|
This page gives you an overview of the needed things to know before looking at the results themselves,
that you can reach by clicking the button "View Results" at the bottom of this page.
 : This icon means that the firewall is blocking sucessfully the
termination method, and possibly warns the user about it. This is the safest and most secured result.
 : This icon means either one of the following possibilities :
- the firewall interface and/or service was terminated, but the network protection was still active
- the firewall was freezing or eating all CPU, but the network protection was still active
- Windows was freezing or crashed
This result is still "safe". Some firewalls while terminated switch the traffic off, nothing can get in or out.
 : This icon means that the firewall is terminated by the termination method,
and it's network security is disabled. That means that once terminated by this method, anything can send data out.
This is bad, since a malware can disable the firewall, before sending data out without using leaktests methods
|
2 - Self-defense rating :
|
 : This icon is given to a firewall blocking succesfully at least 3/4 of the termination methods.
As there is 38 tests, 38/4*3 = 28.5 rounded to 29 (that means at most 9 orange crosses, and 0 red).
 : This icon is given to a firewall blocking less than 3/4 of the termination methods,
but which cannot be disabled completly (0 red crosses). This category is still "safe", but less resistant.
 : This icon is given to a firewall being terminated and completly disabled (application and network control turned off) by at least one
termination method.
|
All of the firewalls belonging to one group (e.g green) have all the same place and rank, there is no #1, #2, etc...
However, to answer to many requests, the firewalls are now sorted by group, first, and then by results inside the same group.
|
|
3 - Termination tools used :
|
- Advanced Process Termination (APT) v4.0 from DiamondCS : forum post
- Simple Process Termination (SPT) v1.0.0.1 from System Safety : download page
- ProcX (PX) v1.0 from Firewall Leak Tester : download page
- SDTRestore (SDT) v0.2 from SIG^2 : download page
APT#1 to APT#12 are APT termination methods from N°1 to 12.
APT#13 and APT#14 are kernel kill 1 & 2
APT#15 and APT#16 are crash methods 1 & 2
APT#17 and APT#18 are suspend methods 1 & 2
Simple Process Termination's tests from #1 to #7 were used with the "-f" parameter like this :
spt.exe PID test -f
This parameter forces the open process/thread, and makes it harder for the firewalls to resist. Forgetting to use this command line
parameter will change the results.
|
|
4 - Understanding the results :
|
The results of these tests are not meant to show good or bad firewalls, even a firewall being in the red
category can be a very good firewall doing it's job very well.
However, if you feel concerned about it being potentially terminated,
you may need to install an HIPS (e.g AppDefend, ProcessGuard, System Safety Monitor, etc...) to handle and block termination attempts.
Finally, from my definition, these tests are termination tests, not leaktests.
A leaktest will try to bypass your firewall
stealthly without attacking it, it's purpose is to hijack a trusted communication flow to go out undetected.
A termination, on the other side, is a direct and brutal firewall attack to disable it's security. All eventual
subsequent network accesses will be "standard" accesses.
you must have cookies enabled
(or you won't be able to access the page)
|
