|
This page gives you an overview of the needed things to know before looking at the results themselves,
that you can reach by clicking the button "View Results" at the bottom of this page.
 (1 pts) : This icon means that the firewall is 'passing' sucessfully the
leaktests while setup properly.
 (0,5 pts) : This icon means that the firewall is using a generic 'block'
which is intercepting the leaktest at an earlier step, whereas there is no network access yet. While on one hand
it can appear to be safer, on the other hand the technical alert given requires more knowledge from the user to do the right
choice, which is less reliable than a sucessfull pass where the alert is about a network access. Moreover, these kind
of protection will alert the user about many other legitimate activities which does not access the network.
 (0 pts) : This icon means that the firewall is 'failing' the leaktest.
- ADVANCED+ : the firewall is passing properly more than 80% of the leaktests, and provides a strong security against
common and ucommon outbound connections. However it is probably more complex to use and not for beginners.
- ADVANCED : the firewall is passing properly more than 70% of the leaktests, and provides an excellent security against
most of the common and uncommon outbound connections. The product may be more accessible for intermediate/beginner users, but will require
additional security layers to overcome the firewall's weaknesses.
- HIGH : the firewall is passing properly at least 50% of the leaktests, and protects against the common outbound connections, and few uncommon ones.
It can be sufficient on a safe computer, and if you pratice "safe-hex" (do not have any dangerous activity, such as browsing warez sites). However, you will
need additional security softwares if you aim at a strong security level.
- MEDIUM : the firewall is passing properly at least 20% of the leaktests, and protects against some of the common outbound connections, but not all.
It is not advised to rely exclusively on it to achieve a strong security level. It can suffice depending on your malware exposure, but you may want to look
at additional security softwares such as HIPS softwares (Host Intrusion Prevention System) also known as "sandbox" to protect you further.
- LOW : the firewall is passing less than 20% of the leaktests, and his application outbound connection filtering feature provides inadequate protection compared to the methods used by the malwares in the wild.
Still, you can keep it, but you must have in mind his weaknesses, and you must use at least an HIPS software (sandbox) in addition to an Antivirus to assure
a safe security level.
 : Gold award, rewards the firewall(s) having the best leaktest score.
 : Silver award, rewards the firewall(s) having the second place at the leaktest score.
|
4 - Statistic/Score tables :
|
Table 1 'Scoreboard' : This table shows in detail which leaktest was passed/blocked/failed by the various
personal firewalls tested.
All of the tests have not the same weight/value, for instance the AWFT test #6 weights more than the AWFT test #1 or even Tooleaky.
Then, depending on how the firewall is handling the leaktest, that it be a clean pass or a generic block, the amount of point given is different.
As a result, a score based on 27 is given, and it gives the score based on the Firewall Leak Tester criteria.
Table 2 'Statistics' : This table is based on the Table 1 score, and displays the same score in percentage (%).
This table represents the Firewall Leak Tester criteria, and is based on the score column from the table 1.
Table 3 'Block' : This table is based on the Table 1 'block' score ('block' column) and simply shows in % the number
of leaktest not failed. It shows what the firewalls are handling (= not failed) no matter how they do,
no matter if it is a pass or a block, and no matter the complexity of the leaktest and the supposed weight of it.
Depending on what you are looking for, you may be interested by the Table 2 for the firewall leak tester criteria,
or simply by the Table 3 showing the same thing from another angle of view.
|
5 - Special notes about particular leaktests :
|
Immunity : This is not a leaktest in itself. This test defines the firewall capability to resist to a termination/kill.
The firewall passes the test when either it cannot be terminated/killed, or if when terminated the application and network rules
are still active, or finally if when terminated all network traffic is blocked. Otherwise, it is a fail.
MBtest : This leaktest crashing on my new test computer, I have used instead the NMAP scanner which works on Windows by using the same
network library, WinPcap. NMAP allows more extensive and customized tests than MBtest, and I saw firewalls in "block all" mode, blocking
outbound connections as expected, but failing to block fragmented ACK packets. All of the tests were verified with the 'tcpdump' sniffer.
Jumper : This new leaktest I have done (designed for Windows 2000/XP) is not a trojan, it is just a proof of concept, a demo. As such,
it is not optimised or done to work on all setup, and being based on timing, can not work properly on very slow or unresponsive computers (explorer.exe struggling to launch).
you must have cookies enabled
(or you won't be able to access the page)
|
