Home > Projects > Firewall Challenge

Firewall Challenge

• Introduction
• Results and comments
• Testing levels
• List of products
• My leaks
• Frequently asked questions

Introduction

Contents:

• Latest news
• History and introduction
• Methodology and rules
• How you can help us
• For vendors
• News archive

Latest news

• 2008-11-07: Several improvements have been implemented. For the full list see Major changes in Firewall Challenge and the changelog of Security Software Testing Suite. Firewall Challenge now contains 84 tests.
• 2008-10-14: New results have been published for:
  • ESET Smart Security 3.0.672.0
  • Trend Micro Internet Security Pro 17.0.1224

  Neither of these two products can be recommended if we consider Firewall Challenge results. ESET Smart Security failed totally with 4% final score, which is one of the worst results we have seen so far. Trend Micro Internet Security Pro scored much better, but it finished with the same score as its previously tested version, which means 27%.

• 2008-09-28: New results have been published for:
  • BitDefender Internet Security 2009 12.0.10.2
  • McAfee Internet Security 2009 10.0.209
  • ZoneAlarm Pro 2009 8.0.020.000

  Among the 2009 solutions we have tested today, only ZoneAlarm Pro is worth mentioning. Its previously tested version 7 scored only 63% (against 62 tests). The new version has been improved so that it passed all the levels with the final score of 86%, which is a Very good result.

  BitDefender Internet Security 2009 and McAfee Internet Security 2009 failed in the tests completely. BitDefender 2008 scored 4% (against 70 tests) and its 2009 version scored 7% (against 73 tests) remaining on None Protection level. McAfee version 2009 finished with the final score of 12% (against 73 tests), its previously tested version scored 6% (against 70 tests).

History and introduction

Firewall Challenge is a project that replaces our older project Window Personal Firewall Analysis and its subproject Leak-testing. As a part of Window Personal Firewall Analysis project we have deeply analysed security products but we found out soon that such a testing was extremely time consuming. It was not possible to test as many products as we wanted to. On the other hand, Leak-testing seemed to be a very easy way how to test many products in reasonable time. However, Leak-testing is not able to cover many of the important features of the desktop security products. We have decided to combine the simplicity and effectivity of Leak-testing with the scope of our deeper analyses and created this project – Firewall Challenge.

This project examines personal firewalls, Internet security suites and other similar products for Windows OS that implement process-based security. We call all such products personal firewalls. In our opinion, personal firewalls should prevent spying and data and identity theft. So, we require personal firewalls to include host protection features too. The list of personal firewalls we are aware of is available on the product list page. We know that our terminology may be in conflict with the common understanding of what the firewalls are. To distinguish between personal firewalls and firewalls in the common sense, we call the later packet filters. A typical example of a packet filter is WIPFW. Most of the personal firewalls include a packet filter component. Simple packet filters are not worse than personal firewalls, they are just different kind of software – for different kind of users. This project does not examine stand-alone packet filters.

Methodology and rules

The tested firewalls are installed on Windows XP Service Pack 2 with Internet Explorer 6.0 set as the default browser. The products are configured to their highest usable security settings and tested with this configuration only. We define the highest security settings as settings that the user is able to set without advanced knowledge of the operating system. This means that the user, with the skills and knowledge we assume, is able to go through all forms of the graphic user interface of the product and enable or disable or choose among several therein given options, but is not able to think out names of devices, directories, files, registry entries etc. to add to some table of protected objects manually.

There are several testing levels in Firewall Challenge. Each level contains a selected set of tests and it also contains a score limit that is necessary to pass this level. All products are tested with the level 1 set of tests. Those products that reach the score limit of level 1 and thus pass this level will be tested in level 2 and so on until they reach the highest level or until they fail a limit of some level.

Most of the tests are part of Security Software Testing Suite, which is a set of small tests that are all available with source codes. Using this open suite makes the testing transparent as much as possible. For each test the tested firewall can get a score between 0% and 100%. Many of the tests can be simply passed or failed only and so the firewall can get 0% or 100% score only. A few tests have two different levels of failure, so there is a possibility to get 50% score from them. The rest of the tests have their specific scoring mapped between 0% and 100%. It should be noted that the testing programs are not perfect and in many cases they use methods, that are not reliable on 100%, to recognize whether the tested system passes or failed the test. This means that it might happen that the testing program reports that the tested system passed the test even if it failed, this is called a false positive result. The official result of the test is always set by an experienced human tester in order to filter false results. The opposite situations of false negative results should be rare but are also eliminated by the tester.

To be able to make right decisions in disputable situations, we define the test types. Every test has some defined type. Tests of the same type always attempt to achieve the same goal. Here is a list of the defined types and their goals:

• General bypassing test: These tests are designed to bypass the protection of the tested product generally, they do not target a specific component or feature. This is why they attempt to perform various privileged actions to verify that the protection was bypassed. These tests succeed if at least one of the privileged action succeeds. Like the termination tests, general bypassing tests can not be used without modifying the configuration file.
• Leak-test: Leak-tests attempt to send data to the Internet server, this is called leaking. Most of the leak-tests from Security Software Testing Suite are configured to use a script on our website that logs leaks to our database by default. For such tests, you can use My leaks page to see whether the test was able to transmit the data. For leak-tests that do not use this script, we use a packet sniffer in unclear situations.
• Performance test: Performance tests measure impacts of using the tested product on the system performance. The measured values provided by the tests on the system with the tested product installed are compared to the values measured on the clean machine. Every software affects the system performance at least a little bit. To give products a chance to score 100% in these tests, we usually define some level of tolerance here. This means that if the performance is affected only a bit, the product may score 100%.
• Spying test: These tests attempt to spy on users' input or data. Keyloggers and packet sniffers are typical examples of spying tests. Every piece of the data they obtain is searched for a pattern, which is defined in the configuration file. These tests usually succeed if the given pattern has been found.
• Termination test: These tests attempt to terminate or somehow damage processes, or their parts, of the tested product. The termination test usually succeeds if at least one of the target processes, or at least one of their parts, was terminated or damaged. All the termination tests from our suite must be configured properly using the configuration file before they can be used for tests.
• Other: Tests that do not fit any of the previously defined types are of this type. These tests, for example, may check stability or reliability of the tested product.

All tests are equal to the intent that their scores are not weighted by their level or something else. The total score of the tested product is counted as follows. For all tests in all levels that the product did not reach, the product's score is 0%. For all other tests the score is determined by the testing. The total score of the product is a sum of the scores of all tests divided by the number of all tests and rounded to a whole number. It may happen that a new test is added to Firewall Challenge when some products already has their results. In such case, the result for already tested product is set to N/A for this new test, which means that it is not counted for this product and does not affect its score or level passing. Neither the number of the tests, nor the number of levels is final. We intend to create new tests in the future. We are also open to your ideas of new testing techniques or even complete tests.

Products for testing are selected from those that were requested for tests by their vendors or often suggested for tests by our visitors, more times than other products. If there are no such products, we will select products for tests ourselves, preferentially taking products that have not been tested at all yet and have a real chance to succeed in our tests. Every vendor has a right for its product to be tested in Firewall Challenge for free two times in six months period and this right is valid only for stable and publicly available versions of the products. If a vendor offers more than one product it still has a right of only two free tests per six months. Moreover, next free testing of a product will be performed no sooner than one month after the last free testing. This rule should prevent vendors from using Firewall Challenge testing as a free beta testing service. The exception from this rule is for vendors that offer two versions of the same product, from which one is available free of charge and the other one is a commercial version with some extra functionality and these version are likely to have different results in Firewall Challenge. The second and the last exception from this rule is for vendors that offer a product with an antivirus engine and mark any of the tests of Security Software Testing Suite as a virus, an infected code, an unwanted or malicious application, or offend any part of the suite directly using pattern recognitions or any other form of blacklisting. We have experienced such a behaviour in the past in case of leak-tests, this approach deceives the users of such antivirus engines and make the testing more difficult for us. The vendors who offend the testing suite have no right for free testing at all but can still request a paid testing.

Every vendor has a right to request a paid Firewall Challenge testing, in which case its product will be tested in all levels regardless the results on each of the levels. After the vendor receives the results of the paid testing, it can either keep them private or request their publishing on our website, but such a request will be satisfied only if the previously published results for the tested product, if any, are at least one month old and if the tested version is stable and publicly available. There are no limits of the frequency of the paid tests.

How you can help us

Do you enjoy Firewall Challenge? Do you want to help us but you do not consider yourself to be a security expert? Still you can help us! If you intend to buy a security software, you may be interested to buy one of the products we recommend in Firewall Challenge. Have a look at Firewalls' ratings on the results page. The Recommendation column in the table contains links to the online stores or products' webpages of the vendors that we have affiliate agreements with. If you click on any of these links and then buy the target product or other product offered on the target webpage, we will profit from it. So, if you are going to buy a personal firewall or a similar security software and you like our projects, you can help us! Even if you have the licence already, we can profit if you prolong the licence after you visit the vendor's website through our recommendation links. Thank you!

The rules for the recommended products are simple. The first condition is that the product's Protection level is at least Very good, which means that its final score is at least 80%. The second condition is that we have an agreement with its vendor. In case of free products, we need at least a consent of the product's vendor. It is important to note that if the recommended product is retested and does not reach the 80% limit, it will not be recommended any more, at least not until the next retesting.

For vendors

We provide various services to vendors of personal firewalls and similar security software. Besides the above mentioned paid Firewall Challenge testing, we provide commercial testing based on the original methodology for advanced analyses. We also offer consulting services and research related to Windows internals, implementation of security software, design of security software and malware analyses. Get more information about the services we offer.

News archive

• 2008-11-07: Several improvements have been implemented. For the full list see Major changes in Firewall Challenge and the changelog of Security Software Testing Suite. Firewall Challenge now contains 84 tests.
• 2008-10-14: New results have been published for:
  • ESET Smart Security 3.0.672.0
  • Trend Micro Internet Security Pro 17.0.1224

  Neither of these two products can be recommended if we consider Firewall Challenge results. ESET Smart Security failed totally and with 4%, which is one of the worst results we have seen so far. Trend Micro Internet Security Pro scored much better, but it finished with the same score as its previously tested version, which means 27%.

• 2008-09-28: New results have been published for:
  • BitDefender Internet Security 2009 12.0.10.2
  • McAfee Internet Security 2009 10.0.209
  • ZoneAlarm Pro 2009 8.0.020.000

  Among the 2009 solutions we have tested today, only ZoneAlarm Pro is worth mentioning. Its previously tested version 7 scored only 63% (against 62 tests). The new version has been improved so that it passed all the levels with the final score of 86%, which is a Very good result.

  BitDefender Internet Security 2009 and McAfee Internet Security 2009 failed in the tests completely. BitDefender 2008 scored 4% (against 70 tests) and its 2009 version scored 7% (against 73 tests) remaining on None Protection level. McAfee version 2009 finished with the final score of 12% (against 73 tests), its previously tested version scored 6% (against 70 tests).

• 2008-09-15: A single product update:
  • Norton Internet Security 2009 16.0.0.125

  The new version of Norton Internet Security is out. Its improvements are noticeable. While the previous version scored Very Poor 32% (against 62 tests), the new version comes with Good protection level and final score of 71% (against 73 tests).

• 2008-09-11: A single product update:
  • Kaspersky Internet Security 2009 8.0.0.454

  We have received many requests to test the new version of KIS. Finally, we have the results. Its previous version tested against 62 tests scored 85%. The new version scored 87% against 73 tests, which is slightly better result, and it is still a Very good protection level.

• 2008-09-05: A new response from PC Tools Pty Ltd, the vendor of PC Tools Firewall Plus, has been added.
• 2008-09-05: New results have been published for:
  • Netchina S3 2008 3.5.5.1
  • PC Tools Firewall Plus 4.0.0.45

  Both products were tested on requests of their vendors. PC Tools Firewall Plus passed all testing levels and finished with 85% score. Netchina S3 is new to FWC but its results are better than of many well established products. It scored a Very good result of 86%. Netchina is a new product that needs to mature before it is suitable for common users, but its protection is solid and future versions might be excellent products. Both these products are free.

• 2008-08-29: New results have been published for:
  • Comodo Firewall Pro 2.4.18.184
  • Rising Personal Firewall 2008 20.59.10

  We have decided to test these two products after we received many requests to test them from our visitors. Users of Windows 2000 asked us to test the old version Comodo Firewall Pro because the new version 3 is not compatible with Windows 2000. Comodo Firewall Pro version 2 scored 55%, which is marked as Poor level of protection, but it is not a bad result if we consider that this version is quite old. Yet still we suggest to switch to another product if you are a user of Windows 2000 or to upgrade to a newer version of Windows and use Comodo Firewall Pro version 3. Much worse is the situation with Rising Personal Firewall 2008, which scored only 11%. Its protection is not comparable with the today's top personal firewalls.

• 2008-08-14: A single product update:
  • Privatefirewall 6.0.19.29

  Privatefirewall has been improved since the last time. Its previously tested version scored only 65%, while the new version scored Excellent 90%.

• 2008-08-01: New results have been published for:
  • Dynamic Security Agent 2.0.11.22
  • PC Tools Firewall Plus 4.0.0.40
  • Sunbelt Personal Firewall 4.6.1839.0

  Dynamic Security Agent (DSA) and PC Tools Firewall Plus are both free products and both reached the level 7. DSA scored 62%, PC Tools Firewall Plus 74%. DSA was tested for the first time, PC Tools Firewall Plus was already tested in the past – its previously tested version scored only 6%, so its improvements are remarkable.

  Sunbelt Personal Firewall scored worse than before because of the new tests. It did not even reach the level 2 and finished with 7% score.

• 2008-07-07: A new response from Jetico, Inc., the vendor of Jetico Personal Firewall, has been added.
• 2008-07-04: A new response from Agnitum Ltd., Outpost Firewall Pro 2009 6.5.2355.316.0597, has been added.
• 2008-07-04: New results have been published for:
  • Ashampoo FireWall FREE 1.20
  • G DATA InternetSecurity 2008
  • Jetico Personal Firewall 2.0.2.4.2264
  • Outpost Firewall Pro 2009 6.5.2355.316.0597

  Outpost Firewall Pro 2009 greatly succeeded in the tests and took a lead in the challenge. Its result is 99%, almost a perfect score! Congratulations!

  A new version of Jetico Personal Firewal can also be said to be a winner today. Compared to its previous version, which scored with 29%, the new version has been improved dramatically, it reached level 7 and gained 78%.

  G DATA InternetSecurity 2008 did not reached level 4 and ended with 19% score. It is a very heavy product that needs a lot of system resources and its results of performance tests were the worst we have seen so far.

  The worst product among today's four is Ashampoo FireWall FREE. Although it reached a perfect score in performance tests, it failed almost every other test and did not even reach level 2. Its final score is 5%.

• 2008-06-28: New results have been published for:
  • Filseclab Personal Firewall 3.0.3.8982
  • Online Armor Personal Firewall 2.1.0.131
  • ZoneAlarm Pro 7.0.473.000

  The paid version of Online Armor Personal Firewall has been tested upon the vendor's free request. Compared to the free version, the paid version implements protection against keyloggers, hence its results are better. The paid version of Online Armor Personal Firewall takes a lead in our challenge again.

  Filseclab Personal Firewall has been retested after we have received the information that we tested its very old version instead of its latest update. However, the latest update did not help this product in our challenge.

  ZoneAlarm Pro 7.0.473.000 has been tested to see its performance against the new tests that were implemented to Firewall Challenge recently. ZoneAlarm does not protect against many of the new tests and so its final score is slightly worse than before.

  We are going to publish more results soon.

• 2008-06-18: A response from Filseclab Corporation, the vendor of Filseclab Personal Firewall, has been added.
• 2008-06-07: A response from BitDefender, the vendor of BitDefender Internet Security, has been added.
• 2008-05-21: A response from Comodo Group, the vendor of Comodo Firewall Pro, has been added.
• 2008-05-20: A response from Lavasoft, the vendor of Lavasoft Personal Firewall, has been added.
• 2008-05-17: A new response from Tall Emu, the vendor of Online Armor Personal Firewall Free, has been added.
• 2008-05-17: Results for these products and versions were published:
  • Comodo Firewall Pro 3.0.22.349
  • F-Secure Internet Security 2008 8.00.101
  • Lavasoft Personal Firewall 3.0.2293.8822
  • Online Armor Personal Firewall 2.1.0.131 Free
  • Panda Internet Security 2008 12.01.00
  • Trend Micro Internet Security 2008 16.10.0.1106
  • Webroot Desktop Firewall 5.5.10.20

  After the implementation of several new tests, we have decided to retest Comodo Firewall Pro and Online Armor Personal Firewall Free to see if they can still score 100% in our challenge. Both these products lost the perfect score, but Comodo Firewall Pro remained on the first position in our challenge. The odd thing is that the new version of Comodo Firewall Pro did not pass two tests, namely SSS and SSS4, that its previously tested version passed. This firewall has no problems with our new keylogger tests but failed SockSnif test. It also lost a few points in performance tests but its results are still excellent and almost perfect, 95% in total. Online Armor Personal Firewall Free lost more points, especially in keylogger tests. The classification of its protection is now Very good with 89%, close to the Excellent protection, which starts on 90%.

  Lavasoft Personal Firewall uses the engine of Agnitum's Outpost and its score for today is 70%. Webroot Desktop Firewall, a free product that uses the old version of the engine of Privatefirewall, scored 60%.

  F-Secure Internet Security 2008, Panda Internet Security 2008 and Trend Micro Internet Security 2008 are security suits with very high hardware requirements but their protection is noticeably worse than of other products tested today.

• 2008-05-06: Three new tests have been added to Firewall Challenge. Two performance tests, PerfTCP and PerfUDP, have been added to Level 1. A spying test called SockSnif has been added to Level 8.
• 2008-05-02: We have joined Tall Emu's affiliate program and so you can now buy commercial versions of Online Armor Personal Firewall through our pages and thus support this project.
• 2008-04-25: Results for these products and versions were published:
  • Avira Premium Security Suite 8.1.00.206
  • BitDefender Internet Security 2008 11.0.16
  • BullGuard Internet Security 8.0.0.13
  • Filseclab Personal Firewall 3.0.0.8686
  • McAfee Internet Security Suite 2008 9.1.108
  • Steganos Internet Security 2008 7.5.509

  All these products scored very badly. Filseclab Personal Firewall is a very old product and so its protection against today's malware techniques is naturally insufficient. Other products tested today are anti-virus solutions with very weak personal firewall components.

• 2008-04-24: Eight new tests have been added to Firewall Challenge, these are Keylog1, Keylog2, Keylog3, Keylog4, Keylog5, Keylog6, Keylog7 and ShadowHook. We have 70 tests in the system now, new products and new versions of already tested products are always tested against all the tests in the system on levels that they reach.
• 2008-04-24: A response from AVG Technologies, the vendor of AVG Internet Security, has been added.
• 2008-04-20: We have joined affiliate programs of Agnitum Ltd. and Kaspersky Lab, now you can support Firewall Challenge by buying one of their products through our affiliate links, read more.
• 2008-04-08: Responses from Soft4Ever, the vendor of Look 'n' Stop, and NETGATE Technologies s.r.o., the vendor of FortKnox Personal Firewall, have been added.
• 2008-04-06: Results for these products and versions were published:
  • AVG Internet Security 8.0.93
  • FortKnox Personal Firewall 2008 3.0.195.0
  • iolo Personal Firewall 1.5.2.7
  • Look 'n' Stop 2.06
  • Norton Internet Security 2008 15.5.0.23
  • PC Tools Firewall Plus 3.0.1.9
  • Rising Personal Firewall 2007 19.66.0.0
  • System Safety Monitor 2.3.0.612

  The best among the products tested today was clearly System Safety Monitor 2.3.0.612. It reached level 7 and scored 77%. Norton Internet Security 2008 15.5.0.23 reached the level 4 with 32% and was the second best product we tested today. All other firewalls failed in the tests completely, especially iolo Personal Firewall 1.5.2.7.

• 2008-04-01: We have added two new rules to Firewall Challenge to improve its quality and we have also created a FAQ page. The first change in rules is that we will publish results of stable and publicly available versions only – i.e. no public results of beta or internal versions any more. The second change is that we will not publish the results of the paid Firewall Challenge testing if we published some results for the given product in the last month. The vendors are thus no longer able to quickly fix their products in response to our testing, ask us then for retesting and almost silently replace the old results in one or two days. This rule should prevent the unwanted behaviour of vendors that tend to focus on fighting the tests because of marketing and forget about other problems in their products.
• 2008-03-30: Comodo Firewall Pro 3.0.21.329 has been retested, its vendor ordered a paid FWC testing with a belief that it smoothly passes all the tests. We are happy to announce that since today we have two firewalls that managed to score 100% in Firewall Challenge. More tests will be necessary to select the best among the today's elite personal firewalls.
• 2008-03-27: A response from Jetico, Inc., the vendor of Jetico Personal Firewall, has been added.
• 2008-03-25: We have received an email from ailef and MaratR with information about a security weakness in Online Armor Personal Firewall 2.1.0.112 Free that was tested in our challenge recently. We have successfully verified the information that the tested version of Online Armor automatically allows various privileged actions if it receives no response from the user in a few minutes after the alert is shown. We would like to thank ailef and MaratR for their findings, we would like to apologize to our visitors and other vendors for possibly wrong results in case of Online Armor.

  We have contacted the vendor of Online Armor and received the information that the latest version of this product, Online Armor Personal Firewall 2.1.0.119 Free, does not suffer from the problem any more. To solve the problem with possibly wrong results, the vendor ordered a paid testing of its product. We have tested Online Armor Personal Firewall 2.1.0.119 Free and found that the security hole was fixed and also that it passes all current Firewall Challenge tests. Online Armor is thus the first product with the perfect result in Firewall Challenge tests. We are going to implement new tests to the testing system in next months and try to violate its perfect score.

• 2008-03-25: Results for these products and versions were published:
  • Jetico Personal Firewall 2.0.1.5.2216
  • Kaspersky Internet Security 7.0.1.325
  • Windows Live OneCare 2.0.2500.22

  Very interesting were results of Jetico Personal Firewall. Its results showed the difference between the old leak-testing and Firewall Challenge testing. Jetico Personal Firewall passed only two levels. These results might be very disappointing for Jetico fans.

  Windows Live OneCare failed the tests completely. This product was probably intended to replace the internal Windows firewall but its protection, as a personal firewall, is nearly the same.

  Kaspersky Internet Security confirmed its qualities. Its result is Very good and we can expect that future versions will score even better.

• 2008-03-24: A response from Sunbelt Software, the vendor of Sunbelt Personal Firewall, has been added.
• 2008-03-18: Results for these products and versions were published:
  • Comodo Firewall Pro 3.0.19.318
  • ESET Smart Security 3.0.621.0
  • Online Armor Personal Firewall 2.1.0.112 Free
  • Outpost Firewall Pro 2008 6.0.2302.264.0490
  • Privatefirewall 6.0.11.30
  • ProSecurity 1.43
  • Sunbelt Personal Firewall 4.5.916
  • ZoneAlarm Pro 7.0.462.000

  We chose some of the top products intentionally to see how strong the Firewall Challenge tests are. None of the tested products scored 100% but Comodo Firewall Pro, Online Armor Personal Firewall, Outpost Firewall Pro and ProSecurity were very close. Even ZoneAlarm Pro and Privatefirewall scored pretty well too but their score is significantly worse than the score of the four, previously mentioned, excellent products. Unpleasant surprise was ESET Smart Security that did not even reach the second level, the result of Sunbelt Personal Firewall was better only a little bit.

• 2008-03-18: Firewall Challenge has been started.

valid HTML 4.01 · valid CSS 2 · optimized for you · design by martina · powered by jan · generated on November 22, 2008