Hi all, I recently read several reports on Comodo Firewall and looked into the company behind the product (security firm who sale security certicates and other services). However, apart from reading reports made by others is it possible to monitor the effectiveness of the firewall and, if so, how could this be done?
Any advice would be most welcome.
ST.
In short, what do the reports from 'others' reveal?
It can't be done, 3rd party PFW's aren't effective, they give you a wrong sense of security.
Steer away from 3rd party PFW's.
Trivial: take any advanced rootkit analysis tool that shows kernel hooks. You'll find that, even when not installing the application control crap, Comodo happily hooks NtCreateFile, NtRegistryOpen, NtCreateProcess, NtOpenProcess and some more, as well as various user-mode routines. Yikes, such a shitload should never be installed on any production machine!
In Message-ID: posted on Tue, 03 Jul 2007
02:55:25 +0200, Sebastian G. wrote: Begin
Suggestion: IceSword -
IceSword only shows hooks created via modified SSDT entries (which is sufficient in this case). But generally I'd recommend System Virginity Verifier, which also checks for binary patches and some kernel objects.
(Before you ask: Yes, I've seen some "security" software patching function prologues.)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.