I believe most leak test sites lead the user to believe that you should buy
the firewall that does the best at "blocking outbound."
Agreed. As we also agree that this is not a correct conclusion.
Leak test sites often don't make it clear that once malware is on the computer, your
personal firewall is toast.
Ack.
Personal firewalls can't block malware on your system, but leak test sites tend to make
users think that the right ones can.
Yes, that's bad.
On the other hand, personal firewalls can alert you to the existence of
spyware, adware and some malware like viruses.
It can detect a few non-clever ones, yes. But as you also said: "Once
malware is in, your computer is toast". And catching these few ones
lead to a false sense of security for novices - and that's dangerous.
Things like antivirus, network IDS, SSL, SSH, PGP, DEP execution prevention,
etc. aren't 100% foolproof, they can be evaded and fooled. And yet they
are frequently used, because they help reduce your risk.
Yes, but well knowing that things like IDS and anti-virus products are
also not too reliable, at least they are trying to stop things before
they do any harm. Trying to control malware that is already running is
just plain stupid. And users should know that.
Most security countermeasures only reduce risk, not eliminate risk.
True to some extent. There is however something about security. One
can gain 100% security against a specific threat. Let's say a
vulnerability is found in a specific network service. If you stop
running that service you are 100% protected against that threat. And
IMO for something to be considered a security meassure it has to at
least be reliable to a certain high degree (like inbound control can
be for example). Outbound control is not worthy of being considered a
security meassure, IMHO.
That doesn't make them worthless.
Nearly. And dangerous, because novices are led to believe they are
protected - fooled by the product vendors marketing departments.
Some products are even dangerous because they add new vulnerabilities
to your computer that you would not have without them.
Examples:
* The witty worm - targeting only computers running a specific PFW.
* The SelfDoS attack - targeting only computers running specific PFW's
with a faulty IDS implementation.
* Bad design - some PFW's have severe design errors by not following
MS's most basic recommendations for windows security - thereby
allowing restricted users to gain administrative rights. And since
this is by design, it is not something that can be fixed without
rewriting. Specific PFW's have, for example had this error for several
years - making it completely useless within a coorporate environment.
And, in principle, allowing malware to gain administrative rights by
itself, leading to a complete compromise - even though I am not aware
of any actual reports about that - yet.
There are many other examples. Just go google for personal firewall
vulnerability - you may be surprised.
If these were just ordinary applications I would'nt make much fuss
about it, but these companies claim to be in the security business.
They better start proving themselves worthy.