(1 pts) : This icon means that the firewall is 'passing' sucessfully the leaktests while setup properly.
(0,5 pts) : This icon means that the firewall is using a generic 'block' which is intercepting the leaktest at an earlier step, whereas there is no network access yet. While on one hand it can appear to be safer, on the other hand the technical alert given requires more knowledge from the user to do the right choice, which is less reliable than a sucessfull pass where the alert is about a network access. Moreover, these kind of protection will alert the user about many other legitimate activities which does not access the network.
(0 pts) : This icon means that the firewall is 'failing' the leaktest.-------------------------------------------------------------------------------------------------
Impact on the leaktests
As you have read, the default 'out of the box' Vista security is very different than Windows XP, and brings some improvements. Below we will see per leaktests the impact on them, if any. The test will simply consist of running the leaktest, without any third party security software installed (no personal firewall, no HIPS), under an administrator account. All tests are done under Windows Vista Ultimate 64bits, with DEP enabled. DEP is not new to Vista, it already exists into Windows XP Service Pack 2 (SP2), Windows XP Tablet PC Edition 2005, and Windows Server 2003.
The tests requiring Internet Explorer are done with IE 32bits, as it is the version that all Vista editions have by default, even on Vista x64. The built-in firewall is left to default settings, blocking only inbound.
Leak test : Vista did not block the leaktest picture Tooleaky : Vista did not block the leaktest picture
FireHole : Vista did block the leaktest picture Yalta : Vista did not block the leaktest picture
Outbound : did not run (missing dll) PCAudit : was hanging AWFT : is crashing Thermite : injection and outbound successful, but failed to create the file 'securityfocus.htm' picture Copycat : injection and outbound successful, but failed to create the file 'exploited.txt' MBtest : did not run (missing dll) Wallbreaker : Vista did not block the leaktest picture PCAudit2 : Vista did not block the leaktest picture Ghost : Vista did not block the leaktest picture DNStester : Vista did not block the leaktest picture Surfer : Vista did block the leaktest picture Breakout : did not run/was hanging Jumper : Vista did block the leaktest picture CPIL : Vista did block the leaktest picture CPIL suite : Vista did block the leaktest PCFlank : Vista did not block the leaktest picture Coat : Vista did not block the leaktest picture Runner : Vista did block the leaktest picture OSfwbypass : Vista did block the leaktest picture ZAbypass : Vista did not block the leaktest pictureResult : 9 leaktests are blocked on Vista, 3 weren't tested due to not being compatible or because WinpCap not being installed (WinPcap 4.0 or newer is required on Vista x64), and 12 leaktests are still working despite new Vista's security features. That means that 37,5% of the leaktests are blocked either from running properly, or from making a successfull outbound leak.
If you look differently the same numbers, we can say also that 50% of the leaktests (12) only are sucessfull on Vista, so that half are blocked (12 on 24). Pick the statistic you prefer.
-------------------------------------------------------------------------------------------------
So i (HotShot) suggest you get a second firewall, I personally use Zone Alarm Free with my Windows Vista Home Premium. Works like a charm and amazingly doesn't seem to lag me. Although make sure you go into the settings and allow all the programs you commonly use like Firefox or IE etc... Zone Alarm Comes out to be the 3rd best in Leak Testing. I will post that later on, but for now, this is what vista users need to know when they are looking for firewalls.
No comments:
Post a Comment