I usually run a set of "leak test" utilities to check whether the firewall can handle malware that tries to evade normal program control. In the past, NIS hasn't detected these because they have no malicious payload—which is completely reasonable. This version, however, did block all but two of a dozen samples, identifying them with generic names such as "Trojan Horse," "Hack Tool," and "Downloader." This probably doesn't make users any more secure, but it gives us security testers a warm, fuzzy feeling.
The suite's firewall puts all ports in stealth mode, making them invisible to hackers—that almost goes without saying with modern firewalls. The NIS 2008 firewall blocked all my Web-based tests; in several cases it reported a port-scan attack and blocked the "attacker" for half an hour. As in previous versions of NIS, the latest firewall is armor-plated against attack by malware. I couldn't find any way to disable it programmatically (and believe me, I tried). Panda's firewall was also pretty tough, but it gave way to my last-resort attack using fake mouse clicks—NIS resisted even that attack. And BitDefender Total Security 2008? Well, I showed that a malicious program could turn off that suite's protection by disabling essential services—it needs to get tough, like the other two!
0 comments:
Post a Comment