Why does ESS fail leak test with all modules activated?

I understand why ESS performed so poorly on the Matousec.com tests with only the firewall module activated. However, I ran the Leak Test at:

http://www.pcflank.com/pcflankleaktest.htm

ESS did not even make one authorization prompt after a fresh installation in interactive mode. Some random exe can open, launch internet explorer and leak text to a website but I have to authorize firefox. :|

Is this just some completely artificial proof of concept or is this something that should be addressed?

I don't want to come off negative, because over all I am very satisfied with the performance and integration of the suite. But this test result is disconcerting.

*Edit: I am using version 4.0.424 and replicated this on two computers running Vista x64

 

What a load of crap.

Like an inexperienced user is going to know how to send something resembling malicious code.

Whoopee, they now my IP Address. So I can send a line of text over the internet to somebody's so-called test server...big deal. Doesn't prove a damn thing.

My impression is that they're all meant to invoke and spread a lot of fear for the inexperienced users, possibly trick them into buying something they really don't need. If you ask me they're nothing more than hoaxes and gimmicks. They've been around since the dawn of the Internet.

 

I just checked out this supposed leak test. All it does is send a packet over port 80 to pcflank, just like any browser does when it connects to a website or port 443 for https. The amusing part is that even when you block the communication to pcflank, it still notifies you that you failed the leak test. Checking their site showed no text message that I sent.

Basically it's just as Darren said - a scam and a pathetic one at that

 

I agree that site may be shady and possibly even a scam. However, I still believe that Eset should not allow any traffic to leave my computer without authorization whether its port 80 or not. Especially from some shady executable that may be a "scam".

 

Hi Enron

Without going into great detail, I'll explain what this leak test does. Basically it injects code into IE's address space and 'forces' IE to execute the code. Seeing as you most likely have permission set for IE to access any site over port 80, you'll therefore receive no alert.

If you're concerned about this, you could look at complimenting ESS with a host intrusion prevention system (HIPS) or running your browsers, any suspicious executables and opening any strange attachments etc in a sandbox.... or both.

regards
stackz

 

This leak test does'nt look very kosher to me as well.
Instead I would suggest, use Steve Gibson's LeakTest 2.1. which is much more accurate and reliable, I've used it for years myself to test various firewalls and it will be unable to connect to the grc server when blocked by ESS 424, with the firewall set on the interactive mode.
Free download from: http://www.grc.com/lt/leaktest.htm