Показано с 1 по 12 из 12.

Matousec's Firewall leak Tests of Individual Firewalls & Internet Suites

  1. #1
    Full Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Ultima Weapon
    Регистрация
    17.11.2007
    Адрес
    Philippines
    Сообщений
    153
    Вес репутации
    47

    Different Firewall Tests (How secure is your firewall?)

    Comodo Leak Test
    Comodo
    Online Firewall Leak Test



    INSTRUCTIONS FOR ALL TESTS:
    TURN OFF & DISABLE YOUR ANTIVIRUS & ANTISPYWARE FOR ACCURATE TESTING OF FIREWALL

    Try also with different Modes - 'Default' up to 'Paranoid or Maximum Settings'






    What is Firewall Leak Testing?

    Everyday, Internet users are being exposed to a lot of ubiquitous malware programs without their knowledge. Firewalls form the first line of the defense to answer to these threats. Network filtering and outbound application connection filtering are the two essential components that a robust and secure personal firewall must have, that most of the personal firewalls currently in the market claim to provide in some form. Unfortunately, malware programs are evolving rapidly. Many of such programs employ very advanced techniques to conceal their malicious activities so that they easily bypass the standard protection mechanism provided by the most personal firewalls. These techniques are commonly known as "leaks".

    Comodo Firewall Pro has been tested against the full range of available leak testing software and has a 100% detection rate. Read the results for yourself by downloading 'Comodo Firewall Pro vs Leak Tests (pdf)'
    Explanation of the different of "Leak" techniques or vulnerabilities fraudsters can use to compromise you PC.

    There are many techniques that leak tests employ to break personal firewalls' standard protection mechanisms. The following list explains the different types of threats used by leak testing software.
    Substitution

    This technique tries to present itself as a trusted application by renaming itself to a commonly known, safe application such as iexplore.exe. As a result, firewalls that do not verify application signatures fail to detect such attempts.
    Related Trojans

    W32.Welchia.Worm, The Beast
    Related Leak Tests

    LeakTest 1.2
    Launching (Parent Substitution)

    With this technique, a program launches a trusted program by modifying its startup parameters such as command line parameters, to access the Internet. This type of penetration bypasses the firewalls that do not apply parent process checking before granting the internet access.
    Related Trojans

    W32.Vivael@MM
    Related Leak Tests

    Tooleaky, FireHole, WallBreaker, Ghost, Surfer,Jumper
    DLL Injection

    Being one of the most commonly used techniques by Trojans, this method tries to load a DLL file into the process space of a trusted application. When a DLL is loaded into a trusted process, it acts as the part of that process and consequently gains the same access rights from the firewall as the trusted process itself. Firewalls that do not have an application component monitoring feature fail to detect such attacks.
    Related Trojans

    The Beast, Proxy-Thunker, W32/Bobax.worm.a
    Related Leak Tests

    PCAudit, FireHole, PCAudit v2
    Process Injection

    This technique is the most advanced and difficult to detect penetration case that the most of the personal firewalls still fail to detect although it is used by Trojans in the wild. The attacker program injects its code into process space of a trusted application and becomes a part of it. No DLL or similar component is loaded that almost every personal firewall fails to detect this completely.

    Related Trojans

    Flux trojan
    Related Leak Tests

    Thermite, CopyCat
    Default Rules

    When a personal firewall is installed, by default, it tries to allow some vital specific traffic such as DHCP, DNS, netbios etc. not to interrupt the useful network activity. Doing so blindly may cause malicious programs to exploit these rules to access the Internet.
    Related Trojans

    Unknown
    Related Leak Tests

    Yalta
    Race Conditions

    While filtering the Internet access requests per application, personal firewalls need the process identifier (pid) of a process to perform its internal calculations. Attacker programs may try to exploit this fact by changing their process identifiers before personal firewalls detect them. A robust personal firewall should detect such attempts and behave accordingly.
    Related Trojans

    Unknown
    Related Leak Tests

    Ghost
    Own Protocol Driver

    All network traffic in Windows operating systems are generated by TCP/IP protocol driver and its services. But some Trojans can make use of their own protocol drivers to bypass the packet filtering mechanism provided by personal firewalls.
    Related Trojans

    Unknown
    Related Leak Tests

    Outbound, Yalta (test avancй), MBtest
    Recursive Requests

    Some system services provide interfaces to applications for common networking operations such as DNS, Netbios etc. Since using these interfaces is a legitimate behavior, a Trojan can exploit such opportunities to connect to the Internet.
    Related Trojans

    Unknown
    Related Leak Tests

    DNSTester
    Windows Messages

    Windows operating system provides inter process communication mechanism through window handles. By specially creating a window message, a Trojan can manipulate an application's behavior to connect to the Internet.
    Related Trojans

    Unknown
    Related Leak Tests

    Breakout1

    It is very important to test any personal firewall with its "out of the box" settings. A personal firewall may claim to provide the protection against leaking attempts while it fails to catch some of them with its default settings. Due to the fact that very few of the personal firewall users are able to know the correct configuration settings suitable for their system; and/or the required configuration settings are too noisy i.e. generating too many needlessly alarming alerts, users actually do not / can not have enough protection. Comodo Firewall Pro comes already preconfigured to enable this high level of protection without having to do anything, (of course, manual configuration is an option).


    MATOUSEC COMMAND LINE LEAK TESTS


    Various commandline test tools from Matousec to test dll injection etc

    MATOUSEC


    Host-based Intrusion Prevention Software (HIPS) Leaktests

    a)Simple process termination leaktest. =Simple process termination leaktest. More than 16 methods to terminate a process.

    b)Simple keylogger leaktest.

    HOMEPAGE


    FIREWALL LEAK TESTER

    What is 'Firewall Leak Tester' ?

    This website, on one hand, enables you to test your software personal firewall thanks to different test programs ('leaktests'), and on the other hand, shows a global vulnerabilities view of the most common personal firewalls in a summary page.
    Firewall Leak Tester provides also documentation and advices to improve your security dramatically.


    What Firewall Leak Tester is testing ?

    Nowadays, threats from the Internet are growing, both from the inside and the outside.
    To answer to a security need from Internet users (us), security software firms have created "personal firewalls", softwares acting like real hardware firewalls, but on user's computers.
    These personal firewalls have network level filtering, that we will name "network filtering", and an outbound application filtering that we will name "software filtering".

    Due to the fact that most of these personal firewalls offer reasonable protection against inbound attacks coming from the Internet, we will only study here their software filtering, outbound filtering that can be stressed by Trojans which try to initiate themselves by connecting to the outside to transmit data out.

    To test this software filtering feature, many leaktests (""leak"" test) exist, they are programs created by different authors, each trying to bypass the personal firewalls with his own trick.


    What is the purpose of Firewall Leak Tester ?

    The purpose of this website is to inform users, to explain, and then to help improving your security.

    1 - In a first part, if you are interested by the results themselves, you can check the scoreboard, use yourself the leaktests available on the left menu, and read the explanations available on the document page.

    2 - In a second part, you can improve your security by reading the advices page and also the software page, to protect you againt every leaktest. Do not miss the reward page showing excellent sandbox softwares.

    3 - Finally, you can check my personal software area on the left menu 'TOOLS', providing softwares I am doing on my spare time to improve Windows security.


    http://www.firewallleaktester.com/


    SHIELDUP TEST

    ShieldsUP!
    The Internet's quickest, most popular, reliable and trusted, free Internet security checkup and information service. And now in its Port Authority Edition, it's also the most powerful and complete. Check your system here, and begin learning about using the Internet safely.


    http://www.grc.com/default.htm

    PC Security Hacker & More Test



    PC Security Test is a free program for Windows that checks computer security against viruses, spyware and hackers. With a few mouse clicks, users can easily control the efficiency of their protection software (anti-virus programs, spyware scanners and firewalls).
    PC Security Test simulates virus, spyware and hacking attacks and monitors the responses of your protection software. Don't worry, no real viruses are involved ! After the tests are complete, PC Securtiy computes a security index and provides tips on improving PC security.
    Download & Install
    PC Security Hacker & More Test



    If you would like to simply generate some event traffic on your computer to test the event notification dialog and see some events in the log choose the simple probe.

    If you would like the server to check a list of common ports on your computer to determine if it is able to obtain a connection to them use the port scan.
    Simple Probe
    Port Scan

    Additional Scans
    A number of other sites offer probing and scanning of your system.
    Please note that these sites are not affiliated with Hackerwatch.org
    Scan page at DSL Reports
    Advanced Port Scanner at PCFlank.com

    http://www.hackerwatch.org/probe/?affid=0-77






    System Shutdown Simulator




    This leaktest highlights a new vulnerability that exists when a user shuts down their computer and a program cancels the shutdown. For example, when installing new software, the installation program often asks the user to restart their computer to complete the installation. When the user allows the computer to be restarted, the installation program could potentially compromise the user's computer completely undetected by security software as these have already shutdown.

    This security tool / leaktest is called System Shutdown Simulator (self-explanatory). It is available for download here:
    Download
    System Shutdown Simulator(HomePage)
    Последний раз редактировалось Ultima Weapon; 06.12.2007 в 09:40.
    Realtime: Kaspersky Internet Security & A-squared Anti-Mallware (default windows)On Demand Scanner: Avira Premium & Nod32 ,Panda& AVG antispyware & Bitdefender 2008(another windows) Firewall: Online Armor System Recovery: Returnil

  2. #2
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    PC Security Test
    Comodo does NOT pass this test, even at 'Paranoid Mode'. Its registry protection doesn't seem to monitor the following:
    Код:
    HKLM\Software\Microsoft\Internet Explorer\Extensions
    the test adds this:
    Код:
    {12345678-1234-1234-1234-1234567890AB}
    which is not flagged by Comodo. It is an empty key, but anyway...
    Код:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    it adds virus1.exe, which is not flagged by Comodo. I was disappointed with this.

    I you add those keys MANUALLY to 'Defense' - 'My Protected Registry Keys', Comodo passes 100% for all three sections of the test. I'm just wondering how many other surprises this product has to offer...

    Paul

  3. #3
    Full Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Ultima Weapon
    Регистрация
    17.11.2007
    Адрес
    Philippines
    Сообщений
    153
    Вес репутации
    47
    Thank you very much for the expert advice. Il do it by the way.
    Realtime: Kaspersky Internet Security & A-squared Anti-Mallware (default windows)On Demand Scanner: Avira Premium & Nod32 ,Panda& AVG antispyware & Bitdefender 2008(another windows) Firewall: Online Armor System Recovery: Returnil

  4. #4
    External Specialist Репутация Репутация Репутация Репутация Аватар для Sjoeii
    Регистрация
    27.11.2007
    Сообщений
    149
    Вес репутации
    42
    Paul,

    You are not very font of Comodo I read?
    Just a security fanatic

  5. #5
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    Цитата Сообщение от Sjoeii Посмотреть сообщение
    Paul,

    You are not very font of Comodo I read?
    This applies to version 3 only, which is not ready yet.

    Paul

  6. #6
    External Specialist Репутация Репутация Репутация Репутация Аватар для Sjoeii
    Регистрация
    27.11.2007
    Сообщений
    149
    Вес репутации
    42
    aha thanx
    version 2 is safer?
    Just a security fanatic

  7. #7
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    Цитата Сообщение от Sjoeii Посмотреть сообщение
    aha thanx
    version 2 is safer?
    Yes. It works as advertised, which is ALWAYS safer.

    Paul

  8. #8
    External Specialist Репутация Репутация Репутация Репутация Аватар для Sjoeii
    Регистрация
    27.11.2007
    Сообщений
    149
    Вес репутации
    42
    haha
    Thanx. Curious to see what how v3 can improve than
    Just a security fanatic

  9. #9
    Full Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Ultima Weapon
    Регистрация
    17.11.2007
    Адрес
    Philippines
    Сообщений
    153
    Вес репутации
    47

    Matousec's Firewall leak Tests of Individual Firewalls & Internet Suites

    Matousec's Firewall leak Tests of Individual Firewalls & Internet Suites
    Matousec Transparent Security
    http://www.matousec.com/projects/win...ewalls-ratings
    From the website:
    What are leak tests? How does Firewalls perform against them?


    Firewalls provides protection against both incoming and outgoing attacks. 'Outgoing' attacks occur when a virus, trojan or spyware attempts to make a connection to an outside server without the user's knowledge. To combat such threats, many personal firewalls employ a technique loosely called 'Outbound Application Filtering' which attempts to detect whenever any application or process tries to make an illegal outgoing connection. 'Leak Tests' are small programs explicitly designed to test the strength a personal firewall's 'Outbound Application Filtering'. Each test will attempt to bypass the firewall and make a connection to an outside server.

    About Matousec
    matousec.com was founded by David Matoušek in March 2006 by a small group of young people, mostly university students, who are interested in the Internet, security and other computer related topics. We focus on specific projects rather than offering general services. Our team consists of skilled people with a professional approach. Our experts excel in reverse engineering and low level and security programming for Microsoft Windows systems thus they are also great software testers.
    Our main goal is to improve end-user security with our own security related projects and research. We want to participate in the global security research, to support bigger companies in their activities, to criticize security products and also to offer our own solutions and products. We want to establish the respected and reliable company with a positive influence on the global computer security. We also want to help young perspective people to make themselves visible in the endless world of the Internet.
    Activities and offered services of people behind matousec.com include: computer related security consulting and research, testing and analysis of security products, analysis of computer viruses, worms, spyware and other malware, analysis of Internet and computer threats and vulnerabilities in security software, programming of security products especially analytical and penetration testing tools, web programming and design.
    Our very first and flagship project is called Windows Personal Firewalls analysis. We hope this project will raise the quality of these security products that are used still by more and more users.
    The name of our group matousec.com is a combination of a last name of David Matoušek and the English word security.
    The picture in our logo is Japanese Kanji sign and it can be translated as look after, protect, defend, keep or preservation. Together with the sign for proof it means security. The pronunciation of matousec.com can be complicated for native English speakers. We pronounce the first syllable matousec.com as in math, the second syllable matousec.com as toe and the third comes together with the pronunciation from security. The top level domain extension matousec.com is read simply dot com as usual.
    Последний раз редактировалось Ultima Weapon; 28.11.2007 в 22:58.
    Realtime: Kaspersky Internet Security & A-squared Anti-Mallware (default windows)On Demand Scanner: Avira Premium & Nod32 ,Panda& AVG antispyware & Bitdefender 2008(another windows) Firewall: Online Armor System Recovery: Returnil

  10. #10
    External Specialist Репутация Репутация Репутация Репутация Аватар для Sjoeii
    Регистрация
    27.11.2007
    Сообщений
    149
    Вес репутации
    42
    did you try the test yourself?
    Just a security fanatic

  11. #11
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    I don't like sites that promote leak-tests, or rank firewalls by the way they pass or don't pass leak tests. Leak tests have little or nothing to do with computer security. Besides, the culture in itself gives the false impression that as soon as malware is on your system, it can be controlled, contained, or whatever. Well, I have news for you: this is just not true in most cases. I wish the Security Industry stopped throwing dust in people's eyes...

    Paul

  12. #12
    Full Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Ultima Weapon
    Регистрация
    17.11.2007
    Адрес
    Philippines
    Сообщений
    153
    Вес репутации
    47
    FIREWALL KILLER
    Firewall killer software to bypass firewalls, proxy servers and hide ip address (anonymous proxy)


    http://www.firewall-tunnel.com/?firewall-killer


    GRC Leaktest
    "Leaktest" from http://www.grc.com/lt/leaktest.htm. This is a free firewall leakage tester.
    Последний раз редактировалось Ultima Weapon; 14.03.2008 в 14:35. Причина: Добавлено
    Realtime: Kaspersky Internet Security & A-squared Anti-Mallware (default windows)On Demand Scanner: Avira Premium & Nod32 ,Panda& AVG antispyware & Bitdefender 2008(another windows) Firewall: Online Armor System Recovery: Returnil

Похожие темы

  1. no internet and firewall cant be activated
    От bayou020 в разделе Malware Removal Service
    Ответов: 4
    Последнее сообщение: 22.07.2009, 22:55
  2. Kaspersky Internet Security 2009 удостоился максимальной оценки Matousec Transparent Security
    От Hanson в разделе Новости компьютерной безопасности
    Ответов: 6
    Последнее сообщение: 25.10.2008, 01:41
  3. Ответов: 1
    Последнее сообщение: 28.11.2007, 15:43
  4. Leak-tests августа
    От SDA в разделе Межсетевые экраны (firewall)
    Ответов: 7
    Последнее сообщение: 13.09.2007, 16:17
  5. Мартовский тест Firewall Leak Tester
    От HATTIFNATTOR в разделе Новости компьютерной безопасности
    Ответов: 4
    Последнее сообщение: 01.04.2006, 17:57

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01092 seconds with 15 queries