Leaktest from Gibson Research (GRC) and various firewall results

Discussion in 'other firewalls' started by Tronix74, Feb 17, 2008.

Thread Status:
Not open for further replies.
  1. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    I just wanted to mention that I used Gibson's Research Company's Leaktest program with the latest version of COMODO (3.0.17.304) and the Leaktest program was able to break through. I hope that they do something to fix this problem because if that program is able to get through, the firewall isn't doing anything for you.
     
  2. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: COMODO Firewall Pro 3.0.17.304 has been released!

    You did the test wrong. I was able to have Comodo version 304 pass all tests. The GRC Leak test. The System Shutdown Simulator. PC Flank test. Comodo passes them all. You need to allow the the first pop up Then deny to all the rest. If any of those tests where downloaded before you installed Comodo then Comodo will think they are safe. Delete all entries of GRC test in firewall and D+. Delete the GRC file. Reboot. Download the GRC leak test again and you will find it passes. If it does not then you click allow instead of deny. A leak test is only as good as the user testing it.
     
  3. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    I would like to mention that the latest version of Leaktest from Gibson Research (GRC) has broken right through the Online Armor firewall if the program is allowed to execute. For example, there is an option that prevents allowable executable programs from automatically gaining internet access. When this option is used and you allow the Leaktest program to run, the firewall won't detect the applications network access attempt and the program will pass right past the firewall. To be fair, so far there are only a few programs that have been able to block Leaktest.

    1. Outpost Firewall (I would mention that this program has some of the worst inefficient coding- the application takes up a lot of system resources and slows down your computer)

    2. Zone Alarm Pro - (While this program seems to work alright on my machine, I have noticed a few issues but I have not been able to point the finger squarely at this program)

    3. Look 'n' Stop - Probably the best firewall overall unless you like to use P2P programs with randomized ports- the only way to get the firewall to work properly with a P2P program is to set an allow rule that allows all inbound communication into your computer while the specified app is running.

    4. Jetico Firewall v 2 - I'm sure it's a great firewall but the user interface is convoluted. If the quick and easy filter doesn't get an application set up the way you want it, good luck trying to figure out how to get the application to work short of removing all mention of the program and hoping the program will prompt you again.

    5. Ghost Security- Their free firewall worked great although it won't block any outbound programs. When using their app program, you had to respond to a million popup messages, if you think Vista is bad, you haven't tried using Ghost security's Appdefend program. I think if they can give the user the option simply to decide if a program needs network access or not, they would have a real killer app on their hands. As it stands, this program is way too annoying for me to use.

    All in all I have yet to find the best firewall program. I think all of them have issues. Personally I would like to see Agnitum's product work without any of the annoying glitches and lag that it seems to cause. I'm sure with enough effort, the can shrink the program down and get it to run more efficiently. Out of what I have seen so far, I would recommend Zone Alarm for the average user and Look 'n' Stop who don't mind having to tweak the program from time to time to get it to do what you want. Overall Look 'n' Stop had the least amount of lag and used the least amount of system resources.
     
  4. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Re: Online Armor new public beta

    I'm going to go and have and look at this right now. Thanks for the heads up
     
  5. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    Thanks Mike for the quick response! I hope that you're able to fix that. I have no idea how the Leaktest program works but I suspect it may be hitching a ride on another network application (maybe a system app?) and not accessing the network directly. Leaktest also managed to break through the latest version of COMODO, last known version of Sygate and I've heard that BlackICE has yet to successfully fix their leaks without cheating (according to the GRC website).
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Re: Online Armor new public beta

    I think we used to pass this one - it may be an introduced bug in Online Armor, or I could have missed it in my testing :(

    Just to check - we are talking about this, right?

    hxxp://www.grc.com/files/LeakTest.exe
     
  7. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    Yeah I think that is the one. I downloaded the app from that website at least. I noticed that they announced v1.2 so maybe their new version was able to get past your application. I want to emphasize when using your firewall, if you choose not to run the app, nothing will happen because the app can't launch. However if you choose to run the app (and you disable the auto-accept internet access request in the options), you'll notice that it appears to pass right through the firewall- at least on my system. One thing I forgot to mention is that I'm not using the Beta version of the program. I'm using the Free Available program.
     
    Last edited: Feb 17, 2008
  8. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: Online Armor new public beta

    YOU are doing the test WRONG. Read the test. At the first pop up of Online Armor you need to allow it. Then when the test starts you click deny. Then it passes. if you clicked allow it will allow no how many times you try. You need to delete all entries of the leaktest in OA and reboot. Then test again.
     
  9. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    I just received a message from another user who said they were able to get the firewall to block the Leaktest. Let me re-verify that the non-beta version of the program is able to block the Leaktest program. I will uncheck the option to automatically allow permitted programs internet access.
     
  10. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: Online Armor new public beta

    All versions of OA pass. Matousec was using version 19 when they rated Online Armor #1.
     
  11. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
  12. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: Online Armor new public beta

    I mean block at the first prompt.
     
  13. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    Hmm this is interesting..I am using version 2.1.0.31 of the program. I notice that my computer hangs after the first reboot and the computer has to be reboot a second time (I believe the program did this the first time I ran it as well). After I manage to kill a few processes that aren't responding and the program is running, I make sure that the option is unchecked to auto-trust programs with internet access. I launch the leaktest app. A window pops up asking me whether or not I wish to run this program. I check allow with the "always allow" option checked. At this point I have the program try to test for leaks, when I press the button, the firewall application doesn't respond with any further questions. The Leaktest program shows that it got through the firewall.
     
  14. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Re: Online Armor new public beta

    I believe you are doing the test wrong tronix. I don't think any firewall can not pass that test. It's one of the simplest leaktests availlable so i doubt powerful firewalls like OA or COMODO can fail.

    I am testing both CFP and OA for a new leaktesting site coming soon :D and they both pass this test easily.
     
  15. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: Online Armor new public beta

    You to click Block and you need to remove all entries of the test in Online Armor. Under program delete and under firewall delete it.
     
  16. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    I'm not sure how I can be doing the test wrong. The firewall asks about all my other applications that I'm running except the leaktest. I checked the log to see if it even logs the leaktest. It doesn't even log the test. This is very odd. Might I get access to the beta version of the program to see if it does the same thing on my system?
     
  17. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: Online Armor new public beta

    Click Block and the test passes. Plain and simple. See my screen shots.
     
  18. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
  19. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    One more observation is that there is no firewall rule for the leaktest application even after it penetrates the software. This tells me that I am in fact doing everything correctly. If I wasn't then there would be a rule that would exist in the Firewall section of the program.
     
  20. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Re: Online Armor new public beta

    We just tested here with Build 85 and cannot reproduce this.
     
  21. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    Hmmm... this is very odd. Why would the program act differently on another computer? Is the build you are referring to the current public version? I would like to have the opportunity to see if the beta version of the software behaves any differently on my system.
     
  22. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Re: Online Armor new public beta

    Can you tell me please exactly what happens ? Did you allow it once? Did you change any OA options, or is it an "outa the box' install?

    Several people tested it and found it to work, so I am a tad puzzled by your results.
     
  23. wat0114

    wat0114 Guest

    Re: Online Armor new public beta

    This info alone indicates there could be a problem with your machine's setup. Your computer hangs and you have to kill some non-responsive processes??

    Simply put, OA and any other two-way application firewall will block that test, as long as a rule was not inadvertently created to allow it or the install of the firewall did not corrupt in some way.

    *Edit*

    you mention earlier in the thread about testing other firewalls. Have you checked Task manager to make sure there are no remnants of those products still running? This has known to happen and will cause problems.
     
  24. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Re: Online Armor new public beta

    He clicked allow and not block. Thats the problem. Then if you try the test again it will fail cause OA was already told to allow it. When you first install OA and reboot OA or any other firewall needs to learn your apps. If you waited your system would have come back.
     
  25. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Re: Online Armor new public beta

    To answer your question Mike, I did change one option in the program and that was to not allow a trusted program internet access. Other than that, I didn't change any other options. I even cleared out all previously trusted programs after having issues with the leaktest just to make sure this wasn't the case. Even after the firewall and the program permissions were completely cleared, the leaktest program still managed to get through.

    At the moment, I'm using Look 'n Stop now and it seems to work just fine- I'm not getting any problems during bootup and it blocks the leaktest application on my computer.
     
Loading...
Thread Status:
Not open for further replies.