Matousec - Blog

Do not use GRC's LeakTest

2010-02-17T13:37:52Z

During the last few weeks, we have received a couple of emails concerning the security of PC Tools Firewall Plus. Our visitors ask us, how is it possible that PC Tools Firewall Plus is rated highly in Proactive Security Challenge when it is not able to block the very simple GRC's LeakTest, a tiny testing program that was written many years ago. Regardless the configuration of PC Tools Firewall Plus, clicking Test For Leaks button in GRC's LeakTest leads to the big red Firewall Penetrated! alert.

Being that a repetitive question, we have decided to analyze the situation. We found out that GRC's LeakTest is just a poorly written program that suffers from reporting false results in some cases, especially in case of PC Tools Firewall Plus. Why is PC Tools Firewall Plus so special compared to others in a way it does not pass GRC's LeakTest even if the user uses the block button in PC Tools Firewall Plus's alert? In case of most products on the market, when the action of outbound connection is blocked, the product cuts the connection completely and report an error message to the offending application. For example if a web browser is blocked, it reports some kind of connection failure message to the user. PC Tools Firewall Plus, however, does not do it that way. Its developers implemented it in a way that might be considered as more polite to the end user. If the connection is blocked on the machine via PC Tools Firewall Plus, it seems to the application as if the connection was successful and then any attempt to read the data from the server leads to reception of an informative message that explains that the connection was blocked by PC Tools Firewall Plus and also explains what to do to allow the blocked application to connect in case it was not the real user's intention to block it. So, if the user accidentally blocked the legitimate browser application, they will see the informative message and will have no problem to fix the situation. This may be considered as a better approach compared to the situation when the default error message is shown to the user, which is also displayed in case of many other error situations including the target server failure, network failure etc.

The problem with GRC's LeakTest is that it does not verify that it connected to the target server. No proper verification is done and since it is able to read some data it suppose the firewall was penetrated while in fact it is just a message from PC Tools Firewall Plus.

Testing programs are important tools for developers, testers and users, but they should never be blindly trusted. Unlike GRC's LeakTest, our tests in Security Software Testing Suite are designed to always verify and provide proves of the reported results if possible and even then our testers never blindly rely on the test's output.

New versions of ZoneAlarm and PC Tools

2009-09-02T14:12:34Z

PC Tools Firewall Plus 6 has been released. The new version should come with Windows 7 support and significant improvements of application protection module. We will test the new version in our next Proactive Security Challenge update.

Also new versions of ZoneAlarm products have been released recently. The 2010 series newly supports Windows 7. In our security testing project, we will replace ZoneAlarm Pro with ZoneAlarm Extreme Security to get the best ZoneAlarm products can offer. The new version will be tested soon.

Privatefirewall goes free!

2009-07-30T18:36:24Z

A great news for all fans of Privatefirewall has been announced by its vendor PWI, Inc. Since Privatefirewall 6.1.20.24 (the latest version at the time of this announcement), the whole product is free of charge, without any limitations. Also, the new version is ready for Windows 7. Other related products of PWI, Inc. including DSA (free product with only a part of the functionality provided by Privatefirewall) have been discontinued.

Outpost 6.7

2009-07-23T13:08:57Z

Agnitum Ltd. released new versions of their Outpost products. Even if this is not a major release, 6.7 series might be interesting for many because of its support of Microsoft's new operating system Windows 7, which final version should be available in autumn this year. Another interesting improvement in new Outpost is that the content filtering is now fully compatible with P2P clients and rich-media websites.

KIS 2010

2009-06-25T09:54:49Z

Kaspersky Internet Security 2010 is out. It comes with several new functions and various improvements. Among the noticeable new features, we can mention the Safe Run mode which enables the users to run new software in an isolated environment so that it can not harm the operating system or other applications. Another new features are the Game Mode – reducing alerts during playing games, and Kaspersky Toolbar for Internet browsers that warns about known dangerous websites. Read more in the official press release on Kaspersky Lab's website. We will schedule the testing of KIS 2010 as soon as possible.

Outpost Firewall Free 2009

2009-04-27T12:47:36Z

Very popular Outpost Firewall is now also available in a lightweight version called Outpost Firewall Free. The previous free version of Outpost Firewall was released in 2002 and its protection was outdated for several years. The new free version is based on the engine of the commercial version with some features removed. Outpost Firewall Free offers Firewall, Proactive host protection and Self protection features as the Pro version but it misses Anti-Spyware, Web control, Identity Protection features and Multi-language support. This product may quickly become a great alternative for the users that require free solutions.

Comodo Internet Security

2008-10-28T11:31:27Z

A few days ago, Comodo Security Solutions, Inc. released new security products called Comodo Internet Security and Comodo Internet Security Pro. These are security suites that combine classic firewall, personal firewall and anti-virus features. Comodo Internet Security is completely free while Comodo Internet Security Pro includes paid services. For more information, visit the vendor's website.

Checkmark Desktop Firewall Certification and Rising Firewall

2008-10-20T08:22:53Z

One of our visitors asked us a question about Rising Firewall passing Checkmark Desktop Firewall Certification. He asked how it was possible that Rising scored so bad in our tests while it was able to pass the certification by West Coast Labs. This blog post is about what Checkmark Desktop Firewall Certification really means and how it is related to Firewall Challenge testing.