gkweb
join:2003-06-09
76800
| reply to Lilla1
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
Hi,
i am the author of the website.
Withouth any offense intended, even if my testing and my website are bashed apparently, I see here many confusion, about what the leaktests are meant to test.
A leaktest is not meant to bypass an overall computer security, but just one feature of one kind of product.
Basically, a leaktests is trying to hijack a fully trusted application.
If you fully trust all of your softwares, and that you allow them any traffic, then a malware trying to hijack one of them should be detected by the personal firewall, blocked, and asked to the user, that isn't too much complicated, and that is precisely what the firewalls _passing_ the leaktests are doing, catching them in a fully trusted environment.
This is in such environment that you can see which firewall detects, and which one does not.
That's the test page at this step :
»www.firewallleaktester.com/tests.htm
To understand what are my criteria, averything explained on the following study :
»www.firewallleaktester.com/documents.htm
(leaktest.pdf)
Then, and I agree here with Ghost, because none of teh firewalls can prevent a trusted application hijacking, because so none can pass them all, you have to tighen up your security to block them, even indirectly.
The leaktests are meant to bypass trusted applications as I said, but if you trust none of your software, then it is a lot harder for them to go throught, but please note that here I am referring to your overall security (not only the firewall) that the leaktests has never claimed to pass. I think I have explained eveything about that there :
»www.firewallleaktester.com/advices.htm
To test the leaktests, as fully explained on the leaktests paper, is not to block everything on his computer, to throw them, and to see what happens, but I won't write again what I have aleady written.
My point isn't to scare anyone and to say that you can't do anything about it, on the contrary, I am trying to show the weaknesses on a particular firewall component, and to bring solutions, such as the sandboxes, again explained on both the advices page and on the pdf document.
I think that before the criticism of a test page, it's better to read the link provided just under the table which explain the test criteria, and then to take a look at the whole site to see quickly that me and Ghost aren't saying necessarely opposite args.
I do not whish to start a war or a flame, I just wanted to defend my tests results, to explain them. I respect all of you, everyone is entitled to is own opinion, and after all that is explained, even after to have read all the link above, you can still disagree, but I hope this time you'll see that we have just different point of view and criteria, and that it is not someone who is out of his mind (me) and someone else who is right.
I try to help as much as I can people, and I am sorry if you feel that I wanted to attack anyone or any software.
Best regards,
gkweb. |
ghost16825
Use security metrics
Premium
join:2003-08-26
| Hard to believe, but my attack really wasn't intended to be on your website gkweb, but on the author of the application DNSTest and perhaps some of the other leaktest authors.
I thought the definition of "leaktest" was something which bypassed a firewall completely, completely unseen by the firewall regardless of whether such traffic was allowed or not. Sure, if there's anything which does such a thing call it a leaktest and make sure it is publicised everywhere. (Some of the raw sockets type tests maybe). But suggesting massive security implications for everyone (as your website makes it out to be) - surely this is misleading. Most exploit implicit firewall rules and it would probably be more factual to try and describe in depth how these programs work and then let users decide how serious it is. This would be better than simply agreeing that the sky is falling and giving most of these authors kudos which they do not deserve. |
