'Leak' Test of 21 Personal Firewalls

mork writes "Matousec.com, as part of a larger analysis of personal firewalls on Windows, has conducted a thorough leak test of 21 pieces of firewall software. Leak tests imitate common methods used by trojans or spyware to send your information from your computer. Windows Firewall XP SP2 fails every test, so the fears that the days of third party firewall software was over seem groundless. Surprisingly the two top programs are both freeware." From the article: "Some firewalls totally failed tests made against their default settings but their results on the highest security settings were much better. Kaspersky Internet Security 6.0.0.303 is the product with the biggest difference between the default settings score and the highest security settings score. Another such product is Safety.Net. Some products like BitDefender, F-Secure, McAfee, Panda, etc. include antivirus engines. The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware."

Re:PF

[Jeremiah+Cornelius]

When regarding the individual general-purpose, desktop computer, outbound filtering is of dubious value. Malware can "hook" IE or FF, and successfully masquerade themselves as regular browser traffic.

Outbound filters do tell the user "You've been PWN3D!!!" Just a little too little, a little too late.

Anybody who has tried to clean the latest set of nasties off an OS will agree with the conclusion that is almost impossibe. Even simple adware is using rootkit-style technques to embed itself, and regenerates its activity from the smallest stub.

You need to keep this malware off the desktop. Once it is on, the damage has already been done.

Outbound filtering is for Servers - to prevent arbitrary SYN to any unauthorized locatons. This should be reinforced with edge firewalls and router ACLs.