Firewall Protection and Virtual Machines

[Guest]

[Debunker]

I see. So, Microsoft Virtual PC 2007 is your leak test?

As has been said many times, over and over again (you should actually read the thread I linked to) it's not about Virtual PC at all. It is about the method that Virtual PC uses for networking. Any Trojan can use that method. And yes, the free MS Virtual PC can be used as a convenient method for anyone to perform this leak test free of charge anytime. I fail to see what is silly about it.

[kail]

I have read all your posts.. 2 or 3 times by now. I suspect that you are guessing that a network-component only version of Microsoft's Virtual PC 2007 (assuming such a thing is possible) will slip past CFP. If you think it is possible, then write it. Prove it. But, saying something is "provable" when it is not, that is silly.

Now, please answer my direct question: Is Microsoft Virtual PC 2007 your leak test?

[Debunker]

I have read all your posts.. 2 or 3 times by now. I suspect that you are guessing that a network-component only version of Microsoft's Virtual PC 2007 (assuming such a thing is possible) will slip past CFP. If you think it is possible, then write it. Prove it. But, saying something is "provable" when it is not, that is silly.

Now, please answer my direct question: Is Microsoft Virtual PC 2007 your leak test?

Are you trying to mislead the readers? If you read what I wrote, you'll see that, yes, Microsoft Virtual PC is the program that can be used to perform the leak test (and I use it too). The leak has been proven conclusively, and the Comodo developers acknowledged it (so stop making a fool of yourself).

As to how I know that one doesn't need a virtual OS and whole VM for the leak, I develop kernel-level software so I know something about it and am qualified to say that. What is your qualification?

[kail]

I'm misleading? I'm not the person that is calling Microsoft Virtual PC 2007 a recognised firewall leak test & calling Comodo liars on that basis. That will be you, not I.

The VM is a separate instance of the OS and as such needs all the protections that would be applied to any other OS. In short, if your VM does not have a firewall or anti-virus protection then it is unprotected.

But, that is not what you are really saying is it? Your saying.. the method the VM uses. What like an OS with a kernel? There's plenty to worry about just on that (see a previous post of mine, which you obviously have not read - shame.. its really good - not actually by me, of course).

My qualifications? What do you need? My certificates or how many decades I've been in IT?

[Info-Sec]

What exactly do you find silly about it?

Everything.  Because virtual PC ISNT a leak test.  Your just rambeling on now.  I would LOVE for you to prove to me how a hacker can place a VM from outside of the network. It dosnt happen, comodo will block intrustions therefore a VM cant be placed... you make no sense

[kail]

With your edited addition, I see that your fully qualified to write "kernel-level" software. OK, please describe the aforementioned "method".. be as technical as you want. Thanks.

[Debunker]

The developers of Comodo didn't deny the leak (on the contrary). So, frankly, I'm not sure what you two are trying to do here now. 

Any application (in this case Virtual PC) that can connect to the internet without causing the firewall to warn the user is by definition a leak test, and a failed one. BTW, I am still waiting for information about your qualification.

[kail]

Sorry for the delay Debunker, I'm re-reading Egemen's replies in your original topic.. looking for where Egemen says it is a leak & Microsoft Virtual PC 2007 is a genuine leak test. I might PM Egemen, since I've not found it yet. Unless you can point it out to me?

What am I doing? Challenging your assertions that Microsoft Virtual PC 2007 is recognised leak test & that Comodo are lying. What are you doing?

Qualifications? Please see an above question on that issue (in a previous post).

[kail]

Sorry, I cannot find this admission. I've PMed Egemen, so we'll have to wait on his reply/appearance now.

[panic]

Sorry for the delay Debunker, I'm re-reading Egemen's replies in your original topic.. looking for where Egemen says it is a leak & Microsoft Virtual PC 2007 is a genuine leak test. I might PM Egemen, since I've not found it yet. Unless you can point it out to me?

What am I doing? Challenging your assertions that Microsoft Virtual PC 2007 is recognised leak test & that Comodo are lying. What are you doing?

Qualifications? Please see an above question on that issue (in a previous post).

Hey kail,

I don't think debunker is saying that VPC2007 IS a leak test. The point I believe he was trying to make was that under a certain set of circumstances/ configuration, he can cause VPC2007 to transmit data, via the host environment, and bypass CFP in doing so. If so, then the methods by which the data was transmitted could be used by malware to sneak/leak past the firewall.

I don't why you're surprised that a Microsoft application could leak. 

**************************************************************

Hey debunker,

I believe this is just a misunderstanding. We are used to seeing the term "leak test" used in reference to an app that is designed SOLELY as a firewall testing utility.The fact that an application can leak, as opposed to being specifically designed to leak, doesn't, in our collective minds, qualify that app as a leak test. If that was the case, the XP Firewall would be a leak test in itself (LOL - the MS self fulfilling prophecy.  )

***************************************************************

Hopefully, Egemen will look further into how VPC2007 can bypass CFP and report back here.

OK everybody, take a deep breath and unclench our collective cheeks. 

Cheers,
Ewen :-)

[egemen]

Hi Guys,

http://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypassclosed-t12265.0.html.

This has been discussed above and i have explained in detail. Ironically, the same poster was explained the issue and yet i am still seeing the same poster making comments...

Egemen

[Ehgreg]

I don't why you're surprised that a Microsoft application could leak.

LOL, You make reading the forums and learnin fun Ewen.     New ways for the windows OS. to leak are inevitable. The savvy "know it all programmers" seem to have fun with these leak methods. Someone finds a new way to beat The Best Firewalls that are top class. I wonder how many more ways Windows XP can leak, lol.There are plenty of good security apps out there now to prevent these drivers. One of course is the new Comodo that is more of a "All in one" tool. Personally I love the latest 2.4 version and Like to mix match my other security softwares.

[Info-Sec]

The developers of Comodo didn't deny the leak (on the contrary). So, frankly, I'm not sure what you two are trying to do here now. 

Any application (in this case Virtual PC) that can connect to the internet without causing the firewall to warn the user is by definition a leak test, and a failed one. BTW, I am still waiting for information about your qualification.

Give me ONE FIREWALL that can block an application that is running on the guest system inside virtual PC.

I guarantee you cant.

[andyman35]

Give me ONE FIREWALL that can block an application that is running on the guest system inside virtual PC.

I guarantee you cant.

There aren't any for the simple reason that a guest operating system will have it's own firewall to perform that task (or at least should have).If a VM is run without any security it carries the same risks as running a 'real' machine unprotected.

Leaving aside the fact that it's a simple task to block driver install threats,there is a serious question that needs looking at .

Does the fact that MS Virtual machine is able to seemingly bypass the firewall mean that there is an inherent weakness or is it merely that there's an inbuilt exception within CPF to automatically allow Virtual machines to go through the firewall?

One good reason for this is that if the firewall on the real machine monitored all the VM traffic then this would cause a conflict with a firewall on the VM,the same way running 2 software firewalls together on a standard mahine can.

of course if it's the case that it's merely an exception then it would apply to that and that alone and would block any trojan attempting to mimic the methodology.

[Info-Sec]

There aren't any for the simple reason that a guest operating system will have it's own firewall to perform that task (or at least should have).If a VM is run without any security it carries the same risks as running a 'real' machine unprotected.

Leaving aside the fact that it's a simple task to block driver install threats,there is a serious question that needs looking at .

Does the fact that MS Virtual machine is able to seemingly bypass the firewall mean that there is an inherent weakness or is it merely that there's an inbuilt exception within CPF to automatically allow Virtual machines to go through the firewall?

One good reason for this is that if the firewall on the real machine monitored all the VM traffic then this would cause a conflict with a firewall on the VM,the same way running 2 software firewalls together on a standard mahine can.

of course if it's the case that it's merely an exception then it would apply to that and that alone and would block any trojan attempting to mimic the methodology.

Exactly..summing it up.. VMs are not legit leak tests because it is virtually impossible for a hacker to create a VM on a remote machine.  therefore its not a scenario that should be considered, and thus comodo is not an inferior firewall.

[Tags:]