[Test] 7 Personal Firewalls Security Test

By adelies
in General Discussion

 Share

Recommended Posts

Neowinian

adelies

Posted
Posted

Part 1. Introduction:

There are a lots of firewall software now, some are free, some aren't.

Due to many of us had been attacked by computer virus or Trojan horses, more and more people using this kind of software to protect their PC.

I did this silly test just to tell you that you should pay more attention

on your PC security if your computer has very important data inside, or if you are in charge with company/organization's network security. Because hackers can easily get into your computer with little effort, your PC is NOT safe with today's firewall programs.

Part 2. Original News:

The Register >>> http://www.theregister.co.uk/content/55/22788.html

Part 3. Programs used in this article:

1.FireHole.exe >>> http://keir.net/download/firehole.exe

2.LeakTest.exe >>> http://grc.com/files/LeakTest.exe

3.TooLeaky >>> http://tooleaky.zensoft.com/tooleaky.exe

Part 4. Programs tested in this article: (In alphabetical order)

1.BlackICE 2.9cai

2.LockDown Millennium 8.1 (Build 8.1.8)

3.Norton Personal Firewall 2002

4.Sygate Personal Firewall Pro 4.2

5.Tiny Personal Firewall 2.0.15a

6.ZoneAlarm Pro 2.6.357

Part 5. Test Environments:

1.First, I allow IE6.0 can pass the firewall. Because it will be

. meaningless if my computer can't use browser to access the

. Internet resources.

2.Set firewalls' security to maximum value, but must allow IE

. or other programs accessing WWW.

3.Read the program's allocated memory size from Windows's task.

. manager. Because the allocation size won't be the same every

. minute, these values are just approximations.

4.Each software is tested after install and reboot process.

. And is removed before installing next program.

Part 6. Test Results:

1. Agnitum Outpost Firewall 1.0.1102.1807 (Beta)

. (a) FireHole.exe >>> Firewall is useless

. (b) LeakTest.exe >>> Warning message appear/ Can block the program

. © TooLeaky.exe >>> Firewall is useless

. (d) Memory Size: OutPost.exe -> 5MB.

2. BlackICE 2.9cai

. (a) FireHole.exe >>> Firewall is useless

. (b) LeakTest.exe >>> Firewall is useless

. © TooLeaky.exe >>> Firewall is useless

. (d) Memory Size: Bkackd.exe -> 6MB, BlackICE.exe -> 4.5MB.

. (e) MISC: Change "Security Level" to "Paranoid".

3. LockDown Millennium 8.1 (Build 8.1.8)

. (a) FireHole.exe >>> Firewall is useless

...................... (Warning message appear, but can't block.)

. (b) LeakTest.exe >>> Firewall is useless

. © TooLeaky.exe >>> Firewall is useless

. (d) Memory Size:

..... Simple Mode -> 7MB,

..... Advanced Mode -> First Time 3.9MB,

...................... close it and run again -> 7.7MB.

..(e) MISC: Change security level to "High Security" in Advanced Mode.

..(f) Problem:

..... If you run program in "Advanced Mode" first time (startup),

..... then you close the program and run again, it will occupy another

..... 3MB memory.

..... If you run "Simple Mode" in second time, it becomes 10 MB.

..... Running program in "Advanced Mode" will leave some data or trash

..... inside your memory, and you can't flush them away.

4. Norton Personal Firewall 2002

..(a) FireHole.exe >>> Firewall is useless

..(b) LeakTest.exe >>> Warning message appear/ Can block the program

..© TooLeaky.exe >>> Firewall is useless

..(d) Memory Size:

..... NISServ.exe -> 4MB, NISum.exe -> 3MB, IAMAPP.exe -> 6.2MB,

..... SymProxySvc.exe -> 7MB.

..(e) MISC: Turn on "Alert Tracker" will need another 4.3MB memory size.

5. Sygate Personal Firewall Pro 4.2

. (a) FireHole.exe >>> Firewall is useless

. (b) LeakTest.exe >>> Warning message appear/ Can block the program

. © TooLeaky.exe >>> Firewall is useless

. (d) Memory Size: SMC.exe -> 7MB.

. (e) MISC: Change "Security Level" to "Normal Mode".

6. Tiny Personal Firewall 2.0.15a

. (a) FireHole.exe >>> Firewall is useless

. (b) LeakTest.exe >>> Warning message appear/ Can block the program

. © TooLeaky.exe >>> Firewall is useless

. (d) Memory Size:

..... Persfw.exe -> 5.5MB - 7MB at startup,

................... around 7MB when surfing WWW.

. (e) MISC: Change "Security Level" to "High".

7. ZoneAlarm Pro 2.6.357

. (a) FireHole.exe >>> Firewall is useless

. (b) LeakTest.exe >>> Warning message appear/ Can block the program

. © TooLeaky.exe >>> Firewall is useless

. (d) Memory Size: ZAPro.exe -> 7MB.

. (e) MISC: Change "Local and Internet Security Level" to "Maximum".

Part 7. Conclusion:

1.All programs in this test failed to block the first and third one.

. You must be wonder why you buy it if it is useless... :(

2.The main purpose of this test is to show you that your can't fully

. count on these personal firewalls to protect you from intrusions.

. Once you allow some programs accessing the network, programmers

. can make program "simulate" it and get permission to open the gate.

. Even you have installed some "Port Monitoring" software, if

. you don't check the log file line-by-line, hackers still can

. hide if their program only transfer little amount of data, and fast.

. The worst case is: you will be dead if the guy orders his Trojan

. to format your HD, delete files, etc. :(

Part 8. Relative WWW Link:

1.Gibson Research Corporation >>> http://grc.com/

2.Why your firewall sucks :-) >>> http://tooleaky.zensoft.com/

3.FireHole: How to bypass your personal firewall outbound detection

. >>> http://keir.net/firehole.html

Part 9. Add-on:

1.If you are using local network (Link between ADSL and Network Card

. included), FireHole.exe and LeakTest.exe will show you the message

. that they had successfully penetrated your firewall.

. I guess these two programs think they had successes if they can

. send message outside your computer, no matter it's local network or

. Internet.

. But TooLeaky.exe will transfer data to grc.com and wait for reply.

. So, if your network is broken, it will also fail the test.

. But this kind method is more accurate, but must insure the grc.com's

. server works normally.

2.Lally, a nice guy, tell me a funny things to show that most firewall

. program just only block the program by their names.

. Simple test:

. (a) Tiny Personal Firewall or others

. (b) Deny IE permission to access Internet.

. © Run 3rd Browser using IE core, like Netcaptor, and giving

..... permission when your firewall asks.

. (d) You will find you still can using the browser even it is using

..... IE core!!!

3.Thanks icecold (@ieXbeta Board) for telling me another good

. firewall program: Agnitum Outpost Firewall. I did the same test

. with the original 6 ones and add it inside. :)

4.It's welcome to post on other forum or e-mail it to friends with

. writer's name included (e.g.: adelies@Neowin.net Board). Thanks!

5. My English writing isn't well, and not familiar with network

. security issues either. Any comment is helpful and welcome!

Link to comment
Share on other sites
Grand Master

altezza Veteran

Posted
  • Veteran
Posted

A comprehensive and yet detailed firewall test report. I'd say that firewall software does not guarantee to protect any attacks from hackers. No matter how advance the firewall technology is, they still can break it. The firewall softwares were created only for detecting common attacks, but not eliminating the attack. It is still happen anytime anywhere in the world. Nice review anyway, adelies.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.