Comodo Firewall and Avast 7

[Guest]

[Radaghast]

For what it's worth, I decided to go back and test Avast 6 with Windows 7 firewall and CIS. You can see from the images that Avast 6 has the same effect on the Windows firewall as Avast 7. That is, it allows connections for applications that either don't have a rule or are explicitly blocked. Clearly, windows 7 firewall is failing miserably with Avast installed.

When using CIS with Avast 6, blocking an application form accessing the Internet, does what it's supposed to. However, with Avast 7 installed, the connections are allowed.

If I get time later I'll look at PrivateFirewall.

[paroh]

Hope the problem get solved soon.

[clockwork]

You want to use their web shield? even though it was designed for a different OS?


Avast's own website states:It turns out their web shield just happens to be one of them. Designed to take advantage of how the new OS works.

The web shield is not a new feature.

[clockwork]

yup another loser, just a ton of talk and no show. Next time don't waste my time with your posts.

Your tone is sometimes ....!

Every person that can reproduce "what avast did" could prove it right.
Every keylogger that takes advantage of this existing "feature" will prove it right.

[languy99]

Your tone is sometimes ....!

Every person that can reproduce "what avast did" could prove it right.
Every keylogger that takes advantage of this existing "feature" will prove it right.

my tone of perfect actually, because he came here spouting off at the mouth and did not provide any proof.

You seem the be grouping two very different things together, one is what the user is doing which comodo does no protect against the user doing stupid things. Another thing, just like my past post the only reason avast cn do this is because comodo lets it install a driver, do you really think that D+/sandbox will allow an unknown program like a keylogger to install a driver without it knowing, I highly doubt it.

If you can prove that this happens I will give you all of the credit, but until that day comes which I doubt it will lets leave it at that.

[Ronny]

The web shield is not a new feature.

I think John meant to point out that the Avast 7 version has features in Webshield that are specific for Windows 8...

[Saulius]

Every person that can reproduce "what avast did" could prove it right.
Every keylogger that takes advantage of this existing "feature" will prove it right.

I would like to add that what concerns me as an Avast! AV & Comodo FW combination user is that 'what Avast! did' proves in and of itself the fact that backdoor trojans that have latched on or hijacked or that masquerade as approved programs with similar driver cloaking technique features are already doing 'what Avast! did'.

I'm not an expert but may be a few should consider this for CIS on Windows 7 (both versions) and other programs and especially very suspicious PUP that anyone could download from Cnet or anywhere else almost just as lax about spreading PUP stuff such as unwanted toolbars in programs, real PUP IMHO such as Alfa Auto-run Killer, ZA, Spyware Terminator, anything from IObit, IMGBURN or Privex free scanner and other stuff with hidden key-logging home-dialer backdoor trojans... and who's to say that Avast! will still prevent such mal-adventurous behaviour beyond Comodo FW & D+, hmm?

What really could be getting through Avast! that Comodo and Windows 7 generic firewall et al can't see properly to even choose to prevent let alone by other approved or hidden internet connection program drivers?

What if this is already proven but curiously we just don't know it yet?

[Rumpel]

do you really think that D+/sandbox will allow an unknown program like a keylogger to install a driver without it knowing, I highly doubt it.

Is D+/sandbox the final arbiter of what gets installed, or is it the user?  Can D+/sandbox be disabled and the Comodo firewall used by itself?

Naturally, the severity of a issue relates to the prerequisites that are required to create it.  If an unsigned, unrecognized, arbitrary program can create this problem when installed on a machine equipped with Comodo and when D+/sandbox are enabled and without any user overrides, that is obviously very bad.  However, even if it required a program to be signed by a Comodo trusted source, or even if it required that D+/sandbox be disabled, or even if it required user-overrides, it would STILL be bad just to a lessor lesser extent.  Right?

[Wiired]

Can someone please advise if the latest update includes anything relating to this problem?

5.10.228257.2253: 12 March, 2012
    IMPROVED! Compatibility with other security suites is improved in Windows 7 x64

If not do we have an ETA? Or a workaround - other than uninstalling or disabling either product? The workarounds suggested so far do not work for me please advise if someone does have one.

Thanks

[clockwork]

do you really think that D+/sandbox will allow an unknown program like a keylogger to install a driver without it knowing, I highly doubt it.

Maybe i wasnt clear enough.
I speak about "the keylogger which i (theoretically) installed in form of a game, which asked to have access to the keyboard. I need to press the arrow buttons, so it seemed legit".

Now it could send its traffic through the REPUTATED hole, without any other question.

It was the more actual example (using avast web shield for traffic), so i wrote "will prove it right",
while a new built exploit "could prove it", because it would need certificates or the permission to install such a driver first.

[clockwork]

Can someone please advise if the latest update includes anything relating to this problem?
If not do we have an ETA? Or a workaround - other than uninstalling or disabling either product?
The workarounds suggested so far do not work for me please advise if someone does have one.

Thanks

It doesnt.
One sure working workaround: Dont use the avast web shield for this time. A lot of antivirus programs dont have any. And you are protected by comodo defense+.
The web shield is the least impacting security feature against infection in this scenario, compared to uninstall a product.
If you download something, scan it before you execute it. To be "sure".
Any concerns?

I have tried making a deny all out rule for all applications and tried putting it at the top and the bottom of the list with a separate rule allowing my browser full access in the middle.  Neither worked.

A "block all" rule should not be upon an allow rule. Your browser "in the middle" will be blocked then too
Thats why the suggested other workaround didnt work for you. It says, make such a block rule at the bottom of the list.

[Wiired]

Wouldn't disabling websheild expose me to malicious scripts?
I have alerts pop up from websheild on occasion "HTML:Script-inf" and "JS:Iframe-DS [Trj]" virus were the last two blocked recently.

I don't know if I'm willing to turn off detection before execution function of my antivirus.
I liken that to executing a virus and hoping D+ will fix up the problems later.

Disabling Avast features is not a work around I'm looking for.

[aerofly]

I use a firewall not only to block malware/trojan to phone home but also to block legit software to phone home (to protect my privacy).
Now I had to disable avast web shield because blocked legit program where able again to send their companies all sort of information about me.
Further I don't use Internet explorer than i blocked it to avoid any possible leak by malware that could use it to connect to internet.
But again only with web shield disabled.

[Wiired]

Lets hope you don't stumble across some malicious scripts while surfing the web.

[aerofly]

Lets hope you don't stumble across some malicious scripts while surfing the web.

That's exactly because i'd like to see this problem corrected very soon.
With or without web shield enabled there are in both case security and privacy concern.

[Tags:]