Results 1 to 9 of 9

Thread: ZA Free "very poor" in leak tests

  1. #1
    peano Guest

    Default ZA Free "very poor" in leak tests

    In Matousec's testing, ZA Pro got a "very good" rating as a firewall while the free version flunked. In particular, it was rated "very poor" for its level of anti-leak protection.

    I've used the free version for years with no apparent invasions (I run a virus scan daily and several spyware scans periodically). Just how much of a worry is ZA Free's "very poor" anti-leak protection?

    Here's Matousec's testing and results:
    http://www.matousec.com/projects/win...ewalls-ratings

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Free "very poor" in leak tests

    Leak tests are a good indication of the actual outbound protection, but only in certain ways. Those ways are strictly "in theory" and no what really happens in day-to-day practises.

    I look at the matousec tests as being incomplete. There are no tests for inbound protection or self protection. If a trojan can easily enter the PC or if a trojan can easily shut down the firewall, then the firewall is ineffective. The ZA Free passes both of these challenges exceedingly well. Plus the basic tests- where malware tries to call out or directly bypass the firewall, again the ZAfree passes. There are no tests for the actual packet inspection of internet traffic, which is a basic firewall duty. This is something the ZA does very well.


    The really advanced tests are a challenge, but if there was malware on the PC, the AV should be one of first to see it and immediately act upon it.

    The ZA uses MD5 and SHA-1 to verify the authenticate the components. This is not used in the leaktests, but the actual hash checks of the components is vital in stopping malware. Not all firewalls do this extensive checking.

    Other things the leaktests will miss- no verification that the firewall is protecting at bootups and shutdowns of the OS. Again the ZA does this perfectly. If malware can call out during bootups or shutdowns, then the firewall failed. the ZA is always present protecting the PC, even in bootups and shutdowns.

    Also, there are no leaktests to ensure that if the firewall crashes or gets disabled in it's use, that the internet connection is still protected. The ZA if crashed will stop the internet connections by default.

    These points that I mention are in the ZA Free and the ZA paid versions.

    The top firewalls in the leaktest have by default all things set to ask and not allowed. Any user can do the same with the ZA Free- set the components to ask for the Internet Zone. Everything such as explorer, internet explorer, various window componenrts, browsers, etc. Just leave the Generic Host Process with the Trusted server rights- make sure the correct DNS and the DHCP servers are set as Trused in the Zones. If everything is set to ask instead of just allowed, a few more leak tests are beaten by the ZA Free.

    Interesting enough, if you want to pass leaktests without a firewall, then try the free SSM. It does exceding well in leaktests....while the paid versions have actual outbound internet connection control (allowed out only and to which zone- trusted or untrusted). The HIPS does stop a lot of malware from running or making changes. The HIPS is what the ZA Pro has with the Triple Defense Firewall for the paid versions. By using a free HIPS such as the SSM, the leaktests would be crushed.

    http://www.syssafety.com/files.html

    Another point about leaktests and a very important point. Running a leaktest is comparitive to downloading malware, installing the malware, ignoring the warning of the antivirus and the antispy or other secruity scanners, allowing the malware to run on the PC. Any user with safe practises would never do these actions in the first place.
    In that sense, leaktests are not valuable.

    Some very good advice on securing the PC and about leaktests, and with a more rounded approach to this subject is here...

    http://www.firewallleaktester.com/index.html

    The advice section is informative...

    http://www.firewallleaktester.com/advices.htm

    The site is not flashy, but is well written and the author is very knowledgeable and helpful.

    The matousec has some unusual approaches- when vulnerabilities are found, he sells the information, and to anyone who pays him.

    Most others of the community will normally directly report the vulnerabilities to the vendor or to publically known security associations. They do the reporting not for the possible financial gain, but as a free and dutiful favor to the vendors and the users community. Just something else to consider.

    Best regards.
    Oldsod

    Message Edited by Oldsod on 05-13-2007 06:08 PM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

  3. #3
    peano Guest

    Default Re: ZA Free "very poor" in leak tests

    Thanks for your very informative reply. I will check out those links. Much obliged.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Free "very poor" in leak tests

    You are welcome.

    Cheers.

    Oldsod
    Best regards.
    oldsod

  5. #5
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: ZA Free "very poor" in leak tests

    I also recommend the Fire Leak Tester site.

    Interestingly, his tests on Vista showed it is not the fortress we were led to believe it was going to be!

    http://www.firewallleaktester.com/ar...leaktests.html

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Free "very poor" in leak tests

    I thought the results were good, considering that the Vista OS firewall does not do all that much. It is a very basic firewall. Fifty percent seems okay- probably still ahead of many payware versions.

    There is the question of the encryption and file/folder sharing. If shares are closed and important data is always encrypted, then when the Vista is owned, there is little loss of information.

    Plus the naturally inherent UAC of Vista should affect the security of the PC. Malware that cannot install would be defeated. This is available in Windows XP, but many users still use the OS in the admin account instead of limited user.


    Again security is the some of the parts not the just the parts themselves.

    Best regards.
    Oldsod
    Best regards.
    oldsod

  7. #7
    flyyourway Guest

    Default Re: ZA Free "very poor" in leak tests

    Altough a good firewall is a must these days there is alot a user can do to better secure the OS here are some

    Stronge Recommendations:
    Latest Service Pack and Hot-fixes applied
    Hard disk(s) formatted to NTFS
    Set NTFS ACLs (access control lists)
    Turn off NTFS 8.3 Name Generation
    System boot time set to zero seconds
    Set Domain controller type
    OS/2 Subsystem removed
    POSIX Subsystem (Unix compatibility ) removed
    Remote All Net Shares
    Audit For Success/Failed Logon/Logoff
    Set Overwerite interval for Audit Log
    Hide last logon user name
    Display a legal notice before log on
    Remove Shutdown button from logon dialog
    Set Password lenght
    Disable Guest account
    Rename Administrator account
    Allow network-only lockout for Administrator account
    Check user accounts, group membership and privileges
    Set a very strong password for Admin account
    Restrict Anonymous Network Access
    Prevent unauthenticated access to the registry
    ACL and Monitor Critical Registry Keys
    Change "Access this computer from the network" from Everyone to Authenticated Users
    Run SYSKEY Utility
    Unbind NETBIOS from TCP/IP
    Configure TCP/IP Filtering
    Disable IP Routing.
    Move and ACL critical files
    Synchronize Times
    Remove Unused ODBC/OLE-DB Data Sources an Drivers
    Install Scanner/Intrusion Sofware
    Update the Emergency Repair Disk by running the RDISK tool.

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Free "very poor" in leak tests

    FlyYourWay.

    That's a most impressive list!

    Oldsod
    Best regards.
    oldsod

  9. #9
    manylittleboxes Guest

    Default Re: ZA Free "very poor" in leak tests

    Dear FlyYourWay-

    Regarding your Strong Security Recommendations, I have a few questions:

    System boot time set to zero seconds - How?
    Set Domain controller type - Can you please provide more specifics? (I see a number of options)
    Remote All Net Shares - Does this mean "Share" folders?
    Set Overwerite interval for Audit Log - How?
    Display a legal notice before log on - Why? What?
    Allow network-only lockout for Administrator account - How?
    Restrict Anonymous Network Access - All?...or Disable "Let everyone permission apply to anonymous users"?
    Prevent unauthenticated access to the registry - How?

    These are over my head? -----
    Set NTFS ACLs (access control lists)
    ACL and Monitor Critical Registry Keys
    Unbind NETBIOS from TCP/IP
    Configure TCP/IP Filtering
    Disable IP Routing.
    Move and ACL critical files
    Remove Unused ODBC/OLE-DB Data Sources an Drivers

    THANKS!!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •