http://www.firewallleaktester.com/leaktest7.htm http://www.firewallleaktester.com/tests.htm Retested ZA Pro 4.5.594 and got 10/10 with the AWFT test. Also passed CopyCat. Failed tests 1 and 3 of WallBreaker. Would be curious about the performance of other FWs as tested by other forum members. F
Hi guest, tests are not done just "like that", I am using a test protocol, which is explained there : http://www.firewallleaktester.com/documents.htm (pdf document) results will completly changed if you don't fully trust explorer or iexplore Do you understand the leaktest to claim you pass Copycat ? Do you know how ZA seems to pass Copycat ? ZA allows you to enable the OpenProcess API call hooking, and it only intercepts this API call from copycat to IE, there is no clue at this time of an internet access, it is not a pass, it is a makeshift, everything explained in the document (for instance an exe doing such a call without any network code in it will be caught by such protection, OpenProcess API is not necessarely malicious). Good reading. regards, gkweb.
GKWeb- That is good reading. I haven't finished it yet but I read enough to have a better understanding of the makeshift protection some firewalls provide. Because of this I'll post my findings with Tiny firewall 5.5.1332 in a slightly different format: pass, fail, or blocked(low level access, api,...makeshift). PC Audit 1 - Pass PC Audit 2 - Blocked WallBreaker - Blocked all (Prevent WB from application spawning) DNSTester - Fail, I've heard TPF can catch this but I haven't figured out how Copycat - Blocked AWFT - Tiny scored all 10 points by denying app spawning & low level access I guess with tpf it's pretty easy to rely on it's IDS/sandboxing/process guarding abilities as opposed to true firewall protection.
Hi se7engreen, happy you find the document interesting As you may know now, Tiny indeed can block more leaktests than bare personal firewalls because of his sandboxe components (API hooking, file access, registry access, file launching, etc...). About DNStester, I don't remember if TPF allows you to choose which API to monitor ? I know it can monitor API such as VirtualAllocEx needed to inject a thread for instance. If it has such feature, just monitor the DnsQuery API to block DNStester from calling out. I would say that generally, a sandboxe software is a very good addition to any personal firewall. Tiny is an "all in one" product. regards, gkweb.
I like the cache cleaner and ID Lock features of ZA Pro. I'm using Firefox and MyIE2 browsers. Therefore, I disabled ACCESS and SERVER rights for both Windows and Internet Explorer.
Mine was a three program approach, I have Kaspersky 5 AV, Outpost Pro 2.1 ( tweaked to my system) and Process Guard. Here is how my tests played out: pcaudit (Passed)-PG pcaudit2 (passed)-PG wallbreaker (passed)-PG DNS tester ( passed thanks to Paranoids guide on the official OutPost pro forum)-OP Toleaky (passed-OP Thermite (passed)-PG Yalta (passed)-OP AWFT (Oupost 10 AWFT 0)-OP Firehole(virus detected did not run)-KAV Copycat(virus detected did not run)-KAV Ghost (virus detected did not run)-KAV outbound- (unable to find packet.dll could not run) MB test ( unable to find packet.dll could not run) KAV would not even let me download three of the tests, as for thew others, what Outpost did not stop Process Guard did. The last two tests I am not sure what the packet.dll missng was about.
I don't get it, I tried all the leaktests available from your site for Win98 SE and here are the results: When ZA was in medium mode it almost failed every test, when in High mode with components control it also almost failed every test, but when I turned components control off it passed every test! With passed I mean it will always notify me that an app is trying to connect to the net, and the app didn't manage to do so. So what's up with this component control thing? It actually didn't help a bit. Also, what I don't understand is why if I launch an app (IE for example) via let's say LaunchItNow! I will get asked a for permission, "will you allow this app to access the internet via Internet Explorer?" (which was the app that was launched). I don't get it, IE wants to connect and I already had permitted that, so why do I get notified?
Hi, sounds weird, it should be the contrary. Are you sure you have just one firewall installed on your computer ? If you have another firewall installed, even if not launched, it can conflict with ZA. If not, I would guess a software conflicts. If i am a malware, and that I know that by directly connecting to the Internet I will be seen, then I 'll try to hijack a trusted app like IE. So if i launch IE with parameters to transmit information, it is better that your firewall warns you that an application is using IE, and ask you if it is allowed to do so or not. ZA is just doing it's job regards, gkweb.
Hi, Thanks for the feedback, now that I think of it, I have installed Kerio and Jetico (not autoloading) but I did not like them, I think ZA is easier to use eventhough it uses a lot of resources, a lot more than Kerio. But anyway, I think I will keep it this way since ZA Pro does seem to work now, who knows what will happen, yesterday I was already testing it out for about 3 hours LOL. But about the second question, is it true that if I make LaunchitNow an trusted app, I won't get any questions anymore, if an app wants to access the net via this app? And since today when I start up my PC I will get a notification about afpansi.vxd, that it could not be found and maybe an app needs it. I searched for it on Google and I found this: http://www.pestpatrol.com/pestinfo/i/informer.asp So is it a trojan or is it maybe related to the leaktests? So far ZA didn't notify me about suspicious apps, but it is strange.
Not sure i understand you Mvdu, i tested Dnstester on my computer with SSM and it stopped it cold. How did you test it with SSM? Please give details on what you did.
Well, it told me that DNStester was opening, but when I let it open and executed it, SSM didn't stop it. Maybe I have to have some app out of the trusted list.
For a fair test, you should tell SSM to allow DNSTester to execute (after all, you aren't going to know what applications are malware in advance so you cannot rely solely on SSM's program execution prompt). DNSTester should not attempt any DLL injection or other process hijackery so whether it works or not should then be up to your firewall...
