imapx2 2007-7-7 12:06 AM
防火墙评测
Result tableIn the table below, products and leak-tests are sorted lexicographically. Explanation of used symbols[img]http://www.matousec.com/blue-grey/leak-tests/res_OK.gif[/img] - The tested product passed the test on its default settings (125 points).
�D2l�e0T�J+m�v
[img]http://www.matousec.com/blue-grey/leak-tests/res_OO.gif[/img] - The tested product failed the test on its default settings but passed on its highest security settings (100 points).
�i�I9|�c�f)n�t
[img]http://www.matousec.com/blue-grey/leak-tests/res_KO.gif[/img] - The tested product failed the test. (0 points)7E�h�y*o�b�J�b�o
X/Y - Some tests are more complex because they consist of multiple subtests. Such complex tests have (?/MAX) in their name where MAX is the number of subtests (i.e. the maximum number of subtests the firewall can pass). Results for each firewall are presented as X/Y - a green and a blue number separated by a slash. If any number is omitted, it means it is zero. If both numbers are zero, a red minus sign is displayed. X (the green one) is the number of subtests the tested product passed on its default settings, Y (the blue one) is the number of subtests the firewall failed on its default settings, but passed on its highest security settings. The remainder (MAX - X - Y) is the number of subtests which firewall failed on either settings. [b]For example, if a complex test has (?/10) in its name, the result 3/5 means that the firewall passed 3 subtests on its default settings, failed 5 subtests on its default settings, but passed these subtests on its highest security settings, and that it failed on the remaining 2 (10 - 3 - 5 = 2) subtests on either settings.[/b] The final score for the firewall for the one complex test is equal to X*125 + Y*100.
�q(B&Z&Q a�e�e�l2~�H
�M�u5i0]�h+E4j�k
[attach]562[/attach]
�h4B�l"D(H�H
4G%p%S,c�\
Firewalls' ratingsThe table below sorts the tested firewalls by their final score. This table also shows the exact version of every tested product. 1L/^)f
U
q1I�I�m0V�} H(]
"g&{)u.M;l�m2D
[attach]563[/attach]:h�H/S9u6}�F
�\�\�D:O c�`
Interpretation of results[b]The clear winners of our tests are Comodo Firewall Pro 2.4.18.184 and Jetico Personal Firewall 2.0.0.28 beta.[/b] Whilst Comodo is the best on its highest security settings, Jetico has the best default settings configuration. On the highest security settings, Comodo passed all leak-tests, Jetico failed against [i]Breakout[/i] and [i]pcAudit[/i]. [b]These results are excellent! What is more, both firewalls are still in development and we can expect that they will pass all tests in their future versions.[/b] Congratulations! Another important result of our tests is firewall scoring against [i]FPR[/i]. [i]FPR[/i] stands for [i]Fake Protection Revealer[/i]. This leak-test was implemented to reveal cheating on leak-tests. [b]Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating.[/b] It passes all leak-tests except [i]FPR[/i] because of the implementation of user mode hooks (ring3) for security purposes. Our article [url=http://www.matousec.com/projects/windows-personal-firewall-analysis/design-ideal-personal-firewall.php][color=#0066cc]Design of ideal personal firewall[/color][/url] clearly says that ring3 hooks can not be used for security critical features. [i]FPR[/i] does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. [b]This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware.[/b] The vendor of Outpost [url=http://www.agnitum.com/r/outpost/leaktests/][color=#0066cc]claims[/color][/url] that Outpost is strong against the malware on this field but the reality is quite different. Another firewalls that implements fake protection using user mode hooks only to bypass some leak-tests are Privatefirewall 5.0.8.11, Lavasoft Personal Firewall 2.0.1019.7604 (700) and Online Armor Personal Firewall 2.0.1.190. Other firewalls that use ring3 hooks improperly are Sunbelt Personal Firewall 4.5.916 and Look 'n' Stop 2.05p2. However, their hooks did not affect their test results that much. And unlike Outpost, their hooks were not implemented to mislead the end-users. Seventeen of the tested firewalls were marked with Very poor or None anti-leak protection. This result is quite worrying because it shows that even today, when the malware programs are very sophisticated, still [b]a lot of vendors simply do not care about the outbound connection control seriously[/b]. �z$b�k"b;N�g0]
9f)p
{+}%j4y(_�~
[url=http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#contents][img]http://www.matousec.com/blue-grey/arrow_up.gif[/img][/url]
�q�t9i,]�F
d�q
e
Curiosities and interesting notesSome firewalls totally failed tests made against their default settings but their results on the highest security settings were much better. Norton Internet Security 2007 is the product with the biggest difference between the default settings score and the highest security settings score. Another such product is Safety.Net. Some products like BitDefender, F-Secure, McAfee, Panda, etc. include antivirus engines. [b]The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware.[/b] The better engines mark leak-testing software only as potentially unwanted software, which is much better, but still it seems that these products worry about leak-tests. Why? To perform our tests against these products we had to switch antivirus engines of such products off to get real results of their anti-leak protection. Such behaviour can be also marked as cheating on leak-tests. [b]Fortunately, it was always possible to disable the antivirus protection.[/b] [b]The most successful leak-tests was [i]OSfwbypass[/i].[/b] It failed only against seven firewalls on its own and only against five when run via [i]FPR[/i]. Good job! Another very successful leak-tests were [i]Breakout[/i], [i]3rd test of CPILSuite[/i] and [i]PCFlank[/i]. [b]The least successful leak-test was [i]LeakTest[/i].[/b] It was able to score only against Windows XP SP2 firewall and against the default settings of a few other firewalls. Testing Blink with FPR was not easy. [b]Blink implements hundreds of user mode hooks in very unusual way.[/b] FPR was implemented to fix hooks that are at most 12 bytes long. We had to make a special compilation of FPR to be able to run it against Blink. Testing ZoneAlarm Pro 7.0.337.000 was also a difficult task in some cases. ZoneAlarm implements anti-spyware scanning engine that we were not able to disable in its graphic user interface. [b]When every single component of ZoneAlarm was turned off, some leak-tests were still forbidden to run.[/b] This was both weird and unpleasant. Why there was no chance for users to make their own decision? Anyway, some advanced techniques were used to bypass anti-spyware protection of ZoneAlarm and thus finally, all tests were performed successfully. [b]Another strange thing with ZoneAlarm is that it might seem that it passes PCFlank test, but in fact it does not.[/b] This leak-test tries to establish network connection with [font=NSimsun]www.pcflank.com[/font]. ZoneAlarm invisibly includes this Internet address in its Spy Site Blocking list. So, if PCFlank contacted another website instead of the original one, it would bypass the protection. ZoneAlarm does not block the technique PCFlank presents, it blocks the target website which is harmless in fact.
�j7C�S�R7U�k
b
n*t&j*C1v�K�u9B*s
[url=http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#contents][img]http://www.matousec.com/blue-grey/arrow_up.gif[/img][/url]
v
P [)D�Z9d s;b"[
Vendors' responsesWe have received responses on our leak-tests from these vendors: Agnitum Ltd. - the vendor of Outpost Firewall PROAgnitum strongly disagreed with our interpretation of FPR results. They have published [url=http://outpostfirewall.com/forum/showthread.php?t=19459][color=#0066cc]two documents[/color][/url] in response to our tests. Although features implemented in Outpost using user mode hooks works against known leak-tests in the first place, Agnitum claims that the usage of this technique is necessary in Windows personal firewall products in general. The fact that many concurrent products do not implement user mode hooks is not mentioned. There are lots of technical mistakes, or at least misleading informations, in [url=http://outpostfirewall.com/forum/attachment.php?attachmentid=4174][color=#0066cc]the second document[/color][/url] Agnitum published. For example, the fact that user mode hooks can not be implemented securely is obscured behind proclamations that kernel mode hooks can be unhooked too. We agree that kernel mode hooks can be unhooked. However, unlike user mode hooks, it is possible to prevent their unhooking. A good personal firewall solution should be able to prevent unhooking of its kernel mode hooks. Comodo Group - the vendor of Comodo Personal FirewallComodo Group expressed their great enthusiasm about our results, which is understandable because their results were marked as excellent. As a result, they have published their own [url=http://www.comodogroup.com/news/press_releases/04_12_06.html][color=#0066cc]press release[/color][/url] about our results. We were also informed that the latest beta version of Comodo Personal Firewall is able to stop the Coat leak-test, which was the only test that its older version failed. Since version 2.4.16.174 Comodo firewall has passed the [i]Coat[/i] leak-test. F-Secure Corporation - the vendor of F-Secure Internet SecurityWe have received an information from F-Secure that the results for F-Secure Internet Security can be highly improved if the real time protection is on and leak-testing programs are put into the exclusion list. Protection features of F-Secure Internet Security are connected and if the real time protection is disabled, not only antivirus engine is off but many other features are disabled too. This is why we have installed F-Secure Internet Security again, configured it in a way its vendor recommended, and retested against all leak-tests. Grisoft - the vendor of AVG Anti-Virus plus FirewallThe firewall in AVG was not implemented to fight leak-testing techniques, its main purpose is to protect users from inbound attacks. This is the response we have received from Grisoft: As a part of the integrated solution, AVG firewall focuses mainly on the protection from the outbound attacks. The user is protected from malicious applications by the on-access AVG anti-malware scanner.
-F�x'N)y�E�t
�L-r�[�^�O�D
AVG firewall has been designed to be a light-weight, hassle-free product that complements our anti-malware protection. For this reason, it is not possible to install it as a stand-alone program. ISecSoft, Inc. - the vendor of ProSecurityISecSoft intends to improve the protection against leak-testing techniques in next version of ProSecurity. Jetico, Inc. - the vendor of Jetico Personal FirewallThe following is a part of the response we have received from Jetico Support Center: We do appreciate Matousec.com testing efforts. Independent firewall testing helps us to make better products. Kaspersky Lab - the vendor of Kaspersky Internet SecurityKaspersky Lab takes leak-testing seriously. We have received an information that next versions of Kaspersky Internet Security should be able to fight leak-tests even better. McAfee, Inc. - the vendor of McAfee Internet Security SuiteMcAfee does not approve testing with disabled virus protection. If the antivirus engine is enabled, some of the leak-tests are marked as trojan horses and removed without any chance to run them, others are marked as potentially unwanted, these can be added to the [i]Trusted Programs[/i]. However, in the real situations of pointed attacks it is highly probable that the antivirus engine would not be able to detect the attacking malware because there will not be any known patterns in its code. This is why results with enabled antivirus engine would not reflect the real life scenario. This is a part of the response we have received from McAfee: Please note that we catch a significant number of leak tests via our anti-virus engine as well as through heuristics, not the firewall. 1m'W
~�a�q
�i�v�L/E�d(O
Separating out the firewall from the rest of suite is not the correct way to test McAfee's accuracy. The suite has combined functionality and it's designed to be tested as one entity. #N�@�\�t(z�R!`�F�a
�R s,P9Q8w�u7k!D
Separating and testing the firewall misleads consumers. If they buy our Internet Security Suite, our detection rates would improve.
"k�F�y�]�P�P
t�@ ~�_
�J(x�L.O�R�{
It's also important to point out that consumers cannot actually buy the firewall separately so your scenario is not valid. We would appreciate a correction so consumers are not mislead. PWI, Inc. - the vendor of PrivatefirewallHere is the response we have received from this vendor: Though we are generally pleased with the results, we are committed to continuous improvement of all aspects of our products, and will attempt to address the areas where we did not perform flawlessly, including the Coat and CPIL Suite tests. As for the FPR test, we agree that kernel-mode hooks are preferable over user-mode hooks and are planning to incorporate more kernel-mode hook protection in our Vista-compliant update, which should be released in the next several months. Soft4Ever - the vendor of Look 'n' StopImmediately after the notification, we have received the information that our results could be improved for Look 'n' Stop. Our results for this product were affected by its incompatibility with the Windows DEP. On the vendor's recommendation, we have retested Look 'n' Stop with disabled DEP and advanced protection enabled and updated its results. Sunbelt Software - the vendor of Sunbelt Kerio Personal FirewallWe have received an email that our results will be examined as soon as possible. However, we have not received any more responses since then. Symantec Corp. - the vendor of Norton Personal FirewallWe have received an email that our results will be reviewed by the the product team soon. However, we have not received any more responses since then. System Safety Limited - the vendor of System Safety MonitorHere is the response we have received from this vendor: We are very glad to see that Matousec performs systematic independent testing of anti-malware programs. This is a very important mission in our times when almost every vendor simply claims to be 'an industry leader' :). We are pretty satisfied with our score even though it is not the highest one. We take the test results very serious and will definitely take the negative results into account in our development plans related to SSM. Thanks a lot for your efforts! Tall Emu Pty Ltd - the vendor of Online Armor Personal FirewallHere is the response we have received from this vendor: Thanks for the test results - we're pleased to debut on your tests almost in the top 5 with our first firewall release. Already, we have started work to pass more of the tests and a new release with even better results should come shortly.
�Q%o+b
Q�d�v�u�j�V!w
2J�o�d4O G
n�C
[url=http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#contents][img]http://www.matousec.com/blue-grey/arrow_up.gif[/img][/url]
�y�N�W�{�X2`�A�O�[
t�e�D
Events and updates[list][*][b]2007-06-18[/b]: A response from Tall Emu Pty Ltd, the vendor of Online Armor Personal Firewall, has been added.[*][b]2007-06-10[/b]: We have received a response from ISecSoft, Inc., the vendor of ProSecurity.[*][b]2007-06-09[/b]: Three new personal firewalls have been leak-tested today:[list][*]Online Armor Personal Firewall 2.0.1.190[*]PC Tools Firewall Plus 2.0.0.25[*]ProSecurity 1.30[/list]The best score among these three products belongs to Online Armor Personal Firewall 2.0.1.190 with its [i]Very good[/i] 8000 points. This products improperly uses user mode hooks to pass four of the more advanced leak-tests, but the most of the situations are handled safely. The second best score today has been achieved by ProSecurity 1.30, which is presented as a Host Intrusion Prevention System (HIPS) rather than a personal firewall by its vendor. Its leak-testing score is 6500 points, which we mark as a [i]Good[/i] level of anti-leak protection. This product does not pass more advanced leak-tests and also misusing trusted process for leaks is a problem for ProSecurity. On the opposite side of the security field stands PC Tools Firewall Plus 2.0.0.25. Its score is 2625 points and so its protection against leaking techniques is [i]Very poor[/i]. This personal firewall offers only a very basic protection that can be easily bypassed. 6?�@.F"o�|�T2o�m
[*][b]2007-05-24[/b]: We have tested new versions of six already tested products:[list][*]Comodo Firewall Pro 2.4.18.184[*]Kaspersky Internet Security 7.0.0.119[*]Lavasoft Personal Firewall 2.0.1019.7604 (700)[*]Norton Internet Security 2007 10.2.0.30[*]Sunbelt Personal Firewall 4.5.916[*]Trend Micro PC-cillin Internet Security 2007 15.30.1151[/list]The new versions of Comodo Firewall Pro and Sunbelt Personal Firewall do exactly the same job against leak-tests as its previous versions, for Comodo it means 9475 points, for Sunbelt it is 5200 points. Better score than before were achieved by the new versions of Kaspersky Internet Security and Lavasoft Personal Firewall. Kaspersky Internet Security 7 is not publicly available yet, we were asked to leak-test the internal version 7.0.0.119 by its vendor. Older version of this product scored 7950 points, Kaspersky Internet Security 7.0.0.119 scores 8375 points. A very special case is Lavasoft Personal Firewall, which is based on the engine of Outpost Firewall PRO. Although, Lavasoft Personal Firewall 2.0.1019.7604 (700) implements the same unsecure user mode hooks as Outpost, it offers much better protection against leak-tests because it adds extra layer of kernel protection for many methods that Outpost defends only in the user mode. The new score for Lavasoft is 8500 points, which is a [i]Very good[/i] level of anti-leak protection. Its older version 1.0.543.5722 (433) scored only 6500 points. On the other side is Symantec. Previously, we have leak-tested its standalone firewall product Norton Personal Firewall 2006. Today, we present results for Norton Internet Security 2007. Where Norton Personal Firewall 2006 scored 4600 points, which was marked as a [i]Poor[/i] anti-leak protection, Norton Internet Security 2007 10.2.0.30 scores only 3100 points, which is a [i]Very poor[/i] anti-leak protection. A little correction of anti-leak score was made in case of Trend Micro PC-cillin Internet Security. Its previous score was 7500 points, which was probably measured incorrectly. Its new score is 7000 points, a [i]Good[/i] level of anti-leak protection, which we believe to be its real score.
_-b*M3g.f�y�b
[*][b]2007-04-16[/b]: A response from System Safety Limited has been added.[*][b]2007-04-15[/b]: We have made quite a big update on our leak-testing journey. We have tested six new products and retested new versions of ZoneAlarm Pro and Jetico Personal Firewall. Results for these products and versions were added:[list][*]Blink Personal Edition 3.0.8.1496[*]Dynamic Security Agent 1.0.8.8[*]Ghost Security Suite [BETA] 1.110[*]Norman Personal Firewall 1.42[*]SensiveGuard 1.06[*]System Safety Monitor 2.4.0.617 beta[/list]Although System Safety Monitor and Ghost Security Suite (aka AppDefend) are not typical personal firewalls, they do quite a good job against leak-testing techniques. Dynamic Security Agent is a free cousin of Privatefirewall and it is the third best free solution against leak-testing techniques in our list. On the other hand, Blink Personal Edition, Norman Personal Firewall and SensiveGuard are very weak. Jetico Personal Firewall 2.0.0.28 beta newly passes pcAudit test and thus improved its old score of 9125 points to the excellent result of 9375 points. ZoneAlarm Pro 7.0.337.000 scores 8600 points, which is a [i]Very good[/i] result. The older result of ZoneAlarm, 8850 points, was incorrect. ZoneAlarm have never passed [i]3rd test of CPILSuite[/i]. We apologize for this mistake. Finally, it seems that the original design of this page, especially of the result table, is insufficient.
._
b8w�I N v�z5c�O�Z
[*][b]2007-03-13[/b]: Recently, we have received a suggestion to leak-test free versions of some commercial products. We have tested three such products today. Results for these products and versions were published:[list][*]Jetico Personal Firewall 1.0.1.61 Freeware[*]Outpost Firewall Free 1.0.1817.1645[*]ZoneAlarm Free 7.0.302.000[/list]We can see that in case of Outpost and ZoneAlarm, the differences between paid and free versions are enormous. The final score for Outpost Firewall Free 1.0.1817.1645 is 1000 points, which means this product does not implement anti-leak protection at all. The score of ZoneAlarm Free 7.0.302.000 is 1500 points, which we mark as a [i]Very poor[/i] anti-leak protection, and it also means that this product does not protect its users against leaks at all. On the other side is Jetico. Its free version called Jetico Personal Firewall 1.0.1.61 Freeware scores 7750 points, a [i]Very good[/i] level of anti-leak protection, but the new version 2, which is in beta now and will be commercial, is still better. �c3S#W�p7U�K,M"]�D
[*][b]2007-03-12[/b]: We have retested the new version of Sunbelt Kerio Personal Firewall. Its vendor improved its anti-leak protection a little bit. Sunbelt Kerio Personal Firewall 4.3.635 scores 5200 points, which we mark as a [i]Poor[/i] level of anti-leak protection. The older version of Kerio scored 4825 points. However, Sunbelt Kerio still uses improper user mode hooks to fight many leak-tests. We will bring more new leak-tests soon.[*][b]2007-02-15[/b]: Yesterday's results of Kaspersky Internet Security 6.0.2.614 have been updated, KIS is able to pass DNStester with proper configuration and even if run via FPR. This means extra 200 points for KIS and its score is 7950 now. We apologize for any inconvenience.[*][b]2007-02-14[/b]: New results for Kaspersky Internet Security. Version 6.0.2.614 scores 7750 points, which we rate as a [i]Very good[/i] level of anti-leak protection, whilst its older version scored only 7450.[*][b]2007-02-09[/b]: We have leak-tested a new version of ZoneAlarm PRO. ZoneAlarm PRO 7.0.302.000 is better against leak-tests than its older 6.5 series. The score of the older version was 8250 points, the score of the version 7.0.302.000 is 8850 points, which is still a [i]Very good[/i] anti-leak protection.[*][b]2007-01-27[/b]: New results for Outpost Firewall PRO were published. Outpost Firewall PRO 4.0 (1007.591.145) is worse against leak-tests than its older version. The previous score of this product was 6675 points, the new score is 6550 points, which is still a [i]Good[/i] level of anti-leak protection. Its attempt to pass FPR test failed. You can read more about it in our [url=http://www.matousec.com/matousec/blog.php?blog=64-The_interception_of_the_test_did_not_fix_the_problem][color=#0066cc]article[/color][/url].[*][b]2006-01-26[/b]: A response from PWI, the vendor of Privatefirewall, has been added.[*][b]2007-01-24[/b]: New results for Comodo Firewall Pro (former Comodo Personal Firewall) were published. Comodo Firewall Pro 2.4.16.174 is able to stop all available leak-tests. The previous score of this product was 9350, the new score is 9475, the great results and an [i]Excellent[/i] level of anti-leak protection.[*][b]2007-01-12[/b]: Results for these products and versions were published:[list][*]Ashampoo FireWall Pro 1.14[*]Avira Premium Security Suite 7 build 98[*]Privatefirewall 5.0.8.11[/list][*][b]2007-01-04[/b]: Kaspersky Internet Security 6.0.1.411 was tested and its results have replaced results of Kaspersky Internet Security 6.0.0.303. The result of older version was 6350 points, which was marked as a [i]Good[/i] level of anti-leak protection. Newer version is much better against leak-tests on its default settings, on its highest security settings it is able to pass PCFlank test. Kaspersky Internet Security 6.0.1.411 scores 7450 points, which still is a [i]Good[/i] level of anti-leak protection.[*][b]2007-01-04[/b]: We have updated the result for Look 'n' Stop 2.05p2, for which its vendor released a patch. The patched version passes the Coat test. The score of unpatched version was 4675, the new score is 4800.[*][b]2006-12-19[/b]: A response from Agnitum has been added.[*][b]2006-12-15[/b]: Vendors' responses have been added for F-Secure and McAfee.[*][b]2006-12-15[/b]: New results for F-Secure Internet Security 2007 7.01.128 were published. Old results for this product were affected by the disabled real time protection, which meant that not only the antivirus engine was off but also other protection features were disabled. Its vendor recommended us to put leak-testing programs to the exclusion list to prevent antivirus detection. F-Secure Internet Security now scores 6625, which we mark as a [i]Good[/i] level of anti-leak protection. The old score was 750 and it was marked as a [i]None[/i] level of anti-leak protection. These results were incorrect. We apologize for any inconvenience.[*][b]2006-12-05[/b]: Vendors' responses have been added for AVG, Comodo, KIS, Look 'n' Stop, Norton and Sunbelt Kerio.[*][b]2006-11-30[/b]: New results for Look 'n' Stop 2.05p2 were published. Old results for Look 'n' Stop were affected by its incompatibility with the Windows DEP. Its vendor recommended us to switch the DEP off to be able to get better results with Look 'n' Stop. Look 'n' Stop now scores 4675 points, which we mark as a [i]Poor[/i] level of anti-leak protection. The old score was 3175 points and it was marked as a [i]Very poor[/i] level of anti-leak protection.[*][b]2006-11-28[/b]: Results of our leak-testing were published for these products and versions:[list][*]AVG Anti-Virus plus Firewall 7.5.431[*]BitDefender Internet Security 10.108[*]BlackICE PC Protection 3.6.cpv[*]CA Personal Firewall 2007 3.0.0.196[*]Comodo Personal Firewall 2.3.6.81[*]F-Secure Internet Security 2007 7.01.128[*]Filseclab Personal Firewall 3.0.0.8686[*]Jetico Personal Firewall 2.0.0.16 beta[*]Kaspersky Internet Security 6.0.0.303[*]Lavasoft Personal Firewall 1.0.543.5722[*]Look 'n' Stop 2.05p2[*]McAfee Internet Security Suite 2006 8.0[*]Norton Personal Firewall 2006 9.1.0.33[*]Outpost Firewall PRO 4.0 (971.584.079)[*]Panda Antivirus + Firewall 2007 6.00.00[*]Safety.Net 3.61.0002[*]Sunbelt Kerio Personal Firewall 4.3.268[*]Sygate Personal Firewall 5.6.2808[*]Trend Micro PC-cillin Internet Security 2007 15.00.1329[*]Windows Firewall XP SP2[*]ZoneAlarm PRO 6.5.737.000[/list][*][b]2006-11-25[/b]: [url=http://www.matousec.com/projects/windows-personal-firewall-analysis/introduction-firewall-leak-testing.php][color=#0066cc]Introduction to Firewall Leak-testing[/color][/url] article published[/list][url=http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#contents][img]http://www.matousec.com/blue-grey/arrow_up.gif[/img][/url]