firewall application anti-hijacking protection

Discussion in 'other firewalls' started by vincenzo, Dec 16, 2005.

Thread Status:
Not open for further replies.
  1. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    Since my primary reason for a software firewall is to monitor outgoing communication, I am wondering if some firewalls are better than others at detecting application hijacking, or any other changes in applications that have been given outgoing access. I've done some searching but I've been unable to find any comparisons of software firewalls regarding this aspect of protection. I'm currently using Kerio 4.2.2 and I'm wondering how it compares to others in this regard.

    Thanks
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Checking the Firewallleaktester website would be a good start. The information there is somewhat dated now, but can still give a few pointers as to the better products. You may also find process protection software (e.g. Process Guard, System Safety Monitor or the AppDefend beta) a useful addition since these specifically counter many process manipulation techniques.
     
  3. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151

    Thanks for that link. It seems like a useful resource, but it paints a sad picture. The best product tested only passed 79% of the tests, the worst one, which surprisingly was Kaspersky Firewall, only passed 12% of the tests.

    You said that process protection software will "specifically counter many process manipulation techniques". Are those the techniques that are used to compromise the applications in the leaktests? I've looked at the Process Guard website, but unless I missed it, there was not any info about blocking application hijacking. Do you know of any sites that have more info on process protection software in general?

    Thanks
     
  4. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    Hi Vincenzo,

    it' not that sad, actually. First, As Paranoid said, the leaktest website is rather dated. Second, it does not mention Tiny firewall, which passed all leaktests out of the box years ago already, while others were struggilng to achieve it only quite recently. I know, few people here in this board will recommend you Tiny, since it needs some effort to be properly configured, but if you are looking for best protection, that's it. Meanwhile, all major firewall makers have also made much progress in this field, and now Outpost, LnS, ZAP, to name just three most popular, claim they are also able to protect from process hijacking efficiently. The same progress is coming from the AV side, like KAV. Traditional antivirus apps tend to evolve to complex security suites, take KIS2006 or Bitdefender. HIPS type programs like Safen'Sec are now also able to block all the leaktests (latest version), and the same is to be expected in some future from others, like GSS (appdefend mentioned by Paranoid). Does it mean that there's no more worry ? Well, traditional leaktests are even more dated than the gkweb site itself. Malware has also progressed since then, so the battle just moved to a higher complexity level.
    Anyway, it seems there are some interesting solutions now.

    isnogood
     
  5. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    OK, thanks for clearing that up.

    So are there any sites to be found that test the latest versions of these firewalls against the newest hijack techniques? Any idea if Kerio 4.2.2 is up to date against them?

    Thanks
     
  6. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    I never used Kerio, but I wouldn't bet it's the best one. Also, I am not aware of any new sites that could match the quality and rigour of firewalleaktester.
    You can search around this board however, there are many expert users of Outpost or LnS here, and they are both quality firewalls.
    Personally, I use Tiny and I am very happy with it. It's been my principal security application for a long time, and I believe it will stay with me for some more time, at least for one of my setups.

    You can also try some newer products, eg latest KIS2006 ( Kaspersky firewall + AV, still beta). It already seems to pass al leaktests, but it is more than that - a complex security solution, all-in one. I don't recommend that one in particular, take it as an example. Look around and choose something that fits you best.

    isnogood
     
  7. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    I found 2 threads in the Kerio forum where they are discussing the leaktests, but they are rather hard for me to follow -clearly there is a lot of disagreement over how to block the leaktests.

    My perception is that many people are using software firewalls only for outgoing protection (since they have routers) so this aspect of performance should be high on the list when comparing them, yet there is not much information to be found.

    I've noticed a couple of people have said Outpost Pro is supposed to be good at blocking leaktests.
     
  8. Another aspect to consider about leak tests is that there is often a lot of disagreement about whether a firewall really passes, or is it's a 'cheat pass'.
     
Loading...
Thread Status:
Not open for further replies.