Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation

FAQ — Frequently Asked Questions

The Trojan horse detection software known as "The Cleaner" from Moosoft Development lists Leaktest as a Trojan horse program in their database. What's that about?

Since Trojan horse programs are, by definition, malicious software, and LeakTest is certainly not, we were initially puzzled by this too. So I asked the Moosoft guys what was going on and promptly received this explanation:

Steve,

LeakTest was added after numerous customers, news magazine editors and people on your ShieldsUp! newsgroup complained that LeakTest was not stopped by The Cleaner. We tried to explain the purpose of LeakTest and why we did not think it should be a "Trojan" issue, but to no avail. That is why we worded the information in the database as we did, which you can see at:

http://www.moosoft.com/products/cleaner/search/?action=view-trojan&query=Gibson+Research+Leaktest"

We appreciate all you have done and I do not want to cause any sort of rift between us. ShieldsUp! has been especially supportive of MooSoft and The Cleaner. If you have any idea on a compromise we're all ears :)

Daniel

MooSoft Development

So there you have it. I'm completely satisfied with their position. The Moosoft Development folks clearly understand that LeakTest is a good thing, and is not any sort of Trojan. But by design it is a "Trojan Simulator" (although one that wears a bright white hat) so they came under pressure to demonstrate that their detector could detect it. Fine. It does. Case closed.



I've heard about other vulnerabilities in specific firewalls, like ways that some Trojan horse programs might be able to shut them down or penetrate them. Why don't you talk about those?

That's an excellent and important question. It deserves an honest answer.

The frightening truth is, there is no way for any of the Windows 9x family of products (Win31, Win95, Win98, WinMe) to be truly secure, and although the Windows NT family (WinNT, Win2000, Whistler) can theoretically be secure, Microsoft has never enforced this built-in capability (and, in fact, Microsoft has been eroding it over time.) In practice this means that while using Windows there is no operating system enforced software "containment". Any program running in the system can do virtually anything it desires.

This was not a practical problem back in the "old days" where we were all amazed just to be able to compose and print a letter on a computer that we owned. But in today's world, security has become a huge problem (which Microsoft had better start getting serious about very soon.)

In our present context of software-based firewalls, this means that no software-based firewall, running within current versions of Microsoft Windows, can be ABSOLUTELY secure. A Trojan horse program whose author has deliberately reverse-engineered the operation of a specific software firewall can, without question, interfere with and disable that product's proper operation. Therefore, if I wanted LeakTest to deliberately penetrate any specific firewall by reverse-engineering its operation, it could definitely do so.

Since that's true, what's the point of doing so? Once we start down that path there is no end in sight and I believe it's a fruitless path to pursue. I have, therefore, deliberately defined LeakTest's boundaries to stop just short of taking that road. LeakTest exploits and demonstrates every GENERIC vulnerability I can imagine and find. But it will decidedly not exploit any firewall-specific knowledge. That's an important, but different, problem.

Therefore, I do not, and will not, report specific firewall vulnerabilities here because they do not fall within LeakTest's scope.


To continue, please see: LeakTest News & History

You are invited to browse these LeakTest pages:

LeakTest
How to Use LeakTest 1.x

Personal Firewall Scoreboard

Firewall Vendor Responses

Vulnerability Disclosure Policy
Hardware Firewalls/NAT Routers

Tracking Firewall Updates

Frequently Asked Questions

LeakTest News & History

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Nov 28, 2003 at 11:32 (4,863.24 days ago)Viewed 6 times per day