ESET Smart Security firewall leak test

Discussion in 'ESET Smart Security v3 Beta Forum' started by Panic, Apr 29, 2007.

Thread Status:
Not open for further replies.
  1. Panic

    Panic Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    2
    Location:
    Slovenia
    Firewall Tests
    --------------

    I) GRC Shields UP!
    ------------------

    - Port Test:

    "Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests."

    - Messenger Spam:

    No spam was received



    II) Firewall Leak Tester
    --------------------------

    1. LeakTest:

    Passed! When Leak Tester attempted to connect, Eset firewall presented a neat prompt asking me whether to allow it to connect it or not.

    2. TooLeaky:

    Passed! There was no leak.

    3. FireHole:

    The AntiVirus module picked this up as a trojan and didn't allow to download. Since I couldn't disable the antivirus, I had to remove "EXE" from the file-types to be scanned.

    Failed! FireHole was able to connect by injecting code into the Internet Explorer process, since IE was allowed to connect normally, ESS didn't prompt or alert. This however, shouldn't be a problem if you're on Vista.

    4. Yalta:

    Can't Say - ESS did give a allow/deny prompt , but it was too late - Yalta had already sent UDP packets. However, when "Deny" was clicked, a new rule was created and Yalta was unable to send any further packets.

    5. Outbound:

    Did Not run - Outbound was unable to detect the ethernet adapter, and hence was unable to work.

    6. PCAudit:

    Failed!

    7. AWFT:

    Test 1 - Failed!*
    Test 2 - Failed!*
    Test 3 - Failed!**
    Test 4 - Failed!*
    Test 5 - Failed!
    Test 6 - Failed!

    Note: All above tests failed on Windows XP but passed on Windows Vista.

    8. Thermite:

    Failed!

    9. CopyCat:

    Failed!

    10. MBTest:

    Did not run. Apparently the MAC has to be hardcoded, but the source files aren't available for download.

    11. WallBreaker:

    Test 1 : Failed!*
    Test 2 : Failed!*
    Test 3 : Failed!*
    Test 4 : Failed!*

    12. pcAudit

    Failed!

    13. Ghost

    Failed!

    14. DNStester

    Failed!

    15. Surfer

    Failed!*

    16. Breakout

    Did not run. File not found.

    --------------------------------
    Summary of areas where ESS fails
    --------------------------------

    - DLL Injection / Process patching
    - Launching under different context
    - Timed attacks / PID Changing
    - DDE based attacks


    ---------
    Verdict
    ---------

    ESS is a very promising product. Although the firewall is open to a few exploits like DLL injection, it shouldn't be a problem under Windows Vista. Secondly, most of the failed tests in the end manipulated IE, which gives the security-conscious user a good reason to block IE in the firewall. ESS falls short on a few areas, but its too early to pass the verdict on the final product, since its only the first beta. If they manage to plug these leeks by the final, ESS will be without any doubt the best security suit!

    Pros : Low resource usage, easy to use interface, good inbound security
    Cons : Firewall has average outbound security.


    --------------------------
    * = Assuming you allow Internet Explorer to connect.
    ** = Assuming you allow Windows Explorer to connect.

    This test was made by deXter (thanks a lot!) with the help of Matousec's Firewall leak tester!

    If you're interested of doing yourown firewall test,visit:

    http://www.firewallleaktester.com/

    where,you can find all the info and files needed for firewall leak test.
    Matousec Transparent Security guarantees for the outcoming results.

    Visit Matousec web site to find out which firewall protects your PC and which not:

    http://www.matousec.com/projects/wi...-analysis/leak-tests-results.php#result-table
     
  2. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    If you do a search on this forum, you'll see that this topic has already been discussed. We know that ESS has a weakness regarding the leaktests and some methods like dll injections among others. I myself did a test and ohers did, too. For now, ESET didn't give an answer (or at least I don't reacll reding it) about that matter.
     
  3. psychokilla

    psychokilla Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    171
    It's still in Beta 1, fancy giving them a chance to finish it? :rolleyes:
     
  4. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    :rolleyes: Yeah, I know ESS is still at the first stages, and it will most probably become better (and is already very good) in next 'releases'. Nevertheless, it would be nice if someone from ESET could comment on what is planned to do (if there's something planned) about that, inf uture betas / RCs / whatever. Sorry if there was a misunderstanding about what I was writing.
     
  5. Panic

    Panic Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    2
    Location:
    Slovenia
    At first,my appologies 'cause I didn't noticed any previous leak tests results of ESET Smart Security!
    I'm new kid in town and I would like to say hello to everybody who is a member of this forum and also to all the visitors!
    I am member of several other forums and my first impresions about this forum are very positive!
    I'm a big fan of NOD 32 antivirus,so I hardly wait the releasing day of the ESS!I made a research on the net about first impressions about ESS and considering that this is BETA release,they are really very positive!
    It's normally that this Beta security pack has some bugs (it would be almost impossible not to have them in the beginning),expecially the firewall,but knowing ESET company,the final release will be one of the best (if not the best) security pack to-date!
    In the end I would like to mention the possibility to participate in the developing of the ESS via email,which was the best move ESET could make!To get all the necessary info about the product from the first hand,from the costumers themself!
    Again,sorry for the leak test and regards to everybody!

    Panic
     
Thread Status:
Not open for further replies.