PC Flank's new leaktest

Discussion in 'Ghost Security Suite (GSS)' started by xtree, Jan 14, 2007.

Thread Status:
Not open for further replies.
  1. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Hello

    I have read about a new leaktest at http://www.pcflank.com/pcflankleaktest.htm
    May be interesting. Being an .exe prog GSS grabs it when starting but later cannot sense its attempt to connect to the net under the veil of IE.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I don't know about this being a new leaktest, there was discussion on the Process Guard forum about this some months ago. PG and AD can stop it executing but cannot stop the leak if it does execute.

    KAV's PDM will stop it because it has the behaviour blocking ability to prevent 'Launching Internet Browser with Parameters'. I think SSM may have that function as well, but I don't run it to confirm.

    Edit - now I think of it, it's probably the CPIL leaktest that uses parameters to launch IE, the PC Flank one may use some other form of 'dangerous behaviour' ('trying to send data through a trusted process'); but either way KAV stops it because it has a behaviour blocker. ZAP's behaviour blocker fails the test while PG and AD are not designed to tackle this sort of thing.
     
    Last edited: Jan 14, 2007
  3. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Thanks for the info indeed. :)
    Xtree
     
  4. Source

    Source Registered Member

    Joined:
    Apr 22, 2006
    Posts:
    9
    Location:
    London, England.
    This leak test still bypasses AppDefend. It does not succeed by Launching the browser (if you don't allow your browser to launch to view the results, the data is still sent) as copying the URL test page into your browser will show the leak has already taken place. According to PC Flank website, the only two security solutions to pass this test are Outpost Firewall and Tiny Personal Firewall (now discontinued).
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    They may be the only FWs to pass, but they aren't the only security solutions to pass; KAV/KIS's PDM passes every time.

    I now have SSM on my system so I can confirm that that too fails the test. The point is that AD, PG and SSM are all HIPS progs but they are not intended to have all the functions of a FW, nor do they have 'behaviour blocking' analysis. I don't know whether Cyberhawk would pass, I'll leave that to someone else to experiment with.
     
  6. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    ProSecurity passes both keylogging tests and the directx test, which surprised and impressed me.
     
  7. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Hello Farmerlee,

    You mean AKLT. Pcflank is another test you can also try.
    Geswall also passes both of them perfectly if you run them isolated and the browsers non-isolated.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yeah, lol, i posted in the wrong thread.
     
  9. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    It seems Pro Security can pass the pcflank leaktest as well :)
     
Thread Status:
Not open for further replies.