matousec.com (site map)

Poll

Should software vendors reward independent researchers for finding vulnerabilities in their software?

  Yes, by money and credit. (76.28%)

  Yes, by credit only. (12.09%)

  No. (8.37%)

  Yes, by money only. (1.74%)

  Other answer. (1.51%)

more

results

News

Leak-tests winners, new tests and the future (2007/11/02 19:46)

Today, we have closed the testing with the old set of leak-tests. There were many reasons that led us to think about recoding all leak-tests from the scratch, and another good reason appeared today. What is the future of leak-testing and other kinds of testing and of Matousec group?

Two vendors of personal firewalls asked us to perform extra testing of the latest versions of their products. We have satisfied these requests and as a result we have two new champions in anti-leak protection. Online Armor Personal Firewall 2.1.0.19 Free and Outpost Firewall Pro 2008 6.0.2162.205.402.266 are perfect against the current set of leak-testing programs and pass them all on their default settings. We believe that it is also a result of our work that these products were improved to their today's quality. The results of the tests are available on the Leak-tests results page as usual.

Having two products that are perfect against leak-tests is quite a good reason to come with new tests. But there are much stronger reasons to do so. Firstly, many of the tests do not work properly on their own. When we want to test a personal firewall properly against such tests, we have to hack them to get correct results. For example, some of the tests rely on Internet servers that do not exist anymore and so we have to simulate these servers when we perform these tests. Other tests are not able to clearly show the testing results. There are many more problems with the whole set. So, to make the leak-testing easier, faster and more reliable, we have decided to recode the tests from scratch, to remove duplicate methods, and possibly to add some new methods.

However, leak-tests are, and will always be, tests that do not fully reflect the quality of personal firewalls. Our group provided deeper tests and reviews of some of the most popular personal firewalls and similar solutions. Based on our results we have established partnerships with several vendors of personal firewalls and other security software. In the last 12 months we have provided commercial and non-commercial research, consultations and independent testing to top companies that develop desktop security products for Windows platforms. This is how we have silently contributed to the security of products used by millions, maybe even you. Currently, we have more commercial orders than we can handle and this affects our non-commercial activities such as public analyses of more firewall products. Although we are out of human resources, this does not mean we will not continue in our non-commercial activities, it just means that a progress in such projects will not be as fast as we want.

Archive