dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4268
share rss forum feed


Veerzoon

@rr.com

firewall tests?

are there been any reliable firewall tests?

(i just read on smokey's security forums that Matousec is/was/will be getting $ by the firewall companies)


georgermct
PERFORMANCE

join:2000-05-12
Fairfield CT
I have used ShieldsUP!

»www.grc.com/x/ne.dll?bh0bkyd2


Veerzoon

@rr.com
reply to Veerzoon
i mean firewall comparison tests


AB
Premium
join:2006-04-04
Leesburg, VA
kudos:3

1 edit
said by Veerzoon :

i mean firewall comparison tests
Comparing what? As most firewalls work essentially the same, you'd need to better define what it is you're looking to compare.

And many 'comparative reviews' are based solely on whose palm got greased and whose didn't. So you'd have to attempt to separate wheat from chaff in that regard, as well.

*Edit- sp


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to Veerzoon
Like an av-comparatives for firewalls?

I think I heard of one a while back but I decided it was biased, and I don't remember the site in any case.

GRC has a program that tries a few tricks to get around firewalls, IIRC.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...


therube

join:2004-11-11
Randallstown, MD
reply to Veerzoon
Matousec details paid testing here, »www.matousec.com/projects/firewa···gy-rules .

Do you have a link for smokey's comments?


Veerzoon

@rr.com
reply to Veerzoon
»www.smokey-services.eu/forum/vie···&p=34329

because of this:

Matousec:
We have decided to recommend the best products to you via affiliate programs of their vendors


rlocone
Honor Our Heros, Our Armed Forces
Premium
join:2002-04-10
Kokomo, IN
reply to Veerzoon
You could look @ Firewall leak test.

»www.firewallleaktester.com/

This site checks firewalls and then compares them based on those tests.
--
*** Never Forget 9/11 ***


Veerzoon

@rr.com
reply to Veerzoon
great, thanks,
so i see most use explorer.exe/iexplore to generate leaks - ok, blocked their access on the firewall, no more leaking :P


HA Nut
Premium
join:2004-05-13
USA
reply to Veerzoon
Are there any tests of firewalls that test just the firewall? Matousec does not rate firewall testing on just firewalls. This thread at Wilders hits the nail on the head...
»www.wilderssecurity.com/showthre···t=212594


Veerzoon

@rr.com
reply to Veerzoon
so uhm...

none of the firewalls have been publicly compared and tested
WITH REAL TROJANS AND INFECTIONS?

just with leak test tools and such?

do i have to setup my own vmware box and start infecting myself see what happens...? why doesn't someone do this?


AB
Premium
join:2006-04-04
Leesburg, VA
kudos:3
reply to Veerzoon
said by Veerzoon :

. . i see most use explorer.exe/iexplore to generate leaks - ok, blocked their access on the firewall, no more leaking :P
If you think you can ever totally block IE from accessing the web on a Windows system, you may find that you have another think coming.
Expand your moderator at work


Veerzoon

@rr.com
reply to AB

Re: firewall tests?

so... how do i see that it is or its not blocking Explorer/ie completely? (none of the leak test tools worked)
Expand your moderator at work


AB
Premium
join:2006-04-04
Leesburg, VA
kudos:3
reply to Veerzoon

Re: firewall tests?

said by Veerzoon :

so... how do i see that it is or its not blocking Explorer/ie completely?
You don't. At least, not to my knowledge or level of expertise. Maybe some of the networking mavens could tell you how or give you some advice.

Windows is Microsoft's OS, IE is the browser they've provided with that OS that is conveniently integrated into that OS.
There is certain code, certain programming hard-coded into the browser and OS that prevents the applicability or non-applicability of certain functions.
I can't fully explain it to you or get into any detailed discussion about it as I don't have the depth of technical knowledge that would be required.


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to Veerzoon
If you're worried about malware, it is better to be picky about your anti-malware solution than your firewall. While it is true that a software firewall is in a position to mitigate damage from an infection, that is all it can do. The only time a software firewall prevents infection is when you're not behind a router: ie, when it blocks incoming connections.

That firewall leak tester page lists the techniques used to get around firewalls, and gives examples of malwares that use such techniques. Do you really need to infect yourself with malware to test your firewall? No, you need only run a program that attempts to get out in various ways.

Note also it doesn't have to be your firewall alone that passes all tests. Code injection, for example, is an area covered by such tools as Threatfire and a-squared. Thus, even if I'm running my favored Kerio 2.1.5, designed and produced before anyone thought of such a thing, I can be protected from malware trying to inject itself.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...

mysec
Premium
join:2005-11-29
kudos:4

1 edit
reply to AB
said by AB:

If you think you can ever totally block IE from accessing the web on a Windows system, you may find that you have another think coming...

Windows is Microsoft's OS, IE is the browser they've provided with that OS that is conveniently integrated into that OS.
There is certain code, certain programming hard-coded into the browser and OS that prevents the applicability or non-applicability of certain functions.
I can't fully explain it to you or get into any detailed discussion about it as I don't have the depth of technical knowledge that would be required.

Please cite some references, then.

Using Win2K I've had IE blocked at my firewall for years, except for when I use it to test malware sites. Any attempt otherwise to connect out will alert



_________________________________________________________

I think it's not easy to uninstall IE, but you don't have to use it for the WEB.


mysec
Premium
join:2005-11-29
kudos:4
reply to sivran
said by sivran:

If you're worried about malware, it is better to be picky about your anti-malware solution than your firewall.

How true. Note this comment from the OP in the Wilders thread cited above:

The best firewall according to the matousec tests, would be faronics AE (or any other antiexecutable application).

And so, this drive-by download attempt:



______________________________________________________


AB
Premium
join:2006-04-04
Leesburg, VA
kudos:3

1 recommendation

reply to mysec
said by mysec:

said by AB:

If you think you can ever totally block IE from accessing the web on a Windows system, you may find that you have another think coming...

Windows is Microsoft's OS, IE is the browser they've provided with that OS that is conveniently integrated into that OS.
There is certain code, certain programming hard-coded into the browser and OS that prevents the applicability or non-applicability of certain functions.
I can't fully explain it to you or get into any detailed discussion about it as I don't have the depth of technical knowledge that would be required.

Please cite some references, then.
Well, I can't. Not at the moment, anyway.
Maybe I'm completely wrong, and until I or someone else can show otherwise, I suppose I'll have to say that I am. So I retract that statement, at least until further notice.

I could go into some 'yeah, buts', some 'there's this or thats' or otherwise bring up some corollary and ancillary issues, but I won't. No CYA, double-talk, or trying to deflect any flack out of me.

I cannot in fact cite or find any references to the effect that Internet Explorer cannot be completely blocked from accessing the Internet, or cite any coding or programming references to that effect either.

Bottom line-- I'm saying I was mistaken, I'm saying I'm wrong.
My apologies.

mysec
Premium
join:2005-11-29
kudos:4
I cited Win2k - an old OS - things could work differently with XP and Vista



bellgamin
Kachunga
Premium
join:2003-01-12
Ewa Beach, HI

3 edits
reply to Veerzoon
said by Veerzoon :

are there been any reliable firewall tests?
Hmmm... not many responsive replies. I wonder why? Ah well -- upward & onward:

Here's a "review"...
»www.firewallguide.com/software.htm

Here's another...
»www.techsupportalert.com/best-fr···wall.htm

& Another (a list of reviews)..
»www.consumersearch.com/www/softw···rewalls/

& another (commercialized; possibly "buy a rating" so read with a carload of salt)...
»www.personal-firewall-software-r···ews.com/

1 more, but outdated (link to page 1; proceed to page 2 by link thereon)...
»www.firewallleaktester.com/tests···view.php

Do it yourself (sum fun tu)...
»www.firewallleaktester.com/


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
Firewallguide.com looks like it has affiliate links for pretty much all the stuff there. This kind of bias is why there aren't many trusted review sites.

The one at techsupportalert.com seems clean of affiliate links though. Some (myself included) might disagree with their pick of Sunbelt, which is based on the crappy and bloated Kerio 4.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...


AB
Premium
join:2006-04-04
Leesburg, VA
kudos:3
reply to mysec
said by mysec:

I cited Win2k - an old OS - things could work differently with XP and Vista

I'm not completely abandoning my original position-- yet.

But until such time as I can provide any proof to back up that original statement, I'll stick with "I'm wrong".

mysec
Premium
join:2005-11-29
kudos:4

1 edit
reply to Veerzoon
said by Veerzoon :

so uhm...

none of the firewalls have been publicly compared and tested
WITH REAL TROJANS AND INFECTIONS?

just with leak test tools and such?

do i have to setup my own vmware box and start infecting myself see what happens...? why doesn't someone do this?

Maybe because there are no attacks in the wild which use injection techniques to bypass firewalls?

From the firewallleaktester site:

In The Wild malwares
»www.firewallleaktester.com/malwares.htm
In fact, I do not believe that tomorrow will see an explosion of leaktest exploits use in ITW malwares, because why to try to do something rather hard, when almost all of the computers on the Internet are running with Administrator privileges, and often do not have any personal firewall ?
For those who have one, the method used by ITW worms is rather simple even if brutal, they just kill your firewall process by launching a TerminateProcess() on it.

There is so easier ways for now to leak data out, that the leaktest exploits seems to not be for now a premium choice for the malwares writters.

He lists a few. I've never been able to find working examples of them.

Now, search for malware that disables the firewall. This would be a good test - a real attack to see if your firewall survives.

The old Bagle worms tried that. Here from a few years ago, from a post on Wilders:
I did a booboo by starting to open a file called 06_05_2005.exe, when i realized it I stopped. But it has taken my firewall away,...

He didn't say which firewall he used. I was curious, because when I've manually tried to turn off the Firewall Process, I always get "access Denied" or the password box when attempting to terminate the Firewall Service.

I found a copy of Bagle and let it run:



_______________________________________________________

I don't know how the Bagle was attempting to disable the firewall, whether or not by TerminateProcess().

Of course, all of this testing assumes that the malware somehow installs into your computer.



Veerzoon

@rr.com
reply to Veerzoon
good stuff, thanks mysec