This setup will pass all leaktests

Discussion in 'other firewalls' started by budfox, Apr 5, 2005.

Thread Status:
Not open for further replies.
  1. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I have a simple setup that passed all leaktests listed here.

    http://www.firewallleaktester.com/

    The two programs that I used are
    1. Netop Firewall
    2. Process Guard

    Very simple setup.

    1. Netop
    goto Tools/ Options and make sure that Enable DNS Auto resolve is unchecked.

    2. XP
    goto Start/ Run/ "msconfig" / Services and uncheck DNS Client.

    3. Process Guard
    goto the PROTECTION tab
    click Add Application
    Add both iexplore.exe and firefox.exe
    make sure under the box "Protect this application from" [modification] is checked.
    [reboot system]

    One note. When running the leaktest against your system, allow PG to run the programs. If you get a popup from the firewall, click do not allow.

    I like Netop firewall due to the fact that it is the only driver-centric firewall and in theory your system is protected during startup. More importantly, the only way to turn off the firewall is to uninstall and reboot system.
     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I don't know what you mean by driver centric, but quite a few fiewalls consist of a kernel level driver and a GUI to tell it what to do. Even Kerio 2.15 can be set up to block all traffic when the GUI is terminated.

    Not to mention what I think of leak tests...
     
  3. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Not to mention what you think of leaktests?? Why should I care what you think? This post is for people who do care about leaktests so take your 2 cents and ......guess you think you are immune to ever getting a trojan.

    As for driver centric.. look it up. Here is a clue for you. Try NDIS driver. Kernal level firewalls will leave you open during startup. I love the people here who go on about kernel level firewalls...yawn.
     
    Last edited: Apr 5, 2005
  4. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Well, if you ask why you should care about what I think, then you may as well ask why would anyone care about what you think.
     
  5. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Wow, got me there. I will stop now. I have learned never argue with an xxxxx




    word edited by request of a member, very uncalled for . please refrain from useing these kind of words bigc
     
    Last edited by a moderator: Apr 5, 2005
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If the personal attacks keep on, this thread will be closed.

    bigc
     
  7. dog

    dog Guest

    Hi BudFox, ;)

    Welcome to Wilders' ;)

    As Wilders' is a discussion forum, everyone is entitled to their opinions. Discussion and sharing knowledge is what it's all about, but let's keep it on an academic level, there isn't any need for any type of personal comments toward others.

    I hope we can all discuss this subject in a civilized manner, based on fact, interpretation of facts, and opinions/merits of such.

    I hope you will both enlighten us/share with us with your thoughts on the matter. There of course isn't a need to agree, but an academic debate/discussion, will serve to expand all of our knowledge.

    So let's keep this friendly guys

    Steve

    EDIT: Sorry BigC ... I was in mid response, when you replied. No intention of stepping on your toes, my friend. ;)
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    no problem on this end ;)

    bigc
     
  9. Arup

    Arup Guest

    I have setups with Kerio 2.15 and Sygate that will pass almost all leak tests thrown at it.
     
  10. polaris

    polaris Guest

    could you please tell me how the setups are?
    many thanks
     
  11. Arup

    Arup Guest

    Hi Polaris,

    Combine Kerio+BZ rules with strict implementation of loopback proxy as well as specify ports of all programs that need to to access the net. Combine that with Prevx, Winsonar or Antihook or PG free, and you have a leakproof Kerio. On is own without any other programs, Kerio stops tooleaky and Leaktest and blocks PC Audit and Wallbreaker as well. I dont' use IE and any security conscious person shouldn't' either, so I don't' have any rule for it, this way, it has to ask every time it needs to access the net for some reason.

    Best of all, my solutions listed above are all free.

    As for driver centric firewall, dont' wish to ruffle any feathers but Sygate free and pro have been offering that for quite a while as well as secure mode and password protection where no programs except DCHP is allowed while the system is loaded or firewall is turned off. Unlike Kerio's reghack secure mode, the Sygate's is superior due to its feature of allowing DCHP broadcasts for setups that need it.
     
    Last edited by a moderator: Apr 5, 2005
  12. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Although jetico firewall is still under development, it could pass almost all the leak tests already. I also tried kerio2.15 + process guard and they could pass too. Since the leak test was done on October, 2004, i believe some other FWs also can pass the tests now.
     
  13. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Due to the compatibility problem with Firefox, many chinese websites could only browse with ie and i have to stick with it. my choice is GreenBrowser, ie based the web browser including pop-up killer, with activeX and Java disable. Besides that, i also use script defender. So i feel pretty safe when surfing online. but i do use FF if i go to some crack websites.
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Any driver is actually kernel mode, NDIS or otherwise.. a usermode firewall wouldn't be very effective. Most firewalls do run on a driver in 2k/XP.

    As far as leaktests go, do you have something for the likes of WallBreaker and CopyCat, or do you just keep IE on "permit once" in PG? What about Firefox and other internet apps?
     
    Last edited: Apr 6, 2005
  15. Arup

    Arup Guest

    Have you tried out Opera? I go to quite a lot of Chinese forums and it works nice there with the Chinese language fonts.
     
  16. polaris

    polaris Guest

    Thank you very much Arup for the free advice...
     
  17. Arup

    Arup Guest

    You are welcome, just forgot to add, if using Sygate, uncheck act as server for all the applications apart from using the supplementary security softwares that I listed.
     
  18. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    almost all of the good firewalls can be setup to pass all the leak tests it just takes some time patience and learning the program. most good firewall can do this with work some just takes more than others. i am using outpost right now and it will pass everything i throw at it. as did kerio 4.1.3 once configured right
     
  19. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Arup-

    Even if IE is effectively disabled, couldn't a rouge program launch the default browser and use it to send data outbound?

    By the way, the kerio reghack will get around the DHCP problem in most cases if kerio is started from the startup folder, or if you are on a router and can set up your computer for static IP (local IP only , the router gets a dynamic IP from outside.

    Chinese? I can't read a word of it.
     
  20. Arup

    Arup Guest

    Good question Diver, so far, WB, Tooleaky and others only try and launch IE due to MS's implementation of using IE as gateway to the net for other programs. My default browser is Opera in my system but WB and others never try and lauch that one.

    I know about the Kerio reghack workaround, however have to admit that Sygate makes it far easier to implement.
     
  21. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    opera is not totally free. besides that, there are still lots of chinese websites which don't follow W3C criteria. it's a little off topic. :D

    if people use winxp sp2's ICF and Kav (real time protection with up-to-date extended database), what's the chance to get infected and sent out user's personal info by a malware? I think it is very low and the extra benefit from a better FW, which pass the leak test, will be less than 1%, i guess.
     
  22. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    The deal with Kerio is it is a program that has not been developed for two years and the reghack is just that, a hack. There are other firewalls that shut down communications when the gui is not running such as 8Signs and Visnetic.

    I just checked around here and links in help files do launch IE rather than my default browser, Firefox. And that is how windows works. So, if you don't mind having to give IE explicit permission every time it runs... Not to try and give you a hard time, but I would not want to have to do that myself.
     
    Last edited: Apr 6, 2005
  23. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Shek-

    I tend to agree with you on the 1% or less benefit of "leak proofing". It can even be argued that the additional user interaction required to set up and maintain advanced application controls interfers with the users ability to correctly respond to really important browser or Java warnings such as "do you trust xxx toolbar".

    I think the effort should be on prevention. Finding a leak is only detection after the fact. Other means of after the fact detection are programs like Tcpview, process monitors, looking at the hidden devices in device manager, checking start up entries or even a scan with an updated AV signature base.

    However, I do notice you have a long list of security apps in your signature in order to cover that 1%. My setup is nearly the hypothetical one you mention. That is, a good AV and a traditional non application filtering firewall. Of course, I use Firefox to browse with Java off unless I need it, and run without administrative rights.
     
  24. Arup

    Arup Guest

    Diver,

    Since I never or hardly ever use IE, it doesn't really matter to me. True Kerio is 2 years old, but it has been polished and is now a very good and formidable resource light and free alternative to many.
     
  25. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The combination of Zone Alarm Pro and Process Guard will defeat all the leaktests cited - with the exception of WallBreaker. I don't know of any FW that will defeat WallBreaker, is Budfox telling us that Netop will?
     
Thread Status:
Not open for further replies.