B
BillR
An interesting follow-up article by PC Flank in August 2003: test 24
firewalls with 8 leak tests. Note that default configurations were
used. (See 1. below).
PC Flank also tested 10 firewalls for "stealthed" ports in August 2002
(See 2. below).
1. Personal Firewalls vs. Leak Tests: Part II: "Leak Tests Win Again!"
August 7, 2003
http://www.pcflank.com/art41a.htm
(Site excerpts - Google translation)
..... 24 personal firewalls were pitted against 8 leak tests. All
firewalls were tested with their default configuration right after
install. We realize that some firewalls can pass some tests after
being reconfigured, but we believe that, since most rookie users do
not change default settings, "out of box" tests are more telling.
The leak tests we used are: TooLeaky, Thermite, LeakTest, CopyCat,
FireHole, pcAudit, Atelier Web Firewall Tester [6 tests], TooLeaky,
and YALTA.
Most of these leak tests act as a Trojan trying to send out
information from the user's PC to a remote computer bypassing all
firewall filters.
(excerpts from http://www.pcflank.com/art41c.htm)
Best Performers
.....
Outpost Firewall Pro 2.0.226
....version 2.0 is rock-solid....
Its new Component Control feature enables Outpost Pro to pass most of
the leak tests without extra configuring. All you need to do is block
suspicious DLLs when Outpost 2.0 reports them.
[Development version is supposed to block all tests.]....
Look'n'Stop 2.0.4
The winner of our previous tests proved its high rating again this
year. However, it failed [several tests].... [Developer says beta
version passses all but one test.]
Other firewalls
The other firewalls, such as Sygate and ZoneAlarm Pro, can do much
better if properly configured. So users of ZoneAlarm Pro/Plus should
enable the "High" level of control to pass more tests.
.....
Each firewall was given a point for each passed Leak test (including 6
separate tests of AWFT) and here are the standings [from August 2003]:
Firewall Points [17 possible; 10 from AWFT]
Outpost Firewall Pro 2.0.226 11 [AWFT 10]
Look'n'Stop 2.0.4 7 [AWFT 2]
EZ Firewall 3.7.179 5 [All others received AWFT 0 or
1]
Norman Personal Firewall 1.3 5
pcInternet Patrol 2.0.1.1 5
ZoneAlarm Free 3.7 5 <---
Kerio 2.1.5 4 <---
McAfee Firewall for WinXP 8.0 4
Outpost Free 1.0.1817 4 <---
Steganos Online Shield 1.52 4
Kaspersky Anti-Hacker 1.0 3
McAfee Firewall Plus 4.1 3
Sygate Pro 5.1.1615 3
Sygate Firewall 5.0.1175 3 <---
Tiny Firewall 4.5 3 <---
ZoneAlarm Pro & Plus 4.0.123.012 3
Tiny Firewall 4.5 3 [sic]
Norton Firewall 6.0.2.25 2
NIS Pro 6.0.2.23 2
TGB BOB 2
BlackIce 1
PrivateFirewall 3.0 1
GIS TermiNET XP Firewall 1.82.043 0
SecureUp Personal Firewall 2.0 0
Look'n'Stop Light 1.0.4 0 <---
VisNetic Firewall 2.0 0
["<---" added to designate free/free for personal use/etc. versions.
I'm sure someone will correct me if my memory failed me.]
According to these results, most firewalls are not protecting their
users against hacking techniques. However, some of the top firewalls,
such as ZoneAlarm and Sygate, will score better if you specifically
reconfigure them. We do not know the reason those developers did not
apply those settings by default. Perhaps they suppose those settings
can limit the user's activities on the Internet. However, without
those settings, their users are at a much higher risk!
What is even more serious is that none of the tested products can pass
all leaks tests even after reconfiguration. The leak tests won the
battle again. We hope the next one goes to the firewall developers.
-----
2. Personal firewalls vs. Stealth Test, part II (August 12, 2002)
http://www.pcflank.com/art27.htm
(Site excerpts - NB August 2002)
..... The "stealthed" system .... is harder for intruders to "detect"
.... and thus far harder to attack. ...[W]e should not overrate it, but
it is the first barrier made by firewall to stop intruders and it is
better if this barrier works.
The Stealth test uses five scanning techniques: TCP ping, TCP NULL
scanning, TCP FIN scanning, TCP XMAS scanning and UDP scanning....
.....
Then after the test each firewall was given a point for each
"stealthed" result, and here are the standings [from August 2002]:
Firewall Points
Kerio 5
Look'n'Stop Pro and Lite 5
McAfee 5
Outpost 5
Sygate 5
Tiny 5
ZoneAlarm Pro and Plus 5
Deerfield 2
Norman personal firewall 0
Norton personal firewall 0
firewalls with 8 leak tests. Note that default configurations were
used. (See 1. below).
PC Flank also tested 10 firewalls for "stealthed" ports in August 2002
(See 2. below).
1. Personal Firewalls vs. Leak Tests: Part II: "Leak Tests Win Again!"
August 7, 2003
http://www.pcflank.com/art41a.htm
(Site excerpts - Google translation)
..... 24 personal firewalls were pitted against 8 leak tests. All
firewalls were tested with their default configuration right after
install. We realize that some firewalls can pass some tests after
being reconfigured, but we believe that, since most rookie users do
not change default settings, "out of box" tests are more telling.
The leak tests we used are: TooLeaky, Thermite, LeakTest, CopyCat,
FireHole, pcAudit, Atelier Web Firewall Tester [6 tests], TooLeaky,
and YALTA.
Most of these leak tests act as a Trojan trying to send out
information from the user's PC to a remote computer bypassing all
firewall filters.
(excerpts from http://www.pcflank.com/art41c.htm)
Best Performers
.....
Outpost Firewall Pro 2.0.226
....version 2.0 is rock-solid....
Its new Component Control feature enables Outpost Pro to pass most of
the leak tests without extra configuring. All you need to do is block
suspicious DLLs when Outpost 2.0 reports them.
[Development version is supposed to block all tests.]....
Look'n'Stop 2.0.4
The winner of our previous tests proved its high rating again this
year. However, it failed [several tests].... [Developer says beta
version passses all but one test.]
Other firewalls
The other firewalls, such as Sygate and ZoneAlarm Pro, can do much
better if properly configured. So users of ZoneAlarm Pro/Plus should
enable the "High" level of control to pass more tests.
.....
Each firewall was given a point for each passed Leak test (including 6
separate tests of AWFT) and here are the standings [from August 2003]:
Firewall Points [17 possible; 10 from AWFT]
Outpost Firewall Pro 2.0.226 11 [AWFT 10]
Look'n'Stop 2.0.4 7 [AWFT 2]
EZ Firewall 3.7.179 5 [All others received AWFT 0 or
1]
Norman Personal Firewall 1.3 5
pcInternet Patrol 2.0.1.1 5
ZoneAlarm Free 3.7 5 <---
Kerio 2.1.5 4 <---
McAfee Firewall for WinXP 8.0 4
Outpost Free 1.0.1817 4 <---
Steganos Online Shield 1.52 4
Kaspersky Anti-Hacker 1.0 3
McAfee Firewall Plus 4.1 3
Sygate Pro 5.1.1615 3
Sygate Firewall 5.0.1175 3 <---
Tiny Firewall 4.5 3 <---
ZoneAlarm Pro & Plus 4.0.123.012 3
Tiny Firewall 4.5 3 [sic]
Norton Firewall 6.0.2.25 2
NIS Pro 6.0.2.23 2
TGB BOB 2
BlackIce 1
PrivateFirewall 3.0 1
GIS TermiNET XP Firewall 1.82.043 0
SecureUp Personal Firewall 2.0 0
Look'n'Stop Light 1.0.4 0 <---
VisNetic Firewall 2.0 0
["<---" added to designate free/free for personal use/etc. versions.
I'm sure someone will correct me if my memory failed me.]
According to these results, most firewalls are not protecting their
users against hacking techniques. However, some of the top firewalls,
such as ZoneAlarm and Sygate, will score better if you specifically
reconfigure them. We do not know the reason those developers did not
apply those settings by default. Perhaps they suppose those settings
can limit the user's activities on the Internet. However, without
those settings, their users are at a much higher risk!
What is even more serious is that none of the tested products can pass
all leaks tests even after reconfiguration. The leak tests won the
battle again. We hope the next one goes to the firewall developers.
-----
2. Personal firewalls vs. Stealth Test, part II (August 12, 2002)
http://www.pcflank.com/art27.htm
(Site excerpts - NB August 2002)
..... The "stealthed" system .... is harder for intruders to "detect"
.... and thus far harder to attack. ...[W]e should not overrate it, but
it is the first barrier made by firewall to stop intruders and it is
better if this barrier works.
The Stealth test uses five scanning techniques: TCP ping, TCP NULL
scanning, TCP FIN scanning, TCP XMAS scanning and UDP scanning....
.....
Then after the test each firewall was given a point for each
"stealthed" result, and here are the standings [from August 2002]:
Firewall Points
Kerio 5
Look'n'Stop Pro and Lite 5
McAfee 5
Outpost 5
Sygate 5
Tiny 5
ZoneAlarm Pro and Plus 5
Deerfield 2
Norman personal firewall 0
Norton personal firewall 0