satrax82
01-12-2006, 16:03
Link:
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
The clear winners of our tests are Comodo Personal Firewall 2.3.6.81 and Jetico Personal Firewall 2.0.0.16 beta. Whilst Comodo is the best on its highest security settings, Jetico has the best default settings configuration. On the highest security settings, Comodo failed only the Coat leak-test, Jetico failed against Breakout and pcAudit. These results are excellent! What is more, both firewalls are still in development and we can expect that they will pass all tests in their future versions. Congratulations!
Another important result of our tests is firewall scoring against FPR. FPR stands for Fake Protection Revealer. This leak-test was implemented to reveal cheating on leak-tests. Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating. It passes all leak-tests except FPR because of the implementation of user mode hooks (ring3) for security purposes. Our article Design of ideal personal firewall clearly says that ring3 hooks can not be used for security critical features. FPR does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware. The vendor of Outpost claims that Outpost is strong against the malware on this field but the reality is quite different. Other firewalls that use ring3 hooks improperly are Sunbelt Kerio Personal Firewall 4.3.268 and Look 'n' Stop 2.05p2. However, their hooks did not affect their test results that much. And unlike Outpost, their hooks were not implemented to mislead the end-users.
Nine of the tested firewalls were marked with Very poor or None anti-leak protection. This result is quite worrying because it shows that even today, when the malware programs are very sophisticated, still a lot of vendors simply do not care about the outbound connection control seriously.
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
The clear winners of our tests are Comodo Personal Firewall 2.3.6.81 and Jetico Personal Firewall 2.0.0.16 beta. Whilst Comodo is the best on its highest security settings, Jetico has the best default settings configuration. On the highest security settings, Comodo failed only the Coat leak-test, Jetico failed against Breakout and pcAudit. These results are excellent! What is more, both firewalls are still in development and we can expect that they will pass all tests in their future versions. Congratulations!
Another important result of our tests is firewall scoring against FPR. FPR stands for Fake Protection Revealer. This leak-test was implemented to reveal cheating on leak-tests. Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating. It passes all leak-tests except FPR because of the implementation of user mode hooks (ring3) for security purposes. Our article Design of ideal personal firewall clearly says that ring3 hooks can not be used for security critical features. FPR does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware. The vendor of Outpost claims that Outpost is strong against the malware on this field but the reality is quite different. Other firewalls that use ring3 hooks improperly are Sunbelt Kerio Personal Firewall 4.3.268 and Look 'n' Stop 2.05p2. However, their hooks did not affect their test results that much. And unlike Outpost, their hooks were not implemented to mislead the end-users.
Nine of the tested firewalls were marked with Very poor or None anti-leak protection. This result is quite worrying because it shows that even today, when the malware programs are very sophisticated, still a lot of vendors simply do not care about the outbound connection control seriously.