Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation

Leaky-Firewall Vendor Responses:

McAfee
Note from Steve: When LeakTest v1.0 first hit the streets the McAfee firewall, like almost all others, had big problems. McAfee replied quickly that they were working to address the concerns raised by LeakTest.

With their release of version 2.15, all leaks have been "plugged".

Sygate
Note from Steve: LeakTest v1.0 showed the Sygate Personal Firewall to be one of the "leakiest" outbound-blocking personal firewalls in the industry. It failed every one of LeakTest's tests. Sygate issued a formal reply saying that their next firewall would fix these things.

Their version 4.0 firewall is really very nice, with many terrific and currently unique features  . . . and it does, indeed, completely pass LeakTest with flying colors.

Network ICE / BlackICE Defender
 A NetworkICE customer writes:
"I really like BlackICE Defender. It showed me a lot of things happening "on the wire" that I was previously unaware of. Now, when I ask for them to do the same thing for my outbound traffic, they give me a lot of run-around regarding the specific program I used to test for this feature. Oh well..."

 Network ICE (reportedly) replies to this customer:
Dear Customer,

Thank you for your input. A feature request has been submitted, and your suggestion may well be included in a future version of BlackICE.

The leaktest is a specific program designed to test the "User-Initiated Outbound Blocking" feature of certain personal firewalls. It is not a generic hacker test, nor it is a test of your computer's security. In fact, leaktest does not do anything malicious. If it was a hacker program, we would add it to the list of detected Trojans, just like we detect BackOrifice and SubSeven.

Leaktest uses standard FTP programming, just like any other FTP client. Again, it does not do anything malicious. It is a test for outbound blocking only. The protection of the firewalls with user-initiated outbound blocking is based on a user having enough knowledge to know that a program should be blocked. Network ICE Corporation believes that having users guess at the intentions of a program based on the executable name is not good security. How does a user know if a program is malicious? We automate our protection against malicious programs. If leaktest is deemed a malicious program, then we will add protection against it. Otherwise, at this point in time, it is simply another program transferring data over the internet, just like 100's of other legitimate programs that transfer data over the internet.

Firewalls with outbound blocking only protect against Trojan horse programs, and then they only work if the user knows enough to recognize the program as a dangerous program. Standard personal firewalls without intrusion detection cannot stop 100's of other hacker attacks that do not use Trojan horses. Standard personal firewalls cannot stop a buffer overflow attack nor can they stop a fragmentation attack. BlackICE Defender with its intrusion detection is designed to automatically recognize and protect computer's from malicious traffic.

Please let us know if you have further questions.

Regards,
Technical Support
Network ICE Corp.

To continue, please see: Vulnerability Disclosure Policy

You are invited to browse these LeakTest pages:

LeakTest
How to Use LeakTest 1.x

Personal Firewall Scoreboard

Firewall Vendor Responses

Vulnerability Disclosure Policy
Hardware Firewalls/NAT Routers

Tracking Firewall Updates

Frequently Asked Questions

LeakTest News & History

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Oct 06, 2003 at 14:29 (5,062.74 days ago)Viewed 10 times per day