Comodo Personal Firewall

Very good question.

Maybe we should have an option in the CPF saying: if you know the app is safe don't bother me..

thanks for the feedback, I will ask the developers to put that in their task list.

Melih Comodo

Volker

I don't think you could have created a secure PC as the main problem would still have been the "secret key" distribution as RSA was not invented until 1970s. And computing power required to make RSA cost effective is only being achieved now. But anyway, these are great discussion one could have in a pub over a beer :-)

No I did not mean TCPA. TCPA was the previous name for TCG. I do mean TPM (Trusted Platform Module) which is the chip that implements the standards set by TCG.

cheers Melih Comodo

Do you understand the concept of an operating system with classical architecture, separating kernel space and userland?

Yours, VB.

of course! Code/Data seperation is great for many areas (buffer overflow etc etc), but the CPU that offers that will still will leave the software to be vulnerable to reverse engineering if it allows access to registers. that is my point. Have you used softice or some other very strong debugger (kernel level)? You will see what I mean..

Melih

still have a major problem with a security design that is based on letting you know you're owned, after you're owned. What is the difference between iexplore.exe and iexplore.exe? E.

E, can you pls expand on this pls. There are two (not only two but just relevant to this topic) areas, prevention and Detection. Sometimes detection is good and even the only security u can offer.

If I'm behind a router and running also a PFW then your test is useless because it is testing the router and not the PFW. No, I'm not going to bypass the router to test a PFW like all the other leak tests say to do. That's like unlocking my doors to see if my house can be easily burgllarized. I won' even allow javascript to run so I expect that makes your test useles too.

You're telling people to select OPEN when downloading your firewall?! Never select OPEN when getting exe files and you don't know if they are trusted or not. Save to HDD and scan for viri/trojans before even attempting to run the install.

"Click here to start download and select "Open" when prompted."

Those questions:

| > I would like to announce that v.2 of Comodo personal firewall is now | > live. The newsworthy item here is that CPF v2 is the only firewall that | > has passed all the known leak tests. | Including my two PoC codes?

| > But i think its important that a Personal Firewall (paid or free) | > covers as many holes as possible. | Why do you think so? | Most people are working with Administrator's rights, and there to secure | with a "Personal Firewall" is futile anyways.

| Have you implemented a security system for Windows messages and a security | system for local COM in kernel space now?

5th: | Is your "Personal Firewall" enforcing the user not to work with admin rights?

Yours, VB.

"melih", would you mind to lear to quote, please? It's very hard to have a discussion with you, if I must correct your quoting all the time.

You'll find information about this topic here:

snipped-for-privacy@comodogroup.com wrote:

I don't understand your point here. We're not talking about reverse engineering, but about securing a Windows PC, don't we?

Yes, I used different kernel debuggers, including SoftICE.

Sorry, I cannot see your point. Did you ever hear of Kerckhoffs' principle / Shannon's maxim?

To recitate Bruce Schneier:

| Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: | every secret creates a potential failure point. Secrecy, in other words, is a prime cause | of brittleness - and therefore something likely to make a system prone to catastrophic | collapse. Conversely, openness provides ductility.

Yours, VB.

Perhaps you should not open popups at all in the default configuration. As an option for advanced users, you can offer popups if something security related is to decide.

Yours, VB.

The main problem is, that processes can communicate without a security system in between, and that this is a documented behaviour of Microsoft Windows. The two technologies I mentioned in my last posting are the common technologies to prevent that. This has nothing to do with RSA.

Standards, which are designed to be abused by huge media companies to enforce "security" for constrolling the PC a customer has bought. Not the customer can control her/his PC, but the media company. A thing which implements in hardware, with what Sony shipwrecked lately.

Yours, VB.

Nope. Leak tests are "outbound application filtering" tests. Your router has nothing to do with a trojan installed on your PC. Your router is protecting you against

OK, so you included a security system for Windows messages, and you did not include a security system for COM, right?

So your "Personal Firewall" does not remove every possibility to phone home. If a program wants to phone home, and the programmer was clever, the program will phone home in spite of your "Personal Firewall".

Hm... I take this as an confirmation for what I said ;-)

Do you do this in kernel space? Because, if you're doing this with hooks, it's very easy to crawl up the hook chain and kick out your controlling hooks.

How are you implementing this?

Let's see... You're very courageous to try to tinker every hole Windows has for communication between applications. Sometimes Windows seems to have as many holes as a fishing net ;-)

How do you implement that then? Why not using the system of privilieges and ACLs Windows' kernel is offering?

Are you aware of the security concepts of the Windows kernel?

By design (and this is true for every classical operting system) you cannot control code which is running in ring 0 of the CPU. I cannot see how you want to control such code. If a user has administrative rights, she/he may start code in ring 0. And then you lose.

May I suggest, that you will enforce users not to work with privileged rights?

Yours, VB.

Thank you very much for helping to make it easier to read what you're posting! ;-)

Oops! That would mean, if a cracker has access to that machine, resistance is futile? Why a "Personal Firewall" then, if you think so?

Of course, we need to define attack vectors (or threats) to discuss. Because we discussed well-known things, I implied a sensible threat respectively. If you want to explain referring special threats, I would be pleased.

Yours, VB.

I read a bit on their test and they want to be allowed to infect my kernel32. Nope, ain't happening any time soon.

snipped-for-privacy@COMODOGROUP.COM wrote in news:1143896945.608724.172650 @z34g2000cwc.googlegroups.com:

Please explain the following phrase found in free_products.html on your website:

Comodo Personal Firewall FREE for 365 days

--Tom

Tom wrote in news:e0u2am$p09$ snipped-for-privacy@avnika.corp.mot.com:

I think you have to re-register each year.