A Small Firewall Test

Hi


the following is a test for a firewall.


http://www.pcflank.com/PCFlankLeaktest.exe


Further details are available at the link that follows.


http://www.pcflank.com/pcflankleaktest.htm


run this with both 'allow known programs' and 'report'.


The above program is not on Firewall White List. Still the data is still transmitted outside of the computer breaching the firewall, with the firewall set to 'allow known programs'!!!


The firewall asks for permission with the firewall set to 'report'. But still the data is transmitted to the pcflank server, as earlier!


Hemanth

Comments

  • Hi


    are you working to remove this bug in BD firewall?


    Hemanth

  • alexcrist
    alexcrist
    edited April 2009

    Hello Hemanth,


    What happens with PCFlankLeakTest is very simple: code injection in InternetExplorer. That test doesn't directly send data over the internet, but it injects itself into IE and uses it to send data. And because most of the times IE is allowed to access the network, the data "leaks out".


    However, this test is basically useless. It doesn't prove anything regarding the protection provided by the firewall, since IE is a legit application and can access the network as it needs.


    Code injection is not something that is under a firewall's protection area. This "leakage" area should be covered by a HIPS system. If anything, you should report this issue as a BehavioralScanner issue, not a Firewall issue.


    Also, I couldn't really test if BehavioralScanner reacts at this test, because everytime I ran it (about 5-6 times), it simply freezed and did nothing. :)


    So, bottom line: the firewall works just fine, from this point of view. If you'd block IE from accessing the network, no data will "leak" ;)


    Cris.

  • Correction: BD BehavioralScanner DOES react, as it should. :)


    It simply blocks the test.


    The test freezed because I was having a little problem with my system (it needed a reboot :rolleyes: )


    So, again: BitDefender passes the test with flying colors. :)


    Cris.

  • hnyaji
    edited April 2009

    Hi Cris


    BD anti-virus gave a warning when I tried to run the programme.


    The programme is detected as a virus (Application.Demo.Leaktest.L).


    I had to disable BD anti-virus to run the test.


    What is HIPS?


    How did you know that this programme injects a code to IE?


    thanks,


    Hemanth

  • Hi Cris


    the programme is detected as a pure virus!


    The behavioural scanner does not show a warning!


    Hemanth

  • alexcrist
    alexcrist
    edited April 2009

    Yes, it does. :)


    post-60-1240947974_thumb.jpg


    The Realtime scanner has an option to not detect Applications (potential harmful applications) and Dialers. You can find it by clicking Custom Level. Disable those alerts, and enable BehavioralScanner and Intrusion Detection System (on the Firewall Advanced Settings), and you will get the BehavioralScanner warning, as shown in my screenshot.


    BitDefender blocks the test...in multiple ways. What do you want more? :)


    Cris.

  • Hi Cris,



    I wish BD could detect the missing files and errors in installation automatically and repair them. This should solve a lot of problems with BD people currently have!


    I already have BehavioralScanner and Intrusion Detection System enabled. I got the virus warning first.


    thanks


    Hemanth

  • Well Cris,


    you have so many programmes (bottom right corner - remove them with msconfig (start - run)) taking your RAM! Your system must be very slow and this could be the reason why your PC froze!


    Hemanth

  • alexcrist
    alexcrist
    edited April 2009

    Of course the virus alerts come first. BehavioralScanner scans a process based on it's behavior, so the process has to run. But the Antivirus engine scans the files before execution.


    If BitDefender knows that a file is infected, it will obviously block it from opening. There's no need to let it run. :)


    But if it doesn't detect it as infected, it let's it open and, if BehavioralScanner is enabled, then BD "keeps an eye" on that process, and at the first wrong move it does, BD blocks it and asks for user permission.


    To disable Application and Dialer detection in realtime protection, see this:


    post-60-1240948789_thumb.jpg


    Cris.


    P.S.: All those applications I use, I use them because I need to. Those are not the reason why my PC froze. My PC didn't freeze at all, only that test had a problem. I usually reboot my system once every about 20 days, and it works like a charm everyday... and trust me, I use it at it's full power. :P