6 replies to this topic

[CeeCee]

Just tried this firewall leaktest and my Sygate 5.6 failed it. PCFlank states, that so far only Outpost Firewall Pro and Tiny Personal Firewall 2005 has passed the test. Can someone who got one of those firewalls confirm this?

http://www.pcflank.c...ankleaktest.htm

PCFlank's Leaktest is a small utility that tests any firewall's ability to protect against unauthorized or illegal transmissions of data from a user's computer that is connected to the Internet.

[Humpty]

Downloaded and run from within a sandboxed session with Sandboxie configured to stop all outbounds other than the default browser.

No text sample was received by PCFlank so I consider it a pass.

[Tarq57]

Sorry, can't speak for the two firewalls you mentioned, but I can report that Comodo 3 with default settings failed, apart from a defense+ alert, which is really a test of the HIPS. (Which passed.) The firewall itself should have blocked a non-whitelisted application, AFAIK.
Reinstalled version 2, it passed. Will continue with V2 at least until hearing a satisfactory explanation of this.
Thanks for the test.

[smilingralph]

CeeCee, on Nov 29 2007, 05:29 PM, said:

Just tried this firewall leaktest and my Sygate 5.6 failed it. PCFlank states, that so far only Outpost Firewall Pro and Tiny Personal Firewall 2005 has passed the test.

Online Armor Free does too.

[LUSHER]

Tarq57, on Nov 30 2007, 01:16 AM, said:

Sorry, can't speak for the two firewalls you mentioned, but I can report that Comodo 3 with default settings failed, apart from a defense+ alert, which is really a test of the HIPS. (Which passed.) The firewall itself should have blocked a non-whitelisted application, AFAIK.
Reinstalled version 2, it passed. Will continue with V2 at least until hearing a satisfactory explanation of this.
Thanks for the test.

Let me explain something to you.

The only way to pass most leak tests is to employ HIPS like functions. This mean watches various system functions, monitoring inter-process communications, protecting process memory space, handling OLE etc. All major firewalls that aim to beat leak tests have already being using these (HIPS) techniques for ages.

The jump from comodo firewall 2 to 3 isn't one from 0 hips to 100% hips as you seem to think, but rather a formal recognition of what already exists (plus even more system monitoring). So in the past when they did the same stuff, except they didn't call it defense+

Another difference between full blown HIPS and hips like functions employed by firewalls (that do not claim hips), is that the later only monitors a smaller subset of processes that directly does network communication while the former does all processes. But the same basic thing is monitored.

If a firewall stuck only to basic firewall functions it would pretty much fail all leak tests , since it would be filtering only network connections and would be blind to higher level transactions.

BTW pcflank test is considered a fairly primative test these days.

http://www.matousec.com/projects/windows-p...sts-results.php

shows that a fairly large number of firewalls block it.

[CeeCee]

LUSHER, on Dec 4 2007, 02:48 PM, said:

The only way to pass most leak tests is to employ HIPS like functions.

Is HIPS protection necessary?

[LUSHER]

CeeCee, on Dec 4 2007, 03:46 PM, said:

Is HIPS protection necessary?

To pass leak tests/ outbound filtering definitely.

The leak tests already runs on your system, if it is running completely unrestricted it has dozens of way to beat your firewall. HIPS is just a complicated way of restricting what it can do to tunnel out./..