Comodo Personal Firewall

I think, with a total capital of 100k USD you can have such a product. It's not too costly to hack such a thing. I'm referencing my experiences with

For the people, who find this sum high: it's a big difference between a working software program and a ready made product, which runs on every PC ;-)

Yours, VB.

I don't think $100K is high at all for what we're discussing. In fact, if you knew what I've spent on product development over the past two years (including software), well, you'd think I was kidding:).

;-)

That I know. But this thing really is not too complicated. I don't know, why nobody wants to do it.

Perhaps all the Windows hackers (not: crackers ;-) have already a job. So am I:

Yours, VB.

You are talking about an IDS running on the local box.

Based on the above assumption, if you can right a p-o-c to get past a personal firewall, I would say that you or someone else could write a p-o-c to get past a local IDS. Additionally, an IDS is only as good as its signatures (plus other things). I have seen IDS report on legitimate traffic from a *ix box and declare them as being generated by malware which only runs on Windows .

Yes.

But we're talking about a configuration tool and GUI for software programs, which are already here.

Yours, VB.

This is correct. An IDS never can be perfect for the same reasons a Virus Scanner never can be perfect.

Right. Let's compare it with a Virus Scanner.

;-)

BTW: you could see some parts of a "Personal Firewall" as a (badly misconfigured) IDS. The idea now is not to open popups with so many useless information, but decide, what's goin'on in software: if it is mostly harmless, don't bother the user at all. If malware could be detected reliably, offer a revert to a system state before, in that this malware was not detected.

This can work reliably, if the user is not working as Administrator, and the system backups the neccessary parts. BTW: a good backup system would complete a security solution for home users; also here I'd consider configuring what Windows already has on board.

Compared to a "Personal Firewall", these ideas are the main ideas:

- if an attack vector can be closed completely, close it; don't try to handle attacks

- if an attack could be defended, don't bother the user

- if an attack vector cannot be closed, don't try to "do your best and lose"; instead, give up, but transit to a system state which is "well known good" - the latter do on a secure way

- prohibit the user from running code at ring 0, because this will prohibit the malware from running code at ring 0 and you'll lose

- don't ask the user what he's wanting to decide; instead, use the best decision based on the situation and do it; make an exception only when you're forced to delete user's data

- add as least code base as possible, because every LOC is a possible source for exploits

- add as least code as possible which is running privileged; if it is necessary that there is privileged code, then handle with care

- hack in the most secure way; that means, this software should follow Windows' security considerations strictly

Yours, VB.

Yes. And therefore, this will be a decision, one has to offer to the user. To offer is rolling back to a state from which it is assumed that there is no malware, or setting up the system from scratch, to make that clear. It is no option to try to "remove" the malware. And this is the main reason, why it is important to include a backup software - or a configuration tool for Windows' backup tool, so user can restore her/ his data from the backup.

Perhaps it would be a good idea to have an on-the-fly backup to disk space the user (and the malware) cannot reach. Hard disks are big enough now.

One just had to watch file handles on local files which are opened by user processes and to backup the files when closed.

An IDS is more work, though; it would be an extra project (or are there any free IDS for Windows I don't know?)

If one would implement such features, then the budget of 100k USD would be not enough, I guess.

Unfortunately, I don't have a business model for that case. So I would invest such a high amount of time only, if the result would be Free Software (like I did with

But I have a job to do right now, so I'm not able to do it these days: But when I'm ready with the most work there, I will consider. Thank you for asking.

I must say, it is very tempting to implement such a software - sounds like much fun ;-)

Yours, VB.

Hmm,

After following this thread, I thought I would take the plunge and go and downlaod your Comodo Personal Firewall, as I am thinking about giving some other software firewall a go.

As I am currently using Zone Alarm (free edition), but I have just upgraded my ADSL modem from the crappy USB modem supplie by the ISP to a Zoom X6 ADSL Modem/Router/Firewall.

Sadly though, there was no point in me even attempting to download it, as I my trusty old PC is running Win98SE and your website say that it is incompatible.

Mind you though, the eBay website said the same thing about the new edition of Turbo Lister, but that works OK?

Still Best Wishes to one & All,

Gaz.

Sorry Gaz.

It does not work with win9x. Please don't try as the drivers are totally different and it will not work with 98.

cheers Melih

Gaz. wrote: