McAfee.com's security architect Sam Curry agrees that McAfee.com Personal Firewall could also be fooled, since it "simply looks at the name of the executable." Both Powledge and Curry say they do not know of any actual malicious attacks based on Gibson's model. "But yes, it could be done," Curry says.
He adds that his company's firewall is based on the same architecture as the McAfee Firewall, sold by McAfee.com's former parent company, Network Associates.
Unlike the McAfee and Norton programs, Sygate Personal Firewall 2.1 does not have a built-in list of approved applications. However, one provision allows any applications through certain ports generally (but not necessarily) reserved for "legitimate" activities.
Representatives of another popular vendor, Network ICE, acknowledge that its intrusion detection/blocking program BlackICE would also fail Gibson's test, although they claim it would not fall prey to a truly malicious program.
BlackICE was not designed to identify programs that access the Internet, says Greg Gilliom, chief executive officer. Instead, it checks content of the actual data packets passing to and from the computer. BlackICE would permit LeakTest, because it is not doing anything harmful, Gilliom says.
"LeakTest is just a normal FTP client. As far as we're concerned, there's nothing malicious about that." But BlackICE would block a program that transmits suspicious packets, he says. For example, Gilliom says BlackICE Defender can identify the encryption patterns of Back Orifice 2000.
Gibson says the firewalls are too easily vulnerable. He modified his Trojan so it doesn't simply impersonate an approved application, but gives the firewall a new rule allowing entry of any application.
"There is nothing to prevent a Trojan from making its own entry" in the Application Lookup Engine (ALE) of Norton Personal Firewall, Gibson says. He expects most firewalls that predefine trusted applications share the flaw.
Only firewalls from Zone Labs were able to fend off LeakTest, Gibson says. The company's ZoneAlarm and ZoneAlarm Pro passed the test, he says, because they have a fundamentally different way to identify a trusted application. As a default, ZoneAlarm prohibits all traffic. It recognizes no applications as trusted, verifying them one by one as they first run.
Unlike many other firewalls, however, ZoneAlarm does not identify applications by name or choice of ports. Instead, it examines a program's actual code using a cryptographic standard called an MD5 checksum.
"It is conceptually infeasible to get any other program to produce the same MD5 signature," Gibson says.