Firewall testing only

Discussion in 'other firewalls' started by Dr payne, Nov 5, 2009.

Thread Status:
Not open for further replies.
  1. Dr payne

    Dr payne Guest

    Is there any company/website that just tests the firewall component, not the HIPS part?
    I have use the top rated FW according to "matousec" and used a few others, the others not in the top of list seem to be blocking more (such as attacks) then the top rated one. Proof is in the logs.
    I know "matousec" judges HIPS.
     
  2. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Where are the logs? *puppy*

    At least drop some names.

    Cheers
     
  3. Dr payne

    Dr payne Guest

    Since you ask (I did not want to criticize a company), Online armor++ shows a couple of blocked events mainly ICMP and that is it! Outpost Pro on the other hand shows blocked packets, attacks, ICMP galore. Both are the paid for versions.

    My main question is there a website that does firewall testing without HIPSo_O
     

    Attached Files:

    Last edited by a moderator: Nov 5, 2009
  4. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    Believing Matousec was your first mistake.
     
  5. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    http://www.icsalabs.com
    They're primarily focused on corporate firewalls (hardware n software)
    but they might have tested some PC software firewalls.
    (Vendors apply & pay for testing to have products "certified")
     
    Last edited: Nov 6, 2009
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    A firewalls packet logging ability does not show proof of its packet filtering ability.

    A number of firewalls will show packets going to a closed port as an "Attack prevention" when the packet could simply be (as simple examples) a late dns reply or a reply made from a server to an already closed connection on the host.

    Dont be fooled into thinking you have more protection/better packet filtering simply based on the fact more is logged.


    - Stem
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    But all that being said, are there some tests of just firewalls such as LooknStop or such?

    Regards,
    Jerry
     
  8. Dr payne

    Dr payne Guest

    Then tell me which one has the most protection, Firewall component onlyo_O
    Your opinion.
     
  9. nhamilton

    nhamilton Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    61
    I know you do a lot of testing of different firewalls and good understanding of what makes a good firewall based on a packet filttering. Your not interested to do a test suite, comparison of firewalls.
     
  10. Dr payne

    Dr payne Guest

    Until testing or answers come seeing (more is logged) is believing.
     
  11. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Generally speaking,we only can test firewall through some firewall test websites.But most of firewalls in the world could pass.That means all the firewalls are the best and we can't find their differences?
     
  12. Dr payne

    Dr payne Guest

    Out of all the security products the Firewall in my opinion is the most important, so why isn't a thorough testing being done? I am talking software not hardware, and only the firewall, not the other bloat-ware thrown in.
     
  13. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,558
    Mainly because is extremly time consuming.
    For properly testing you will need several hours only for setting the testbed (software and hardware) and even more time for veryfing the results.

    Panagiotis
     
  14. Dr payne

    Dr payne Guest

    So "matousec" does not test the firewall. Just read this on their site:

    "Firewall Challenge has been renamed to Proactive Security Challenge. There were several reasons why we decided to rename this project. We wanted to stress out the fact that this project always focused on security products that implement application-based security model and behavior blocking features – i.e. most of Internet security suites, HIPS, personal firewalls and behavior blockers on the market. We want to mitigate misunderstanding and criticism of our project by eliminating the word firewall from its name and web pages."
     
  15. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,558
    He never did... and that was the reason of the critisism..

    Panagiotis
     
  16. Dr payne

    Dr payne Guest

    I never trusted "matousec" to begin with although I do look at their site.
    Hopefully one day my wish will come true. I believe all of the security programs running on all of our computers are only as strong as the weakest link (which could be the firewall since no one is doing testing on this).
     
    Last edited by a moderator: Nov 7, 2009
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I do test the packet filtering ability of firewalls.

    As put forward by pandlouk, that is time consuming, not only in making the tests (to test/ re-test and then confirm), but can also be time consuming on the forum in having to explain the tests results are correct.
    Have a look at the DNS Attack thread (concerning outpost). I posted results from basic packet filtering tests. During that thread I was basically accused of manipulating the tests and concealing aspects of the results. Do you think I really want to continue posting results of tests when such accusations then ensue.


    .
     
  18. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Sad part about that is with all your help with firewalls over the past year I been around, I'm surprised people would do that or believe you have any interest but the truth. But I guess once you show a product in a bad light that someone believes in, it's easier to accuse you of foul play then it is to just admit it or "Fix" the problem. :doubt:
     
  19. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,558
    It is sad, but is something that always will happen... mostly because most users simple do not have the knowledge to understand (for not talking about verifing) the results of similar tests.

    Panagiotis
     
  20. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Protection against what?
    Incoming traffic your Router/Hardware FW has already dropped?
    Outgoing traffic of running malware on your machine?

    I have tested a lot of FWs for my Windows 7 setup, but I'm just an ordinary user.
    Well, most have very strange predefined rules with a lot of stuff allowed by default.
    Which is understandable, as they should work on every setup.
    Now to change or delete these rules takes much more time than creating the rules I need manually, like for DNS etc.
    But only this way I am aware of every new/unwanted connection.

    Finally I ended up with Malware Defender and Windows Firewall.
    Malware Defender does not really offer a full featured Firewall, but it has a nice interface to create manual rules easily.
    In first place for outbound rules, as unwanted incoming traffic is blocked by the Windows Firewall anyway.
    And I do not really care about this attack detection stuff, like Intrusion.Win.MSSQL.worm.Helkern. :p

    But... there is also the application protection from Malware Defender, which monitors the behavior of apps.
    Which want to start, control other processes, create network connections etc.
    And this is as important as the Firewall rules or protection, because if every app can replace or hijack your browser, even the best Firewall component will be most likely bypassed.

    Cheers
     
  21. Dr payne

    Dr payne Guest

    Protection against what?

    Protection against everything that a FW should be doing blocking out hackers/crackers/spies, and anything bad inbound or outbound. Leave out the Router/Hardware FW, that way if you use "Router/Hardware FW" even better.
    I am still with XP SP-3 and will stay there till my rig breaks down.
    I understand if I download something and run it I am at risk.
    Malware Defender is HIPS, not interested and that is changing the subject, only Firewall.
    If there is a FW that can't be or close too being penetrated then you would not need all the countless security apps.

    Thanks for your reply.
     
  22. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    How often has your Firewall been penetrated?
    And what to you mean with countless apps. o_O

    Cheers
     
  23. Dr payne

    Dr payne Guest

    Not sure, it could be penetrated don't know? I think thorough FW tests would calm my concerns, you know like all the AV tests and HIPS tests that they have out.

    Sanboxie, appdefender, Defensewall, MalwareDefender, SAS, on and on...
     
  24. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    As far as I know home users are virtually never a target of attacks by hackers or the like, except for you made some really impudent remarks.

    Yes, like these sedative AV tests and HIPS tests these FW tests will calm your concerns... like tranquillizers.

    Cheers
     
  25. Dr payne

    Dr payne Guest


    Thanks for your professional answers.
    If you can not answer the question of the title of this thread why respond with an answer like that.
    im·pu·dent
    1 obsolete : lacking modesty
    2 : marked by contemptuous or cocky boldness or disregard of others

    Sorry if I made you feel this way. Just want answers, yes, no, or other, with Professional opinions. Not with im·pu·dent remarks.
    Thank you.
     
    Last edited by a moderator: Nov 7, 2009
Loading...
Thread Status:
Not open for further replies.