Home / Comodo Firewall Pro - Leak Test

What is Firewall Leak Testing?

Everyday, Internet users are being exposed to a lot of ubiquitous malware programs without their knowledge. Firewalls form the first line of the defense to answer to these threats. Network filtering and outbound application connection filtering are the two essential components that a robust and secure personal firewall must have, that most of the personal firewalls currently in the market claim to provide in some form. Unfortunately, malware programs are evolving rapidly. Many of such programs employ very advanced techniques to conceal their malicious activities so that they easily bypass the standard protection mechanism provided by the most personal firewalls. These techniques are commonly known as "leaks".

Comodo Firewall Pro has been tested against the full range of available leak testing software and has a 100% detection rate. Read the results for yourself by downloading 'Comodo Firewall Pro vs Leak Tests (pdf)'

Explanation of the different of "Leak" techniques or vulnerabilities fraudsters can use to compromise you PC.

There are many techniques that leak tests employ to break personal firewalls' standard protection mechanisms. The following list explains the different types of threats used by leak testing software.

Substitution

This technique tries to present itself as a trusted application by renaming itself to a commonly known, safe application such as iexplore.exe. As a result, firewalls that do not verify application signatures fail to detect such attempts.

Related Trojans

W32.Welchia.Worm, The Beast

Related Leak Tests

LeakTest 1.2

Launching (Parent Substitution)

With this technique, a program launches a trusted program by modifying its startup parameters such as command line parameters, to access the Internet. This type of penetration bypasses the firewalls that do not apply parent process checking before granting the internet access.

Related Trojans

W32.Vivael@MM

Related Leak Tests

Tooleaky, FireHole, WallBreaker, Ghost, Surfer,Jumper

DLL Injection

Being one of the most commonly used techniques by Trojans, this method tries to load a DLL file into the process space of a trusted application. When a DLL is loaded into a trusted process, it acts as the part of that process and consequently gains the same access rights from the firewall as the trusted process itself. Firewalls that do not have an application component monitoring feature fail to detect such attacks.

Related Trojans

The Beast, Proxy-Thunker, W32/Bobax.worm.a

Related Leak Tests

PCAudit, FireHole, PCAudit v2

Process Injection

This technique is the most advanced and difficult to detect penetration case that the most of the personal firewalls still fail to detect although it is used by Trojans in the wild. The attacker program injects its code into process space of a trusted application and becomes a part of it. No DLL or similar component is loaded that almost every personal firewall fails to detect this completely.

Related Trojans

Flux trojan

Related Leak Tests

Thermite, CopyCat

Default Rules

When a personal firewall is installed, by default, it tries to allow some vital specific traffic such as DHCP, DNS, netbios etc. not to interrupt the useful network activity. Doing so blindly may cause malicious programs to exploit these rules to access the Internet.

Related Trojans

Unknown

Related Leak Tests

Yalta

Race Conditions

While filtering the Internet access requests per application, personal firewalls need the process identifier (pid) of a process to perform its internal calculations. Attacker programs may try to exploit this fact by changing their process identifiers before personal firewalls detect them. A robust personal firewall should detect such attempts and behave accordingly.

Related Trojans

Unknown

Related Leak Tests

Ghost

Own Protocol Driver

All network traffic in Windows operating systems are generated by TCP/IP protocol driver and its services. But some Trojans can make use of their own protocol drivers to bypass the packet filtering mechanism provided by personal firewalls.

Related Trojans

Unknown

Related Leak Tests

Outbound, Yalta (test avancé), MBtest

Recursive Requests

Some system services provide interfaces to applications for common networking operations such as DNS, Netbios etc. Since using these interfaces is a legitimate behavior, a Trojan can exploit such opportunities to connect to the Internet.

Related Trojans

Unknown

Related Leak Tests

DNSTester

Windows Messages

Windows operating system provides inter process communication mechanism through window handles. By specially creating a window message, a Trojan can manipulate an application's behavior to connect to the Internet.

Related Trojans

Unknown

Related Leak Tests

Breakout1

It is very important to test any personal firewall with its "out of the box" settings. A personal firewall may claim to provide the protection against leaking attempts while it fails to catch some of them with its default settings. Due to the fact that very few of the personal firewall users are able to know the correct configuration settings suitable for their system; and/or the required configuration settings are too noisy i.e. generating too many needlessly alarming alerts, users actually do not / can not have enough protection. Comodo Firewall Pro comes already preconfigured to enable this high level of protection without having to do anything, (of course, manual configuration is an option).

Protect yourself now with Comodo Firewall Pro



About CFP

Comodo Firefall Distributor

What Is Malware?

Comodo uses the term Malware to define all malicious applications including:

  • Viruses

  • Spyware

  • Trojans

  • Rootkits

When you see the term Malware, it could be one - or more than one - of these terms.
Comodo offers the Free Firewall software that helps block Malware from your machine before it can install itself.
Download firewall software