With the recent leak of the Vault 7 CIA files, it may be a good idea to revisit some of what can be done to keep your computer secure. Luckily, some of the briefs within the over 8,000 page document include quite explicit commentary on what works and what doesn’t in terms of firewalls. Here, we’ll take a look at the good, the bad, and the ugly in terms of personal computer security.
The Ugly: A Quick Analysis of How Firewalls Failed
Before we dig into some of the best firewalls you can get as a result of the Vault 7 reveal and documentation, let’s take a quick look at why not all firewalls are created equal. For those unfamiliar with the Vault 7 leaks, you can find our article on the matter here. Now, as seen in that article and the ample evidence of the aforementioned thousands page long document, there exists a very large divide in the security world, and how that divide is addressed is interesting.
First, there seems to be three classes of firewalls that interacted with agents. The first glaring holes that allowed the designed malware to use the firewall as a jumping point.
Next, are those that can usually identify a bit of malware here and there, but tricks like renaming malicious files to more mundane names. For example, as seen with AVG, a common attack tactic was for a Trojan virus (one which looks like a normal program, but installs malware) to have critical files renamed to Install.exe or setup.exe, which were able to bypass normal detection systems.
Lastly, there are programs that were a headache to infiltrate, where programs may have had a few different ways to get into them, but these were quickly patched. These programs have a mix of vigilant programmers, good code, and in the words of one analyst, a “paranoid user base” to thank.
The Bad: Some Exploits Used to Break Into Systems
Now that we have established some level of standard, let’s look at some of the examination tools. Namely, some of the more popular attacks leveled against firewalls to test exactly how tight they are against invasion.
DLL Injections
The first main tool for firewall examination are what are called DLL injections. These are attacks particularly sneaky in that the attack is based around “injecting” executable code into an active program or process and thus hijacking it to do whatever you want with it. While not the most common of attacks, due to their difficulty, these can usually overpower most firewalls, especially if they are not updated often to make the hijacking of processes and injection points harder.
Trojans
A more well known form of attack is using a Trojan malware to attack a computer and bypass firewalls. These programs tend to mask themselves as valid programs to both the system and user and often allow for what are called ignorant installations. Luckily, some firewall programs have what are called heuristic analysis methods that can scan the program to be downloaded and stop it before any real damage occurs.
Derandomized Entropy Defeats
The final and most technical attack that will be used as a judging criteria for firewalls, DED is a technique that, as the name suggests, derandomizes data in an attempt to interpret or allow for new data (code) in to an executable. Originally this randomization was used to combat another common attack, called a Buffer Overflow attack, this can also now be exploited, with some manner of success. Considering the wide spread use of the technique of Address Space Layout Randomization, an exploit that works against this is applicable to many things including mobile devices, computers and more.
The Good: Some of the Top Performers Against Exploits
3. Kaspersky
One of the only really “big name” brands to make it to this list, Kaspersky makes it to the number 3 position primarily because of their patchwork. Originally as easy as many other security programs to bypass, later patches to the Kaspersky framework shows an ongoing effort by the company to improve their product and provide safety to their customers. Many of the exploits used in the Vault 7 attacks catalogue were proven ineffective by time of leak due to said improvements. When this is considered along its ability to handle “in the wild” malware with surprising ease, Kaspersky is a solid choice for computer defense.
2. AVG Firewall
While not the best out there period, AVG has had some pretty solid results in terms of securing from attack. Particularly prone to Process Hollowing, AVG likely won’t detect such bootstrapped attacks until well after the attack, which is still better than quite a few firewalls on the market at time of writing. On the user side, AVG’s firewall is pretty easy to use and allows for in depth scanning which has shown a great deal of promise.
1. Comodo Antivirus and Firewall
Winning out this year for the best firewall is Comodo, who has had the honor of constantly been slandered by CIA documents as a massive PITA (Pain in the, well, you know) , and one of the tightest systems against them since they first started their hacking programs. Now, this isn’t to say that Comodo has been perfect. One of the larger issues was that executables could be run against the host computer if it was first placed in the recycle bin, and Comodo 6.X, as many users pointed out had some glaring flaws in terms of permissions. However, with these considerations in mind, and patches likely coming to handle these issues in a rapid manner, Comodo reliably were the biggest thorn in the sides of the hacking teams mentioned in Vault 7. With reliable detecting of malware, Trojans and a very self secure program, Comodo is likely to continue wearing the badge of honor for the “most annoying firewall for hackers” for quite some time.
