Virus Bulletin: Free firewalls rated best in leak tests

[John]

An in-depth study subjecting 23 different personal firewall products to a range of leak tests has granted two free products, Comodo Personal Firewall and Jetico Personal Firewall, the only 'excellent' ratings in the field. Behind them are the popular ZoneAlarm PRO and Trend Micro's PC-cillin Internet Security, both rated 'very good'.

Kaspersky and Lavasoft products are in the 'good' category, as is Outpost, despite being accused of cheating. Meanwhile Sunbelt and Norton are in the 'poor' group and McAfee alongside Sygate under 'very poor'. The level of protection offered by products from CA, BitDefender, F-Secure, Panda and AVG, among others, is described as 'none'. At the bottom of the class, with a score of zero, is of course the Windows XP SP2 built-in firewall, which only protects against inbound attacks.

Read more: http://www.virusbtn.com/news/virus_news/2006/12_07a.xml

 

[screw3d]

<-- proudly using Comodo

I'm getting a bit annoyed with it lately though.. it's keeps on "forgetting" rules and firing some that doesn't make much sense.. might be time to try Jetico

 

[daniel49]

still using kerio2.5 in windows

 

[Mem]

I like reading the vendors responses,

Kaspersky Lab - the vendor of Kaspersky Internet Security

Kaspersky Lab expressed disagreement with our results in their response.

Firstly, we were told that the tested version Kaspersky Internet Security 6.0.0.303 was out of date and that there existed a newer version, which is better against leak-testing techniques. However, our tests were made with the latest version available at the time of our tests with its latest updates. Kaspersky Lab should understand that we are not able to monitor their site every day and redo all the testing when they release a new version. We present results for Kaspersky Internet Security 6.0.0.303 and we say nothing about newer versions. We plan to retest newer versions of tested products in the future but not every week.

Secondly, we were told that our results were 'highly different from results published at http://www.firewallleaktester.com/tests.php'. We have compared our results and found out that highly different meant that in our results Breakout2 and Surfer were able to leak, which does not match results published on firewallleaktester.com. We have retested both leak-tests on the highest security settings of KIS. Breakout2 was able to leak without any notice. Surfer was able to leak but it failed to report this correctly. Using a packet sniffer we were able to confirm that Surfer was not stopped by KIS. This is why we think our results are correct for both Breakout2 and Surfer.

Btw if you want to test your firewall ,try ShieldsUP , here.

 

[BW86]

I'm still using Kerio215 -- maybe I'll check out Comodo.

 

[Ultralight]

Yeah, but both Comodo and Jetico take some real hands on work and Jetico can drive users up the wall.

Right now I have Sunbelt's firewall and ShieldsUp gives it a full thumbs up. I find when it comes to Firewalls it becomes very subjective in testing. That being said, I think I'll seriously look into Comodo when my subscription to Sunbelt runs out.

 

[sourceninja]

I still haven't found anything better then a little linux box sitting on the edge of my network.

 

[WildHorse]

stash (post below)

Right you are...I was mistaken.
Post deleted.

 

[stash]

which is exactly wrong, since the WinXP firewall only protects against outbound, not inbound.

Huh?

The XP firewall is inbound-filtering only.

This 'report' or test or whatever you want to call it, is crap BTW. Anyone who sells bugs for profit should not be taken seriously: http://www.matousec.com/projects/window...alysis/ZoneAlarm-Pro-6.1.744.001/#bugs

 

[CCityInstaller]

I am using XPSP2's firewall and passed every test on Shield'sUP! Of course, my router might have something to do with it.

 

[Kriz]

comodo is good, but it can get somewhat annoying. it sometimes forgets when I tell it to always allow certain programs internet access.

 

[WildHorse]

Originally posted by: CCityInstaller
I am using XPSP2's firewall and passed every test on Shield'sUP! Of course, my router might have something to do with it.

Interesting. Let's try that.

Maybe I can uninstall the McAfee software firewall & just rely on XPSP2's firewall for inbound, and the DSL router's firewall for outbound.

EDIT: Success! I got rid of McAfee firewall. WIth the DSL modem's outbound-only firewall, and WindowsXP's inbound-only firewall, I completely pass Shield'sUP!'s all ports test. That's pretty cool. Thank you, CCityInstaller.

 

[Captante]

Using Kaspersky IS6 on main PC, Panda IS2007 on primary backup & Free Zonealarm on backup 2 & after bypassing my router, all 3 programs passed as full-stealth on Shields-up & passed using a program called Leak-test to look for outbound leaks.

Interestingly with my router installed port 113 (IDENT protocol) shows as closed, not stealthed regardless of which PC the test is run from... I'll have to go into my router configuration & forward it to an unused port a little later.

Although I'm really not impressed with Kasperskys "Anti-Hacker" firewall & Panda has never been that highly rated as a firewall (both AV's are very good & Panda was free), I have to say that I'm not sure about the accuracy of the tests this thread is based on.

 

[Lemon law]

To scott,

who writes---Maybe I can uninstall the McAfee software firewall & just rely on XPSP2's firewall for inbound, and the DSL router's firewall for outbound.

Someone correct me if I am wrong---but its my understanding that a router only blocks inbound ports---and does nothing for outbound traffic.

 

[Mem]

Using Kaspersky IS6 on main PC, Panda IS2007 on primary backup & Free Zonealarm on backup 2 & after bypassing my router, all 3 programs passed as full-stealth on Shields-up & passed using a program called Leak-test to look for outbound leaks.

I would not worry about this one review,FYI I use Bitdefender 10 Plus which has a firewall and my hardware firewall on my modem/router,I have yet to have any problems with security or ShieldsUP test .

 

[nweaver]

outbound filtering is mostly feelgood stuff imho


and they failed to test the very best S/W firewall....iptables

 

[stash]

outbound filtering is mostly feelgood stuff imho

That, and marketing.

 

[Lemon law]

Regardless if outbound filtering is feel good or not---it still does not answer the binary question on routers--they either are capable of outbound filtering or they are not.---unless its a some rare few are but most are not.

And I also disagree on the feel good---if something incoming slips by---and if its something like phishing software the steals personal data---if it can't report back out to report what it stole, its rendered harmless. And if it can report back out--what ever it got from you is now very likely owned by someone else.

Get a clue---identity theft is one of the fastest growing crimes in the world---and I can tell you for sure---if you try it---you won't like it.---and talk to anyone who has had their identity stolen for more conformation.

But in fairness to its a feel good advocates---even the best software firewalls don't presently do a very good job on outbound filtering.--so consider that as a next security frontier-- And the windows sp2 firewall does nothing, nada, zippo, and zilch on outbound--which only serves to heap more shame on microsoft.

 

[mechBgon]

Originally posted by: Lemon law
To scott,

who writes---Maybe I can uninstall the McAfee software firewall & just rely on XPSP2's firewall for inbound, and the DSL router's firewall for outbound.

Someone correct me if I am wrong---but its my understanding that a router only blocks inbound ports---and does nothing for outbound traffic.

A router can often be set up to block in both directions. Here's my example: locked-down Netgear RP614. This router sits inboard of my crummy ActionTec DSL modem/gateway/router-wannabe box.

It doesn't filter based on what app it is, so it can't help you determine that Oh Noes, I Have Malwarez by alerting you that qfnvewkx.exe is trying to access the IntarWeb. But malware can heist an "approved" program to squeak through that kind of protection anyway, or add itself to the "approved" list.

IMHO the better strategy is to build a layered defense that prevents qfnvewkx.exe from ever getting in the door in the first place: least-privilege user accounts for all routine daily use of the computer, up-to-date patching of ALL your software, good antivirus protection, abundant use of common sense to avoid shooting yourself in the foot with warez/cracks/Trojans, and possibly a disallowed-by-default Software Restriction Policy if you have WinXP Professional Edition. I know that all sounds about as fun as abstinence before marriage but it does work. I just use the WinXP Firewall, which my Limited account can't change settings on.

 

[nweaver]

Originally posted by: Lemon law
Regardless if outbound filtering is feel good or not---it still does not answer the binary question on routers--they either are capable of outbound filtering or they are not.---unless its a some rare few are but most are not.

And I also disagree on the feel good---if something incoming slips by---and if its something like phishing software the steals personal data---if it can't report back out to report what it stole, its rendered harmless. And if it can report back out--what ever it got from you is now very likely owned by someone else.

Get a clue---identity theft is one of the fastest growing crimes in the world---and I can tell you for sure---if you try it---you won't like it.---and talk to anyone who has had their identity stolen for more conformation.

But in fairness to its a feel good advocates---even the best software firewalls don't presently do a very good job on outbound filtering.--so consider that as a next security frontier-- And the windows sp2 firewall does nothing, nada, zippo, and zilch on outbound--which only serves to heap more shame on microsoft.

except that your software firewall is only going to say "IE want's to access the internet (or that you already allowed this) and they your identity get owned anyway...how is a software firewall going to prevent you from hitting phishing sites?


If I'm going to take the time to write code to steal identities, I'm damn well going to root your system and totally bypass and/or disable your outbound filtering. That is why outbound filtering from the host system is nearly worthless imho. Sure, you get to keep apps from dialing home, woopdy freaking deal. Anything really serious can bypass the firewall without you knowing. There in is the problem, only the host knows the application trying to access (routers/hw firewalls only know ports/ip's) and if it's been infected, and the s/w is trying to dial home, then can you really trust that they didn't root the system and bypass the firewall anyway?

 

[BadThad]

Originally posted by: stash

which is exactly wrong, since the WinXP firewall only protects against outbound, not inbound.

Huh?

The XP firewall is inbound-filtering only.

This 'report' or test or whatever you want to call it, is crap BTW. Anyone who sells bugs for profit should not be taken seriously: http://www.matousec.com/projects/window...alysis/ZoneAlarm-Pro-6.1.744.001/#bugs

Not entirely true. The XP Firewall will warn of SOME outbound programs trying to access the internet.....but it's very weak.

 

[BadThad]

Originally posted by: mechBgon

Originally posted by: Lemon law
To scott,

who writes---Maybe I can uninstall the McAfee software firewall & just rely on XPSP2's firewall for inbound, and the DSL router's firewall for outbound.

Someone correct me if I am wrong---but its my understanding that a router only blocks inbound ports---and does nothing for outbound traffic.

A router can often be set up to block in both directions. Here's my example: locked-down Netgear RP614. This router sits inboard of my crummy ActionTec DSL modem/gateway/router-wannabe box.

It doesn't filter based on what app it is, so it can't help you determine that Oh Noes, I Have Malwarez by alerting you that qfnvewkx.exe is trying to access the IntarWeb. But malware can heist an "approved" program to squeak through that kind of protection anyway, or add itself to the "approved" list.

IMHO the better strategy is to build a layered defense that prevents qfnvewkx.exe from ever getting in the door in the first place: least-privilege user accounts for all routine daily use of the computer, up-to-date patching of ALL your software, good antivirus protection, abundant use of common sense to avoid shooting yourself in the foot with warez/cracks/Trojans, and possibly a disallowed-by-default Software Restriction Policy if you have WinXP Professional Edition. I know that all sounds about as fun as abstinence before marriage but it does work. I just use the WinXP Firewall, which my Limited account can't change settings on.

Once again, I'm with Mech. On my personal machine I use XP's firewall with a hardware firewall on my router....good enough for the intelligent PC user.

 

[BadThad]

Once again, nice job Mech!

 

[mechBgon]

Originally posted by: BadThad
Once again, nice job Mech!

Thanks I do what I can, considering I'm a bicycle mechanic , not a security pro like some of the guys around here. Cue the Monty Python "Bicycle Repair Man" skit!

 

[BadThad]

Originally posted by: mechBgon

Originally posted by: BadThad
Once again, nice job Mech!

Thanks I do what I can, considering I'm a bicycle mechanic , not a security pro like some of the guys around here. Cue the Monty Python "Bicycle Repair Man" skit!

Don't under estimate your abilities my friend, you know a lot about computers and, more importantly, you share what you know with the world. Every post I've read by you over the years is very well done and clearly stated. :thumbsup: