The main reason why I am asking this is because the latest review of Norton Internet Security 2007 in PC Magazine-which has very poor anti-leak protection was actually tested against the real malware and it blocked all of the real malwares for outbound connections.
And yet,Norton 2007 has a very poor anti-leak protection on Matousec’s leak-tests.
Can anyone please read this-it seems to me that leak-tests are un-important,look what Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall has responded to Matousec’s testings:
Sunbelt Software is committed to providing the strongest possible security products to its customers, and we will be working to correct demonstrable issues in the Sunbelt Personal Firewall. Users can expect these and other continuing enhancements for the Sunbelt Personal Firewall in the near future.
However, we have some reservations about personal firewall “leak testing” in general. While we appreciate and support the unique value of independent security testing, we are admittedly skeptical as to just how meaningful these leak tests really are, especially as they reflect real-world environments.
The key assumption of “leak testing” – namely, that it is somehow useful to measure the outbound protection provided by personal firewalls in cases where malware has already executed on the test box – strikes us as a questionable basis on which to build a security assessment. Today’s malware is so malicious and cleverly designed that it is often safest to regard PCs as so thoroughly compromised that nothing on the box can be trusted once the malware executes. In short, “leak testing” starts after the game is already lost, as the malware has already gotten past the inbound firewall protection.
Moreover, “leak testing” is predicated on the further assumption that personal firewalls should warn users about outbound connections even when the involved code components are not demonstrably malicious or suspicious (as is the case with the simulator programs used for “leak testing”). In fact, this kind of program design risks pop-up fatigue in users, effectively lowering the overall security of the system – the reason developers are increasingly shunning this design for security applications.
Finally, leak testing typically relies on simulator programs, the use of which is widely discredited among respected anti-malware researchers – and for good reason. Simulators simply cannot approximate the actual behavior of real malware in real world conditions. Furthermore, when simulators are used for anti-malware testing, the testing process is almost unavoidably tailored to fit the limitations of simulator instead of the complexity of real world conditions. What gets lost is a sense for how the tested products actually perform against live, kicking malware that exhibits behavior too complex to be captured in narrowly designed simulators.
Symantec Corp. - the vendor of Norton Personal Firewall.
Thanks a lot!