Such actions trying to deceive the firewall leak tests, hoping that he think that with Setyupytaetsya connect a legal application, and, consequently, to allow such action. ntly assessing future choices. One of the first well-known leak tests was a product of Steve Gibson of GRC under the simple name? Leak Test?. This program simulate attacks, in which the pernicious application renames itself into Internet Explorer, try to enter the network and identify, notice whether the firewall is installed such substitution. Since then much has changed, and today likstesty much more powerful and harder than their progenitors, they use much more sophisticated techniques of inspection programs. These techniques, unfortunately, are also used by the authors of malicious software such as keyloggers, to capture the target user's data.
Leak tests verify the ability of preventive protection, testing, as a security solution react to a specific technique of invasion, sometimes called 'vector of attack. " In this way they differ from the tests for catching viruses, where the test is the ability of anti-virus solutions to identify a specific signature code. Techniques included in the arsenal of leak tests Leak tests are too varied to give of a common classification according to their actions, they use different techniques to test the ability of protective programs. Their actions are constantly growing and improving, and, as a rule, the greater the leak tests there are, the better – more complete security solution to be tested. In summary, it should be noted that the leak tests based on one or more methods of testing, the following: attempts to fake name trusted application, located on the computer. They can also use it permission to access the network to send information to the Internet ('spoofing' behalf, the launch of legitimate applications with optional parameters); interaction with the legal application using the built-in Windows tools (eg, OLE Automation or DDE requests) change a running application in memory, the introduction of harmful components in the normal applications. Examples of such actions is to insert the component directly patching the memory, the creation of malicious Grad subprocesses, use of network services and protocols in an unusual way to send data. In this case the action focused on the fact that the firewall will not notice is not characteristic of malicious code, network activity, such as sending a fake DNS requests, maintenance service BITS, insufficient filtering ICMP traffic, installation of the system additional network driver interface through which the leak will send outgoing data, the suppression of the protective functions of the program installed. Examples would be an unauthorized shutdown protection attempts to change the active firewall, initiating shut down Windows. So check whether your firewall controls the operation of active programs until the computer is disconnected;