Firewall tests

And what test is that? What are you using to test firewall penetration? If it is some program you are running on your computer, then I doubt it is testing the router firewall but the one on your computer. Even then it would be like a robber stealing from his own family (aka., already has the keys and access). The only way to test firewall penetration is from external sources. Over the internet for your router, from another computer for internal systems.

You cannot test firewall penetration from the other side of the air-tight hatch way. Remember that saying, other side of the air-tight hatch way. Security becomes pretty easy then. The hatch is to keep attackers out but if the attacker is already on the other side. Then....you lost.

logicearth said:

And what test is that? What are you using to test firewall penetration? If it is some program you are running on your computer, then I doubt it is testing the router firewall but the one on your computer. Even then it would be like a robber stealing from his own family (aka., already has the keys and access). The only way to test firewall penetration is from external sources. Over the internet for your router, from another computer for internal systems.

You cannot test firewall penetration from the other side of the air-tight hatch way. Remember that saying, other side of the air-tight hatch way. Security becomes pretty easy then. The hatch is to keep attackers out but if the attacker is already on the other side. Then....you lost.

................................

Both tests (port scanner and leaktest) are from GRC. The leaktest is downloaded.
But you gave me an idea. The test is apparently only for outgoing traffic.
I gave the order to download it and once on my computer i gave the program
the order to connect to port 80 of the GRC server. The message comes back:
Firewall penetrated. Then i say "So what? I gave all the orders". So what does the test prove? IMO, only that my computer follows my orders. Or is my thinking completely off course?
Heise Securities (see my thread "Some security checks and issues") gives
email checks with a variety of viruses whereby YOU give them your email address. Then they send you an email with a link. If YOU ckick on the link they send you an email with the requested virus hidden somewhere or in an attachment. You can then check how your email program and your AV program reacts to it. This is all done from the outside (the GRC leak test is from the inside as you pointed out).
Heise has various other checks but surprisingly none for firewalls. I guess they just don't want to stick out their neck. They do have a ping test though.

Actually who cares about outbound traffic? A malicious program must first come in from the outside as you pointed out. Once in, it can give orders for outbound traffic that you are not aware of. This is never tested by the GRC leak test or other programs i am aware of. So again, what use are these leak tests? No use at all, i think. Wrong thinking?

Actually who cares about outbound traffic? A malicious program must first come in from the outside as you pointed out. Once in, it can give orders for outbound traffic that you are not aware of. This is never tested by the GRC leak test or other programs i am aware of. So again, what use are these leak tests? No use at all, i think. Wrong thinking?

The outbound test (leaktest) is to check your total security - yes you have let the program onto the system but what about those programs you let in without your knowledge? or do things that are not expected. Your system should at least inform you of any program that is attempting to access the web that has not been given your express permission.

Barman58 said:

The outbound test (leaktest) is to check your total security - yes you have let the program onto the system but what about those programs you let in without your knowledge? or do things that are not expected. Your system should at least inform you of any program that is attempting to access the web that has not been given your express permission.

...............

I agree but it is more of a double security should something slip through onto your computer.
Still the emphasis should be on incoming traffic and that is checked by the firewall as well as the real time AV **. A good, solid check on incoming traffic and there will be no problem with unauthorized outgoing traffic.
As far as i understand those leak tests check the outgoing traffic and as logicearth pointed out, then it may be too late. Letting something in on purpose and then getting the message "your firewall failed" seems a bit ....well, i don't know .... silly. The download of the leak test is aparently not considered harmful by any AV because YOU have give it the order for outbound traffic and the program does not connect on its own.

** and of course the router firewall - i almost forgot

To all that are striving for 100%. I wish you well. Meanwhile I haven't got the time to agonize over something that is not perfect nor ever will be.

I also like my firewall to tell me when legit programs, I installed, are calling out. Some programs have no business calling out, it isn't necessary for the proper operation of that program. Generally speaking, once told yes or no, they don't bother me again. A Guy

HammerHead said:

To all that are striving for 100%. I wish you well. Meanwhile I haven't got the time to agonize over something that is not perfect nor ever will be.

Hammerhead, it's a learning process (a well as curiosity) and this IT isn't an exact science so experience does count. And i learned a lot from my own thread, not only from the replies to it but also from my own digging and especially from having to formulate my replies and questions (something that very often helps to solve a problem). Of course there is no 100.0000% security but you can always try to get closer. And checking how secure it is can never do any harm.
The thread was actually started because i got frustrated by my internet supplier telling me my computer was infected by a "redirecter" when i wanted to change my password and saw that this could be done on a non-encrypted page. Believe it or not. And that while they also have an https site for logging in. The http site is given in first place when you google. I then checked my computer rigorously with all kinds of AV and looked around for checks on firewalls. It took me hours.

FranzB said:

Thank for all your replies.
On a rainy, quiet Sunday morning i did some digging with Google and i came across three websites that set me straight or at least left me wondering. If i would have read them before posting this thread i would probably never have posted it.
The three are:
www.matousec.com: Security software testing, analyses, research and reviews. ---->projects ------>proactive security challenge
(...)

Keep in mind that Matousec tests mainly implemented HIPS module in listed firewalls.

That's why i.e Look 'n' Stop Firewall (extra light and strong pure firewall without HIPS module) in Matousec tests is noted so bad.

Discussion about that you will find here: Matousec - COMODO 100% again - Wilders Security Forums

Another new FW test you wanna look into it (it's firewall outbound test):
Google Translate [Automated Google translation]