Antivirus Firewall Software Leak Test
How good is your antivirus program or firewall? It is hard to tell as a end user. Sure, you can rely on information provided by test magazines, Internet websites, antivirus and firewall software developers, or opinions from friends and colleagues. All of those recommendations are to a degree based on opinion, and only some on tests that are applicable in the real world.
A good way to perform security tests on antivirus firewall software programs are so called leak tests. These tests simulate different kind of attacks and manipulations on a computer system without actually doing any harm to it. They usually present statistics at the end that tell you which tests the antivirus firewall software program passed and which it failed at.
Comodo HIPS and Firewall Leak Test Suite
Comodo Leaktest is but one of the many available leak tests on the Internet that test your firewall and antivirus solution.
The security software tests a total of 34 different attacks and manipulations of a computer system running the Microsoft Windows operating system when you hit the test button. Depending on the antivirus and firewall software in use some, all or none might spawn alerts.
Note: The nature of the program makes it a target for flagging by antivirus solutions. The program is harmless however, and if your antivirus solution flags the leak test, it is reporting a false positive. Still, if feel unsure about running the program, don't.
The software program displays a score in the end. The maximum amount of points is 340, 10 for each test passed. Each test is explained on a local HTML page that gets downloaded with the software program. Those information can be used to find out why a test has not been passed. It does require some research though as the information provided are only answers to the questions what the test is doing, and what the harm is if the test fails.
The leak test can be divided into different categories. It begins with some rootkits tests followed by invasion, injection, info send, impersonation and hijacking tests.
Comodo Leak Test is a portable security software that will test an antivirus firewall software that is installed on a Windows operating system. It provides the means to find out if your computer system is still - partially or fully - vulnerable to common attacks encountered locally and remotely.
Update: The program is not available anymore on the official Comodo website. One reason for this may be that it is no longer in active development. We have uploaded the latest version to our own server from which you may download it.
Since the program gets flagged by some antivirus solution, we have password protected it. The password is ghacks. Download the program with a click on the following link: Comodo Leak Test
unfortunately the test is probably worthless… with only 10,000 samples they’ve sampled at most about 7% of the virus population, and there’s no way to tell if that sample is representative of the whole virus population (in fact there’s little reason to believe there is such a thing as a ‘representative sample’ in this context)…
further, the documentation for the test gives no information on how the samples were validated (just because a virus scanner calls something a virus doesn’t mean it really is one)… there’s a great deal of so-called scanner fodder out there that doesn’t actually self-replicate…
many anti-virus tests are invalid on these two points alone… few people/organizations have the resources to do proper anti-virus testing, and without proper methods the results are suspect at best…
I use AVG Free, NOD32 and Avast! at home (on different PCs) and they all seem to be effective. One nice feature with Avast! is that you can do a boot-time scan, which can help catch some trojans before they get loaded into memory.
I agree with you that the results are not the non plus ultra but they probably help you in your decision which you should use and trust.
it’s difficult to use the test as a descriminator for which products you can trust and which ones you can’t when all the products had such similar scores… combined with the question of how many of the samples really were viruses, it’s impossible to tell which one really had the best score and by what margin did others really fall short…
actually we cant trust any antivirus software because viruses are getting into pc still when an antivirus software is still installed.
everybody knows this list http://www.matousec.com/projects/firewall-challenge/results.php
for testing firewalls
and VBulletin tests for testing antivirus
Comodo Leaktest – this product was create for promoting Comodo products i think
And how does reason for creating product matters if it gets job done? If other firewall has hole this hole doesn’t get smaller from being tested with product created to promote Comodo. :)
I just ran it on machines with Kaspersky, NOD32, and NIS2009. None of them broke a score of 200, which I find hard to believe.
A test on a Windows XP SP3 test system with Kaspersky 2009 running scored 290 of 340 points.
AVG antivirus flagged the two dll files associated with this download as malware. BITS.dll it said is a key logger and DNS.dll is a Trojan…any thoughts? False positives?
David to test they need to emulate attacks which is the most likely reason for the scan results.
wow, scored only 150 with windows 7 and antivir XD
disabled UAC probably is a true problem…
LOL, my netbook with XP SP3 and Antivir scored 0 XD
fortunately, the most time I use Linux :P
Score of 20 on XP whit McAfee VirusScan Plus + Comodo BOClean and COMODO Memory Firewall.
Also my friend whit McAfee scored also 20.
Can someone else reproduce this issue.
I just ran the test on vista32 with nod smart security 4 and only got 110 and seeing that it failed its own product from post above COMODO Memory Firewall. I do not think that all of our setup’s can be that bad? it might be just a bad program for testing
To “abv” yeah, everybody knows that. But people like me keeps forgetting things. And once in a while, an article like this gets me off my rear end and run a test.
LOL. I tried to download this and use it as part of my intrusion kit. But my Avira and McAfee virus scans promptly picked it up. This will be useless for intrusion purposes :(
I only get 4 tests shown when I start up the .exe file. And I passed 2 and failed 2.
Where are the rest of the tests mentioned (34)?
And there is a total lack of documentation or explanation about what to do with whatever results you achieve.
Not impressed Comodo!
COMODO Leaktests v.22.214.171.124
Date 11:16:25 PM – 3/10/2009
OS Windows XP SP3 build 2600
1. Injection: APC dll injection Vulnerable
2. Injection: AdvancedProcessTermination Vulnerable
3. Hijacking: AppinitDlls Protected
4. Hijacking: ActiveDesktop Protected
I’ve got ESET anti virus.. a good anti virus I’ve ever tested… Many anti virus cannot detect some viruses that are hiding on files. But ESET can locate it. How about you guys?
It did occur to me that might be the case, but how could anyone know for sure, they might have been infected and if we assume they’re dummy test viruses and get ravaged by something malicious who do we sue?
@ abv –
“Everybody”? What a ridiculously stupid statement! Few people in the World actually know how to even turn a computer on, much less about security.
And, of course this test was created to promote Comodo products … duh. It doesn’t take a mental giant to figure out that one.
Most likely, even Martin will receive something of value for publishing this article here. So what?
Companies (as well as most people in general) rarely do anything that costs money to produce or create without having a marketing benefit and goal in mind.
The value that I received were the comments of my visitors :)
hmmm 90 out of 340
So everyone else is seeing 34 tests? No one else is seeing only 4 tests like I am?
If you have Spyware Terminator, it’ll block the DLLs. Therefore, only 4 tests will be available. See the block actions and move the DLLs to the White List.
I don’t use Spyware Terminator. But I do have a host of other security programs running including Spyware Search & Destroy, Spyware Blaster, Comodo’s own firewall, Secunia, etc.
I guess it is good then that something is successfully blocking attempts to insert DLL’s.
actually you will get full 340 marks if you have a behaviour analysis program. You should block all the requests and you will get full marks. i tried with threatfire, comodo internet security and system protect and got 340 marks in all of them.
Plz give me this softwear
I tested OSSS (Online Solutions Security suite) – new firewall and HIPS, it’s great — 340/340!!!
Thanks for the tests!
Ha wow BitDefender 2010 blocked it right away when I tried to download it. Was blocked because it said the download was trojan.generic.2478252
the best security for your PC is : ESET Smart Security 4, ZoneAlarm Extreme Security, Norton 360(version 4) and BitDefender total security 2010. this is the best software you can use ever.
Note: DONT use the loser Kaspersky because it’s very weak it missed 81 virus on my PC and Norton 360 Removed them all with out UpDate.