Hi Guys,
just a few things I would like to add, the main purpose of the suite is to keep your PC healthy and clean, and we try to use all sort of measures / shields to achieve that. The antivirus is the main of them. The firewall of course keeps unwanted traffic outside as well, but as soon as the PC is infected (e.g. malware or in this case leaktest is running on it), it should be deleted quickly - and not just blocked from doing networking stuff.
What is the point of running your system infected (which is the situation leaktest are testing) and just blocking the virus/Trojan/backdoor from opening their own ports or connections, if they can do lots of other things that are usually undetected without running antivirus (such as infecting your attachments and let your self and your trusted mail client to send them).
So I don't really understand why should someone test a suite with antivirus against unwanted programs and switch the antivirus part off.
On the other hand they are many things that in Matousec's set of tests that make sense and are quite reasonable to require them from your product - e.g. kill tests. I don't understand however why the tests are structured in that so called levels, so that you can not evaluate all test until some artificially chosen test cases in the previous levels are not passed. What were the criteria by which these levels were choosen. Isn't for example the "verifier" test, currenlty on level 9 or 10, the main requirement - the driver should not bluescreen ?
And last, apparently Matoušek ran the tests with silent mode (auto decide on) and then evaluated this really unprofessionally - such as that firewall does not filter UDP packets - which is simply not true and switching into "Ask" mode would easily prove it.
Lukas