as i was telling philKC on the irc chat, this is the first firewall leak tester that beats me, because it tries to run any non-default browsers it finds on the system, and while i have my default browser blocked, i have others which are allowed to connect through the internet.
the way to defeat this is (and now this is the first demonstration i've seen of why its important) to have security that alterts you to when one program tries to launch another, and allows you to set rules restricting that. this might still not protect you if the app is already running, but it would save you from most situations.
checking whether your firewalls can block such launches of other programs. agnitum has some support for this but i have it disabled - i guess its time for me to rethink this..
I also want to comment on the idea of blocking outgoing connections:
I agree 100% with PhilKC that having good outgoing blocking in your firewall is critical - you really do need a firewall with good outgoing blocking rules, but as a layer of protection defense, and as a good way of keeping track of what programs are tring to send information where.
However, it's very important to realize that no matter how good your firewall is, if you actually launch an evil program on your computer, you have lost.
No matter how good your firewall is, launching a trojan on your pc allows it to do whatever it wants and breaching your firewall may be the least of your problems. Other registry defense and sandboxing tools may help you a little, but basically such a program can do all sorts of damage i think that are going to be hard to stop if the program is truly determined.
To quote from War Games, the only way to win is not to play.
The most important thing is just to not run programs on your pc unless you really trust them. One exception to this so far is the use of virtual machines
, which is making it easier to safely run questionable stuff, since they offer much better sandboxing than other approaches. In addition to VMWare, there are some free virtual machine tools which may work well enough for this purpose, and it's worth your while to get a virtual machine tool if you do a lot of software testing of questionable files. See our review here: http://www.donationcoder....VirtualMachine/index.html