E
elaich
After failing many tests at firewallleaktester.com running Sygate Free, I
dug into the old 2 firewalls subject again. I am pleased to announce that
I passed 22 of the 23 tests there using a combination of three freeware
programs.
I decided to use good old Kerio 2.1.5, mainly because I am completely
familiar with it, and because of the ability to write detailed, specific
rules.
The first firewall I tried next to Kerio was Outpost Free. Oh oh, bad
combination. BSOD, unexplained crashes.
I then tried Sygate Free next to Kerio. No problems, and Sygate seemed to
pick up a few things that Kerio missed. It may also catch the Kerio
fragmented packets exploit, which I believe to be irreleavant, since it
has never been documented in the wild.
Yet, the combination was not complete. I still failed several of the
tests, mainly the process injection types.
Add System Safety Monitor. This app monitors all attempts to launch
processes, and learns from your answers to the prompts. This was the
ticket to intercept those process injection baddies.
With this combination, here are the results of all 23 tests at
firewallleaktester.com:
LeakTest: Blocked.
TooLeaky: Blocked by Kerio with a notice that Internet Explorer has
changed since I last used it. (I block IE by default, as I use Firefox.)
FireHole: Caught by System Safety Monitor.
Yalta: Blocked.
Outbound: Applies only to LANs. N/A.
PCAudit: Blocked.
AWFT - Test 1: Caught by Sygate, and I was queried.
AWFT - Test 2: Caught by System Safety Monitor.
AWFT - Test 3: Blocked.
AWFT - Test 4: Caught by System Safety Monitor.
AWFT - Test 5: Caught by System Safety Monitor.
AWFT - Test 6: Caught by System Safety Monitor.
Thermite: Blocked by Kerio.
Copycat: Caught by System Safety Monitor.
MBTest: Caught by System Safety Monitor.
Wallbreaker- Test 1: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
Wallbreaker- Test 2: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
Wallbreaker- Test 3: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
Wallbreaker- Test 4: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
PCAudit2: Caught by System Safety Monitor. Failed if allowed.
Ghost: Caught by System Safety Monitor. Blocked by Kerio if allowed.
DNSTester: Failed.
Surfer: Caught by System Safety Monitor. Blocked by Kerio if allowed.
As you can see, the only failure was DNSTester. I'm not sure if this is
even something to be concerned with. I can block it by turning off the
W2K DNS Lookup service, but then I can't surf, so....
I'm very satisfied with this setup, and it runs very cleanly with no
problems. SSM is a pain at first, because it has to learn from your
responses. Yet, it seems very much worth the little initial trouble of
setting it up. And it's all FREE.
dug into the old 2 firewalls subject again. I am pleased to announce that
I passed 22 of the 23 tests there using a combination of three freeware
programs.
I decided to use good old Kerio 2.1.5, mainly because I am completely
familiar with it, and because of the ability to write detailed, specific
rules.
The first firewall I tried next to Kerio was Outpost Free. Oh oh, bad
combination. BSOD, unexplained crashes.
I then tried Sygate Free next to Kerio. No problems, and Sygate seemed to
pick up a few things that Kerio missed. It may also catch the Kerio
fragmented packets exploit, which I believe to be irreleavant, since it
has never been documented in the wild.
Yet, the combination was not complete. I still failed several of the
tests, mainly the process injection types.
Add System Safety Monitor. This app monitors all attempts to launch
processes, and learns from your answers to the prompts. This was the
ticket to intercept those process injection baddies.
With this combination, here are the results of all 23 tests at
firewallleaktester.com:
LeakTest: Blocked.
TooLeaky: Blocked by Kerio with a notice that Internet Explorer has
changed since I last used it. (I block IE by default, as I use Firefox.)
FireHole: Caught by System Safety Monitor.
Yalta: Blocked.
Outbound: Applies only to LANs. N/A.
PCAudit: Blocked.
AWFT - Test 1: Caught by Sygate, and I was queried.
AWFT - Test 2: Caught by System Safety Monitor.
AWFT - Test 3: Blocked.
AWFT - Test 4: Caught by System Safety Monitor.
AWFT - Test 5: Caught by System Safety Monitor.
AWFT - Test 6: Caught by System Safety Monitor.
Thermite: Blocked by Kerio.
Copycat: Caught by System Safety Monitor.
MBTest: Caught by System Safety Monitor.
Wallbreaker- Test 1: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
Wallbreaker- Test 2: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
Wallbreaker- Test 3: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
Wallbreaker- Test 4: Caught by System Safety Monitor. Blocked by Kerio if
allowed.
PCAudit2: Caught by System Safety Monitor. Failed if allowed.
Ghost: Caught by System Safety Monitor. Blocked by Kerio if allowed.
DNSTester: Failed.
Surfer: Caught by System Safety Monitor. Blocked by Kerio if allowed.
As you can see, the only failure was DNSTester. I'm not sure if this is
even something to be concerned with. I can block it by turning off the
W2K DNS Lookup service, but then I can't surf, so....
I'm very satisfied with this setup, and it runs very cleanly with no
problems. SSM is a pain at first, because it has to learn from your
responses. Yet, it seems very much worth the little initial trouble of
setting it up. And it's all FREE.