Comodo ?

No, just just didn't notice the technically obvious problems.

Definitely, even so it's crappy as well.

Depends on your demands. If you like a broken network and being vulnerable, you should stay with ZA.

Sebastian

Please stop talking rubbish!

You, in your limited knowledge think application control is flawed. I challenged you to show you can leak comodo firewall, you did not answer! Until you can prove that Comodo Firewall leaks for a practical attack, then you should refrain talking rubbish! I am sorry I have to be rude, but your language simply calls for it!

Application control does fill a need and does help the end users gain visibility to their network acitivity and even help them catch malware! Even the 3 year old kids know that there is no 100 % security, everything can broken, Everything!

So please tell me how you can leak Comodo Firewall in a practical manner! As per my previous post which you did not respond to.

Wolfgang: if you want real feedback from people who used the product you can find it here

Thanks

Melih

snipped-for-privacy@COMODOGROUP.COM wrote in news:1153522551.483499.252060 @s13g2000cwa.googlegroups.com:

Melih,

Most people in this newsgroup do not take Sebastian seriously. He obviously has his head so far up his ass, he no longer knows what sunshine is. His opinions are worthless.

Keep up the great work with Comodo!

Said the guy with the faked eMail address. I rest my case.

MUAHAHA.

It is, by definition.

At first, you didn't challenge me ever. Where?

For the second, it has already be shown. works great on your Comodo shit.

You thing that this very little gain would justify adding 100+ hooks to critical function with a lots of complex and buggy code? Just saying "more helps more" isn't a real security concept. Decreasing unnecessary complexity however is.

And the malware doesn't care for your application controls. It just circumvents it trivially.

It would take a huge amount effort, work and energy to lower myself to your level with the language you use, so i won't :-)

Here is the challange I set out for you which you never responded to:

you are talking about Volker's breakout tests! We already pass breakout

1!

Sebastian, you have to do better than that! Show me a leak test that has real malware using its technique that Comodo does not protect against!

We all await your response!

Melih

PS: Chill out and stop using foul language. There simply is no need!

Can you please show a malware technique that could circumvent CPF that is trivial. But please don't do like you did with breakout test, you just simply put if forward without any background info on whether CPF protected or not. Do some proper work this time around pls and give us a good feedback. not just foul language and baseless opinions.

I really hope this discussion can result in something positive to help us improve our products.

thanks Melih

Application control is great for home users provided it is part of a wider strategy. NAT, Firewall (which a packet filter qualifies as, according to the author of RFC2979), Application Control, Virus Scanner, and the regular use of programs such as SpyBot S&D or Ad-Aware.

Such a package, along with a little learning and experience, will provide a home user a great deal of protection.

It is a flawed concept. If you don't understand, just have a look at the discussion in this group about this topic. Or just tell me, how do you want to inhibit _by_ _concept_ what I'm doing with my PoC code.

I already showed, as you know.

You acknoledged yourself, that it does:

Recitating from

| > OK, so you included a security system for Windows messages, and you did | > not include a security system for COM, right? | right. (for the time being)

and

| > So your "Personal Firewall" does not remove every possibility to phone | > home. If a program wants to phone home, and the programmer was clever, | > the program will phone home in spite of your "Personal Firewall". | ... | to a level yes.

I already did. And you confirmed. Here, in this group.

Yours, VB.

Beside I don't think, that it's "shit" what Comodo is doing, according to what "melih" said here, breakout.c does not work, but breakout-wp.cpp does.

I agree. Maybe Comodo should think about this - then maybe there could be one single "Personal Firewall" ever, one could recommend.

Yours, VB.

Following your own words.

And: there are many extra possibilities to circumvent. Not to mention, that by running code in kernel space no "Personal Firewall" can do anything against it at all.

Yours, VB.

According to my experience, it's not. Unfortunately, it's only preventing home users from having automatic online software updates.

It's a crazy idea anyways, because when malware already is running on a machine, usually it's too late.

Yours, VB.

I can't see any challenge in there.

Then try #2. And write your own #3, f.e. with OLE and/or NetDDE.

Memory content sniffing? Keylogging? Various kinds of IPC?

The issue that we are all missing is what a PF intendend to do. PF does not prevent drive by download which then could take over your machine. I don't think anyone is claiming that! This is why people, who have doors in their houses also add burglar alarms. There is simply NO single security product that could prevent you against everything. Its like you saying: You are silly to have a door in your house, cos I know I can break in through your window! You do need a layered approach! And there is no way to protect 100%! And that does not mean that you should not protect at all! You know your door in your house can be broken, yet you still have it!

why?

So the plan for Comodo is to start adding these layers one by one! Make sure each layer is the best possible out there. We started with the firewall, next will be Behaviour Blockers and HIPS and we keep building. Even then this ain't 100% security! 100% security simply does not exist!

**********off topic****** The only place I thought was a black hole in Universe that you could put something (like your password) and you could never get back! The Blackholes were the only place with 100% security! Even that has changed that the scientists found that Blackholes emit radiation which could be an indicator about what goes in etc! So not even a blackhole is 100% secure anymore! *******end of topic******

When it comes to hooking: Well there are many products out there that just hook the whole service table which is unnecessary. but you have to hook the important functions. Afterall the "food for malware is the CPU time", the road to get to that food is the "APIs", so you have to control them by hooking them! You need to starve the malware by blocking access!

Thanks

Melih

But this doesn't justify unreasonable measures like kooking lots of API functions.

Yet another bad comparison. A real-world door can always be broken, whereas a virtual door can be perfectly secure due to enumeration of all finite cases.

== forcing unreasonable functions on the users, making a good product become bad

Yeah, install the latest buzzwords.

Yeah, another pointless measure. As if any evil guy wouldn't obfuscate exploits.

messing up.

And malware can remove the hooks or not use typically hooked functions at all. And does so. It's already circumvented on a broad basis and you don't even dare to notice.

What about security restrictions placed by the OS? That's a much more convient way without any overhead, additional defective code and pointless warnings. And it's reliable to a certain point.

Hello? A black hole was never, and I mean never suspected to be secure in that case. The reason is that Schwarzschild geometry allows violations of causal principle as well as the classical Newton physics does.

The only real safe place is a Planck singularity.

BTW, you're using MSIE as a webbrowser. And *you* want to tell *us* anything about security?

Beside that your primary claim just is wrong, also with this text you're just wrong.

There is something like security.

There is 100% security against a specific threat. For example, if you're not offering network services (like Torsten documents on

then you're 100% secure against all attacks, which attack network services.

If you have a packet filter, say the Windows-Firewall or, for all I care, with Comodo "Personal Firewall", and it's well implemented (for the Windows-Firewall I'm pretty sure about that, for Comodo, I hope, that you will be sure ;-), then you're 100% secure against this threat, too.

There cannot be 100% security against the threat "phoning home", though. This cannot be by concept.

So, if you want to prevent that, it's like tinkering the holes in a sieve. You're tinkering and tinkering, and all what you can see is, how others find it pretty easy to circumvent your tinkering again.

Beside one important point, of course:

It's not sensible at all for a "Personal Firewall" to implement nonsense like "outbound filtering". It's not sensible, because real malware you cannot stop, but you're doing huge harm to your users: you're preventing them from having automatic software updates. This makes your users much more vulnerable against application specific attacks.

So please, *PLEAZE* don't implement such ridiculous "outbound filtering" any more, it's counterproductive!

Yours, VB.

Better said: Have it implemented as part of the packet filtering, and add an explicit default rule which effectively disabled it. Same goes for the stateful filtering stuff. And no bindings to any specific applications.

Trying to avoid being sarcastic--I'll just say "This is not true". No one should expect software firewalls to give 100% security protection but they sure can be useful. That includes application control. It appears that both Volker and Sebastion have limited experience in setting up softwae firewalls.

For an O.T. example, Sygate can use these parameters for application control:

1)allow/block, 2)hostIPs/Mac, 3)protocols tcp/udp/icmp, 4)ports local/remote, 5)direction in/out, 6)scheduling time periods, and 7)application/service.

If a user cannot control application/services connections using these parameters, more study is needed. Casey

I look at their thinking as binary... To them, the fact that software firewalls do not provide 100% protection means they're worthless.

It's too bad, 'cause I think they have some very valuable contributions.

Notan