Comodo Firewall : Ghost

Master Head

Will my security software prevent my confidential data from being transmitted to a hacker?

Will my security software stop a virus from corrupting or destroying my important documents?

TEST YOUR SECURITY SOFTWARE & find an answer to these questions right here. Learn more.

Let your voice be heard!!

Test your security software and publish your results on this website.

Join PC Security Test

>

Firewall Test Description

Generally, when an application accesses the Internet, a firewall will use the Windows API to retrieve the parent PID and name of the executable that launched the trusted application. After the firewall has obtained this information it 'freezes' it, temporarily blocking the connection. It then asks you what to do (allow/deny).

Ghost then provides the information to the default browser. To avoid detection, Ghost shuts itself down and restarts itself. This allows it to change the PID and continue to send data.

Ghost tries to open a single web page and send a string to it, dummy data in this case. However, if this was a genuine malware program, then this string could be critical personal data such as your credit card number.

Firewall Ghost V1.1

If the test is a success, this means that your firewall "parent/child network access monitoring" is checking too late that one executable is launching another to access the Internet.

Test Details
Author Guillaume Kaddouch
Website http://www.firewallleaktester.com
Type of Test HIPS and Firewall
Techniques used Parent Substitution
Operating System(s) Windows 9x/ Windows Millenium/ Windows NT4/ Windows 2000/ Windows XP
Number of Tests 1
Zip filename Ghost.zip