PC Flank's new leaktest

Hello

I have read about a new leaktest at http://www.pcflank.com/pcflankleaktest.htm
May be interesting. Being an .exe prog GSS grabs it when starting but later cannot sense its attempt to connect to the net under the veil of IE.

 

I don't know about this being a new leaktest, there was discussion on the Process Guard forum about this some months ago. PG and AD can stop it executing but cannot stop the leak if it does execute.

KAV's PDM will stop it because it has the behaviour blocking ability to prevent 'Launching Internet Browser with Parameters'. I think SSM may have that function as well, but I don't run it to confirm.

Edit - now I think of it, it's probably the CPIL leaktest that uses parameters to launch IE, the PC Flank one may use some other form of 'dangerous behaviour' ('trying to send data through a trusted process'); but either way KAV stops it because it has a behaviour blocker. ZAP's behaviour blocker fails the test while PG and AD are not designed to tackle this sort of thing.

 

Thanks for the info indeed.
Xtree

 

This leak test still bypasses AppDefend. It does not succeed by Launching the browser (if you don't allow your browser to launch to view the results, the data is still sent) as copying the URL test page into your browser will show the leak has already taken place. According to PC Flank website, the only two security solutions to pass this test are Outpost Firewall and Tiny Personal Firewall (now discontinued).

 

They may be the only FWs to pass, but they aren't the only security solutions to pass; KAV/KIS's PDM passes every time.

I now have SSM on my system so I can confirm that that too fails the test. The point is that AD, PG and SSM are all HIPS progs but they are not intended to have all the functions of a FW, nor do they have 'behaviour blocking' analysis. I don't know whether Cyberhawk would pass, I'll leave that to someone else to experiment with.

 

ProSecurity passes both keylogging tests and the directx test, which surprised and impressed me.

 

Hello Farmerlee,

You mean AKLT. Pcflank is another test you can also try.
Geswall also passes both of them perfectly if you run them isolated and the browsers non-isolated.

 

Yeah, lol, i posted in the wrong thread.

 

It seems Pro Security can pass the pcflank leaktest as well