Poll
On Windows Vista I use
Blog
KIS 2010 (2009/06/25 09:54)
Kaspersky Internet Security 2010 is out. It comes with several new functions and various improvements. Among the noticeable new features, we can mention the Safe Run mode which enables the users to run new software in an isolated environment so that it can not harm the operating system or other applications. Another new features are the Game Mode – reducing alerts during playing games, and Kaspersky Toolbar for Internet browsers that warns about known dangerous websites. Read more in the official press release on Kaspersky Lab's website. We will schedule the testing of KIS 2010 as soon as possible.
Outpost Firewall Free 2009 (2009/04/27 12:47)
Very popular Outpost Firewall is now also available in a lightweight version called Outpost Firewall Free. The previous free version of Outpost Firewall was released in 2002 and its protection was outdated for several years. The new free version is based on the engine of the commercial version with some features removed. Outpost Firewall Free offers Firewall, Proactive host protection and Self protection features as the Pro version but it misses Anti-Spyware, Web control, Identity Protection features and Multi-language support. This product may quickly become a great alternative for the users that require free solutions.
Comodo Internet Security (2008/10/28 11:31)
A few days ago, Comodo Security Solutions, Inc. released new security products called Comodo Internet Security and Comodo Internet Security Pro. These are security suites that combine classic firewall, personal firewall and anti-virus features. Comodo Internet Security is completely free while Comodo Internet Security Pro includes paid services. For more information, visit the vendor's website.
Checkmark Desktop Firewall Certification and Rising Firewall (2008/10/20 08:22)
One of our visitors asked us a question about Rising Firewall passing Checkmark Desktop Firewall Certification. He asked how it was possible that Rising scored so bad in our tests while it was able to pass the certification by West Coast Labs. This blog post is about what Checkmark Desktop Firewall Certification really means and how it is related to Firewall Challenge testing.
On 27th September 2008, Beijing Rising International Software Co., Ltd. published the information that Rising Firewall won Checkmark Desktop Firewall Certification. According to West Coast Labs, the product must achieve an effective level of protection against hostile attacks from outside and prevent unauthorized local applications from accessing the local network. According to the mentioned press release of Rising:
The five shinning key features of this software that led to getting this certification are:
1. Multi-Account Management by the Firewall
The firewall provides two accounts: an administrator account and a user account. A function is provided by the firewall which enables the switch between the two accounts.
2. Trojan Identification Technology
Through heuristic virus scan technology, when a program is connected to the Internet, the Trojan scanner will scan the program.
3. IE Function Call Interception
As IE provides an open Com component call interface, it may be called by malicious programs. This function checks the program which needs to call the IE interface.
4. Anti-Phishing and Anti-Trojan Websites
The website provides a set of powerful and upgradeable blacklist rules, which contain a list of websites that are illegal, highly risky and/or highly hazardous. Using the blacklist rules, any access to the listed websites will be prohibited.
5. Module Test
The firewall can control access to the Internet by all modules. When an application accesses the Internet, the firewall will check the authorization of the module to see if approval has been given.
The key features 3. and 5. are interesting for us at the moment because these are tested in our Firewall Challenge project too. To answer the question of our visitor, we installed the latest version of Rising Firewall. It should be noted that there were some differences between our configuration and the configuration of the tested machine of West Coast Labs. Firstly, the certification test was made some time ago, so the version of Rising Firewall tested was 20.54.41. We installed the latest version available today, which was 20.66.40. Also the Checkmark test was done on Windows Vista Business Edition while we used Windows XP Professional Service Pack 3. Neither of these differences should affect the results because according to Rising website, their product fully supports Windows XP too and the new version should be at least as good as the older one.
To review the claimed protection we used some tests of our Security Software Testing Suite (SSTS), which is used in Firewall Challenge. According to the press release, Rising should be able to prevent misusing the COM interface of Internet Explorer components. This is exactly what Flank test is about. Then it should be able to prevent DLL injection in order to pass the Module Test – this is exactly what FireHole test is about. And according to the description of the certification, it should implement an effective protection in order to prevent unauthorized local applications from accessing the local network – this is what many leak-tests are about, we used AWFT1 and CopyCat just to verify the protection is implemented.
Rising Firewall passed FireHole test smoothly. A popup window appeared asking about an unknown module that FireHole injected to Internet Explorer's process. However, Rising Firewall failed Flank, AWFT1 and CopyCat tests. According to the press release, it should pass Flank at least. The reason why Rising failed Flank is simple. The protection implemented by Rising Firewall in order to intercept working with COM/OLE objects is based on user mode hooks, but the tests of SSTS are implemented to unhook the user mode hooks. It is well known fact that user mode hooks can not be used to implement security features safely because they can always be bypassed. Rising Firewall uses user mode hooks improperly and hence it does not work against Flank. When we run Flank with unhooking disabled, Rising was able to intercept its attack attempt. AWFT1 attempts to access the network indirectly – it injects its code into an instance of Internet Explorer that it creates. The injected code then access the network and returns the results to AWFT1 process, so that it seems that Internet Explorer accesses the network and not AWFT1. CopyCat also accesses the network indirectly but it uses another trick. It does not create a new instance of Internet Explorer but it injects its code directly to the existing Internet Explorer process. Note that any network-allowed process could be used by AWFT1 and CopyCat, not just Internet Explorer. Rising Firewall was not able to catch these attacks, which are well known for years and covered by many other software firewalls available on the market.
What do these results mean? The result of FireHole means that Rising passes the Module Test mentioned in the press release. Another test mentioned in the press release – IE Function Call Interception – was failed in our opinion, because the implementation using insecure user mode hooks does not really work since the attacker can choose whether to bypass the hooks or not. By certifying Rising Firewall, West Coast Labs said that it achieved an effective level of protection that prevents unauthorized local applications from accessing the local network, but the two basic tests we chose proved that this was not the case. This probably means that the methodology of West Coast Labs is incomplete in this part. SSTS is full of much more advanced tests that Rising Firewall does not pass either. From our point of view, Rising Firewall implements a basic protection that is partially based on unreliable user mode hooks and it is insufficient against the modern malware.
Firewall Challenge marked Rising Firewall as one of the worst products on the field because its protection is incomparable to the protection of its competitors such as Outpost Firewall Pro, Online Armor Personal Firewall, Comodo Firewall Pro, Privatefirewall, Kaspersky Internet Security, Netchina S3, ZoneAlarm Pro, PC Tools Firewall Plus and many many others. Giving you another point of view, you can now decide what Checkmark Desktop Firewall Certification means for a certified product and for you.
Online Armor version 3 (2008/10/09 14:44)
Tall Emu Pty Ltd released a new major version of their popular personal firewall. Online Armor Personal Firewall v3 comes with a great improvement that many people were waiting for – the support for Windows Vista.
Outpost Pro 2009 (2008/07/02 14:18)
Just a few hours ago, Agnitum Ltd. announced its new product line – Outpost Pro 2009. In the press release the vendor promises a better usability and performance and also a couple of new features – e.g. a protection against keyloggers. Just like you, we are curious how it will perform in Firewall Challenge.
ProSecurity is dead (2008/06/27 10:59)
Until proven otherwise, we mark ProSecurity as a dead project. We have not succeeded to contact its vendor for several months and its website is currently down. We advice all its users to switch to some other product.
Update (2008/06/28): The website of ProSecurity is redirected to http://www.rtdefender.com/. It explains the situation about ProSecurity with this message:
We have bought ProSecurity, the new name of ProSecurity will be Real-time Defender!
All registered users will get supports and free updates as before.
We Apologize for Any Inconvenience.
Real-time Defender Inc.
Firewall engines connections (2008/04/26 18:37)
During the update of our list of personal firewalls and HIPS for Windows we have gained some interesting information about the connections between several products. We have also identified a number of projects that were stopped.
The Firewall Challenge product list contains almost 90 product families but not all the products have their own engine. Let's have a look at the connections between the today's personal firewalls.
Starting from the most popular products, we should mention Comodo Firewall Pro. Its engine is used in products of The Shield family. We can find some information about this connection on Comodo's forum. The thread that comments The Shield products became very popular since some of Comodo users hardly stood the information about this connection.
Outpost Firewall Pro is another popular product, which engine was sold to be used in other firewalls. Since November 2005 Lavasoft Personal Firewall has been using the Outpost's engine. Agnitum published the information about this connection on its website. The connection between Outpost Firewall Pro and Lavasoft Personal Firewall is well known. Much less known is the connection between Outpost and two other security products – BullGuard Internet Security and Quick Heal products. BullGuard uses only one component of the Outpost's engine, hence it offers much weaker protection than Outpost Firewall Pro. The information about these two connections can be found in two Agnitum's news – "Agnitum licenses Outpost firewall technology to Bullguard and CAT" and "Agnitum extends global technology license for Outpost firewall and security suite".
Privatefirewall has also become a popular security product with solid firewall engine. Not many people know that it is the Privatefirewall's engine that runs in Webroot Desktop Firewall.
One of the most widespread engines among the personal firewall products is the one of Filseclab Personal Firewall. Although this engine is not being developed anymore, it is the base of Antechinus product line, Omniquad product line and also XMicro product line.
The engine of AVG Internet Security is the base of Steganos Internet Security. This connection has been published in the announcement on Steganos' website.
The last connection we have revealed so far is the connection between Securepoint Personal Firewall and Škoda Firewall, which used Securepoint's engine. However, Škoda Firewall is a dead project today and Securepoint Personal Firewall is not very popular too.
We have also found that the following products are not under development, not supported or do not exist anymore:
- 1-ACT Personal Firewall
- Adorons Firewall
- BitGuard Personal Firewall
- BlackICE PC Protection
- eTrust EZ Firewall
- Freedom Firewall
- GateSweeper
- Hurricanesoft Personal Firewall
- Neoava Guard
- Sphinx x-Wall
- Sygate Personal Firewall
- Škoda Firewall
- TheGreenBow Personal Firewall
- WyvernWorks Firewall
There are many other firewall projects that are dead or not updated anymore but their websites still exist and their status can not be easily determined.
Are you aware of any connections between personal firewalls that we do not know about? Have we missed any dead project? Then please contact us and share your information with us and our visitors.
Comodo Firewall Pro 3 (2007/11/21 20:14)
Comodo Group released a new stable version of their popular security product – Comodo Firewall Pro 3. According to Comodo, version 3 is a completely new security solution with many new features and additions and can not be simply compared to older 2.x versions. For a full list, see Comodo Firewall Pro - Features and Benefits. Version 3 runs on 32bit and 64bit versions of Windows XP and Windows Vista. And as usual for Comodo software, this product is absolutely free.
ESET Smart Security (2007/11/06 20:40)
ESET, the vendor of the well known anti-virus software NOD32, launched their new product called ESET Smart Security. It consists of four basic components: Antivirus, Antispyware, Antispam and (most importantly) Personal firewall. The suggested retail price for an individual user license is 59.99 USD. ESET Smart Security runs on both 32 and 64bit platforms and is compatible with Windows 2000, XP and Vista.