The term "leak" (leaktest, leak test data) over the past couple of years has gained popularity among experts in the field of IT security. It can be seen in the news, and comparative tables, but for many, the scope and purpose of this concept remain unknown. Why are regular users
worth a closer look closely to leak test and their characteristics in their daily computer activity? As the results of tests for leakage of data can help you in choosing a reliable product to protect your PC?
This article aims to answer these questions and more. By reading you will get all the information necessary for understanding and correct interpretation of the results of leak tests.
What is the leak?
Leak test - is a tool or set of procedures for identifying the ability of security solutions to resist attempts of illegal shipment of personal information in the network. It shows the readiness of the system to block the accidental or intentional data leakage.
Leak tests originate from the time of the first personal firewalls (firewalls) in the late 90's. The primary task of firewalls that time was to monitor the network activities of applications and to prevent attempts to "call home" ("to send the stolen data") unlawful applications. Recently, leak tests strongly modified and rooted with new features such as turning off the firewall protection, the use of new types of cross-program collaboration, exploitation of vulnerable services - are all those techniques that hackers use in their "work", and they can be safely attributed to the individual category of test programs.
If any product is successfully managed with Leak tests, which means that it can protect against attacks based on the specific vehicle theft. At the moment there are many techniques that actively exploited by hackers and serious security programs should know and be able to reflect all of them. Cyber-criminals do not stand still, and every day create new sophisticated methods of stealing information from users' computers, and for this reason that the creators of software for safety should always be alert and to create new methods to protect their customers.
By the time Windows XP in 2001, on the internet existed malicious programs such as Trojans and spyware, which are freely able to steal sensitive data and transmit this information to unauthorized parties over the network. To prevent similar events company specializing in security, entered the market with the solutions of class "personal firewall", which were designed to block the action initiated by unfairly applications by blocking their access to the network. To test how effective such security programs, experts and technicians have developed special tools for the simulation of possible attacks - the test programs check whether the firewall to monitor their actions and warns the user that the computer has detected an attempt to connect to the net. These test tools and were called "leak tests", they were relatively simple, but at the same time, they were able to identify serious flaws in the protective instruments of those times.
The first leak tests used simple methods to check security, such as the substitution of the name of trusted programs and launch trusted programs with modified parameters, which gave the command to send a certain text-based content to remote resources through the normal application. Such actions trying to deceive the firewall leak tests, hoping that one would think that with Setyupytaetsya join a legal application, and, consequently, to permit such action. One of the first well-known leak tests was a product of Steve Gibson of GRC under the simple name? Leak Test?. This program simulate attacks, in which the pernicious application renames itself into Internet Explorer, try to enter the network and identify, notice whether the firewall is installed such substitution.
Since then much has changed, and today likstesty much stronger and harder than their progenitors, they use much more sophisticated techniques of inspection programs. These techniques, unfortunately, are also used by the authors of malicious programs such as keystroke loggers, to capture the target user's data.
Leak tests verify the ability of preventive protection, testing, as a security solution react to a specific technique of invasion, sometimes called "vector of attack." This is different from the tests at catching viruses, where the test is the ability of anti-virus solutions to identify a specific signature code.
Techniques included in the arsenal of leak tests
Leak tests are too varied to give them a common classification according to their actions, they use different techniques to test the ability of protective programs. Their actions are constantly growing and improving, and, as a rule, the greater the leak tests, there are, the better - more complete security solution to be tested.
In summary, it should be noted that the leak tests based on one or more methods of testing, the following:
attempts to counterfeit the name of a trusted application, located on the computer. They can also use it permission to access the network to send information to the Internet ("spoofing" the name, the launch of legitimate applications with optional parameters);
interaction with the legal application using the built-in Windows tools (eg, OLE Automation or DDE requests);
change applications running in memory, the introduction of harmful components in the normal applications. Examples of such actions is to insert the component directly patching the memory, the creation of harmful sub-Grad;
use of network services and protocols in an unusual way to send data. In this case the action is aimed at what the firewall will not notice is not characteristic of malicious code, network activity, such as sending a fake DNS requests, maintenance service BITS, insufficient filtering ICMP traffic;
installation of additional drivers in the system network interface through which the leak will send outgoing data;
suppression of the protective functions of the program installed. Examples would be an unauthorized shutdown protection, attempts to change the active firewall;
initiating shut down Windows. So check whether your firewall controls the operation of active programs until the computer is disconnected;
