Matousec RETEST !! COMODO DOES NOT pass 100% !!

[Guest]

[salmonela]

More from the same source:

Common Personal Firewall Features:

    * Alert the user about outgoing connection attempts
    * Allows the user to control which programs can and cannot access the local network and/or Internet
    * Hide the computer from port scans by not responding to unsolicited network traffic
    * Monitor applications that are listening for incoming connections
    * Monitor and regulate all incoming and outgoing Internet traffic
    * Prevent unwanted network traffic from locally installed applications
    * Provide the user with information about an application that makes a connection attempt
    * Provide information about the destination server with which an application is attempting to communicate

[salmonela]

It does filter applications, but it focuses on network activity, ie, it's a personal firewall.
It's not a H.I.P.S.

It certainly filters applications net calls, if it can not distinguish which application made request then it is just a packet filter not a Personal Firewall...
Sorry, from now on I will always read before write 

[Pedro*]

More from the same source:

Which reaffirms what i just said.

It certainly filters applications net calls, if it can not distinguish which application made request then it is just a packet filter not a Personal Firewall...

It can, it's what i also just said

[salmonela]

UH you are right, sorry, I must take more time for reading before I fire my standard ranting... 
Pedro, sorry again

[LeoniAquila]

If I understand you correctly Pedro, those leak test address security isses which cannot be completely taken care of, by an application of the firewall definition? If so, I'm thinking that perhaps an application that works exactly like the definition of a firewall, is not enough. Malware (simulated by leaktests) takes advantage of how we define a firewall and tries to bypass it. Obviously it succeeds.

Please note, this is just my opinion. I'm far from being an expert and I'm not skilled when it comes to leak tests. I'm just trying to explain my point; that firewalls of some vendors are bypassed in several tests (referring to Matousec). If their antiviruses can catch up with that, fine. If their antiviruses cannot (which is most likely in some cases, we all know that no AV scores 100%), not fine. CFP and a few others are the only "firewalls" which stop all (or almost all) unauthorized network traffic... or am I wrong?

LA

[Pedro*]

UH you are right, sorry, I must take more time for reading before I fire my standard ranting... 
Pedro, sorry again

Don't be sorry, it's perfectly human

If I understand you correctly Pedro, those leak test address security isses which cannot be completely taken care of, by an application of the firewall definition? If so, I'm thinking that perhaps an application that works exactly like the definition of a firewall, is not enough. Malware (simulated by leaktests) takes advantage of how we define a firewall and tries to bypass it. Obviously it succeeds.

Please note, this is just my opinion. I'm far from being an expert and I'm not skilled when it comes to leak tests. I'm just trying to explain my point; that firewalls of some vendors are bypassed in several tests (referring to Matousec). If their antiviruses can catch up with that, fine. If their antiviruses cannot (which is most likely in some cases, we all know that no AV scores 100%), not fine. CFP and a few others are the only "firewalls" which stop all (or almost all) unauthorized network traffic... or am I wrong?

We're just talking, and i'm obviously not an expert either.
Whatever you think is appropriate for your security is fine. I don't argue, not too much anyway heh, with what people think is best for them. You prefer an all in 1, CFP3. Others prefer to choose different programs for different tasks, that like in the Unix philosophy, "Do one thing, do it well."

I argue when Matousec et al induces people into thinking LnS, Kerio, whatever, is crap and leaky, based on leaktests.
If the personal firewall in question is built for it, by all means, test it.
If it's not, you should only test it with a clear note that you're only going to show what the vendor would tell you himself: it's not built for this. In red, bold and big fonts. Anything else is dishonest. I mean, common, he tests for keyloggers, it's painfully obvious its gone too far!
Think of the HIPS tests made on BOClean a while back.

Meanwhile, no tests are done on SPI, protocol handling, port scans, ARP spoofing, and so on. That is, the firewall's main job remains largely untested.
It could be that Matousec has 1 or 2 tests of interest for this, i don't dismiss his technical abilities. Like those PerfTCP and PerfUDP.
But it would need to be shown in separate. 'Firewall tests'..
Then call "Firewall challenge" - HIPS challenge. Or leaktests du jour.

Cheers

[salmonela]

Pedro what you think about this opinion?:
http://samspade.org/d/firewalls.html

[00hmh]

Pedro what you think about this opinion?:
http://samspade.org/d/firewalls.html

I'm not Pedro, but what the hell, this is an opinion forum, so here's mine:

There are a large number of cynical and skeptical comments such as this.  Often the the comment is based on the very accurate assumption that no piece of security software can protect somebody who visits the dark side of the Internet, opens attachments to email indiscriminately, installs "free" software" from unknown sources, generally behaves in a guileless and careless manner and is likely to not understand and ignore warnings from security software if he pays any attention at all. 

1.  Security software by its nature is limited by the fact that the users actually want to use their computer and run programs.   Damn...the ultimate vulnerability.

2.  Granting that very serious problem, the idea you don't install alarm systems because so many people ignore them has a flaw and these rants tend to ignore that flaw.   There are people who not only try to act reasonably on the net, and avoid harm with good common sense, but those same people often pay attention to the warnings.  And sometimes even the careless people might pay attention.  So.  Even though having a firewall MAY not help, and even though it MAY create a false sense of security for some, and even though a firewall is likely to be evaded eventually by clever or persistent bad guys, nonetheless, security software like other sensible practices has some value.

3.  A layered security model (which the writer does not address) now has stronger firewalls and HIPS to prevent malware from being loaded onto the system and/or executed, PLUS antivirus software which might discover files which have been loaded despite this, or catch something missed by the firewall or HIPS as it is loaded to be executed.  Even though each of the three layers can be criticized as ultimately of limited value, and even though the whole combination can and probably will be defeated much of the time, the idea that security is "snake oil" just isn't true however limited that security may be.   This may be something like selling vitamins to people who put them on the shelf and don't use them, or like selling blood pressure medication to a patient who won't take it regularly.  However, the "snake oil" label implies no value other than perhaps placebo value, and that's hyperbole. 

4. The personal firewall, antivirus and other security programs have a cost in system resources and aggravation, so we should weigh that against their limited utility.  Given the power of most computers today, and the dangers of malware, the cost seems worth a modest investment in use. 

5. Like Luketan, who comments on this forum, I also believe the use multiple software solutions to the same problem inject additional risk of conflict and sabotage of the benefits, but well written security software takes some of that into account.  Unfortunately, multiple security approaches and development of sound layered defenses are still in the development stage.  That may ALWAYS be true.  So, unfortunately, if we wait for an "ideal" answer, we will always be waiting.  In the meantime (perhaps ALWAYS) we will have to gamble on flawed security software. 

Bottom line: Only some of of the security is fraudulent snake oil.  Discussion and criticism of security software is our only answer and is an important part of solving the problem of ineffective and counterproductive "solutions."    I'd prefer to see more discussion and less ranting, although we all enjoy a good rant now and then...

 

[MikeH]

I'm not Pedro, but what the hell, this is an opinion forum, so here's mine:

There are a large number of cynical and skeptical comments such as this.  Often the the comment is based on the very accurate assumption that no piece of security software can protect somebody who visits the dark side of the Internet, opens attachments to email indiscriminately, installs "free" software" from unknown sources, generally behaves in a guileless and careless manner and is likely to not understand and ignore warnings from security software if he pays any attention at all. 

1.  Security software by its nature is limited by the fact that the users actually want to use their computer and run programs.   Damn...the ultimate vulnerability.

2.  Granting that very serious problem, the idea you don't install alarm systems because so many people ignore them has a flaw and these rants tend to ignore that flaw.   There are people who not only try to act reasonably on the net, and avoid harm with good common sense, but those same people often pay attention to the warnings.  And sometimes even the careless people might pay attention.  So.  Even though having a firewall MAY not help, and even though it MAY create a false sense of security for some, and even though a firewall is likely to be evaded eventually by clever or persistent bad guys, nonetheless, security software like other sensible practices has some value.

3.  A layered security model (which the writer does not address) now has stronger firewalls and HIPS to prevent malware from being loaded onto the system and/or executed, PLUS antivirus software which might discover files which have been loaded despite this, or catch something missed by the firewall or HIPS as it is loaded to be executed.  Even though each of the three layers can be criticized as ultimately of limited value, and even though the whole combination can and probably will be defeated much of the time, the idea that security is "snake oil" just isn't true however limited that security may be.   This may be something like selling vitamins to people who put them on the shelf and don't use them, or like selling blood pressure medication to a patient who won't take it regularly.  However, the "snake oil" label implies no value other than perhaps placebo value, and that's hyperbole. 

4. The personal firewall, antivirus and other security programs have a cost in system resources and aggravation, so we should weigh that against their limited utility.  Given the power of most computers today, and the dangers of malware, the cost seems worth a modest investment in use. 

5. Like Luketan, who comments on this forum, I also believe the use multiple software solutions to the same problem inject additional risk of conflict and sabotage of the benefits, but well written security software takes some of that into account.  Unfortunately, multiple security approaches and development of sound layered defenses are still in the development stage.  That may ALWAYS be true.  So, unfortunately, if we wait for an "ideal" answer, we will always be waiting.  In the meantime (perhaps ALWAYS) we will have to gamble on flawed security software. 

Bottom line: Only some of of the security is fraudulent snake oil.  Discussion and criticism of security software is our only answer and is an important part of solving the problem of ineffective and counterproductive "solutions."    I'd prefer to see more discussion and less ranting, although we all enjoy a good rant now and then...

Thank you for posting.
That was very informative.
Please feel free to post anytime to enlighten me and the rest of readers out there.
A very well written rebuttal.
Well done!

Regards,
Mike

[Pedro*]

Pedro what you think about this opinion?:
http://samspade.org/d/firewalls.html

It takes a thoughtful post to reply to that! 00hmh gave a good one.

I think i'm somewhere in between.
He (sam? ) shows the clear weaknesses in personal firewalls, when you start leaktesting. He mainly refers to outbound i believe.

An example, tooleaky. This was a leaktest created not to test and improve firewalls, i think it was made to prove just how easy it is to bypass a firewall's outbound control, once you get compromised.
Of course, everyone who pass these tests quickly "fixed" this one too, but not the message.

Too many things can happen once a process starts, too many things to abuse of, too many ways to abuse them.

Once you fire up a process, your system is in the hands of whoever wrote it. Would you invite just anyone to drive your car? Neither should you let just anyone run your computer.

http://www.pc-help.org/www.nwinternet.com/pchelp/security/advice.htm
True words, which you can verify when someone comes up with a POC or malware that once executed bypasses HIPS and whatever.
It doesn't mean all of a sudden everything bypasses it either. The extremes are rarely right, the World is made of grey areas.

On the hardware firewall.
A hardware firewall runs software firewall, only it's not on the host, so the host being compromised doesn't mean that the firewall will. Host with software compatibility issues, crashes, and so on, won't affect it either.
It will mostly block inbound (depending on the solution).

A compromised host will connect anyway, hardware firewall will always do worst there. And you can't carry a HD firewall with your laptop around either.
Only the user won't mess with it too much, it's a firewall that does it's job and asks no questions. For users that simply don't know how to use a firewall, don't know networking concepts, and don't care either, anything beyond Windows firewall will need input. He doubts the normal user's ability to use them, and so do i.

Using OpenBSD for instance, like he suggests, gives an added benefit - pf's track record. It's something like 2 vulnerabilities found in 10 years!

I'm forgetting something. I'll just note that i will always use a host firewall, mainly because i believe what i can see. I want to monitor and control a bit - mainly "trusted" programs that won't try to "leaktest" my fw, like svchost, firefox, allowing strickly what they need to work.
Comodo is a breeze there, alert very high. It could be even more specific that very high, i would welcome that. I know how to tweak those rules later. But to me, CFP's behavior on prompts- rules creation, and logic, is what makes it the candidate for the best.

Then there's malware, and it's a long story.

[Tags:]