failing new pcflank test

Discussion in 'LnS English Forum' started by tristantzara, May 14, 2006.

Thread Status:
Not open for further replies.
  1. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    Alright,

    I just failed this new test on pcflank with 2.05p3 and phantom's rules.
    how about you guys?

    www.pcflank.com

    best regards,
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    yup, im failing too.
     
  3. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    It's ok for me !
    Only "Browser privacy check" it's "Attention!" (about cookies)
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i believe u tried the quick test, the pcflank leaktest is here.
     
  5. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    You were right.
    I failed too.:'(
     
  6. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    I failed the test also. :mad:
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I past the test. When you run the .exe and press run internet explorer, you see that the popup for looknstop says pcflank leaktest trying to access the internet, I click no and then enter the test and it says I fail, but when you go to check the results, the string I put didn't get sent.

    dja2k
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    ur right dja2k! i didnt block it initially because i thought it wasnt the main test.
     
  9. ril31

    ril31 Registered Member

    Joined:
    Mar 17, 2006
    Posts:
    64
    hello,

    Sorry for my english, but the fact that the pcflank test need to open IE si not a part of the main test. It's writting on the top of the first page of the pcflank test.
    I don't pass the test too.
    But it seems that processguard stop it according to a french member (Desny) who use it.
    Bye
     
  10. TouchuvGrey

    TouchuvGrey Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    441
    Location:
    South Mississippi USA ( ya'll )
    grrrrrrr, mumble mumble.!@#$%^&*

    Yeah, i failed it too, though i had to tell two other programs to let it start before i could fail it. small consolation. Here's hoping that LnS will come up with a fix quick.




    Mike
     
  11. rafael

    rafael Registered Member

    Joined:
    Apr 30, 2006
    Posts:
    48
    As usual, I failed again.
     
  12. rafael

    rafael Registered Member

    Joined:
    Apr 30, 2006
    Posts:
    48
    Tried this one and I pass. I am confused now.
     
  13. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    I failed . kind of odd as i was not connected to the internet , yet i had sent information to their server , occording to them. I kind of wonder if their support for products is the motivation here. so often we see a new vulnerability emerge and panic stations hits many users whose own product fails. so they switch. hard sell .
     
    Last edited: May 23, 2006
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    did u actually check ur results and see if the text was sent?

    the leaktest likely assumes ur connected.
     
  15. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    The leak test will say you failed no matter what. I actually passed it when I launched Internet Explorer via the application. It failed when I launched it on my own. I guess it's a small consolation that it's browser dependent and requires the browser to be active on its own. I know that Tiny Personal Firewall was mentioned which, IIRC, is a combination application with IDS, IPS, and other "sandboxing" features (at least according to Fire Wall Leak Tester).

    Edit: It's not based on thread injection. Just checked their FAQs (why didn't I check before? D'oh!), which states it's related to OLE automation. This apprarently allows one program to control another, allowing IE to be"hijacked" without directly requesting the internet from the application. In other words, circumventing chaining protection as long as IE is launched by the user and not the program (one program launching another to access the internet).
     
    Last edited: May 25, 2006
  16. arneevillar

    arneevillar Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    25
    i think this test is unpassable, i was offline and i failed it, IMHO even though no data was sent, it will always say you failed
     
  17. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    You can pass the test, but the program will always say you failed. This leak test is a bit FUDish in that regard. If you don't set your firewall to trust Internet Explorer explicitly, then you shouldn't have any problems. The test relies on you trusting IE and that is one of the requirements for the test as stated on the page. If they can get it to work with alternative browsers such as Firefox or Opera, then I'd really be concerned. Otherwise it's just another IE flaw. Similar to how the breakout IE leak test works, but the Firefox version doesn't work anymore (that could be a version coding issue, though).
     
  18. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Well, looknstop alerts me for a program starting IE that shouldn't, so I could easily stop it there, but I continued on and allowed it to USE IE (which I wouldn't let any app do anyways) and then "failed".

    I wouldn't worry, as long as looknstop catches it as it is launching IE, I don't think it matters ;)

    Alphalutra1
     
  19. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78

    yes, same for me here :)
     
  20. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I just checked Sygate 5.5.2710 and it passed with no trouble at all.
    Didn't send any text. Application hijacking was also detected.
     
  21. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    How did you run the test? Did you let the program launch IE? If so, did you try doing the test by manually launching IE and not the program? Look n Stop has a pass/fail record with this leak test if IE is allowed (as required for the test). If you have Advanced Mode enabled under Advanced Options and let the program launch IE, Look n Stop will detect the program trying to use IE to connect to the internet. If you launch IE manually and do the test, Look n Stop will fail. Unless this can be done with other browsers (i.e. Firefox or Opera), I'd recommend not letting other programs launch it and use an alternative non-IE browser. That is, if you're worried about the issue.
     
    Last edited: Jun 10, 2006
  22. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yeah somehow I forgot to read the part about manually starting IE.
    So Sygate failed too ;)
     
  23. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    Was messing around with the leak test and it does appear to be passable. That is, it will say you're firewall didn't leak. I did this using ProcessGuard, though. I permitted IE to launch intially, but then immediately closed it. When I typed in the message for the program to send, it asked to launch IE again. This time I denied it and it said I passed the test. So it isn't total FUD, but it shouldn't say you're firewall is leaky all the time. It can be stopped if you allow the program to launch IE, as previously stated. That isn't total failure as waiting on the user to launch IE may not be the best avenue of attack.
     
  24. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    The best way to block every leaktest involving IE is to block IE in your firewall, and replace it with Maxthon or another IE based browser so you can visit windows update. The malware or leaktest will only target iexplorer.exe, not maxthon.exe so your firewall has already blocked it. Clever, eh?

    Cheers,

    Alphalutra1
     
  25. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    Or, if you use Firefox, you could use IE Tab and remove IE pretty much altogether. My only question is if Avant, Maxathon, etc. are "vulnerable" to these same "features" as IE (OLE automation and the SendMessage API). If they are, then a "smart" trojan that knows about these browsers could circumvent the protection, but I'm not sure how likely that would be.
     
    Last edited: Jun 12, 2006
Thread Status:
Not open for further replies.