I tested Outpost and it failed

Discussion in 'other firewalls' started by Slovak, May 12, 2004.

Thread Status:
Not open for further replies.
  1. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I tested it out of the box, and tweaked for my systems configuration, and it failed wallbreaker, dnstester, thermite, pcaudit, yalta, and test 3 of awft
     
  2. Riverwind

    Riverwind Guest

    What firewall passes all the leaks test then?
     
  3. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I would have to say that no firewall will pass every leak test. There are bound to pass some and fail some.

    This is why people don't only rely only firewall but will also rely on other application to help them strengthen their security.

    Adding a AV, AT, A Process Control ( PG, AB, SSM ). etc. Will help you prevent these type of problem.

    Since these leakiest will use methods like injection then some FW won't even see them launching another app. Best offence starts with a good defence which is layered to cover various aspect of your security force.

    cheers!
     
    Last edited: May 12, 2004
  4. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Well when I tested Kerio, it only failed three tests, not six like Outpost just did, but it used more resources than Outpost does.
     
  5. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Every Firewall will have their weakness and also have their strenght. All depends why your getting a Firewall.

    If the goal of your firewall is to control outbound app then a Firewall with this capability and a dll detection would be to consider.

    If you need a firewall for inbound then pretty much all of them can be configured to protect you from inbound with good descent security. For sure some software firewall or not easy to setup and some are very GUI friendly.

    When looking into a software firewall someone would need to consider the usage of the FW they need.

    1 - Inbound/Outbound
    2 - App Control
    3 - DLL control
    4 - Rules creation base on application specs
    5 - SPI
    6 - Level of control
    7 - Loggin of informations
    8 - Support
    9 - Known issues with the app
    10 - Sure it might look like OMG wtf ! But it's consider what you'll be using it for.

    Just my 2cents :)
     
  6. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I tested Tiny Personal Firewall 5.5.1332:
    DNSTester - Failed (I guess)
    Firehole - Pass
    Ghost - Pass
    Copycat - Pass
    Leaktest 1.2 - Pass
    PCAudit 1&2 - Failed (but possible to deny PCAudit to build the report)
    Thermite - Pass
    Wallbreaker
    1-Fail
    2-Pass
    3-Pass
    AWFT-Firewall Pts: 10
    AWFT Pts: 0
     
  7. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    According to Guillaume's (gkweb's) site Outpost can be configured to pass pcaudit, yalta, and test 6/10 of awft tests (based on Win2k/XP). His site agrees with you on dnstester & thermite.

    Further, I agree with FluxGFX; no firewall can pass every leak test. Just secure Outpost -or Kerio- as best possible with the help of the advice from the official forums for these products. Build a nice layered defense on top and rest easy.
     
  8. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    It's my strong opinion that it's not the firewall that failed, but the owner of the system who failed to protect his system. This has been discussed lots of times. It's a nice bonus that client side firewalls can check the integrity of outgoing processes, but it's a bonus, nothing else.
    Catching a leak test tool is a PR matter. Leak tests are demonstrations of potential threats (hijacking trusted processes). So far these threats require local access to a system, so there's your risk.
    Worms like Sasser could perhaps exploit this risk, but your firewall will protect you.
    Worms like Bagle could perhaps exploit this risk, but it would require manual intervention.
    Biggest problem in this area is browser hijacks. I haven't seen this detected by firewalls.

    As was mentioned before: layered defense is the way to go. And the best defense is limiting risks by avoiding them. You need not test your firewall. Protect yourself and your firewall.
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The Outpost forum's Leak Test Score Card FAQ will provide more details on what leaktests Outpost can stop and what configuration measures are needed with some. Only Wallbreaker and Thermite should bypass Outpost regardless of configuration.

    For DNSTester you need to implement the "Application DNS" rules given in A Guide to Producing a Secure Configuration for Outpost.
     
Loading...
Thread Status:
Not open for further replies.