--------------
Firewall Tests
--------------
I) GRC Shields UP!
------------------
- Port Test:
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests."
- Messenger Spam:
No spam was received
II) Firewall Leak Tester
--------------------------
1. LeakTest:
Passed! When Leak Tester attempted to connect, Eset firewall presented a neat prompt asking me whether to allow it to connect it or not.
2. TooLeaky:
Passed! There was no leak.
3. FireHole:
The AntiVirus module picked this up as a trojan and didn't allow to download. Since I couldn't disable the antivirus, I had to remove "EXE" from the file-types to be scanned.
Failed! FireHole was able to connect by injecting code into the Internet Explorer process, since IE was allowed to connect normally, ESS didn't prompt or alert. This however, shouldn't be a problem if you're on Vista.
4. Yalta:
Can't Say - ESS did give a allow/deny prompt , but it was too late - Yalta had already sent UDP packets. However, when "Deny" was clicked, a new rule was created and Yalta was unable to send any further packets.
5. Outbound:
Did Not run - Outbound was unable to detect the ethernet adapter, and hence was unable to work.
6. PCAudit:
Failed!
7. AWFT:
Test 1 - Failed!*
Test 2 - Failed!*
Test 3 - Failed!**
Test 4 - Failed!*
Test 5 - Failed!
Test 6 - Failed!
Note: All above tests failed on Windows XP but passed on Windows Vista.
8. Thermite:
Failed!
9. CopyCat:
Failed!
10. MBTest:
Did not run. Apparently the MAC has to be hardcoded, but the source files aren't available for download.
11. WallBreaker:
Test 1 : Failed!*
Test 2 : Failed!*
Test 3 : Failed!*
Test 4 : Failed!*
12. pcAudit
Failed!
13. Ghost
Failed!
14. DNStester
`
Failed!
15. Surfer
Failed!*
16. Breakout
Did not run. File not found.
--------------------------------
Summary of areas where ESS fails
--------------------------------
- DLL Injection / Process patching
- Launching under different context
- Timed attacks / PID Changing
- DDE based attacks
--------------------------
* = Assuming you allow Internet Explorer to connect.
** = Assuming you allow Windows Explorer to connect.
