Personal Firewalls vs. Leak Tests: Part II

Discussion in 'other firewalls' started by CrazyM, Aug 7, 2003.

Thread Status:
Not open for further replies.
  1. CrazyM

    CrazyM Firewall Expert

    Feb 9, 2002
    BC, Canada
  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    Ah, the age old debate: default configuration versus adjusted configuration. :doubt: It's hard to know what is best, I suppose, in order to perform fair tests. Just as it is hard to know whether the users will actually read the installation recommendations or the help files regarding what settings they should make or change.

    Interestingly enough ZAP does recommend that the user set Program Control to High after 2 days (or so) of normal Internet use. This enables full program and component control which is the key to monitoring and managing program interaction. ZAP can't control this until each program and its components have been loaded into its program database. But, if ZAP came with that feature set at installation time, the user would literally have to respond to hundreds of component level access requests while ZAP is in this learning mode.

    This Advanced Program Control was actually added to ZAP specifically to address the tooleaky exploit method (ie. one program calling another in order to access the network), which in this test ZAP is shown failing because of this initial setting. I'll grant you that ZAP doesn't handle all the known exploits, but it handles many with proper configuration.

    As for TPF, with its sandbox it can give you incredible security. But, then we have people saying that the sandbox isn't really part of a firewall, (lesser application controls appear to be, but not a full sandbox), so it isn't a fair test to use it to prevent the exploits. So, TPF fails more tests than any other firewall when it ought to pass most of them. :doubt:

    By the way, for people who don't know the power of a sandbox, just look at any of my threads here or at DSLR where I show just what TTT (the sandbox running separate from the TPF firewall) can do; intercepting and controlling programs calling programs; programs accessing system services or resources; or attempts to terminate other processes; all these things can be controlled completely. But, TTT/TPF is terribly complex. It can't be set by default at installation time because every system is different and the access needs on them are different. Users who wouldn't take the time to configure it properly wouldn't even be able to operate their systems.

    I'm glad tools like these exist for those of us who are willing to do more than set it and forget it. If you are willing to put in the effort, you will get back an incredible level of security.
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Feb 3, 2003
    on the sofa
  4. _anvil

    _anvil Registered Member

    Jun 18, 2003
    Quite right, Mr.Blaze, they were obviously 'inspired' by gkweb's site (somewhere in that article, his site is even linked...) :cool:

    As LowWaterMark said, it's somewhat dissapointing that they _only_ tested with 'out of the box' settings, which is for most people here quite uninteresting.
    Furthermore, they made obviously some mistakes (e.g. how can Kerio block PCAudit...?!), and it is (as always) a bit 'questionable', if a security website as pcflank, which is in some way 'connected' to a certain firewall vendor, makes a comparison test of firewalls, and - surprise! - this certain firewalls performs best (although I see no obvious 'flaws' in Outpost's results... ;) )

    So after all, I would still recommend gkweb's site for leaktest references. ;)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.