Where are they - Firewall tests, reports, comparisons??

Discussion in 'other firewalls' started by Wai_Wai, Sep 1, 2005.

Thread Status:
Not open for further replies.
  1. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Firewall tests, reports, comparisons??

    Hi.
    I would like to gather websites which:
    - test the capabilities of different firewalls (eg leaktests).
    - firewall comparisons by independent websites
    Does anyone know where they are?

    Currently I get this only:
    Firewall test
    http://www.firewallleaktester.com/tests.htm

    Firewall Comparison
    None yet
     
    Last edited: Sep 2, 2005
  2. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    Wai_Wai,

    I think you'll find firewall comparisons are often biased to be honest and everyone has a different expectation about what they are looking for in a firewall, how they expect it to be behavour, and how much involvement they want to par-take when configuring it.

    The leak test site is a good site to judge how seriously the various companies take their products, and in keep them upto date. After that, I think you need to try out the ones you like and see which ones suites your needs the best.

    Finally if you ask people for their views, it will only cloud your view, nearly everyone has their favourite and what's right for one person might not be right for you.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  6. StevieO

    StevieO Guest

    After trying all of the tests i could find over the past few years, and thankfully passing nearly all of them, i was very surprised today to discover a new one, to me anyway.

    . . .

    LeakOut - Firewall outbound control tester

    LeakOut is a simple tool to demonstrate how it is possibile, in certain circumstances, to circumvent the outbound control/filtering systems of personal firewalls such as ZoneAlarm, Outpost, Kerio, Sygate, Look'n'Stop, and others.

    . . .

    At first it was denied it access by WinSonar, then i allowed it and was prompted by an alert from ZA. I then allowed it to pass and got directed to a www that displayed this -


    Some sample data collected:
    --------------------------------------------------------------------------------
    Machine Name: ( Removed )

    User Name: ( Removed )

    Windows Directory: C:\WINDOWS


    --------------------------------------------------------------------------------
    N.B. This is obviously just a proof of concept!
    Parameters passed via URL could be encoded, this window could be closed, minimized, or redirect to the home page, show something fancy, and so on...

    http://mark0.net/soft-leakout.html

    . . .

    See how it does on your PC.

    Other interesting stuff on his site too.


    StevieO
     
  7. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Probably you should notice. Still I tell you in case if you don't know.

    The reviews in this webste is not reliable.
    Not sure why I have such kinds of feeling.

    Probably it is because it once presented a comparison which some bad or below-average products came to the top 3 (but all other independent websites do not recommend these software).

    And it seems someone says so too in Spyware Warrior.

    After all, what do you tihnk about website? Good? Reliable?
    Thanks for your help.
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The TopTen Reviews seem accurate as far as they go - but they don't appear to focus on the most important issues for personal firewalls (how much control they allow over programs' network access, leaktest performance, etc). They do seem to focus a lot on referers which are more a privacy than security issue (and best dealt with using specialised web filtering software like Proxomitron).

    Two particular failings in my view were the review of InJoy and ZoneAlarm. InJoy is really aimed at proxy servers and offers features of particular use there (traffic shaping and bandwidth usage monitoring) which weren't mentioned while ZoneAlarm's Privacy Vault was given some praise without mentioning the (significant) weakness that it cannot spot personal data in encrypted traffic (many trojans do use encryption so Privacy Vault and similar features can only provide a false sense of security).

    Overall, I'd say they offered a good basic introduction but lack real depth.
     
  9. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Do you know exactly how old they are?
    I can't find the answer in their website.

    Thanks.
    As you said, they are too old (March 27, 2002). Things is likely to change (largely) during 3 years. Since newer reports are available, it is better to reference to other newer leak attacks (like the one in my firstpot) as some background information. :D
     
  10. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Thanks.
    By the way, I have a feeling magazines are not trustworthy since they are somewhat affiliated with companys (remember who pay for the ads :p).
    So I would like for independent reviews if possible.

    Anyway, although they may be baised, it is never a reason to totally disregard everything form them. When direct evidence areavaiable, we can always judge based on our knowledge and logical reasoning.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well I said "It isn't much", not because I mentioned only one link, but because I don't trust any comparison table.
    In the beginning I was also blinded by these tables, but not anymore and they don't influence my choice.
    I read these tables as additional info, but I don't listen to them.
    I already made my choice "ZoneAlarm Free", because I don't pay for security.

    My security is based on PREVENTION and DISCIPLINE and any software or advice that works preventive has my attention, as long it is free of course.

    The trouble with security is that when you read long enough about a software, you THINK you need it.
    Some security softwares are indeed ESSENTIAL, just like you need one lock on your door.
    Everybody in the security world will recommend you this software and that software and scare/convince you long enough until you buy and install it on your computer.

    It's like wearing a bulletproof jacket when you go to the supermarket, because the possibility exists, that you might be shot in a supermarkt.
    Security people are ALWAYS RIGHT, but do YOU really need it ? That's what I'm trying to figure out in this forum.
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    For the reviews, the magazine issue and month/year is listed (check the issue/date column). For the comparison, the issue and date is listed quite clearly at the top of each review - ISSUE: 114 DATE: Feb 04.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    I think it is completely dependant on your behavior and use of your machine. People who exhibit risky behavior probably need all the security software. Especially if they don't image their HD or can't restore from a backup.

    On the other hand, people who practice "safe computing" like myself, don't need much more than a router and good AV. That's my opinion anyway... :)
     
  14. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    As far as I go (Yes, just me only),

    (Note: The following are merely my personal opinion. Don't treat it seriously.
    You may wish to read carefully since sometimes the statements may be a bit misleading, and make you misinterpret what I mean)

    From security experts:
    - a lot of news relating to security holes and possible exploits of Windows/Outlook Express/Internet Explorer; how lots of people and businesses are affected
    - there are always new malware which can manage to intrude your computer
    - read a lot of security artcles how hackers can attack your computers (eg even if you browse, the HTML alone can do evil things to trap you into intrusion


    From hacker world:
    - how one can bypass the security software (eg I realise one can simply re-code its malware a bit in order to bypass an AV/AT/AS, and see how easy it can be done),
    - there are always underground/private malware which can hardly be found by security or anti-malware guys (eg they do not publish its trojan on the Internet. It is only used on a small scale, and target some victims)
    - sometimes you will never know you get hacked; or get infected (especially true for trojans, backdoors, keyloggers etc.) When you say you are secure, it may be just a false sense of security
    - free (& powerful) tools everywhere to hack your computer
    - free step-by-step articles everywhere to hack your cmputer

    All these things, as a sum-up, don't make me feel secure. The above are no merely puff. I can see the possiblity of these exploits and how easy these can be implemented. What I can say is: the more you know, the less secure you feel and the less you place your trust on your AV/AS/Firewall.

    Note:
    Yes I know it sounds like too pessimistic. Yes I agree since I only say the bad side witohut explaining the good side. I know the good sides as well, so I'm not really too pessimisitc. But if you read more articles and research on the technique hackers use, I'm sure you will not feel as confident as you once be.

    Anyway, you don't need to agree with me. Different people have different views. It is impossible for someone's attitude change from disagreement to agreement.

    After all, hopefully you will get what I mean, but not make you misinterpret what I mean. Tiime is short and sorry if I can't explain things clearly.
     
    Last edited: Sep 3, 2005
  15. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    By the way, here's how I safeguard myself AND prevent "false sense of security":

    Security Software
    - 1 resident AV (plus additional AV for on-demand scans; you may use online free scans instead too)
    - 1 resident AS (same as above)
    - 1 Firewall
    - 1 intrusion prevention system

    Other software
    - don't use common MS products (since hackers usually target its product due to its huge market shares). Use Firefox/Thunderbird/Mozilla Suite instead
    - many security configuration of my cmputer/system (eg close unnecessary services, set storng paswords etc.)

    User
    - Maintain good habits (eg safe browsing, safe emailing, don't click on links, especially suspicious; don't install things or plug-ins NOT form vendor website [eg install Shockwave plug-ins in third-party website. The webmaster may bundle that plugin with malare, etc.]
    - Have good knowledge about security and hacking techniques (eg know how to workaorund or reduce the risks of (potential) known exploits/weaknesses/holes which haven't been fixed, or cannot been fixed in security products)

    That's what I did in my computer.
     
Loading...
Thread Status:
Not open for further replies.