Ultima Weapon
24.11.2007, 03:00
Comodo Leak Test http://www.personalfirewall.comodo.com/images/cpf_logo.gifhttp://img517.imageshack.us/img517/3656/comodologoyu2.gif http://img413.imageshack.us/img413/3279/comodohackerproofmn8.gif
Comodo
Online Firewall Leak Test (http://www.personalfirewall.comodo.com/onlinetest.html?currency=USD®ion=Asia%20%26%20)
INSTRUCTIONS FOR ALL TESTS:
TURN OFF & DISABLE YOUR ANTIVIRUS & ANTISPYWARE FOR ACCURATE TESTING OF FIREWALL
Try also with different Modes - 'Default' up to 'Paranoid or Maximum Settings'
What is Firewall Leak Testing?
Everyday, Internet users are being exposed to a lot of ubiquitous malware programs without their knowledge. Firewalls form the first line of the defense to answer to these threats. Network filtering and outbound application connection filtering are the two essential components that a robust and secure personal firewall must have, that most of the personal firewalls currently in the market claim to provide in some form. Unfortunately, malware programs are evolving rapidly. Many of such programs employ very advanced techniques to conceal their malicious activities so that they easily bypass the standard protection mechanism provided by the most personal firewalls. These techniques are commonly known as "leaks".
Comodo Firewall Pro has been tested against the full range of available leak testing software and has a 100% detection rate. Read the results for yourself by downloading 'Comodo Firewall Pro vs Leak Tests (pdf)'
Explanation of the different of "Leak" techniques or vulnerabilities fraudsters can use to compromise you PC.
There are many techniques that leak tests employ to break personal firewalls' standard protection mechanisms. The following list explains the different types of threats used by leak testing software.
Substitution
This technique tries to present itself as a trusted application by renaming itself to a commonly known, safe application such as iexplore.exe. As a result, firewalls that do not verify application signatures fail to detect such attempts.
Related Trojans
W32.Welchia.Worm, The Beast
Related Leak Tests
LeakTest 1.2
Launching (Parent Substitution)
With this technique, a program launches a trusted program by modifying its startup parameters such as command line parameters, to access the Internet. This type of penetration bypasses the firewalls that do not apply parent process checking before granting the internet access.
Related Trojans
W32.Vivael@MM
Related Leak Tests
Tooleaky, FireHole, WallBreaker, Ghost, Surfer,Jumper
DLL Injection
Being one of the most commonly used techniques by Trojans, this method tries to load a DLL file into the process space of a trusted application. When a DLL is loaded into a trusted process, it acts as the part of that process and consequently gains the same access rights from the firewall as the trusted process itself. Firewalls that do not have an application component monitoring feature fail to detect such attacks.
Related Trojans
The Beast, Proxy-Thunker, W32/Bobax.worm.a
Related Leak Tests
PCAudit, FireHole, PCAudit v2
Process Injection
This technique is the most advanced and difficult to detect penetration case that the most of the personal firewalls still fail to detect although it is used by Trojans in the wild. The attacker program injects its code into process space of a trusted application and becomes a part of it. No DLL or similar component is loaded that almost every personal firewall fails to detect this completely.
Related Trojans
Flux trojan
Related Leak Tests
Thermite, CopyCat
Default Rules
When a personal firewall is installed, by default, it tries to allow some vital specific traffic such as DHCP, DNS, netbios etc. not to interrupt the useful network activity. Doing so blindly may cause malicious programs to exploit these rules to access the Internet.
Related Trojans
Unknown
Related Leak Tests
Yalta
Race Conditions
While filtering the Internet access requests per application, personal firewalls need the process identifier (pid) of a process to perform its internal calculations. Attacker programs may try to exploit this fact by changing their process identifiers before personal firewalls detect them. A robust personal firewall should detect such attempts and behave accordingly.
Related Trojans
Unknown
Related Leak Tests
Ghost
Own Protocol Driver
All network traffic in Windows operating systems are generated by TCP/IP protocol driver and its services. But some Trojans can make use of their own protocol drivers to bypass the packet filtering mechanism provided by personal firewalls.
Related Trojans
Unknown
Related Leak Tests
Outbound, Yalta (test avancй), MBtest
Recursive Requests
Some system services provide interfaces to applications for common networking operations such as DNS, Netbios etc. Since using these interfaces is a legitimate behavior, a Trojan can exploit such opportunities to connect to the Internet.
Related Trojans
Unknown
Related Leak Tests
DNSTester
Windows Messages
Windows operating system provides inter process communication mechanism through window handles. By specially creating a window message, a Trojan can manipulate an application's behavior to connect to the Internet.
Related Trojans
Unknown
Related Leak Tests
Breakout1
It is very important to test any personal firewall with its "out of the box" settings. A personal firewall may claim to provide the protection against leaking attempts while it fails to catch some of them with its default settings. Due to the fact that very few of the personal firewall users are able to know the correct configuration settings suitable for their system; and/or the required configuration settings are too noisy i.e. generating too many needlessly alarming alerts, users actually do not / can not have enough protection. Comodo Firewall Pro comes already preconfigured to enable this high level of protection without having to do anything, (of course, manual configuration is an option).
MATOUSEC COMMAND LINE LEAK TESTS
http://www.matousec.com/blue-grey/1_logo.png
Various commandline test tools from Matousec to test dll injection etc
MATOUSEC (http://www.matousec.com/downloads/windows-personal-firewall-analysis/)
http://www.syssafety.com/images/logo_site.gif
Host-based Intrusion Prevention Software (HIPS) Leaktests
a)Simple process termination leaktest. =Simple process termination leaktest. More than 16 methods to terminate a process.
b)Simple keylogger leaktest.
HOMEPAGE (http://www.syssafety.com/leaktests.html)
http://www.firewallleaktester.com/images_site/banner.jpg
FIREWALL LEAK TESTER
What is 'Firewall Leak Tester' ?
This website, on one hand, enables you to test your software personal firewall thanks to different test programs ('leaktests'), and on the other hand, shows a global vulnerabilities view of the most common personal firewalls in a summary page.
Firewall Leak Tester provides also documentation and advices to improve your security dramatically.
What Firewall Leak Tester is testing ?
Nowadays, threats from the Internet are growing, both from the inside and the outside.
To answer to a security need from Internet users (us), security software firms have created "personal firewalls", softwares acting like real hardware firewalls, but on user's computers.
These personal firewalls have network level filtering, that we will name "network filtering", and an outbound application filtering that we will name "software filtering".
Due to the fact that most of these personal firewalls offer reasonable protection against inbound attacks coming from the Internet, we will only study here their software filtering, outbound filtering that can be stressed by Trojans which try to initiate themselves by connecting to the outside to transmit data out.
To test this software filtering feature, many leaktests (""leak"" test) exist, they are programs created by different authors, each trying to bypass the personal firewalls with his own trick.
What is the purpose of Firewall Leak Tester ?
The purpose of this website is to inform users, to explain, and then to help improving your security.
1 - In a first part, if you are interested by the results themselves, you can check the scoreboard, use yourself the leaktests available on the left menu, and read the explanations available on the document page.
2 - In a second part, you can improve your security by reading the advices page and also the software page, to protect you againt every leaktest. Do not miss the reward page showing excellent sandbox softwares.
3 - Finally, you can check my personal software area on the left menu 'TOOLS', providing softwares I am doing on my spare time to improve Windows security.
http://www.firewallleaktester.com/
http://www.grc.com/image/su-pageheader.gif
SHIELDUP TEST
ShieldsUP!
The Internet's quickest, most popular, reliable and trusted, free Internet security checkup and information service. And now in its Port Authority Edition, it's also the most powerful and complete. Check your system here, and begin learning about using the Internet safely.
http://www.grc.com/default.htm
PC Security Hacker & More Testhttp://img413.imageshack.us/img413/7035/pcsecuritytestyf0.jpg
http://img46.imageshack.us/img46/511/pcsecurityshotbq6.jpg
PC Security Test is a free program for Windows that checks computer security against viruses, spyware and hackers. With a few mouse clicks, users can easily control the efficiency of their protection software (anti-virus programs, spyware scanners and firewalls).
PC Security Test simulates virus, spyware and hacking attacks and monitors the responses of your protection software. Don't worry, no real viruses are involved ! After the tests are complete, PC Securtiy computes a security index and provides tips on improving PC security.
Download & Install
PC Security Hacker & More Test (http://www.pc-st.com/us/download.htm)
http://www.hackerwatch.org/media/images/header/logo.gifhttp://www.hackerwatch.org/media/images/header/hackerwatch.gif
If you would like to simply generate some event traffic on your computer to test the event notification dialog and see some events in the log choose the simple probe.
If you would like the server to check a list of common ports on your computer to determine if it is able to obtain a connection to them use the port scan.
Simple Probe
Port Scan
Additional Scans
A number of other sites offer probing and scanning of your system.
Please note that these sites are not affiliated with Hackerwatch.org
Scan page at DSL Reports
Advanced Port Scanner at PCFlank.com
http://www.hackerwatch.org/probe/?affid=0-77
http://www.geocities.com/zeroday_software/zdsoft_logo.jpg
http://www.geocities.com/zeroday_software/2maincolorarea.jpg
System Shutdown Simulator
This leaktest highlights a new vulnerability that exists when a user shuts down their computer and a program cancels the shutdown. For example, when installing new software, the installation program often asks the user to restart their computer to complete the installation. When the user allows the computer to be restarted, the installation program could potentially compromise the user's computer completely undetected by security software as these have already shutdown.
This security tool / leaktest is called System Shutdown Simulator (self-explanatory). It is available for download here:
Download
System Shutdown Simulator(HomePage) (http://www.geocities.com/zeroday_software/)
Comodo
Online Firewall Leak Test (http://www.personalfirewall.comodo.com/onlinetest.html?currency=USD®ion=Asia%20%26%20)
INSTRUCTIONS FOR ALL TESTS:
TURN OFF & DISABLE YOUR ANTIVIRUS & ANTISPYWARE FOR ACCURATE TESTING OF FIREWALL
Try also with different Modes - 'Default' up to 'Paranoid or Maximum Settings'
What is Firewall Leak Testing?
Everyday, Internet users are being exposed to a lot of ubiquitous malware programs without their knowledge. Firewalls form the first line of the defense to answer to these threats. Network filtering and outbound application connection filtering are the two essential components that a robust and secure personal firewall must have, that most of the personal firewalls currently in the market claim to provide in some form. Unfortunately, malware programs are evolving rapidly. Many of such programs employ very advanced techniques to conceal their malicious activities so that they easily bypass the standard protection mechanism provided by the most personal firewalls. These techniques are commonly known as "leaks".
Comodo Firewall Pro has been tested against the full range of available leak testing software and has a 100% detection rate. Read the results for yourself by downloading 'Comodo Firewall Pro vs Leak Tests (pdf)'
Explanation of the different of "Leak" techniques or vulnerabilities fraudsters can use to compromise you PC.
There are many techniques that leak tests employ to break personal firewalls' standard protection mechanisms. The following list explains the different types of threats used by leak testing software.
Substitution
This technique tries to present itself as a trusted application by renaming itself to a commonly known, safe application such as iexplore.exe. As a result, firewalls that do not verify application signatures fail to detect such attempts.
Related Trojans
W32.Welchia.Worm, The Beast
Related Leak Tests
LeakTest 1.2
Launching (Parent Substitution)
With this technique, a program launches a trusted program by modifying its startup parameters such as command line parameters, to access the Internet. This type of penetration bypasses the firewalls that do not apply parent process checking before granting the internet access.
Related Trojans
W32.Vivael@MM
Related Leak Tests
Tooleaky, FireHole, WallBreaker, Ghost, Surfer,Jumper
DLL Injection
Being one of the most commonly used techniques by Trojans, this method tries to load a DLL file into the process space of a trusted application. When a DLL is loaded into a trusted process, it acts as the part of that process and consequently gains the same access rights from the firewall as the trusted process itself. Firewalls that do not have an application component monitoring feature fail to detect such attacks.
Related Trojans
The Beast, Proxy-Thunker, W32/Bobax.worm.a
Related Leak Tests
PCAudit, FireHole, PCAudit v2
Process Injection
This technique is the most advanced and difficult to detect penetration case that the most of the personal firewalls still fail to detect although it is used by Trojans in the wild. The attacker program injects its code into process space of a trusted application and becomes a part of it. No DLL or similar component is loaded that almost every personal firewall fails to detect this completely.
Related Trojans
Flux trojan
Related Leak Tests
Thermite, CopyCat
Default Rules
When a personal firewall is installed, by default, it tries to allow some vital specific traffic such as DHCP, DNS, netbios etc. not to interrupt the useful network activity. Doing so blindly may cause malicious programs to exploit these rules to access the Internet.
Related Trojans
Unknown
Related Leak Tests
Yalta
Race Conditions
While filtering the Internet access requests per application, personal firewalls need the process identifier (pid) of a process to perform its internal calculations. Attacker programs may try to exploit this fact by changing their process identifiers before personal firewalls detect them. A robust personal firewall should detect such attempts and behave accordingly.
Related Trojans
Unknown
Related Leak Tests
Ghost
Own Protocol Driver
All network traffic in Windows operating systems are generated by TCP/IP protocol driver and its services. But some Trojans can make use of their own protocol drivers to bypass the packet filtering mechanism provided by personal firewalls.
Related Trojans
Unknown
Related Leak Tests
Outbound, Yalta (test avancй), MBtest
Recursive Requests
Some system services provide interfaces to applications for common networking operations such as DNS, Netbios etc. Since using these interfaces is a legitimate behavior, a Trojan can exploit such opportunities to connect to the Internet.
Related Trojans
Unknown
Related Leak Tests
DNSTester
Windows Messages
Windows operating system provides inter process communication mechanism through window handles. By specially creating a window message, a Trojan can manipulate an application's behavior to connect to the Internet.
Related Trojans
Unknown
Related Leak Tests
Breakout1
It is very important to test any personal firewall with its "out of the box" settings. A personal firewall may claim to provide the protection against leaking attempts while it fails to catch some of them with its default settings. Due to the fact that very few of the personal firewall users are able to know the correct configuration settings suitable for their system; and/or the required configuration settings are too noisy i.e. generating too many needlessly alarming alerts, users actually do not / can not have enough protection. Comodo Firewall Pro comes already preconfigured to enable this high level of protection without having to do anything, (of course, manual configuration is an option).
MATOUSEC COMMAND LINE LEAK TESTS
http://www.matousec.com/blue-grey/1_logo.png
Various commandline test tools from Matousec to test dll injection etc
MATOUSEC (http://www.matousec.com/downloads/windows-personal-firewall-analysis/)
http://www.syssafety.com/images/logo_site.gif
Host-based Intrusion Prevention Software (HIPS) Leaktests
a)Simple process termination leaktest. =Simple process termination leaktest. More than 16 methods to terminate a process.
b)Simple keylogger leaktest.
HOMEPAGE (http://www.syssafety.com/leaktests.html)
http://www.firewallleaktester.com/images_site/banner.jpg
FIREWALL LEAK TESTER
What is 'Firewall Leak Tester' ?
This website, on one hand, enables you to test your software personal firewall thanks to different test programs ('leaktests'), and on the other hand, shows a global vulnerabilities view of the most common personal firewalls in a summary page.
Firewall Leak Tester provides also documentation and advices to improve your security dramatically.
What Firewall Leak Tester is testing ?
Nowadays, threats from the Internet are growing, both from the inside and the outside.
To answer to a security need from Internet users (us), security software firms have created "personal firewalls", softwares acting like real hardware firewalls, but on user's computers.
These personal firewalls have network level filtering, that we will name "network filtering", and an outbound application filtering that we will name "software filtering".
Due to the fact that most of these personal firewalls offer reasonable protection against inbound attacks coming from the Internet, we will only study here their software filtering, outbound filtering that can be stressed by Trojans which try to initiate themselves by connecting to the outside to transmit data out.
To test this software filtering feature, many leaktests (""leak"" test) exist, they are programs created by different authors, each trying to bypass the personal firewalls with his own trick.
What is the purpose of Firewall Leak Tester ?
The purpose of this website is to inform users, to explain, and then to help improving your security.
1 - In a first part, if you are interested by the results themselves, you can check the scoreboard, use yourself the leaktests available on the left menu, and read the explanations available on the document page.
2 - In a second part, you can improve your security by reading the advices page and also the software page, to protect you againt every leaktest. Do not miss the reward page showing excellent sandbox softwares.
3 - Finally, you can check my personal software area on the left menu 'TOOLS', providing softwares I am doing on my spare time to improve Windows security.
http://www.firewallleaktester.com/
http://www.grc.com/image/su-pageheader.gif
SHIELDUP TEST
ShieldsUP!
The Internet's quickest, most popular, reliable and trusted, free Internet security checkup and information service. And now in its Port Authority Edition, it's also the most powerful and complete. Check your system here, and begin learning about using the Internet safely.
http://www.grc.com/default.htm
PC Security Hacker & More Testhttp://img413.imageshack.us/img413/7035/pcsecuritytestyf0.jpg
http://img46.imageshack.us/img46/511/pcsecurityshotbq6.jpg
PC Security Test is a free program for Windows that checks computer security against viruses, spyware and hackers. With a few mouse clicks, users can easily control the efficiency of their protection software (anti-virus programs, spyware scanners and firewalls).
PC Security Test simulates virus, spyware and hacking attacks and monitors the responses of your protection software. Don't worry, no real viruses are involved ! After the tests are complete, PC Securtiy computes a security index and provides tips on improving PC security.
Download & Install
PC Security Hacker & More Test (http://www.pc-st.com/us/download.htm)
http://www.hackerwatch.org/media/images/header/logo.gifhttp://www.hackerwatch.org/media/images/header/hackerwatch.gif
If you would like to simply generate some event traffic on your computer to test the event notification dialog and see some events in the log choose the simple probe.
If you would like the server to check a list of common ports on your computer to determine if it is able to obtain a connection to them use the port scan.
Simple Probe
Port Scan
Additional Scans
A number of other sites offer probing and scanning of your system.
Please note that these sites are not affiliated with Hackerwatch.org
Scan page at DSL Reports
Advanced Port Scanner at PCFlank.com
http://www.hackerwatch.org/probe/?affid=0-77
http://www.geocities.com/zeroday_software/zdsoft_logo.jpg
http://www.geocities.com/zeroday_software/2maincolorarea.jpg
System Shutdown Simulator
This leaktest highlights a new vulnerability that exists when a user shuts down their computer and a program cancels the shutdown. For example, when installing new software, the installation program often asks the user to restart their computer to complete the installation. When the user allows the computer to be restarted, the installation program could potentially compromise the user's computer completely undetected by security software as these have already shutdown.
This security tool / leaktest is called System Shutdown Simulator (self-explanatory). It is available for download here:
Download
System Shutdown Simulator(HomePage) (http://www.geocities.com/zeroday_software/)