Has anyone run these firewall leak tests?

I found this site:

http://www.firewallleaktester.com/

and downloaded all the test programs.

Some observations:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. McAfee would not save copycat.exe, saying it contained a trojan
(Generic.f), and file opr03r00.exe was deleted.

2. A McAfee virus scan reported that the following are "Potentially
Unwanted Programs" (PUPs):

Demo-Leak Test (firehole.exe)
Demo-Leaktest 12 (leaktest1.2.exe)
Outbound (outbound.exe)
Demo-Leak Test (tooleaky.exe)
Yalta, yalta.vxd (yalta.zip)

3. AdAware SE reported Spyware PC Audit as a critical program, with a
TAC reading of 10 (whatever that is).

4. Spybot S&D and CWShredder reported nothing unusual.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Is it safe to run these? (Running XP Home with both the SPs and all the
updates).

--
Ian

Re: Has anyone run these firewall leak tests?

news wrote:
> I found this site:
>
> http://www.firewallleaktester.com/
>
> and downloaded all the test programs.
>
> Some observations:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1. McAfee would not save copycat.exe, saying it contained a trojan
> (Generic.f), and file opr03r00.exe was deleted.
>
> 2. A McAfee virus scan reported that the following are "Potentially
> Unwanted Programs" (PUPs):
>
> Demo-Leak Test (firehole.exe)
> Demo-Leaktest 12 (leaktest1.2.exe)
> Outbound (outbound.exe)
> Demo-Leak Test (tooleaky.exe)
> Yalta, yalta.vxd (yalta.zip)
>
> 3. AdAware SE reported Spyware PC Audit as a critical program, with a
> TAC reading of 10 (whatever that is).
>
> 4. Spybot S&D and CWShredder reported nothing unusual.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Is it safe to run these? (Running XP Home with both the SPs and all
> the updates).

I've never been to www.firewallleaktester.com.

You can go here to run a firewall test (shields up)
http://www.grc.com/default.htm

Below the shields up test you will see a "leak test" (downloadable
application) this will show up as a trojan but it is not.(maybe the same
holds true for what you downloaded?).

--
Mike Pawlak

Re: Has anyone run these firewall leak tests?

MAP wrote:
> You can go here to run a firewall test (shields up)
> http://www.grc.com/default.htm

http://grcsucks.com

Yours,
VB.
--
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)

Re: Has anyone run these firewall leak tests?

I donwloaded leaktest1.2.exe and firehole.exe.

Leaktest1.2.exe is packed with UPX, so McAfee's heuristics might treat
unpacking code as some unwanted stuff.
The same with firehole.exe, as I see it extracts dll from resoruces (that
already seems very strange for any AV), load it using LoadLibrary and then
using GetProcAddress takes pointers to functions - heuristic might treat it
as potentially unwanted software.

--
Vladimir

"news" wrote in message
news:06PycbNjG30DFwj9@care4free.net...
>I found this site:
>
> http://www.firewallleaktester.com/
>
> and downloaded all the test programs.
>
> Some observations:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1. McAfee would not save copycat.exe, saying it contained a trojan
> (Generic.f), and file opr03r00.exe was deleted.
>
> 2. A McAfee virus scan reported that the following are "Potentially
> Unwanted Programs" (PUPs):
>
> Demo-Leak Test (firehole.exe)
> Demo-Leaktest 12 (leaktest1.2.exe)
> Outbound (outbound.exe)
> Demo-Leak Test (tooleaky.exe)
> Yalta, yalta.vxd (yalta.zip)
>
> 3. AdAware SE reported Spyware PC Audit as a critical program, with a
> TAC reading of 10 (whatever that is).
>
> 4. Spybot S&D and CWShredder reported nothing unusual.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Is it safe to run these? (Running XP Home with both the SPs and all the
> updates).
>
> --
> Ian

Re: Has anyone run these firewall leak tests?

Personally if my antivirus program reported programs as a trojan or
questionable I would not run them and delete them unless the computer is a
"test box" where you are trying things out and if bad things happen it is
not big deal because I can reboot and all changes are lost or I can
reinstall from an image quickly. I went to the link and think that the value
of the proposed test is very minimal and would not worry about it. What you
want to make sure is that your firewall is stopping inbound traffic that was
not in response to network traffic initiated by your computer known by you
or not. Popular sites such as http://scan.sygatetech.com/ can do a good job
of such. --- Steve


"news" wrote in message
news:06PycbNjG30DFwj9@care4free.net...
>I found this site:
>
> http://www.firewallleaktester.com/
>
> and downloaded all the test programs.
>
> Some observations:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1. McAfee would not save copycat.exe, saying it contained a trojan
> (Generic.f), and file opr03r00.exe was deleted.
>
> 2. A McAfee virus scan reported that the following are "Potentially
> Unwanted Programs" (PUPs):
>
> Demo-Leak Test (firehole.exe)
> Demo-Leaktest 12 (leaktest1.2.exe)
> Outbound (outbound.exe)
> Demo-Leak Test (tooleaky.exe)
> Yalta, yalta.vxd (yalta.zip)
>
> 3. AdAware SE reported Spyware PC Audit as a critical program, with a
> TAC reading of 10 (whatever that is).
>
> 4. Spybot S&D and CWShredder reported nothing unusual.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Is it safe to run these? (Running XP Home with both the SPs and all the
> updates).
>
> --
> Ian

Re: Has anyone run these firewall leak tests?

Steven L Umbach emailed this:
> Personally if my antivirus program reported programs as a trojan or
> questionable I would not run them and delete them unless the computer is a
> "test box" where you are trying things out and if bad things happen it is
> not big deal because I can reboot and all changes are lost or I can
> reinstall from an image quickly. I went to the link and think that the value
> of the proposed test is very minimal and would not worry about it. What you
> want to make sure is that your firewall is stopping inbound traffic that was
> not in response to network traffic initiated by your computer known by you
> or not. Popular sites such as http://scan.sygatetech.com/ can do a good job
> of such. --- Steve

Thanks for mentioning: http://scan.sygatetech.com

I've just used run some scans.

When I ran the 'stealth scan' I was informed about:

1) WEB 80 CLOSED
"This port has responded to our probes. This means that you are not
running any application on this port, but it is still possible for someone
to crash your computer through known TCP/IP stack vulnerabilities."

2) SOURCE PORT 4003 CLOSED
"This is the port you are using to communicate to our Web Server. A
firewall that uses Stateful Packet Inspection will show a 'BLOCKED' result
for this port."

Can someone explain the implications of these to me? (Sorry I'm a newbie).
What action -if any- should I take?

I permanently run Norton AV and Norton Internet Security and Microsoft's
AntiSpyware. I regulary scan for spyware with the latter and with both
AdAware and SpyBot. I was under the impression that this would make me
very secure. Is this me being naive?

Many thanks,

MS

Re: Has anyone run these firewall leak tests?

Try using shields up at www.grc.com Steve has a great utility you can
also download to check for leaks, it's the best site on the net for
checking your firewall





www.privacyoffshore.net
Secure Net Surfing through SSH-2 Tunnels
Free Privacy Resources and Software Downloads

Re: Has anyone run these firewall leak tests?

MS wrote:
> Thanks for mentioning: http://scan.sygatetech.com
> I've just used run some scans.
> When I ran the 'stealth scan' I was informed about:
> 1) WEB 80 CLOSED
> "This port has responded to our probes. This means that you are not
> running any application on this port, but it is still possible for someone
> to crash your computer through known TCP/IP stack vulnerabilities."
> 2) SOURCE PORT 4003 CLOSED
> "This is the port you are using to communicate to our Web Server. A
> firewall that uses Stateful Packet Inspection will show a 'BLOCKED' result
> for this port."
> Can someone explain the implications of these to me?

I'm not trusting in Sygate, but these results implicate just nothing.
No action required.

> I permanently run Norton AV and Norton Internet Security and Microsoft's
> AntiSpyware.

Sincere condolences.

> I regulary scan for spyware with the latter and with both
> AdAware and SpyBot. I was under the impression that this would make me
> very secure. Is this me being naive?

Yes.

Yours,
VB.
--
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)

Re: Has anyone run these firewall leak tests?

"(admins) privacyoffshore" wrote:
> Try using shields up at www.grc.com Steve has a great utility you can
> also download to check for leaks, it's the best site on the net for
> checking your firewall

http://grcsucks.com

Yours,
VB.
--
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)

Re: Has anyone run these firewall leak tests?

(admins) privacyoffshore wrote:
> Try using shields up at www.grc.com

That works reasonably well, is colourful although you are limited to
1000 ports at a time.

http://scan.sygatetech.com/ is better though, offering more
functionality, but less colour. And less hype (which I guess is not hard
compared to grc.com)

> Steve has a great utility you can
> also download to check for leaks,

As for 'leak tests', why should I trust Steve Gibson (the very self
opinionated author of grc.com) to not be infecting my machine?

He does not as far as I know offer the source code for his software.

At least if you use nmap, you can look at the source code yourself and
build it yourself. Even if you don't understand the source, you can bet
others have pawed over it.

> it's the best site on the net for
> checking your firewall

That is a matter of opinion, and not one I share.

The site is a good example of someone who is *really* self opinionated.

> www.privacyoffshore.net
> Secure Net Surfing through SSH-2 Tunnels
> Free Privacy Resources and Software Downloads
>

The problem with *many* of these site (like
http://www.privacyoffshore.net/) is that they fail to tell you they can
monitor what you do. Why should I trust them? They say they keep no
logs, but why should I believe them? As someone who runs a web server, I
find it hard to believe you can manage web servers properly without
doing at least some logging.

I know of a public http proxy. Some sites, like the BBC in the UK know
its IP address and stop you using the site.

As for utilities to securely delete files, or encrypt them. Why should I
trust them, unless the source is public and open to expert scrutiny?

Same with password generators.

Sites like http://www.privacyoffshore.net/ and grc.com play on your
fears to extract money from you.
--
Dave K

http://www.southminster-branch-line.org.uk/

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)

Re: Has anyone run these firewall leak tests?

Dave (from the UK) wrote:

> Sites like http://www.privacyoffshore.net/ and grc.com play on your
> fears to extract money from you.

And I should have added that if you don't have the fears to sart with,
they will put them into you.

--
Dave K

http://www.southminster-branch-line.org.uk/

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)