level characteristics but are different in some other way. I think, but to be frank haven't properly verified, that it is also possible to fingerprint a "program" based on other characteristics such as which DLLs it has loaded and information about those DLLs. Thereby increasing the precision with which the firewall knows what it is applying rules to.

    Detecting that a "program" and the related code that is running... that which is associated with network activity... has changed (past tense) is a software firewall function. Detecting that the program and related code is about to be changed (present/future tense) is a HIPS type function.
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Most of the tests within CLT,were created by third parties unconnected with Comodo.However,as has been pointed out,a lot of the tests relate to HIPS functionality so the OP shouldn't be concerned.
     
  7. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Yes, there's one important point you are missing. You are letting the test suite run. The first thing PF will alert you is that an untrusted program wants to run, don't let it and you'll get the best result.
    This tests are for dumb people. It is like when an AV tells you that there's something fishy and you don't listen to it. Don't complain later if the result is not what you expected.... you let the program run.
    PF has one of the highest scores in the Matousec tests (if that's something you care about).. so...
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  9. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    527
    Just add SpyShelter and you will get a perfect 340 score.
     
Loading...
Thread Status:
Not open for further replies.