Jump to content
Guest Daggy

Kaspersky PURE 3.0 fails Leaktest, When Downloading a Leaktest file Kaspersky PURE 3 allows it to connect

Recommended Posts

Guest Daggy

Moved the post here : Whanted to share this security hole i whanted to test the firewall so i whent to this page https://www.grc.com/lt/leaktest.htm and downloaded the leaktest.exe with my browser and did run the test and no response from the firewall.

 

This is what i got..

 

Firewall Penetrated!

 

LeakTest WAS ABLE to connect to

the main GRC.COM Web Server!

 

LeakTest was not prevented from connecting to the Gibson Research web server. You either have no firewall, you have deliberately allowed LeakTest to connect outbound, or (if neither of those), LeakTest has just slipped past your

firewall's outbound "protection", if any.

 

 

I did attach print screen of the program and where to dowload it . Just click the green download button from the page and download the leaktest.exe file from your browser and run it. The firewall's outbound "protection should have taken action and blocked the program from connecting to the server, that did not happen in my case. I find it a bit disepointing :( for a security solution i paid for.

 

The program is simple an beats the firewall

OS win 7 64 bit

 

Pure 3.0 V 13.0.2.558 (a)

post-476680-1373889921_thumb.png

post-476680-1373891237_thumb.png

Share this post


Link to post

Do you really trust this flash application on a strange website instead of our testing?

Such testers can't display actual situation about anti-virus.

Share this post


Link to post
Guest Daggy
Do you really trust this flash application on a strange website instead of our testing?

Such testers can't display actual situation about anti-virus.

 

What i belive or not dosent mather

 

Maybe they should sandbox the program an see how it works Maybe it uses the same outbound port as the webrowser??? .Better do that instead of beeing so rude... flash or not... Is it not up to a technician or a programmer to see if this is bullshit from a newbie. I guess thats how u look at me..

 

https://www.grc.com/lt/leaktest.htm

 

So if Kaspersky test shows diffrent the problem is solved...?? Wary arogant answer from you.

 

This in not nothing to do with the anivirus part its all Firewall related its aboute the ports and the firewall has not good enouth protection rules for outbound traffic...It meens it cant stop any program who uses the same port as the webbrowser if im wrong so be it.... I tested it.

Share this post


Link to post
Guest Daggy
Do you really trust this flash application on a strange website instead of our testing?

Such testers can't display actual situation about anti-virus.

 

Btw i did test if the leaktest goes outbond from my computer to the server by Simply disable my internet connection and then run the test one more time then it said Unable To Connect

 

 

 

So its not just fancy flash its actually making and outbound connection from my computer to the server without any respons from the firewall becouse of lacking of ruleset

 

https://www.grc.com/lt/leaktest.htm

 

 

Share this post


Link to post

Our technicians will check this utility but according to my own experience there was no even one similar firewall-test utility that was really overcome our firewall.

Share this post


Link to post

If you disable KSN then it should block it. KSN automatically checks programs with it's database. If you do not trust KSN then you can disable it and choose each program\file you run yourself.

 

 

NEVERMIND. This did work but not with the new application controls that use heuristics and then set

Edited by FaFaPhooey

Share this post


Link to post
Guest Daggy
Our technicians will check this utility but according to my own experience there was no even one similar firewall-test utility that was really overcome our firewall.

 

 

Thats good it is using an open port to communicate with the server it meens if anyone download a malicious file it can send informasion true the same port becouse the firewall outbound protection will not terminate the outbound connection if it has no kind of protection to filter the trafic.

 

When LeakTest v1.0 was first released, only one personal firewall (ZoneAlarm) could not be trivially bypassed. But the pressure created by LeakTest's simple demonstration caused most personal firewalls to improve their technology to prevent simple "application masquerading" exploits....it is no longer true that all of the potential problems reside outside the computer

 

 

 

Menny firms Cheated instead of improving the firewall .They just blocked the sites IP not actually improving their firewall outbound protection so it seemed they did alot in a short time.

Share this post


Link to post
Guest Daggy
Our technicians will check this utility but according to my own experience there was no even one similar firewall-test utility that was really overcome our firewall.

 

It managed to do so with pure 3.0`s 2 way firewall...

 

Some firms cheated and blocked the sites ip rather then solveing their leak.

Share this post


Link to post
It managed to do so with pure 3.0`s 2 way firewall...

 

Some firms cheated and blocked the sites ip rather then solveing their leak.

Hello once again.

 

Our analysts are needed in your firewall settings to make a conclusion.

Please, provide me with the similar screeshots like attached (I need 3 pictures)

 

And also send us a config file of antivirus. Please export and send us your Kaspersky configuration *.cfg file: http://support.kaspersky.com/9522

 

Great thanks.

post-386234-1374068415_thumb.png

post-386234-1374068418_thumb.png

post-386234-1374068422_thumb.png

Share this post


Link to post

Under General options UNTICK Interactive protections.

 

You will need to trust\block\ect each thing you run. Sort of like the old days

 

run leak test...choose "allow now"

 

click "Test for leaks" - choose "block now"

Edited by FaFaPhooey

Share this post


Link to post
Guest Daggy
Under General options UNTICK Interactive protections.

 

You will need to trust\block\ect each thing you run. Sort of like the old days

 

run leak test...choose "allow now"

 

click "Test for leaks" - choose "block now"

 

 

Then the whole point of the firewalls protection is like gone..If any random person accidental donwload a trojan,malicious file from the internet /e-mail that is made like the leaktest file they will have no clue the system is compromised the firewalll should prompt to to allow user to terminate/block and remove suspcious activety outbound... The leaketest file is programmed to try slip true the firewalls outbound protection by using ports that usualy are open...If the firewalls is passiv at that moment and lets it pass true....It meens it leaks. Yes Its kinda old and outdated. How can people guess if the file they download are good or baad if the firewall lets it communicate outbound and do not prompt?.

Share this post


Link to post
Guest Daggy
Hello once again.

 

Our analysts are needed in your firewall settings to make a conclusion.

Please, provide me with the similar screeshots like attached (I need 3 pictures)

 

And also send us a config file of antivirus. Please export and send us your Kaspersky configuration *.cfg file: http://support.kaspersky.com/9522

 

Great thanks.

 

 

Okay photos added where to send the cfg file?

post-476680-1374359975_thumb.jpg

post-476680-1374359988_thumb.jpg

post-476680-1374361399_thumb.jpg

Edited by Daggy

Share this post


Link to post
Guest Daggy
If you disable KSN then it should block it. KSN automatically checks programs with it's database. If you do not trust KSN then you can disable it and choose each program\file you run yourself.

NEVERMIND. This did work but not with the new application controls that use heuristics and then set

 

 

 

read ----> https://www.grc.com/lt/howtouse.htm

Share this post


Link to post
Guest Daggy
Hello once again.

 

Our analysts are needed in your firewall settings to make a conclusion.

Please, provide me with the similar screeshots like attached (I need 3 pictures)

 

And also send us a config file of antivirus. Please export and send us your Kaspersky configuration *.cfg file: http://support.kaspersky.com/9522

 

Great thanks.

 

 

Np you can also read a bit here maybe u get the point as well :) ---- >https://www.grc.com/lt/howtouse.htm

Share this post


Link to post
Guest Daggy
If you disable KSN then it should block it. KSN automatically checks programs with it's database. If you do not trust KSN then you can disable it and choose each program\file you run yourself.

NEVERMIND. This did work but not with the new application controls that use heuristics and then set

 

 

 

 

 

 

https://www.grc.com/lt/howtouse.htm

Share this post


Link to post
Guest Daggy
Hello once again.

 

Our analysts are needed in your firewall settings to make a conclusion.

Please, provide me with the similar screeshots like attached (I need 3 pictures)

 

And also send us a config file of antivirus. Please export and send us your Kaspersky configuration *.cfg file: http://support.kaspersky.com/9522

 

Great thanks.

 

 

The Leaktest program is so redicules simple but manage to bypass a well known security firm`s firewall... it damages the reputation of a business, not least, people will choose something else to use

 

 

 

This first versions 1.x of Leaktest simply demonstrate how any TRIVIAL malicious program can easily bypass any current software firewall! The only exception to this is ZoneLabs' free ZoneAlarm, because ZoneAlarm is the only firewall to cryptographically certify the identity of executable programs.

Share this post


Link to post
Guest Daggy
Our technicians will check this utility but according to my own experience there was no even one similar firewall-test utility that was really overcome our firewall.

 

 

 

 

https://www.grc.com/lt/howtouse.htm

Share this post


Link to post
Guest Daggy
Please allow for differences in regional linguistics. It is the correct answer.

 

Short answer: Please ignore all such meaningless test.

 

Long answer: http://www.google.com/cse?cx=0054261977750...&gsc.page=1

 

All of the long answers lead to the Short Answer.

 

 

 

 

 

Take time to read then i meen the whole page -------> https://www.grc.com/lt/howtouse.htm and try to understand that this file beats the firewall to its knees...

 

 

Once Trojans, viruses, and spyware pick up on this

trick, ALL USERS OF VULNERABLE FIREWALLS

will be COMPLETELY unprotected .You think this is good for Kaspersky reputation? or any other firm?...Its now they have to act...

Edited by Daggy

Share this post


Link to post
Then the whole point of the firewalls protection is like gone..If any random person accidental donwload a trojan,malicious file from the internet /e-mail that is made like the leaktest file they will have no clue the system is compromised the firewalll should prompt to to allow user to terminate/block and remove suspcious activety outbound... The leaketest file is programmed to try slip true the firewalls outbound protection by using ports that usualy are open...If the firewalls is passiv at that moment and lets it pass true....It meens it leaks. Yes Its kinda old and outdated. How can people guess if the file they download are good or baad if the firewall lets it communicate outbound and do not prompt?.

Wrong...Kaspersky is already checking it against it's database and if not in there then with heuristics..

 

Just untick interactive protection and allow\block\allow once\ect each item that accesses the net or system ect .

 

Kaspersky for a few years now has tried to be less noisy and they succeeded in spades. If you want your noisy firewall back which is fine just untick interactive protection

 

You'll need to remove Gibson research from you application\firewall area..

 

I don't see the isssue

Share this post


Link to post
Take time to read then i meen the whole page -------> https://www.grc.com/lt/howtouse.htm and try to understand that this file beats the firewall to its knees...

Once Trojans, viruses, and spyware pick up on this

trick, ALL USERS OF VULNERABLE FIREWALLS

will be COMPLETELY unprotected .You think this is good for Kaspersky reputation? or any other firm?...Its now they have to act...

 

LOL...I don't think he's updated that page in awhile. look at the versions of the firewalls that pass. McAffee v2..they are on version 8 or something..Same with Nortons..

 

HE DOESN'T EVEN MENTION KASPERSKY

 

LEAKTEST WILL FAIL TO CONNECT EVERY TIME IF YOU CHOOSE It's only allowed becauee of KSN and/or hueristics it is allowed thru..Don't rely on that...

 

Just untick interactive protection and allow\block\allow once\ect each item that accesses the net or system ect .

 

Kaspersky for a few years now has tried to be less noisy and they succeeded in spades. If you want your noisy firewall back which is fine just untick interactive protection

Edited by FaFaPhooey

Share this post


Link to post
Guest Daggy
Wrong...Kaspersky is already checking it against it's database and if not in there then with heuristics..

 

Just untick interactive protection and allow\block\allow once\ect each item that accesses the net or system ect .

 

Kaspersky for a few years now has tried to be less noisy and they succeeded in spades. If you want your noisy firewall back which is fine just untick interactive protection

 

You'll need to remove Gibson research from you application\firewall area..

 

I don't see the isssue

 

 

Ahh u dont get the point the firewall should block this by it self with no user action if this was a bad file i would have no clue.... And my system would be compromised becouse the firewall would allow it to communicate with its external source.... Its like u place a spy within enemy land and allow him to send info out wiithout try to stop him :)

 

The risk is not only outside of the computer....its also from the inside....Noisy or not it dosent stop the leaktest from making an tcp connection outbound.....Once a trojan,virus use the same trick the firewall is useless..... I looks like u reject it but okay

Edited by Daggy

Share this post


Link to post
Guest Daggy
LOL...I don't think he's updated that page in awhile. look at the versions of the firewalls that pass. McAffee v2..they are on version 8 or something..Same with Nortons..

 

HE DOESN'T EVEN MENTION KASPERSKY

 

LEAKTEST WILL FAIL TO CONNECT EVERY TIME IF YOU CHOOSE It's only allowed becauee of KSN and/or hueristics it is allowed thru..Don't rely on that...

 

Just untick interactive protection and allow\block\allow once\ect each item that accesses the net or system ect .

 

Kaspersky for a few years now has tried to be less noisy and they succeeded in spades. If you want your noisy firewall back which is fine just untick interactive protection

 

 

Old or not is still bypasses the firewall. Tried with the stealth option by pressing the skift key....?....

Edited by Daggy

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.