I finally found something about SPI, ZA does have it but...

This is a copy from Oldsod an ZA guru, who obviously has a vast knowledge about the firewalls:
http://forum.zonealarm.com/zonelabs/board/message?board.id=cfg&message.id=51716

On the same website he says leak-tests are useless. This thread is about 4 pages long.

He also compares leak-tests and the real malware threats...
Please, read all of his posts...

 

It appears that someone there is keeping track of what is discussed here.

 

ZoneAlarm was one of the earliest firewalls to implement SPI, IIRC. It basically made a name for itself as a truly excellent firewall back in the old days before it was purchased by... whatever company it was, I don't care and can't remember.

Leaktesting has always been useless, save for the most basic flagging of programs that request network access. The time and effort that vendors spend trying to prevent malware from calling home, would be much better spent on figuring out how to prevent malware in the first place.

 

FWIW- I think most of the firewalls I have used that have good leak prevention have flagged "legitimate" programs from phoning home without the user's knowledge or consent. It seems that many "legitimate" softwares are as bad as some malware. I set my Dell computer to not send in my tracking info. But does it matter? Nope, it tries it anyway.

 

There are plenty of members at Wilders with similarly "vast knowledge."
Some with even "vaster" knowledge, I'll bet!

 

Leaktests are very useful to evaluate a HIPS instead of a "pure" firewall. Trojans can use the same technologies represented by Leaktests.

 

lmao. It is funny how he phrazes this sentence.
Stateful inspection for UDP and ICMP will always be "limited" (interesting term), as these are conectionless protocols. What on earth did he mean by "outdated" SPI I do not know (nothing has changed in the structure of IPv4) and I would like to hear his ideas on implementation of stateful inspection for... um... "outbound" lol. Oh yes and it is CHX-I, not CHX-1.

I agree with this, leaktests are not firewall tests.

iirc, Oldsod is a member here as well, he had a dog as his avatar.

 

I agree fully. A pure firewall will not do well in Leaktests, yet a HIPS or FW with HIPS will.

 

I belive he tried to say that CHX-I is outdated and just for inbound, not SPI

 

That makes sense, I obviously misunderstood him. Still, I don't think abandoned is the same as outdated. For IPv4 CHX will work just fine, if not better than others.