Firewall Analysis

[MikeWill]

Stumbled upon this page: http://www.matousec.com/projects/windows-p...sts-results.php

Rather interesting info on different firewalls - know what you're running to protect your system!

Currently, I'm running COMODO v2.4.18.184 (free) on my WinXP Pro SP2.

COMODO v3.0.17.304 is out, but I've heard it is quite buggy.

Has anyone tried out Armor Personal Firewall (free) ? Any experience with it?

[dave_boo]

Stumbled upon this page: http://www.matousec.com/projects/windows-p...sts-results.php

Rather interesting info on different firewalls - know what you're running to protect your system!

Currently, I'm running COMODO v2.4.18.184 (free) on my WinXP Pro SP2.

COMODO v3.0.17.304 is out, but I've heard it is quite buggy.

Has anyone tried out Armor Personal Firewall (free) ? Any experience with it?

Interesting article. I however agree with Sunbelt's (the maker of Kerio Personal Firewall) response:

Sunbelt Software is committed to providing the strongest possible security products to its customers, and we will be working to correct demonstrable issues in the Sunbelt Personal Firewall. Users can expect these and other continuing enhancements for the Sunbelt Personal Firewall in the near future.

However, we have some reservations about personal firewall "leak testing" in general. While we appreciate and support the unique value of independent security testing, we are admittedly skeptical as to just how meaningful these leak tests really are, especially as they reflect real-world environments.

The key assumption of "leak testing" -- namely, that it is somehow useful to measure the outbound protection provided by personal firewalls in cases where malware has already executed on the test box -- strikes us as a questionable basis on which to build a security assessment. Today's malware is so malicious and cleverly designed that it is often safest to regard PCs as so thoroughly compromised that nothing on the box can be trusted once the malware executes. In short, "leak testing" starts after the game is already lost, as the malware has already gotten past the inbound firewall protection.

Moreover, "leak testing" is predicated on the further assumption that personal firewalls should warn users about outbound connections even when the involved code components are not demonstrably malicious or suspicious (as is the case with the simulator programs used for "leak testing"). In fact, this kind of program design risks pop-up fatigue in users, effectively lowering the overall security of the system -- the reason developers are increasingly shunning this design for security applications.

Finally, leak testing typically relies on simulator programs, the use of which is widely discredited among respected anti-malware researchers -- and for good reason. Simulators simply cannot approximate the actual behavior of real malware in real world conditions. Furthermore, when simulators are used for anti-malware testing, the testing process is almost unavoidably tailored to fit the limitations of simulator instead of the complexity of real world conditions. What gets lost is a sense for how the tested products actually perform against live, kicking malware that exhibits behavior too complex to be captured in narrowly designed simulators.

Leak testing is like using a synthetic benchmark on your computer, and yes I'm looking at you 3dMark series! Also note that for leak testing to be a valid test, your system has to have been compromised. I would have rather had seen a test that checked inbound ports against various attacks. When I boot into Windows for gaming, I do use Kerio. However, most of the time I'm using Linux, and the built in firewall works fabulously. Ipchains/iptables & App Armor gives yet another level of security.

[MikeWill]

Some additional info (on New Versions of Comodo and Online Armor) is here: http://blog.scotsnewsletter.com/2008/02/10...d-online-armor/

[MikeWill]

http://samspade.org/d/firewalls.html and http://cyberpunks.org/display/356/article/

The above articles shed a different light on the value of personal firewalls.