Why CHX-I and Windows Firewall are the same (if not better) than outbound firewalls

Discussion in 'other firewalls' started by squash, Jul 23, 2005.

Thread Status:
Not open for further replies.
  1. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Go and read this article:
    http://tooleaky.zensoft.com/

    Outbound filtering is a false sense of security. CHX-I is (in my opinion) stronger in outbound firewalls (ZA, Kerio) in, inbound filtering. Just my input. :)

    Any comments/rebuttals?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    Did you see the date on that article. it was 2001. That is an eternity in the computer world. things have changed since then. The validity of that article would now be a little suspect as to being relevant anymore.
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Re: Why CHX-I and Windows Firewall are the same (if not better) than outbound firewal

    Well, I run LooknStop, application filtering only. I launched tooleaky.exe. Internet access was requested, and I denied it. The CPU utilization of the tooleaky.exe process ramped to close to 100% for a short time. I get the message shown below. Access to grc.com is fine by the way.

    As bigC notes, your source may be somewhat dated.....

    Blue
     

    Attached Files:

  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    In order for Tooleaky or any of the other leaktests to do their thing, they have to first somehow install on your computer. In this case, of course, you give it permission to install.

    In the real world, one should be more concerned with how such a trojan would get by your security.

    For me, the risk assessment is not high enough to complain about what the firewall was not intended to do in the first place.

    Anyway, there are other ways of stopping those leaktests.


    -rich
    ________________
    ~~Be ALERT!!! ~~
     

    Attached Files:

  5. RockerRoller

    RockerRoller Guest

    HI.

    All I know is that today, WXP Firewall is much more stable than any third app fw, if only because it's part of the operating system. It's running WITH the OS, while other Firewalls are RUN BY the OS.

    Even my cherished AgnitumOutpostPro gave me a blue screen of death a few days ago, and on WXPSP2 for that matter! (Nope, I don't have distant assistance nor netmeeting activated, and yes, it was the latest version).

    But Windows FW has no outbound filtering, and that should be a concern for anyone.

    So I followed an idea I first heard about from JacK (www.optimix.be.tf), i.e. activate Windows FWall AND couple it with SSM. Now I have the stability AND a perfect outbound filtering. For instance, that's the only way I ever got to pass all leaktests while using a stable and smooth system.

    Always wondered why so few people followed JacK's advice. I guess they like to pest against firewalls or programmers for not succeeding against leaktests ;), or they like to run and test every possible firewall they can find on the market (nothing wrong with that, I have to admit I did for months and enjoyed it quite a lot... But now I want simplicity and absolute efficiency, which is achieved by the above mentioned combination only).

    Have a good day all.... Cheers
     
  6. nunya

    nunya Guest

    Re: Why CHX-I and Windows Firewall are the same (if not better) than outbound firewal

    Your post is flawed but I'm not going to get into it. Live and learn
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    SSM is great for controlling what applications your system can run but it does not provide any control over their network access - if you have an application with "phone home" behaviour that you wish to block or one that you must run but only partially trust (and therefore wish to limit it to connecting to specific sites only) then an application-filtering firewall is the only option.

    As for leaktests, Firewallleaktester is a far more up-to-date site - and while no firewall can block all leaktests, having one that can block most is still a significant security benefit (just as running an anti-virus scanner with a 98-99% detection rate is).
     
Loading...
Thread Status:
Not open for further replies.