 |
 Personal firewalls roadmap
May 15, 2002
Today most users realize they need to protect their computers with a firewall. But most of them are confident it's just enough to install a firewall and forget about it. Some are sure that a firewall from the leading and famous developer is the best choice. Most home users also even do not know their firewall protection can be bypassed. They just "trust that it works fine"!
However nothing is that simple. There are several major features every user should expect from a firewall.
Leak proof
Virtually all firewalls do not have any problems monitoring data that comes to user computer (incoming packets) but only few can efficiently monitor and block data that comes from user computer (outgoing packets).
In other words despite most firewalls have outbound filters to monitor outgoing data some of those firewalls' outbound filters can be easily bypassed making user's PC vulnerable to such malicious agents as Trojans, SpyWare and AdWare. This might enable a remote attacker to take over user system completely - reading files, watching keystrokes, or even rebooting the machine.
However any user can determine if his/her firewall leaks. Several security experts have created so-called Leak tests which can be used to test outbound protection of your firewall. Those leak tests are: LeakTest (by Steve Gibson), YALTA (by Soft4Ever), TooLeaky (by Zensoft), FireHole (by Robin Keir) and OutBound (by HackBusters).
If a firewall fails at least one of those tests that firewall can be bypassed. Please read PC Flank's comparison "Personal Firewalls vs Leak Tests" to see the results of most popular firewalls.
Stealth
Stealth or 'invisibility' feature of a firewall allows user to turn his PC into invisible mode. Having your system 'stealthed' makes it invisible to would-be attackers, as they just cannot 'see' your system when trying to probe it.
Stealth feature is the first line of a firewall protection but some developers still do not consider it as a "must-have". PC Flank tested how personal firewalls do against our Stealth test and got some surprising results.
Privacy features
Privacy features include ability to block Java scripts and applets, ActiveX controls and other components that can be embedded into web pages. Those features can also include options to block cookies and referrer. Though Privacy is considered to be "the job of web browsers not firewalls" some firewall developers pay attention to this kind of protection as most browser developers do not address such problems.
Other features
Though other features provided by today's firewalls can also affect the final choice of users those features are not so critical as those listed above.
So firewalls may differ in its ease of use, logging system, rule-creation, and other additional features but it does not affect its degree of protection.
Future of personal firewalls
The most important part of each firewall is how well it is updated with patches addressing recently discovered vulnerabilities and leaks. It is also important to follow current tendencies and users requests by adding new features and updating old.
We tried to find out which improvements can users expect from most popular firewalls in the nearest year. We asked developers of BlackIce Defender, Kerio personal firewall, Look'n'Stop firewall, McAfee firewall, Norton personal firewall,Sygate personal firewall, Outpost firewall and Zone Alarm firewall to answer our question about new features and improvements that can be added to their product.
To our surprise only two of seven agreed to share their plans with PC Flank users.
Kerio developers answered that question in our recent interview:
"Following are some of the planned features: definition of multiple address groups, http filtering, increased control over network applications, added status for applications and filters, improved user interface."
Developers of Agnitum Outpost firewall also agreed to tell us about their plans:
"The next version of Outpost Firewall will include:
1. Protection against all LeakTests (DLL injection, ACK tunneling,
Application commandment, etc.)
2. ICS support on computers running Windows XP Service Pack 2 and Windows
2000 Service Pack 2
3. Support of Windows XP's "Fast user switching"
Additionally we plan to present:
1. A new logging system with an ODBC engine and support for SQL queries.
2. A server version targeted for SOHO and the middle-size business market.
3. Some small but very often requested plug-ins for Outpost.
4. OutpostFW - the first open source, command line firewall for Windows.
Next year we plan to start development of a "sandbox" class product that
Will filter each application's access to the Registry's files, folders and
Windows settings."
Developers of Sygate refused to disclose their plan due to "company policy".
Zone Alarm developers gave us some comments but without any details we were asking for:
"We are constantly updating our products as new security threats arise and also in response to customer requests for features. All users of our paid products receive 12 months of updates with the purchase of our product."
Developers of Norton personal firewall refused to disclose their plans but told us the following:
Thank you for the opportunity to participate in PC Flank's roadmap article.
Symantec is always looking to improve our products in order to enhance our customers' experience and security. We focus on bringing new features and
enhancements based on customer need & feedback and ongoing research regarding the latest security threats. When new Symantec products become
available, users can get more information by visiting our website at www.symantec.com. Current Symantec customers should remember to run
LiveUpdate on a regular basis to keep their Symantec software current with the latest program and/or security updates.
Unfortunately other developers not only refused to comment but also did not give us any answer either.
|
|
