Not what you were looking for? Ask our experts!
Reply
delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: NIS2011 fails PC Flank Leak test !!

Definitely interesting.  I ran the same test on my laptop, Win 7 Home Premium, NIS2011 and can confirm the results of the OP.  One screen came up stating that an unknown program was attempting to use Internet Explorer to access the net.  I chose block this instance.  Internet Explorer was blocked from access, but the text was sent anyway.  I had to go into program rules and unblock IE.

 

On checking history the okay for access was given by Insight as per screen shot.

 

Flank.jpg

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
SendOfJive
Posts: 10,813
Kudos: 4,861
Solutions: 780
Registered: ‎02-07-2009

Re: NIS2011 fails PC Flank Leak test !!

[ Edited ]

I've been playing around a bit with this and when Advanced Events Monitoring is on, even without PC Flank running, manually launching IE causes Norton to pop up a security alert exactly like the alert you see when running PC Flank - so the initial IE alert is standard procedure and actually has nothing to do with PC Flank.  The keylogger is blocked, but the larger issue is that PC Flank then seems to successfully use OLE to control Internet Explorer.  The keylogger is really just a side note - the real test is designed to show that a malicious program could get internet access by using IE.  

 

I'm not sure that "access allowed" by Download Intelligence would permit the leak test to direct the actions of IE.  It doesn't seem that it should.  So the test results are definitely interesting.

 

Anyway, Google search results seem to show that a whole lot of firewalls have trouble with this test. 

Regular Contributor
Tywin7
Posts: 1,465
Registered: ‎09-02-2010

Re: NIS2011 fails PC Flank Leak test !!

Regular Contributor
Tywin7
Posts: 1,465
Registered: ‎09-02-2010

Re: NIS2011 fails PC Flank Leak test !!

Some people seem to think this test is a scan. It fails a firewall and said data is sent to the Internet even when the computer is not connected to the Internet!
Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)
Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva Edison
I'm not a Symantec employee and my posts do not represent the views of Symantec.
Contributor
salaficall
Posts: 10
Registered: ‎09-11-2010

Re: NIS2011 fails PC Flank Leak test !!

Now I understand from the link you shared that The (pass) or (fail) messages is decided if the leaktest gains control of your Internet Explorer browser through OLE, not if data is/isn't transmitted. I tried that though and I can confirm that The test is reliable, but its output is ambiguous, cause it's supposed to say ( your firewall is leaky but the internet connection is disconnected ) when u r offline ....

 

But when you go online u will see the test data that u just provided leaked to their server !! , which is a big fail for NIS2011 no doubt...

 

 

I disabled the NIS2011 firewall only , and I got comodo firewall installed ( with proactive defense option ) on my virtualbox win7..

 

1- started IE manually

 

2- started PC Flank leak test ( comodo popped up a message that it's a malicious software ! But I ignored this alert with the once option )

 

3- I typed the test data ( comodo didn't detect the keylogger activity like NIS did ! )

 

4- I pressed next , and voila ! , comodo caught it ! , a message popped up saying :

 

( PCFlankLeaktest.exe is trying to access a protected com Interface InternetExplorer.Application.1. If PCFlankLeaktest.exe is one of your everyday applications , you can allow this request.)

 

ScreenHunter_01 Nov. 09 14.17.gif

 

I blocked it and the result

 

ScreenHunter_02 Nov. 09 14.17.gif

 

( your firewall has passed the test ) ....

 

I will try to have both NIS2011 ( with the firewall on )  and Comodo firewall installed together and see how it goes for me ...

 

 

Super Spam Squasher
ALiasEX
Posts: 297
Registered: ‎03-21-2010

Re: NIS2011 fails PC Flank Leak test !!

[ Edited ]

It is not the firewall of Comodo that causes it to pass but the HIPS component. HIPS are not very useful for most users as to understand all the alerts, you need to know the ins and outs of programs and the operating system.

There is no malicious payload in a leak test. If there were a malicious payload abusing this technique, Norton should block it.

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: NIS2011 fails PC Flank Leak test !!

You can't really run two firewalls at the same time.  First there is no purpose in doing that, and secondly it will cause conflicts that may involve other apps.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Contributor
salaficall
Posts: 10
Registered: ‎09-11-2010

Re: NIS2011 fails PC Flank Leak test !!

Hi ALiasEX

 

I agree that the comodo HIPS component causes it to pass the test , in the same time the NIS HiPS component fails to do so !

 

I think the rationale behind the leak tests is painfully simple: "If this test can get past your computer's security defenses, then so can a hacker."

 

hi delphinium

 

I know that it may cause conflicts , that's why I'm testing it.

 

 

 

 

 

Regular Contributor
Tywin7
Posts: 1,465
Registered: ‎09-02-2010

Re: NIS2011 fails PC Flank Leak test !!

I think why Comodo may have passed the tset is because it has a default "block all" rule.  Just imagine a security guard that denys all entry except those you manually allow.  On the other hand Norton acts as a security guard that allows all except those that behave "suspeciously."

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)
Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva Edison
I'm not a Symantec employee and my posts do not represent the views of Symantec.
Contributor
salaficall
Posts: 10
Registered: ‎09-11-2010

Re: NIS2011 fails PC Flank Leak test !!

Tywin7

 

I think that a strange program trying to send some sort of data to his server after a keylogger activity ! without my permission is suspicious enough to be blocked

 

by the way , I'm a big fan of NIS , but I'm pretty sure that it needs improvements on this kind of OLE leak techniques