Firewall testing?

Discussion in 'other firewalls' started by Slovak, May 10, 2004.

Thread Status:
Not open for further replies.
  1. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Where can I go to download the most complete set of firewall testing tools?
    I want to test all known firewalls and report my findings so folks will know which firewall is best for them.
     
  2. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
  3. Pikachu

    Pikachu Registered Member

    Joined:
    May 6, 2004
    Posts:
    5
    hi slovak,

    check www.pcflank.com . there is a lot of testing material there, and vesides, plenty of results published. i have outpost, and i have tested it there several times (each time i get a new version) - it works.
    good luck! i wonder which results you gonna have for outpost - i always have excellent ones. should we compare? :)
     
  4. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I currently use Outpost myself, I just want to test many others for out of the box security, tweaked security, and how much resources they each use.
     
  5. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
  6. Rui

    Rui Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    141
    Location:
    Portugal
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Some of those leaktest programs will be flagged by Anti-Virus products as possibly containing exploits, or perhaps even as hacker tools. That is normal.

    When you attempt to download and use a demo exploit test program, you will invariably get such alerts - it goes with the territory. These are not malicious programs in and of themselves, but, many AV vendors flag them anyway because of either generic detections (looking for means and methods related to system exploits) or because their customers wanted them flagged for testing purposes. Some Anti-Virus products won't add detection for such demo programs because they really aren't malicious.

    There are several threads here about this. Here are a couple:

    https://www.wilderssecurity.com/showthread.php?t=20825

    https://www.wilderssecurity.com/showthread.php?t=23571
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    LowWaterMark has very well explained the situation.

    Being the author of Ghost and Wallbreaker, I sometimes receive emails from people asking me why the leaktests are flagged as viruses.
    Of course I am not a virus writter and leaktests downloadable from my website aren't too.
    For many of them the source code is even available so you can check that nothing is wrong.

    May be should I add an note about that on the website ?

    regards,

    gkweb.
     
  9. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
  10. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Thanks for all the replies everyone!
     
  11. spektor

    spektor Registered Member

    Joined:
    May 19, 2004
    Posts:
    10
    1st sry if my eng not good
    2nd)yesterday i downloaded those test programs from that page, i run them,after that i restart my pc and ops, message from windows page error in module explorer.exe bla bla... getting an empty desktop. I changed system.ini to boot with winfile.exe i decompressed some cab files and this way i was able to boost correctly. I paased my antivirus panda and the surprise was: 348 files infected with win32/funlove.4099. i cleaned the files and used and specific 'cure' for that virus and now computer seems work properly. And u guys say that page is sure?
     
  12. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi Spektor,

    i am the author of this website, and I tell you that _any_ of the file there aren't viruses.

    You have probably been infected by another way.

    I don't host viruses, it's the truth, unless you call me a liar ?

    gkweb.
     
  13. spektor

    spektor Registered Member

    Joined:
    May 19, 2004
    Posts:
    10
    I dont call liar to anyone, that was not my intention, i just told what happened to me in the order it happened. Btw i omited something, the firewall i was testing was outpost free, it failed lot of the test so i decide uninstall it just after passing the tests and just b4 rebooting the computer. With the reboot started the problems and the virus effects as i told in last post.
     
  14. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    As i said, it must be a coincidence.

    If you were, even 10mn, without any firewall, then it's possible that worms using
    windows vulnerabilities and infecting the computers via the network has infected you, and it's possible too that you were infected since a long time to have so many viruses.

    I don't host viruse or any malwares, I have written two leaktests and they aren't viruses too, that's the only point i wanted to bring, the source code is even available.

    I know Antiviruses are flagging leaktests as viruses, and i am writing something about this to add it on teh website.

    regards,

    gkweb.
     
  15. spektor

    spektor Registered Member

    Joined:
    May 19, 2004
    Posts:
    10
    I tried to run the test again today but this time i installed kerio 2.15. When running pcaudit v2, kerio detects: "application c:\windows\explorer.exe was replaced by another aplication 'explorador de windows' Accept the changes? " Of Course i answered no..and pcaudit gets resident in memory but not indicate the result of test. Is that the way the test work, renaming files? cause yesterday i had severe problems with explorer.exe pagination errors derived from virus.
    It is just i need to be sure when running the test, nothing personal.
    Tx for ur explanations.
     
  16. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    It is possible you are infected, and that malwares are interfering with leaktests.

    About PCAudit it injects a DLL into processes, such as explorer.exe, but does not replace executables.


    @All
    For any other request about leaktests and viruses in the future, I would really appreciate that you give the following link :

    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/lktvirus.htm

    Thanks you.

    regards,

    gkweb.
     
  17. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Just wanted to put in a quick word of support for your website, Guillaume. I haven't been around much lately, but I think it's well-known and reputable -- at least it is to me.

    As you are well aware, some people will quibble about your testing methodology for the results you display, but that's an entirely different issue.

    However, I would like to again warn the uninitiated that playing around with these various leaktests on a PC that one normally uses (on or off the Internet), rather than a testbed system is not recommended and may have completely unanticipated results.

    Several years ago, for example, I blithely downloaded an early release of YALTA to test a version of NIS (I don't remember which) on one of my boxes (and I don't recall at the moment which that was, either). Oh, the box passed the YALTA test (I think?), but simply running YALTA completely trashed the NIS configuration -- something that only became obvious thereafter.

    Bottom line: Don't mess with this stuff if you've got something on the test machine that you can't afford to lose. I think gkweb has made this point himself on his website.

    You use a test machine. You are going to have to dump the entire system, reinstall the OS, applications, firewall(s), and leaktest(s) each time. This is tedious and not at all a trivial proposition. You should not undertake such an exercise lightly.

    Did I get all that right, gkweb?
     
  18. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi jvmorris,

    you are right on what you said, I was just answering to the fact that leaktests are not viruses.

    On my test machine, I uninstall cleanly and install many time many firewalls, many leaktests, and I have indeed a backup of my entire system (Norton Ghost image).

    The other danger while misunderstanding results could lead to think we are safe while we are not, and could prevent someone indirectly to add more security layers on this system, but that's another point.

    I have to say that all of the leaktests available on my website didn't corrupt my system nor any of the firewalls I have evaluated. For instance, many of them like Wallbreaker I made just try to reach a webpage and at worst fail to do so. I have succesfully used all of these leaktests on both XP & 2K without any troubles, but as you said, I have a backup just in case, because even if the leaktest in itself does not "attack" the system, there is so many conflicts possible with so many softwares that generally to test something may brings troubles.

    Yes indeed, I have many times said on forums that leaktests aren't just : "download-click-execute-whathappen?"

    All the danger about testing without backup or without understanding what precisely we are testing is covered in the paper which should be published I hope not too late, may be next month, a friend is formating it and will convert it in pdf.

    Yes but i would just add that it will not necessarely add troubles on your system, but because it can happens, you have to have backup of your personal data. One time in the past, just by installing a firewall, I got a BSOD at reboot, it belongs to "unanticipated results" as you said.

    Being beta tester of many softwares, I have always used to have many backup ;)

    regards,

    gkweb.
     
Loading...
Thread Status:
Not open for further replies.