PG3 and leaktests

Discussion in 'ProcessGuard' started by SimonW, Nov 2, 2004.

Thread Status:
Not open for further replies.
  1. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    gkweb has a very useful and informative site (http://www.firewallleaktester.com/wwdc.htm) relating to firewall leak tests, namely:

    LeakTest
    Tooleaky
    Firehole
    Yalta
    Outbound
    PCAudit
    AWFT
    Thermite
    Copycat
    MBtest
    WB
    PCAudit2
    Ghost
    DNStester
    Surfer​
    I just wondered how well PG3 stacks up against these - where relevant?

    Have we reached a point where owners of PG can ignore the good/bad leak-ability of a software firewall and focus on other functionality offered when deciding which to use ?

    Thanks
    SimonW
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Here is report from GKweb, I am sure he will post more regarding this:

    Existing leaktests blocked after they are allowed to run (6) :
    FireHole, PCAuditv1, PCAuditv2, AWFT 3.1, Thermite, CopyCat

    leaktests blockable only by denying them the right to launch (:cool: :
    WallBreaker, MBtest, Yalta, LeakTest, ToolLeaky, Ghost, DNStester, Surfer

    AWFT, 6 tests :
    Quote:
    One: Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs.

    Two: Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail.

    Three: Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail.

    Four: Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.

    Five: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, loads a copy and patches it in memory before execution from within a thread on Windows Explorer. Very difficult test for PFWs!

    Six: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, requests the user to select one of them, then creates a thread on the select process. Another difficult nut to crack for PFWs!

    14 XP/2k leaktests, 19 attacks (AWFT = 6 differents)
    6 leaktests blocked, 11 leaktests attacks blocked

    HTH Pilli
     
Thread Status:
Not open for further replies.