Posted by Virus Bulletin on Dec 7, 2006
Leakage review puts Comodo, Jetico way ahead of field.
An in-depth study subjecting 23 different personal firewall products to a range of leak tests has granted two free products, Comodo Personal Firewall and Jetico Personal Firewall, the only 'excellent' ratings in the field. Behind them are the popular ZoneAlarm PRO and Trend Micro's PC-cillin Internet Security, both rated 'very good'.
Kaspersky and Lavasoft products are in the 'good' category, as is Outpost, despite being accused of cheating. Meanwhile Sunbelt and Norton are in the 'poor' group and McAfee alongside Sygate under 'very poor'. The level of protection offered by products from CA, BitDefender, F-Secure, Panda and AVG, among others, is described as 'none'. At the bottom of the class, with a score of zero, is of course the Windows XP SP2 built-in firewall, which only protects against inbound attacks.
The tests were designed and carried out by a small group of researchers led by David Matousek and published at matousec.com. Their methodologies have come in for some criticism, particularly concerning treatment of integrated products combining firewalls with anti-malware; many such products picked up on the suspicious behaviour of the leak tests themselves, and had to have their anti-malware modules disabled to complete the testing. Some vendors have suggested that this impairs performance, as their firewalls are intended to work in conjunction with malware blocking without unnecessary overlapping.
Results of the tests were released last week, and responses from several vendors have begun to be posted on the results site. These can be viewed, along with detailed results, a description of the testing methodology and many of the test programs used, here. Further firewall testing is planned.
Elsewhere in the firewall world, heise security reports that a bug in the Convert-UUlib Perl library, discovered in April 2005, was left unpatched in its implementation in the Barracuda firewall until a very recent update. The vulnerability left Barracuda users at risk of remote access attacks for the full 20 months. heise's report is here, and details from the researcher who found the hole are here.
Posted on 07 December 2006 by Virus Bulletin