Matousec - Articles

Firewall engines connections

2008-04-26T18:37:32Z

During the update of our list of personal firewalls and HIPS for Windows we have gained some interesting information about the connections between several products. We have also identified a number of projects that were stopped.

Interview with David

2008-02-26T11:47:17Z

David was asked to answer some questions for Security Teacher. If you are interested in his answers to general questions about our group, Internet security and research, just follow the link.

Plague in (security) software drivers

2007-09-18T18:00:22Z

During our security analyses of personal firewalls and other security-related software that uses SSDT hooking, we found out that many vendors simply do not implement the hooks in a proper way. This allows local Denial of Service by unprivileged users or even privilege escalations exploits to be created. 100% of tested personal firewalls that implement SSDT hooks do or did suffer from this vulnerability! This article reviews the results of our testing and describes how a proper SSDT hook handler should be implemented. We also introduce BSODhook – a handy tool for every developer that deals with SSDT hooks and a possible cure for the plague in today's Windows drivers world.

Introduction to Firewall Leak-testing

2006-11-25T16:10:26Z

This article covers the basics of Firewall Leak-testing. If you do not know what leak-tests are, or why your firewall should be able to stop them, we recommend you to read this article. More skilled readers may be interested in the information about leak-testing techniques and/or in the list of currently available leak-testing software with download links.

Comparison of top five personal firewalls

2006-10-31T13:15:02Z

This article is a final report of the first phase of Windows Personal Firewall Analysis project. It is based on our analyses of these five personal firewalls: ZoneAlarm, Kerio, Norton, BlackICE and Outpost. You can find a brief comparison of these products not only from the security point of view in this article. We also mention responses from product vendors and reactions we have received from end users.

ICMP blocking, bad idea or security improvement?

2006-07-19T00:00:00Z

Are you invisible to hackers on the Internet? Do your personal firewall hides your computer on the network? Many personal firewalls implement features that hide your computer on the network. You may wonder how this works but have you ever thought about what is this feature good for?

More about personal firewalls

2006-07-12T00:00:00Z

What is a personal firewall? Do I need a personal firewall? Do I need it if I already have an antivirus installed? Which personal firewall is the best and how do I recognize a bad personal firewall? What are the main tasks of a personal firewall? How about personal firewalls and non-Windows systems? In the following article you can find lot of information about personal firewalls and also answers on these questions. In short we can say that personal firewalls are very sophisticated software and we do recommend users to use them but we also recommend to choose the final product very carefully.

Design of ideal personal firewall

2006-07-01T00:00:00Z

The article describes the design of the ideal Windows personal firewall from programmers point of view. First of all the ideal personal firewall is secure. So, this article is about secure design leaving other features like easy of use in the background. At first we say something about the common concept of personal firewalls and then we show important rules for the security design of personal firewall that should be respected during the development of Windows personal firewalls. During our analyses we examine whether those below mentioned rules, that are important for the security, are respected by tested products. In the following article we often use a term 'firewall' but we always mean 'Windows personal firewall'.