Leak & Kill Tests of Kaspersky Internet Security 6.0
Posted 18 October 2006 - 08:08 PM
What Firewall Leak Tester is testing ?
Nowadays, threats from the Internet are growing, both from the inside and the outside.
To answer to a security need from Internet users (us), security software firms have created "personal firewalls", softwares acting like real hardware firewalls, but on user's computers.
These personal firewalls have network level filtering, that we will name "network filtering", and an outbound application filtering that we will name "software filtering".
Due to the fact that most of these personal firewalls offer reasonable protection against inbound attacks coming from the Internet, we will only study here their software filtering, outbound filtering that can be stressed by Trojans which try to initiate themselves by connecting to the outside to transmit data out.
To test this software filtering feature, many leaktests (""leak"" test) exist, they are programs created by different authors, each trying to bypass the personal firewalls with his own trick.
Finally, from firewallleaktester.com definition, Kill Tests tests are termination tests, not leaktests.
A leaktest will try to bypass your firewall stealthly without attacking it, it's purpose is to hijack a trusted communication flow to go out undetected.
A termination, on the other side, is a direct and brutal firewall attack to disable it's security. All eventual subsequent network accesses will be "standard" accesses
Firewall termination defense scoreboard explanation (details column explanation in the table below)
V : This icon means that the firewall is blocking sucessfully the termination method, and possibly warns the user about it. This is the safest and most secured result.
+: This icon means either one of the following possibilities :
- the firewall interface and/or service was terminated, but the network protection was still active
- the firewall was freezing or eating all CPU, but the network protection was still active
- Windows was freezing or crashed
This result is still "safe". Some firewalls while terminated switch the traffic off, nothing can get in or out.
X : This icon means that the firewall is terminated by the termination method, and it's network security is disabled. That means that once terminated by this method, anything can send data out.
This is bad, since a malware can disable the firewall, before sending data out without using leaktests methods
Posted 19 October 2006 - 02:25 AM
Guess when the new version comes out they will have to test again.
Great that it's second on the list. Thanks for the improvements so far to the team. The users asked, and the team has proven themselves. Why would you go anywhere else.
Posted 02 February 2007 - 09:22 AM
I just tested the ghost leaktest from http://www.firewallleaktester.com/
And kis didnt catch this one
I guess that ghost test is a tough one.
you have to activate "Starting browser with parameters" in the activity analyzer settings for kis to pass it.
Posted 09 February 2007 - 07:43 PM
Edited by FadeToBlack, 09 February 2007 - 07:48 PM.
Posted 09 February 2007 - 08:47 PM
as for kav it depends what protection settings you choose, interactive or basic protection, these determine the activated modules in the proactie defense.
Posted 10 February 2007 - 01:11 AM
I am talking about Proactive Defence here though , which seems to be made only for leaktesting. I do not have doubts that in real life situations it works (from what I have seen at AV-Comparatives), but for leaktesting is a somehow easy target. The marketing department is always having work to do (as I can see both here and Agnitum), no worries there.
Edited by FadeToBlack, 10 February 2007 - 01:14 AM.
Posted 10 February 2007 - 01:24 AM
integrity control is something that's novices should not enable,
the starting browser with parameters is the only thing i can think of that only has it's value in leaktests.
Posted 10 February 2007 - 02:35 PM
Posted 10 February 2007 - 04:55 PM
Posted 10 February 2007 - 10:05 PM