With the recent leak of the Vault 7 CIA files, it may be a good idea to revisit some of what can be done to keep your computer secure. Luckily, some of the briefs within the over 8,000 page document include quite explicit commentary on what works and what doesn’t in terms of firewalls. Here, we’ll take a look at the good, the bad, and the ugly in terms of personal computer security.
The Ugly: A Quick Analysis of How Firewalls Failed
Before we dig into some of the best firewalls you can get as a result of the Vault 7 reveal and documentation, let’s take a quick look at why not all firewalls are created equal. For those unfamiliar with the Vault 7 leaks, you can find our article on the matter here. Now, as seen in that article and the ample evidence of the aforementioned thousands page long document, there exists a very large divide in the security world, and how that divide is addressed is interesting.
First, there seems to be three classes of firewalls that interacted with agents. The first glaring holes that allowed the designed malware to use the firewall as a jumping point.
Next, are those that can usually identify a bit of malware here and there, but tricks like renaming malicious files to more mundane names. For example, as seen with AVG, a common attack tactic was for a Trojan virus (one which looks like a normal program, but installs malware) to have critical files renamed to Install.exe or setup.exe, which were able to bypass normal detection systems.
Lastly, there are programs that were a headache to infiltrate, where programs may have had a few different ways to get into them, but these were quickly patched. These programs have a mix of vigilant programmers, good code, and in the words of one analyst, a “paranoid user base” to thank.
The Bad: Some Exploits Used to Break Into Systems
Now that we have established some level of standard, let’s look at some of the examination tools. Namely, some of the more popular attacks leveled against firewalls to test exactly how tight they are against invasion.
DLL Injections

The first main tool for firewall examination are what are called DLL injections. These are attacks particularly sneaky in that the attack is based around “injecting” executable code into an active program or process and thus hijacking it to do whatever you want with it. While not the most common of attacks, due to their difficulty, these can usually overpower most firewalls, especially if they are not updated often to make the hijacking of processes and injection points harder.
Trojans
A more well known form of attack is using a Trojan malware to attack a computer and bypass firewalls. These programs tend to mask themselves as valid programs to both the system and user and often allow for what are called ignorant installations. Luckily, some firewall programs have what are called heuristic analysis methods that can scan the program to be downloaded and stop it before any real damage occurs.
Derandomized Entropy Defeats
The final and most technical attack that will be used as a judging criteria for firewalls, DED is a technique that, as the name suggests, derandomizes data in an attempt to interpret or allow for new data (code) in to an executable. Originally this randomization was used to combat another common attack, called a Buffer Overflow attack, this can also now be exploited, with some manner of success. Considering the wide spread use of the technique of Address Space Layout Randomization, an exploit that works against this is applicable to many things including mobile devices, computers and more.
The Good: Some of the Top Performers Against Exploits
3. Kaspersky
2. AVG Firewall
1. Comodo Antivirus and Firewall