'Leak' Test of 21 Personal Firewalls

mork writes "Matousec.com, as part of a larger analysis of personal firewalls on Windows, has conducted a thorough leak test of 21 pieces of firewall software. Leak tests imitate common methods used by trojans or spyware to send your information from your computer. Windows Firewall XP SP2 fails every test, so the fears that the days of third party firewall software was over seem groundless. Surprisingly the two top programs are both freeware." From the article: "Some firewalls totally failed tests made against their default settings but their results on the highest security settings were much better. Kaspersky Internet Security 6.0.0.303 is the product with the biggest difference between the default settings score and the highest security settings score. Another such product is Safety.Net. Some products like BitDefender, F-Secure, McAfee, Panda, etc. include antivirus engines. The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware."

Re:

[Jeremiah Cornelius]

When regarding the individual general-purpose, desktop computer, outbound filtering is of dubious value. Malware can "hook" IE or FF, and successfully masquerade themselves as regular browser traffic.

Outbound filters do tell the user "You've been PWN3D!!!" Just a little too little, a little too late.

Anybody who has tried to clean the latest set of nasties off an OS will agree with the conclusion that is almost impossibe. Even simple adware is using rootkit-style technques to embed itself, and regenerates

Re:

[ratboy666]

For a desktop, I will agree. For a server, it is a bit more general.

I allow some people shell accounts. As long as they are not abusive. Outbound traffic monitoring is as important to me as inbound.

1 - Its bandwidth. Which is a resource

2 - I don't want to be found administering a spam factory

3 - I need to control P2P content (also see point 1). (I just had to cut someone off for sharing the movie "Click"). I do get those "take-down notices"! And I have to be brutal about it.

None of those things has anything

Re:

[Jeremiah Cornelius]

Yeah. I think that what I was supporting with my comment, too.

When I refered to SYN, I wasn't talking about flooding. I meant INITIATING outbound, any non-whitelist TCP traffic. Most perimeter firewalls are set up to block non-whitelist incoming, and that's a comfort.

I don't want an admin deciding to touch unknown web or FTP destinations from a trusted host, etc. Outbound firewalls are good here. I have some other cases, but with Windows servers, it's good not to let the Admins get into a habit of readi

That's not the point.

[richdun]

Windows Firewall XP SP2 fails every test, so the fears that the days of third party firewall software was over seem groundless.

The fears aren't because MS figured out how to build a good firewall; the fears are based on supposed "features" in Vista that would make it very hard/impossible for third party vendors to access parts of the OS needed to build good security software without first going through MS for some kind of certification. Not only that, but as MS integrates other security into Windows, like anti-virus, it may become very difficult to install third party AV and firewalls because the built-in AV wouldn't allow it.

Now, I'm not sure how much of these fears were grounded in reality, but I'm pretty sure they had nothing to do with some perceived accomplishment of the built-in Windows Firewall.

Re:

[cassidyc]

Ah, you too have fallen for the anti-virus makers whining about MS Kernal patch protection.

Re:

[richdun]

No, like I said, I'm not sure how much of all that was grounded in reality (haven't really even touched Vista yet). I was just pointing out what said fears (or FUD, most likely) were based on, which is in contrast to what TFsummary was implying.

Re:

[kent_eh]

The fears aren't because MS figured out how to build a good firewall

It's more like in Joe SixPack's mind (assuming Joe gives any thought to security at all) "this thing has a built-in firewall thingie, so I don't need to get one o' those from somewhere else".

Same argument goes for web browsers, e-mail clients, IM, multi-media player, etc.

The more that's hanging off the periphery of the OS, the less likely third party software is looked at.

Obvious....

[RhadamanthosIsChaos]

"The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware."

This may seem obvious to me.... but the leak-testing software's imitating how a virus or trojan sends messages to the net, right? Wouldn't that of course mean that anti-virus software is going to mark it as malware?

I mean, the anti-viruses must be matching either the behavior of the program itself, or the signature of that data-sending bit. Of course they'll think it's a virus.

Re:

[Anonymous Coward]

Correct, except for the fact that the leak-testing software are setting the evil bit [faqs.org] to zero, and thus the firewall/AV software must not treat the traffic as hostile.

Re:Obvious....

[tverbeek]

"When I tried to sneak an empty pistol onto a plane to test airport security, they arrested me as a possible terrorist! Isn't that odd?"

Re:

[neoform]

It might be urban legend, but i heard that a gun with no bullets cannot be considered a weapon in court, unless you threaten to hit someone with it, since technically, a gun without bullets can't hurt anyone..

Re:

[cheezit]

Wha??? It's still a deadly threat unless the victim has certain knowledge that there are no bullets in it. I was on a jury last year and the laws that the defendant was charged under emphasized the state of mind of the victim and the intent of the defendant. I can't see how brandishing a gun, empty or not, means anything other than "I intend to use violence."

Re:

[neoform]

How can you be violent, or have the intent of being violent if you have no weapon to hurt anyone with?

an empty gun is as dangerous as a stapler.

Re:

[Fweeky]

Er, right. Because if you walk in on me pointing what looks like a gun at someone, you're not going to pull out a real weapon, call armed police, or otherwise do anything which might endanger me, you, or anyone else nearby.

Re:

[cheezit]

If you show your victim that you are in a violent rage, and perhaps you have a past history of violence, your victim may fear for their life even if you have nothing in your hands. By your logic, boxing is not violent, nor is a street fistfight.

So you're right, an empty gun is as dangerous as a stapler.

Re:

[neoform]

Nope, that's different, your fists become weapons in that case.

If you don't threaten to hit/punch someone with your fists, they're not weapons.

Re:

[tverbeek]

Urban legend. Juries are not generally pedantically liberal enough to fall for that argument.

Re:

[tverbeek]

Make that "literal", please. :)

Comodo

[Hennell]

Just to say I've been running comodo for ages, and find it great to use. Slows down the computer allot less then Norten and is far easier to customise and make rules for. Not to mention it has a very helpfull message board and its free. Comodo Site [comodo.com].

Re:

[russ1337]

This is quite timely really. I've been looking for a new software firewall (have NAT router and WinXpSP2 default) which gives me no outgoing protection. (use winpatrol to monitor startup registry changes).

I like the look of the Comodo, and based on your recommendation I will install it tonight.

Thanks!

At minimum, this is VERY weird. What's happening?

[Futurepower(R)]

Matousec [matousec.com], which did the testing, found that the Comodo free firewall [comodo.com] is the best. Are Matousec and Comodo completely separate organizations? Matousec is Japanese, and English is clearly not the native language of whomever runs Comodo.

Matousec's review covered "personal firewalls", an artificial category which may eliminate products of interest. For example, Comodo doesn't recommend its own firewall, it recommends the Trustix Enterprise Firewall [trustix.com], which is free, also.

At minimum, this is VERY weird. I'm

Thanks.

[Futurepower(R)]

Thanks for the information. It's very useful.

Now, we still need to address why we have never heard of these companies before today, and now they are the best?

Comodo installer may be unsafe

[justthinkit]

I went for the Comodo firewall today, did the install and as part of it the installer suggested I disable the XP firewall which I agreed to. Then it wanted to reboot but I was (am) in the middle of something that will take another hour or so. The problem is that the installer has already turned off the XP firewall and the average time to penetrate an XP machine without firewall is under an hour. So I turned the XP firewall back on until I reboot, but how many would know to do this?

Why can't the instal

Firewalls for Linux

[SheeEttin]

Yes, but how many of these firewalls run on Linux?

I've really only seen Linux firewalls based on iptables/ipchains. I use one, called TuxGuardian (try Google/SourceForge if you want a link) that seems to work well.

Re:

[silentounce]

http://www.linux-sec.net/Firewall/Testing/ [linux-sec.net]

Re:

[chroot_james]

Yes, but how many of these firewalls run on Linux?

I've really only seen Linux firewalls based on iptables/ipchains.

That's because that IS the linux firewall... Why would anyone spend time building a whole separate one instead of improving what's already there?!

Re:

[Martin Blank]

Because iptables/ipchains does not provide for comprehensive traffic analysis. When combined with snort and squid, it is possible to get a more comprehensive package, but my parents are in no situation to be dealing with filtering through which snort rules they should or should not have, monkeying around with the format of what can be complex iptables rulesets, or trying to fine-tune the proxy configuration to allow access to their favorite sites.

Re:Firewalls for Linux

[jZnat]

Since your parents obviously aren't network admins, they wouldn't be qualified to do that on Windows either. Your point?

Re:

[Martin Blank]

They're capable of letting a firewall such as Sunbelt Kerio or Sygate (before it was killed by Symantec) monitor not only ports, but the actual applications, watching for suspicious traffic and alerting them so that they can determine if it's intended or not. If they open an application that goes looking for internet access and they don't see a reason for it (this has happened with some utilities that do version checks, for example), they know to block it until they can check to see if it's OK, usually by

Re:

[russ1337]

This is worth reading too. http://www.psychocats.net/ubuntu/security#firewall antivirus [psychocats.net]

From the Steve Gibson school of thought

[Beryllium Sphere(tm)]

What is "sad and funny" about catching a program that uses the same techniques as malware, techniques which are outside the range of normal software, and flagging it as potential malware?

It's also annoying to see a firewall listed as a failure because it's a firewall and not a host-based IDS.

I'd also argue that the host-based IDS programs are being sold for a purpose that is not their best use. Once a system has malicious software on it, expecting a process on the same machine to protect you and itself is, um, optimistic. Sure they try to defend themselves but that puts them on the wrong side of an arms race.

What they're best for is monitoring and control of "legitimate" software. I have Zone Alarm set to prompt me every time a program tries to run IE6, and to block media players from phoning home to whisper about what I'm watching.

Other test to perform.

[Rastignac]

Leak tests are not enough.
Another test to perform: just browse some adult oriented sites. That's the so-called "lick test". If your firewall licks, then it sucks ! ;)

ZoneAlarm

[silentounce]

I've used the free version of ZoneAlarm for years and I've always been happy with it. Does anyone know how the free version compares to Pro? There probably isn't much difference.


PS- I use AntiVir for virus protection and have been happy with it as well.

Re:ZoneAlarm cracker pro

[hesaigo999ca]

Yes, the pro has more stuff to control your environment plus comes with antispyware and anitvirus which the free version doesnt, all in all it is my favorite all round tool to have although i keep spybot running as backup plan2

Re:

[Bigman]

I had used the free ZoneAlarm on my W98 boxen for years, always happy with it and (AFAIK) never got hacked (plenty of attempts though!). When I upgraded the machines to W2K I found that ZoneAlarm screwed up the user profiles. The, apparently was a "known problem" and I chose to uninstall it. Shorly after I got broadband and am using a router/hub which has its own built in firewall.

But Zonealarm was good, easy to use. I imagine the 'Pro' version would be just as good.

XP SP2 firewall is inbound only

[MagicM]

The "personal firewall" in Windows XP SP2 was never advertised to block outgoing connections. In fact, this PDF [microsoft.com] states: "Windows Firewall blocks unsolicited incoming traffic. However, you cannot configure Windows Firewall to block outgoing traffic."

So of course it failed every test.

Yet it tries to anyway, and poorly

[porkThreeWays]

If that's the case, they shouldn't have included any outbound protection at all. It's just lazy to half-ass outbound protection then claim "well it was never meant for that use". Don't include it at all if it was never meant for that use. The outbound protection it has now is basically useless and is a hindrance more than anything.

Re:

[MagicM]

Did they include outbound protection at all? If so, I'm not familiar with it.

They include "protection" when an app opens a port to receive data on. That would "protect" against apps that are trying to allow your computer to be controlled remotely. However, nothing gets filtered when an app decides to send data somewhere.

disclaimer: These arguments are 100% based on truthiness.

Re:

[Vlad_the_Inhaler]

Ummm

Did MagicM not say just that? The Windows firewall does not have any outbound protection at all, as Microsoft themselves make clear.

fwiw, my Linux firewall is set up in exactly the same way: block all incoming traffic but permit all outgoing. I am a bit hazy on the DNS firewall requirements.

Mod parent comment DOWN, not up!

[Futurepower(R)]

Quote: The "personal firewall" in Windows XP SP2 was never advertised to block outgoing connections.

Why did people moderate that comment up? Microsoft never claimed it made good software, so the quality of its software should ignored?

George W. Bush [futurepower.org] never advertised himself as a moral person, so he shouldn't be impeached? The U.S. government never advertised itself as non-violent, so the fact that it has killed 650,000 Iraqis [jhsph.edu] should be ignored?

Re:

[MagicM]

Because moderation should not be based on whether you agree/disagree with the comment or with something it implies. Moderation should be based on whether the comment is valuable to the thread. In this case, it had some information in it (from Microsoft directly) which clarified something. Some people found that Informative.

What about Zone Alarm FREE?

[jbarr]

They tested Zone Alarm PRO, and it tested very favorably. Can we assume that the free version would fare as well?

Re:

[jandrese]

Perhaps, but that still doesn't help the fact that ZoneAlarm is a shocking resource hog on a system.

ZoneAlarm works for us.

[Futurepower(R)]

Our experience is that ZoneAlarm is fine. We've checked using the SysInternals Process Explorer, installed as Task Manager, hundreds of times and never found that ZA was using too much CPU power. This checking was done on perhaps 25 computers over a period of many months.

ZoneAlarm sometimes gives false positives, but that is a small problem compared to worrying about networks being infected.

Re:

[Qil'elPhil]

Have you just checked the performance of the ZoneAlarm process oder measured the whole system performance?

IANADriverProgrammer, but as far as I can see, any Personal Firewall would surely install driver-hooks that would measure as part of the process that uses the networking API, not as part of the ZoneAlarm process. Last time I used ZoneAlarm it bogged down my computer considerably.

That said - and using some other wise mans aphorism:

If personal firewalls are the answer, you are most certainly asking the wr

"ZoneLabs programmers lack important knowledge..."

[Futurepower(R)]

ZoneAlarm was tested [matousec.com] by the company that did the leak testing.

Quote: ZoneLabs "programmers lack important knowledge needed for writing security products for Windows NT operating systems."

This fits with our experience. ZoneLabs was sold to CheckPoint Software. After that, ZoneAlarm seemed to have many, many problems.

Hardly critical

[sheldon]

What's important is a firewall stops incoming traffic, to prevent worm attacks.

Stopping outgoing traffic is for the obsessively insane.

Re:Hardly critical

[KermodeBear]

By stopping outgoing traffic you can protect your privacy and, in the event you become infected with a worm of some kind, it can help prevent you from infecting others and clogging up the network.

Re:

[Goaway]

Truly spoken like someone whose platform of choice has never been the target of spyware.

Re:

[KermodeBear]

I run Windows AND Linux; Strangely enough, I've never had a problem with either in well over six years. Windows has more holes than a goth girl's ear but if you do what I do you'll have the same success:

Keep up with the updates, use FireFox for web, use a webmail client or Thunderbird, don't download anything from an untrustworthy site, don't run executables from Usenet or P2P networks, stick yourself on a private network, isolated from the 'net. In short, be smart about where you go, how you get there, wha

Re:

[Goaway]

And since you don't run an application firewall, you have no idea if any of the programs you do run are phoning home about you.

Re:

[lymond01]

Stopping outgoing traffic is for the obsessively insane.

While these programs are noted as "personal", most sys admins make sure their networks are crunchy on the outside and on the inside both, so firewalls at the borders and on the clients are useful. Messy egress traffic is often best stopped at the client level through access privileges set by these programs or within Windows. With limited bandwidth (it's always limited no matter your connection) you don't want people with peer-to-peer programs, itunes

Re:Hardly critical

[ben there...]

Stopping outgoing traffic is for the obsessively insane.

Not for people who:
- run Windows
- don't update their OS
- don't use a router/firewall
- use IE or Outlook Express
- run as admin
- install anything and everything from warez sites/P2P
- visit shady pr0n sites
- open random email attachments
- don't understand why every website they go to suddenly has popups and why the intarweb is so slow

aka your average computer user.

Once infected....

[Ahnteis]

Once infected, what's to stop the program from changing the firewall to allow outgoing without notifying the user?

Software firewalls are to keep you from being attacked in the first place, or possibly for privacy. They won't protect you once you're infected.

Re:

[whoever57]

Stopping outgoing traffic is for the obsessively insane.

Not for people who:

...

- run as admin

You seriously expect a firewall to provide protection on machines where the primary user runs as admin?

Re:

[sheldon]

So you're telling me...

A outbound firewall is going to stop popups, spyware and trojans.

Exactly how. I really would love to hear your explanation.

Re:

[ben there...]

A outbound firewall is going to stop popups, spyware and trojans.

A while back, I used to run as admin, like most Windows users. I used ZoneAlarm and had it prompt me every time IE tried to connect. I used Firefox, but all the spyware apps that I came across popped up their ads in IE. So I basically knew if ZoneAlarm prompted me about IE, anytime, it was just about guaranteed to be adware.

I've also caught SaveNow, which was bundled with Bearshare. And a few others. I don't bother running it anymore, and spyw

Erh... no

[Opportunist]

Blocking incoming problems with a program running on the machine and being started way after the system already accepts connections is asking for trouble. Yes, the time frame in which you're vulnerable is (unless you're starting a bunch of processes) maybe very small, but seconds become millenia in a computer that can process a few million lines of assembly code per second.

Outgoing is, given the amount of problem programs that come piggybacked on other software today, at least as problematic. All it takes f

Re:

[Vlad_the_Inhaler]

I thought one of the XP SP2 fixes was to start the firewall before accepting incoming connections, or if not - some fix was promptly added to do this. There was some discussion along these lines when SP2 came out but I have forgotten the details.

Re:

[Opportunist]

Trusting MS is a thing I'd be wary about. I don't say they don't know what they're doing, but one thing's certain, whatever kind of security they might implement is the very first thing an attacker will (not might, will) try to circumvent, simply because he can expect it to exist on every machine he'd want to attack with an exploit for machines running MS OSs.

So MS would be the very last company I'd trust in the consumer area when it comes to security.

Re:

[rabbit994]

Ignoring the comment below about MS being possible liers, yes, they now don't completely start up the network stack without turning on the firewall. In most cases, it's still better to use a hardware firewall then rely on software to keep you safe.

Depends.

[jd]

• A virus bootstrap gets onto the machine by some means, then uses RDMA to transfer the rest of the virus from an infected machine elsewhere. The connection is initiated on the inside and is therefore technically an outbound connection even though the important traffic is going the other way.
• A program that is supposed to be running has a feature to connect to some server or other at periodic intervals for updates, genuine-ness certification, etc. Someone poisons a router table or DNS cache and hijacks that tr

Under your control

[alanjstr]

[sarcasm] Ok, so let me get this straight. I am stupid enough to allow something to be installed on my system like a trojan or malware, but I'm supposed to be smart enough to secure my system to prevent them from getting back out? [/sarcasm]

I have used firewalls that let me control my outbound. I've found them to be a pain in the ass because I have lots of things that need to get out. And of course every time I update one of them I have to update my list. Try using a Firefox nightly and changing it at least once a week and you'll soon be tired of that. I protect my system by scanning things I download, running A/V, and occasionally verifying my system with an automated spybot check.

Re:

[hey!]

Stupidity is helpful to mal-ware, but it is neither necessary nor sufficient.

Ever install any software you got off the Internet? Well, you trusted somebody then, didn't you? Unless you only install software you compile yourself after doing a thorough code inspection, you are vulnerable to some degree. It may be that your choice of things to install (e.g. web servers, scripting languages) are seldom if ever vehicles for mal-ware. Also, you may tend to get these from well known sources, especially if you

Re:

[maxume]

And you have to trust your compiler, and the compiler that compiled it and the hardware that you used to compile it and so on.

The good news is that nobody is doing anything like that in a way that large groups of people find harmful, or we would hear about it.

Re:

[tehcyder]

Anybody who stops to think a moment wouldn't download a codec from a porn distrubtor

Oh, shit.

Re:

[strikethree]

Well, to be honest, controlling outbound traffic is important; although you are correct in that it won't/can't really help with truly malicious software. For example:

I had DSL service from PacBell. The software that they gave me to create PPOE connections had a cute little feature that they neglected to tell me about. It created outbound connections to some site that was monitoring every web page that I went to. Very nice. Would I have caught such improper behavior from "legit" software if I had not had an

CoreForce

[jginspace]

The product I used for a long time, Outpost, is there. It's good but it has too many issues. However where's Core Force [coresecurity.com]? It's not a decent roundup if they didn't test that.

Not what I care about

[brunes69]

Leak tests imitate common methods used by trojans or spyware to send your information from your computer.

This is the least important piece of security I care about on my PC.

If there is a trojan already running on my PC, then I have already lost the war. It is irrelevant if it can communicate directly with an outside server or not. It could send data in a PLETHORA of undetectable ways aside from this (could send stealth emails from my default email program, could post data stealthily in a hidden frame it sets as my browser start page, etc etc).

The goal is to not get the spyware and virii on your PC in the first place. Once it's there, you're already screwed.

Re:

[mdarksbane]

On the other hand, while I would prefer to keep termites out of my house completely, I would rather know when I have an infestation before they eat the entire house.

The whole idea of a trojan is that the user doesn't know that it's running. Having something that might alert you to it can be quite helpful. And yes, SOME trojans install enough of a rootkit that they will be undetectable, but much malware just creates a "Happy bunnies.exe" process that sends your information out. I'd like to have some opportun

Re:

[mdarksbane]

Virus software as it currently exists only identifies known threats. A firewall blocking outbound connections will catch any new software that attempts to phone home that does not specifically attempt to bypass that firewall. Including those gray-area "legitimate" companies that some malware companies leave off of their lists.

It's not the only feature on which a firewall should be judged, but it is useful to know which ones do it properly.

Re:

[HikingStick]

I agree that prevention is the ideal front line, but these tools do help tremendously in the enterprise--they can help keep an outbreak from going replicating like mad in the first few moments. Anything that can be done to slow propagation in my network helps keep things tipped in my favor. No perimeter defense (apart from the Fiskars firewall--cut the cable) is entirely effective, and even trained users might fall for a well-crafted social engineering effort, so I'll err on having these tools available r

Typical Security Guys

[jandrese]

I notice that there was no column in there about how aggravating the installed firewall rendered your system. How many of those firewalls are going to try to pop up a dialog box on a game that just went full screen and freeze the game (so you can't even alt-tab out) until you click on a box you can't even see? I mean I could have designed a firewall that would easily pass their tests with 100% reliability, it's called "unplug the network firewall", and it's very simple to install, just reach behind your computer, find the ethernet cable, and pull it out. Viola! Perfect Score!

One thing that struck me about Windows Firewalls as compared to Unix firewalls is that Unix firewalls are focused on keeping malicious traffic out of your machine. Windows firewalls are designed to keep malicious traffic from getting out to the internet. In the end, it's no surprise that the results are a mixed bag, once your system is compromised you really can't expect these firewalls to save you. It's a lot like the antivirus market, where you have a constant arms race between the virus writers (do people write honest to goodness viruses anymore?) and the antivirus companies.

My final complaint is that programs like ZoneAlarm Pro are exceedingly resource hungry for what they do. ZoneAlarm takes over a minute to start on my fairly modern laptop, whereas everything else in the system takes about 30 seconds or so total. Why does a firewall need 24 MB of resident memory?

Re:

[maxume]

The big celebration around XPSP2 was that the firewall that prevents incoming connections actually works pretty well. The firewalls in this review are an extra layer of protection for people that aren't real interested in worrying about how much they trust every single program they run, and they help reduce the external impact of malware that gets installed on a computer -- they prevent those resources from being misused(or reduce the effect anyway). They aren't intended to save you from the virus, they are

Re:

[StonyUK]

Windows Defender installs something called 'Software Explorers' into your Control Panel that lets you browse information about programs that are connected to the networking layer (and those that are running or run on start up).

It also gives each process a rating based on how Microsoft rate the program - Permitted, Unknown etc, etc.

Re:

[maxume]

It's way over the top. I just want a simple little gui that lets me look at currently open connections and tells me a bit about them. Most firewalls have something built in, but I am being picky and don't want to have one installed/running.

Re:

[redtetrahedron]

I keep looking for a simple, light weight connection viewer, I don't care about popups and warnings and stuff, but it would be nice to be able to look at open connections if I think something is up. I'm sure there is something out there, I just haven't found it yet.

Try TcpView at http://www.sysinternals.com/ [sysinternals.com]

Re:

[maxume]

Yeah, that's it. Thanks a lot. Already had it sitting in a directory, thanks to the Sysinternals Suite.

Re:

[rcamera]

have you tried 'netstat -a' at command prompt?

Re:

[maxume]

Thanks, that's 90% there. Now I just need that in a simple gui that updates, so I can 'watch' instead of 'glimpse'.

Re:

[man_ls]

SysInternals makes a program called tcpviewer that does exactly what you want.

Re:

[robaal]

The free version of NetLimiter can show you that and will also monitor how much bandwidth applications use complete with day/week/month/year history.

Re:

[dwater]

> I mean I could have designed a firewall that would easily pass their tests with 100% reliability, it's called "unplug the network firewall", and it's very simple to install, just reach behind your computer, find the ethernet cable, and pull it out. Viola! Perfect Score!

> ...on my fairly modern laptop,

So, your laptop doesn't have wifi? How do you unplug a network that has no plug?

Not quite so easy, eh?

Router

[crossmr]

It might have been nice if they'd compared all of those to a handful of routers. Firewalls are great, but I think a lot of home networks now consist of at least 2 hosts. I'd be curious to see how they fair.

Re:Router - How would THAT help?

[ratboy666]

Sure, let's put a NAT router in there -- and how does that help with outbound connections? If, by default, it were not transparent, it would generally be returned as defective.

Ok, let's put a non-NAT router in there. If THAT isn't transparent by default, it would definitely be returned as defective.

So how DOES a router compare at all?

Now, if you obtained your router from your broadband supplier, port 25 outbound may be blocked (I've never seen this, but it IS possible). That may be acceptable. But try block

Re:

[crossmr]

Actually many routers have the ability to create firewall rules and filter various things, both inbound and outbound. Hence why it would have been useful to compare their abilities to the various firewalls.

Forget trojans here's the real threat to society

[tehcyder]

It might have been nice if they'd compared all of those to a handful of routers. Firewalls are great, but I think a lot of home networks now consist of at least 2 hosts. I'd be curious to see how they fair.

Fare.

Nothing but the best

[funked]

Comodo Personal Firewall 2.3.6.81 diapers for their outstanding level of anti-leak protection.

The Basic flaw in this testing method...

[DaveWick79]

...Is that the test fails to simulate the overall protective capability of the firewall. In order for the outbound traffic filter to be relevant, the offending software has to first get past the inbound protection as well as antivirus/antimalware protection that is resident on the machine. I think ZoneAlarm, AVG and others who provide a complete suite have a better solution than the best leak protection firewall out there, because in effect these programs never are allowed to execute in the first place.

Le

Matousec's business model

[bugnuts]

They have an "interesting" business model. Basically, they do voluntary security checking on software, then SELL the information for a set price. It comes with a not-so-veiled threat of releasing the information, although they do offer to sell the bugs to the vendor first.

On the surface, it looks like blackmail. "Nice firewall you got here, sure would hate to expose a hole in it..." But when you consider how much work is involved, it's more like being forced to hire these people for their results. Kind

detecting "test" programs

[digitaldoom]

The test programs imitate malware. If we don't detect them we are accused of being ineffective. If we do detect them we are accused of being overzealous. There's no way to win that battle. We detect them and note in any extended information exactly what their purpose is (if known).

--
http://www.moosoft.com/ [moosoft.com]

Virus from the ZIP

[Anonymous Coward]

Hahahaha... Mcafee reports the leaktests.zip on that site as being infected with Exploit-ghost... Quality.