|
Posted by Kayman on December 9, 2007, 7:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I have XP (Home) w/SP2. I turned OFF XP's so called "Firewall".
> I installed Kerio Personal Firewal 2.1.5 and rebooted.
> Then I created permit rules for my net apps.
>
> I then visited the website below :
> http://privacy.net/analyze/
>
> ------------- relevant part of results ------------
> Firewall Test
> The following ports were checked: 554, 1755, 443, 80
> Out of the above ports, the following are open and permitting outbound
> traffic: 554,1755,443,80
> Firewall status: NOT PRESENT (you may have a firewall,
> but it is not configured to block these ports from outbound traffic)
> ------------
>
> OK. so I created a rule for both TCP & UDP to block (deny) "Outbound"
> on these ports for any app. I then re-vistied the site and took the test
> again but came up with the same result as above.
>
> What's going on ?
> How do I configure this firewall to be more effective than XP's firethingy?
>
Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
Excerpts:
[quote]
...we have some reservations about personal firewall "leak testing" in
general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.
The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.
Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.
[unquote]
'nuff said :)
--
Security is a process not a product.
(Bruce Schneier)
| 
XML site map