GRC leak test

maranna · 24 Oct 2016

Hello
I run Windows 10 1607 with Defender set to default because I do not understand the advanced settings, and MBAM.
I just failed the GRC leak test.
Should I add Zone alarm?
TY
Peter

EdTittel · 24 Oct 2016

Holy mackerel! LeakTest hasn't been updated since 2005 (I thought it was old, but I had no idea...). I just downloaded and ran it with my Norton based machine (NIS 2016) and it failed, too. I'm not sure this is a legitimate concern, but it probably bears further research. It will be interesting to see what other members of the community have to say about this. At present, I'm not concerned, but maybe we'll both learn something important here!
thanks for posting,
--Ed--

PS: One more lthing: you don't want to run multiple firewalls on the same machine. If you end up using a different firewall, you'll want to turn off the Windows Firewall if it remains active (most of the time when you install a different firewall, it will turn off the built-in firewall automatically).

maranna · 24 Oct 2016

I feel better to know I am not the only one who failed but still concerned. I run only one firewall at a time and now it is just Defender. I do not know how to set the advanced settings and use the default.
I use the Comcast router as mine is old.

I too hope we get help.

TairikuOkami · 25 Oct 2016

For the record, Windows Firewall does not block outbound by default, the easiest way to use someting like:
Firewall Software by GlassWire (it provides a great GUI for WF) or a simpler Windows Firewall Control.
But ZoneAlarm is a great firewall, actually the only one left. There is Evorim and Comodo, though ... .

GRC leak test is a bit more advanced, than just a simple outbound call as you can see on the screen, it is not using its own exe to call out. I believe, it is using an injection to a legitimate process instead. The best description is this:

The earliest well-known leaktest was GRC’s Steve Gibson’s “Leak Test”, which simulated an attack in which a malicious application would rename itself to Internet Explorer (a legitimate Internet-enabled application) and determine whether the firewall was able to detect this change.

simrick · 25 Oct 2016

EdTittel said:

Holy mackerel! LeakTest hasn't been updated since 2005

Yep, and we still have no outbound security from Windows Firewall (and never will, I suspect).

TairikuOkami said:

For the record, Windows Firewall does not block outbound by default, the easiest way to use someting like:
Firewall Software by GlassWire (it provides a great GUI for WF) or a simpler Windows Firewall Control.
But ZoneAlarm is a great firewall, actually the only one left. There is Evorim and Comodo, though ... .

GRC leak test is a bit more advanced, than just a simple outbound call as you can see on the screen, it is not using its own exe to call out. I believe, it is using an injection to a legitimate process instead. The best description is this:

Agreed.

Steve C · 25 Oct 2016

Kaspersky Internet Security 2017 also fails - is this important?

maranna · 25 Oct 2016

@ TairikuOkami Thank you very much for the referrals. I will see what works for me as I am not an advanced user, just fair.

P.S. I was just thinking, I have Comcast and use their router which is a firewall, correct?
I use to use my router and bridge the IP one till it became too old.
So if this is true the leak test got through Windows firewall and the ISP router's.
Please correct me.
Now I wonder if I should disable Windows and use one recommended as I have read about them and there are conflicts with 1607 or are difficult to use..
I was readding about RC 's leak test and it appears you should not worry about faailing it. Read about it to see why it is not reliable.
!!Moderator, I am having trouble with indentations as the fonts want to go their own way. I have to keep clicking on the on the block to the right of underline above. I am using Chrome.

Peter

PiKo · 25 Oct 2016

The GRC ShieldsUP! test is more recent.

simrick · 25 Oct 2016

PiKo said:

The GRC ShieldsUP! test is more recent.

Two different things. ShieldsUP! is a port scanner, while LeakTest checks for a specific vulnerability, which allows malicious programs to phone home.

With Trojans, viruses and spyware running rampant across the Internet, shouldn't your firewall prevent unknown programs from "phoning home" and sending whatever information out from your computer they desire? Especially when there are many high-quality free firewalls that do prevent this abuse?

Any program in your computer can easily learn the name of your system's registered eMail client or web browser. Does your firewall allow any program with the same name to gain access to the Internet? If so, any Trojan horse or Spyware simply needs to change it's name to send anything it wants right out of your computer!

Simply rename leaktest.exe to the name of a permitted program and find out whether it's able to access our server.

When LeakTest v1.0 was released several popular firewalls could be completely circumvented with just a few lines of simple, documented, code. When you add the command-line option: stealth or hold either "Shift" key down while starting the test, LeakTest will check for this added firewall vulnerability.

LMiller7 · 25 Oct 2016

I believe Windows firewall does not by default provide outbound protection because it would annoy inexperienced users, who are after all the majority. When the computer first went into use there would be a large number of questions if a particular program should be granted access. The typical user would either click "Yes" for everything or eventually turn outbound protection off. Either way you have an annoyed user and no outbound protection.

Edit: For several years I used ZoneAlarm which did have outbound protection with Windows 2000. The questions were quite annoying at first, and I was not a novice user and understood the need for them.