A newer version of PC Tools Firewall Plus Free Edition is available.
(Download doesn't provide access to previous versions of this program.)
- Average user rating: stars out of 380 votes Back to product review
- My rating: 0 stars Write review
Full user review
-
20 out of 35 people found this review helpful
2 stars
Version: PC Tools Firewall Plus Free Edition 1.0.0.10
"This firewall has major flaws!"
Pros: I was the king of the fooled people...
One month ago I wrote a review about this product. The name of my review was "Excellent firewall for beginners".
Big.Daddy.1124 reviewer was the first to discover I was wrong. Thank you Big.Daddy.1124 for pointing me in the right direction! I have contacted download.com in order to repair that mistake ... and here there is my new review, more accurate and more closer to the truth. I hope this will be a light in the dark for all of you, people fooled by this firewall (I was on that list too)!
So, let's take a closer look to this product... again:
- Indeed, it is very easy to install and use.
- The interface is nice and clean.
- It is very low on resources.
- Is as free as they say.
- The firewall did pass all of the SIMPLE intrusion tests (as almost any other firewall can do).
BUT...
Cons: ... let's run this firewall to a couple of more advanced tests. And here comes the big surprise:
TEST 1 -> pcAudit
PCAudit uses DLL injection to inject it's code (as a DLL) into authorized application instead of launching it's aim directly.
==The firewall FAILED this test==
The PCAudit tool was able to send private data into my yahoo.com email!!!
TEST 2 -> DNSTest
By default on NT OSs, a Windows service 'DNS client' handles all DNS requests. This behaviour can be used to transmit data to a remote computer by crafting a special DNS request without the firewalls notice it.
==The firewall FAILED this test==
TEST 3 -> Jumper
Instead of modifying the target process memory, Jumper is making the target to load by itself the foreign DLL. To do so, it writes to the 'AppInit_DLLs' registry entry, it then kills explorer.exe which is reloaded automatically by Windows.
==The firewall FAILED this test==
TEST 4 -> Thermite
Thermite, unlike other leaktest that injects it's code into another processes via DLL, injects it's code into the target process directly, by creating an additional malicious thread within that process.
==The firewall FAILED this test==
TEST 5 -> Atelier Web Firewall Tester
==The firewall FAILED 5 from 6 tests!==
TEST 6 -> pcaudit2
The firewall failed this test and was able to catch data typed into word, excel and notepad, and send this data to my yahoo mail!!!
TEST 7 -> Breakout
Breakout sends to the IE's address bar the URL to launch, via the 'SendMessage' Windows API. No code is injected but your desktop background can be replaced by a web page for example. Run this tool with caution :) You may have to restore your desktop background via Display->Properties... because the firewall will FAIL this test also...
No more to say...
Once again thank's to Big.Daddy.1124 for showing me the truth.
You can find the tools I am talking about on google :) or on firewallleaktester com website.
- 10 replies to this review
-
I am thankful that someone other than ma-da-lin has taken an interest in my original review about this firewall. It was my effort to warn my fellow reviewers of a potentially dangerous hole in this firewall; amazingly, ma-da-lin truly, "Brought It Home" with his second posting concerning even more issues than I originally found!
If we can continue to spark our fellow reviewers minds, we will make a much safer community for all!
It wasn't my intention to spark so much controversy about this firewall. However, history as our witness shows that revolutionary changes are usually established after every controversial incident!
I appreciate your on-going commitment in this forum, and look froward to reading your new reviews!
-
this review is absolutely breathtaking thank you for enlightening us on the flaws of this firewall =)
-
Please check your email for my contact info.
See you later aligator :)
-
And here there is the link for their update PHP script:
su.pctools com
/liveupdate
/update
/index.php
&product=FW
&subproduct=
&version=1.0.0.10
&code=0%2D0%2D0%2D0&suversion=2.6.0.2034
&osversion=5.1.2600.2
&osspack=Service+Pack+2
&sulang=english
&osuserlangid=0x0409
&osacp=1252
-
Once again this is the link. Hope you manage to find out the address :(
pctools com
/mirror
/updates
/-000000000-630d170a7e0126e5a032f56c116d1f1b . zip
-
The url for the "PC Tools Firewall Plus White List" is here. I hope download.com will not screw up my link this time :)
Place the point after pctools to build the link :)
pctools com
/mirror/updates/-000000000-630d170a7e0126e5a032f56c116d1f1b.zip
-
One hour ago, I have got the ideea to amuse myself by going deeper and deeper into this firewall :)
I was interested by the update feature (other peoples over here said ... the update doesn't work as expected).
I was able to determine that PC Tools Firewall Plus Free Edition is trying to connect at
a81-196-193-152.deploy.akamaitechnologies.com
IP:81.196.193.152 during the update process. This address is used by Akamai Technologies company. Akamai provides many IT services but they are probably best known for their massive distributed computer downloads.
But why they are using an "update" service without updating anything? It's time to catch the data sended during the update process. So, let's do it!
I will describe the update process as follow:
First of all PC Tools Firewall POST some informations via Akamai to a PHP script hosted at su.pctools.com website.
The address of this script is: su.pctools.com/liveupdate/update/index.php
The informations posted to this script as follow:
- roduct = FW
- subproduct =
- version = 1.0.0.10
- code = 0%2D0%2D0%2D0
- suversion = 2.6.0.2034
- osversion = 5.1.2600.2 (this is my XP version)
- osspack = Service+Pack+2 (this is my XP service pack)
- sulang = english (this is the language I am using)
- osuserlangid=0x0409
- osacp=1252
You can run for yourself this script using your favourite web browser and wait for the result. To call the php script as PC Tools Firewall Plus does using this link:
su.pctools.com/liveupdate/update/index.php&product=FW&subproduct=&version=1.0.0.10&code=0%2D0%2D0%2D0&suversion=2.6.0.
2034&osversion=5.1.2600.2&osspack=Service+Pack+2&sulang=english&osuserlangid=0x0409&osacp=1252
Now, it's time to take a look into results. The PHP script on su.pctools.com returns the location for downloading two zip archives containing updates. One is the firewall executable file, the same as the one availlable for download here on download.com and the other one is the "PC Tools Firewall Plus White List".
This white list is the big suprize :)
You can download this zip arhieve, extract the FWAA file from the arhieve, open this file with notepad ... and see for yourself how big is the "database" of this product.
pctools.com/mirror/updates/-000000000-630d170a7e0126e5a032f56c116d1f1b.zip
There are only 48 products on this list. Good products only! There is no informations about bad products, spywares or stufs like this. No more to say. This is all about PC Tools Firewall Plus "update" feature. :)))
After I post this tutorial I expect fot PC Tools to change the "update" system. So if you find this not working for you don't blame me. I spoked for the truth.
-
themiracleman_1124@yahoo.com
-
ma-da-lin,
Allow me to once again say thank you for your support! It is people like that make my efforts in this community worth my while. My review has sparked much controversy, but you managed to heed the warning and delivered a spectacular supplemental diagram for our fellow reviewers to ponder their thoughts upon. Furthermore, you illustrated some of the DLL issues in a way that I was unable to point out due to the character limitations set forth by download.com.
Once again, I look froward to reading your reviews in the future. And to think, you were going to do your reviews under another account name! HOGWASH, you keep writing stuff like this and before long you will have earned the respect of many top notch reviewers!
I have established a temporary e-mail account so that you can contact me. We need to start communicating on Windows Live ~ it will be there that I can help you find the right firewall for your system and together we will find the best free firewall!
-
It's a real hard task to find the best free firewall on the market those days :(
Let's find together, the best FREE firewall on the market. I am opened to suggestion and I will wait for your answers.
Here there is my list with FREE firewalls into the competition:
- Comodo Personal Firewall
- ZoneAlarm
- Jetico Personal Firewall (I have not finished all tests on this firewall yet)
- Filseclab (I have not finished all tests on this firewall yet)
PC Tools Firewall Plus Free Edition is out of the list until they manage to fix at least the DLL injection leak...
My old Sygate Personal Firewall is also out of the list because it's almost 3 years this firewall is no more developed. Day after day I discover new and new security threats, Sygate can no longer deal with.
Payed firewalls are also out of the list just because I want to run as many free programs as possible on my computer :)
In my leak testings, Comodo outperformed the free version of ZoneAlarm, but finished below ZoneAlarm Pro. There is a big difference between ZoneAlarm free edition and ZoneAlarm Pro. Some users over here seems to forget about this when talking about ZoneAlarm. There are a lot of ZoneAlarm reviews all over the net. But most of them are talking about ZoneAlarm Pro not about the free edition!
Because of those reasons and because I hate the candy interface of ZoneAlarm firewall, Comodo Personal Firwall is on top of my list and not Zone Alarm...
About Jetico Personal Firewall: I like the advanced options, the look and feel of this firewall but I agree, in time, a user can become very displeased about this product. I used this firewall for a while but I "divorced" because I must agree advanced options are a pain in the as sometimes. I've become inattentive because of so much questions from Jetico and started to click allow, allow, allow without thinking to much about... :(
Right now I am running Comodo. I am not in love with the Comodo blue interface but Comodo manage to pass almost all the leak tests I have played with (until now).
So, my choice for now is Comodo.
Yours?
Submit your review
You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.
All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.
CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.
