Comodo Personal Firewall

No you don't have to register every year. Once registered it free forever!

Neon Knight wrote in news:Xns97985BB067B2B19knightofneon20@216.196.97.136:

I take this comment back. I'm currently evaluating Comodo PF and so far I like what I see.

snipped-for-privacy@COMODOGROUP.COM wrote in news:1144199060.864695.195310 @u72g2000cwu.googlegroups.com:

Ok, then explain the previous poster's comment where the website says it's free for 365 days.

Neon Knight wrote in news:Xns979BD2E4274DC19knightofneon20@216.196.97.136:

Never mind, I see you already have.

Hm... if I have a look on to your software, then afterwards probably nothing is left to the imagination ;-)

Why don't you use then these concepts?

But it is possible to control all other code. So why not enforcing a user not to work as Administrator, if this is the only way to help with security? Therefore your "nothing about a PC is secure" is wrong.

Why not just using what the operating system is offering?

Yours, VB.

We're talking so much about insecurity now. Let's become positive. Provided a classical operating system like *NIX or Windows, and provided that the relevant functions don't have bad programming errors (or these errors are fixed):

- code can be controlled, which is running in ring 3 (where the processes run usually) because of memory protection; this is secure

- hard disks and all other type of I/O can be controlled completely because of the concept of privileged CPU commands; this is secure

- programs cannot manipulate system objects they don't have access to and the security system (for example with ACLs and privileges) can be achieved, because the above concepts are used to enforce a security system in the kernel of the operating system

The basic design, even the design of Microsoft Windows, is secure. And I cannot see, that a PC here should not be secure. You don't need to further secure the hardware.

Problems come with breaking these concepts:

Problems come with implementing extra "security architectures" like the policy system, when they're not implemented using the concepts above.

Problems come with users working with Administrator's rights. This results in the possibility to run code in ring 0 as user.

Problems come with the typical Windows technics like Windows messages and COM or ActiveX, which don't offer security at all by design.

As a matter of fact, Windows messages are breaching the concept of memory protection: they're implementing IPC, inter process communication, which cannot be controlled. This is contrary to all other implementations of IPC, which have the basic idea to have the kernel in control over all what's going on.

Local COM is breaching the concept of memory protection, too, for the same reason. And nearly everything, which is typical Windows, is based on such technology.

This is why I'm asking, if you're implementing a security system in kernel for Windows messages and for COM. This is why I'm asking wether you're using kernel's security concept with ACLs and privileges for it, which is secure because of the concepts of memory protection and privileged CPU commands.

And this is, why I used Windows messages for my first and COM for my second PoC code: it's so easy to find a way through your defense using these technics, until there is a security system for them, which fits into the concepts of Windows' kernel.

Until then, you're efforts are well meant, but futile.

Yours, VB.

snipped-for-privacy@COMODOGROUP.COM wrote in news:1144199060.864695.195310 @u72g2000cwu.googlegroups.com:

Hey Melih, can you tell me why Comodo Personal Firewall fails it's own "Parent Injection Leak Test?" I ran it, it failed and suggested I install Comodo Personal Firewall, even though that's what I'm running.

Neon Knight wrote in news:Xns979CB18ABDBCA19knightofneon20@216.196.97.136:

Never mind, I deleted some of the rules I created and re-ran the leaktest and Comodo did detect it. Looks like it was my fault it had originally passed.

Neon Knight wrote in news:Xns979CB31564B6B19knightofneon20@216.196.97.136:

I meant failed.

This is a very important point you raise, even if it was by unintentional. Mis-configuring any firewall can leave a user unprotected and with a false level of security. This is a major problem with the way PFW's, and security products in general, are being marketed to home users. They are being sold as solutions instead of as tools, which require the users to learn to use properly.

Maybe a little less emphasis, Melih, on "my firewall blocks everything" and more emphasis on how the tool can be used, including its limitations. Of course, that would hose your business plan :).

optikl wrote in news: snipped-for-privacy@comcast.com:

Yes, from what I remember, it was a rule to allow one application to launch another. For example, if I get an email with a browser link, or a usnet message with a browser link and click on it, I get a popup saying such and such program is trying to launch whatever, and I allow it. I think it was a rule similar to that.

You are a hard crowd to please :-)

First we build the most secure firewall, then we make it for free forever and still complaining :-)

Joke aside, yes usability is very important and the "user element" will always be there. There is a fine line between giving the options to the user and protecting them from themselves by limiting what they do.

But its a fair feedback. Usability is an art and we are constantly on it trying to improve, we will take this feedback on board. thank you.

Melih Comodo

It's not that I'm hard to please; I truly have concerns about the way security software is marketed to home users. And it's not just your product that my observations blanket.

It's a pity. The discussion seems to get prolific. But perhaps we can continue after the brain storming in your house?

Yours, VB.

You are makiing a fair point. and i do take that point very seriously. Afterall cars without good drivers is dangerous, same with security software.. so we have to make it as easy and as painless as possible for usage.

If you have any ideas/feedback we would appreciate it. This product is free and any improvements you suggest will benefit everyone.

thanks Melih

And maybe a little more emphasis on how the tool just works for all use cases of home users in the default configuration, and does not misguide the users to try out different configurations they don't understand and overlook the consequences of.

Yours, V - is this advertizing Apple computer now? - B.