To prove his point, Gibson has developed a free utility called LeakTest. The 27-Kbytes program is a trojan-horse/spyware simulator that attempts to slip past a personal firewall's defenses and connect to a server on the Internet. Not surprisingly, popular intrusion detection programs like BlackIce Defender from Network Ice fail to catch the outgoing connection and report it to the user. But more disturbingly, several firewalls that claim to offer outbound detection are also fooled by LeakTest. Among them, the best selling Norton Personal Firewall and McAfeeFirewall.You can grab LeakTest here if you want to see how well your firewall does with its outbound detection. The question now becomes, can the software be fixed before exploits are developed and used?
Both are among a small number of desktop firewall programs that attempt to address the problem of unauthorized outbound leakage, but Gibson says they fall short and can be easily fooled or bypassed because they come pre-programmed to allow some applications to pass through the firewall.