matousec and comodo

[Guest]

[LUSHER]

Your observations about me and the people who frequent Wilder’s and use Paul’s site as a customer support base leaves me at a loss for words that would adequately express my feelings.

The truth hurts. And yes I apologise for being rude but the truth hurts.

No one from the firewall end of security is there eh? For starters maybe you should tell that to Nail, from Jetico, or Don from Kaspersky, or Paranoid from Agnitum…

#1 Don is from Kaspersky? Check your facts. Don is the #1 fanboy of kaspersky, but he is not a developer. And the last time i checked he loves the AV component anyway more.

#2  I already mentioned Paranoid who is competent, but even he isn't a developer , just a mod on their forum.

#3 Nail? wow 2 posts on wilders posting Jetico updates  makes him an active member of wilders?

Want to try again? My oh so eloquent friend? Maybe you can bring more facts to the table? Rather than to assume that people who know more than you (not difficult obviously) are experts...

You are the ideal spokesperson to come rushing to Comodo’s defense against my loathsome, mindless and let’s not forget “Stupid and Clueless”attacks on Comodo. Perhaps they could appoint you director emeritus of their public relations department, and debate team.

LOL, I don't support comodo at all, I just like to call you on your BS. I love Wilders, being a member since way back , but really members in wilders really should realise in the grand scheme of things wilders is really nothing more than a intermediate level site. Pointing to it vaguely as some standard and saying that knowledgable people say it is bad is just funny.

Suffice it to say I will take your compelling observations about me and others under advisement.

If you say so. But your post as already being exposed long before I posted as being full of nonsense and short on facts. When challenged by people to expand on your statements, you couldn't say anything. A clear sign of someone who just repeats what he reads without understanding.

I'm ready to backup my statements on security vulnerabilities in ProcessGuard, SSM are you?

[LUSHER]

Apologies Hillsboro - I editied out the blatantly unfair bits, but left the rest. It's just his opinion and the opinion of his "friend who is a security vulnerability researcher".  :

Cheers,
Ewen :-)

Yes, but it is the opinion of one who is considered "knowledgable" on the precious forum that he loves... lol.

[water]

Just want to throw another article into the mix for those who may not have much info on HIPS and sandbox. No preference on the products it evaluated; no opinion on the results - but I think the premise of the evaluation is quite informative.

Interesting read - should take a look if you haven't read it before.

http://www.techsupportalert.com/security_HIPS.htm
http://www.techsupportalert.com/security_virtualization.htm

[Melih]

Wow!

I shouldn't have gone to bed! I missed all that fun

We all are here because we all want to improve Comodo Firewall!  

So why don't we simply identify the most urgent issues that people are raising and prioritise them for a fix!

Hillsboro seems to have a list. Perhaps he can share with us the list so that we can get them actioned!

I also agree with a statement made by Lusher regarding what is an Ideal Firewall according to Matousec: Its a HIPS enabled Firewall! That is what they call Ideal!

Lusher, your input is greatly appreciated, you have brought a very credible insight and a very knowledgable point of view. We would love to hear more from you as to how we can improve our firewall please.

I think this is a very healthy discussion that will result in even a better firewall. Thanks to you all and lets continue with this discussion.

thanks
Melih

[Melih]

Melih,

I am very sorry you feel I have been unfair. It was not my intent to cause a flap for the sake of starting a debate or causing ill will. A question was asked and I sited some examples I found regarding Matousec's assertions regarding Comodo's weaknesses in some basic areas.

Melih, I have said nothing that hasn't been said by some of your most loyal and staunch supporters. The OLE/COM issues is one of the sore points that others have mentioned that isn't being addressed, as is the password matter. If it would help, I will discuss this by PM or email with you and will cite the points that have been made by some of your supporters since day one and as recently as 3 days ago. I didn't bring it up to you directly, because I am sure you are aware of it too. I used the term heresy because when I have seen the matter of the OLE/COM problems brought up they were either ignored or pointed out that is wasn't a flaw, but a "feature."  I am sorry Melih, but the OLE?COM reporting an application trying to gain access to the net when in fact it isn't, is, in my estimation not a feature. It is a flaw.

I use Mediamonkey to play MP3's... I have blocked Media Monky and all the DLL's from accessing the net. Yet if I open Firefox or Opera to access the bet, Comodo's OLE/COM throws up an alert that MediaMonkey is trying to connect to the internet through Firefox/Opera when infact it isn't. I have logged it through process explorer and portexplorer. It doesn't happen even if I give it permission. This is a feature? How is it a feature? And that was what I was told by one of your staff when I complained about it 2 days ago, along with the vulnerabilities opened up from a human interface aspect (the cry wolf scenario).

I complained about an obvious flaw and was told it was a "feature", as if I didn't have sense enough to realize it was a feature. It was if what I said was heresy. Hence my choice of term.

Again I am sorry if you took what I said as a personal affront, Melih. All I would ask is you put what I said in context with the reply I received. To me that isn't listening, and I am not alone.

If you care to I will be happy to PM or email you and cite examples of constructive criticisms by others that were either ignored or rebuffed by Comodo Staff and others who have voiced much the same as I have here on this forum. I am not against Comodo... I would like to see you succeed with  your endeavors. I do realize that there are a lot of man-hours invested in this project. I would even be willing to purchase a solid no nonsense firewall. You are very close to what Jetico had going with their 2.0 beta, but without the very steep learning curve. 

Happy New Year!

Hillsboro

You have raised 2 issues so far:
1)OLE issue: Which was clearly explained by Egemen and its workings (pls read that post again where he explains why this happens and its not a bug)

2)Password issue: This has been in our Wishlist will be implemented very shortly.

So far, all I see is: you think OLE issue is a bug  and want something on our wishlist to be prioritised as a high priority!

Are you raising any other issue?

thanks
Melih

[hillsboro]

Hillsboro

You have raised 2 issues so far:
1)OLE issue: Which was clearly explained by Egemen and its workings (pls read that post again where he explains why this happens and its not a bug)

2)Password issue: This has been in our Wishlist will be implemented very shortly.

So far, all I see is: you think OLE issue is a bug  and want something on our wishlist to be prioritised as a high priority!

Are you raising any other issue?

thanks
Melih

Hello Melih,

Well there is one other thing... Rotty wrote a great script for macking up the registry configuration files, and is easy to implement for someone familiar with scripts. However, it might be nice to have the ability to save and load configuration files from within Comodo. 

To clarify the OLE issue. To me it is a human factors/interface issue. Something I know a little about. Basically, if a user is conditioned to grant permissions based on what is being suggested here as a way of dealing with the pop-ups being generated, they are going to become conditioned in very short order to reflexively grant permission and not even read the fine print. To many warning flags will do this and become self-defeating. I used MediaMonkey/Firefox as an example of this problem. MediaMonkey was block, by me from accessing the net. That was it. It should have never shown up in OLE if it was working properly. Blocked to most people, means exactly that. Blocked... no exceptions no conditions. Yet here OLE is telling me it is trying to access the net! I won't insult your intelligence by listing all the problems with this. Suffice it to say, this is the very thing a malware author is going to exploit. He/she doesn't have to be clever, just aware of the human factors involved and use that interface weakness to their advantage.

Panic and I have exchange PM's that I know you have been cc'd. I have given him permission to share my PM's to Ewen, with you or any of the other Comodo staff. Hopefully you might find something of value in my reply to him.

What I have said here was never meant as a personal attack on you, your abilities or those of your staff. Yes it was blunt, but sometimes directness serves a purpose. What I said was said here and not on any other forums. I tend to deal with people through emails and PM's when there is an issue rather than using a public forum.

Best regards,

[water]

While we're on the subject of bugs and fixes, does anyone have info on when the fix for HIPS process spoofing will be ready?

[hillsboro]

While we're on the subject of bugs and fixes, does anyone have info on when the fix for HIPS process spoofing will be ready?

Latest word is around March.

[Melih]

ok so far we have 3 main issues raised by Hillsboro:

1)OLE: come up with some other mechanism because of too many pop ups
2)password protection
3)backup settings

first 2 are security related whereas the 3rd one is usability.

I can tell you that, ver 3 will have OLE issue resolved.
Password protection will definitely be in v3, if we can do it earlier we will, lets see.
Backup will most definitely be in v3

thanks

Melih

[Toppy]

What about the *reality* that governments have close contact with Microsoft about the undocumented "features" no single firewall in existence will block.

Now, still, have a happy and "secure" New Year 

[egemen]

While we're on the subject of bugs and fixes, does anyone have info on when the fix for HIPS process spoofing will be ready?

It is already fixed in this BETA versions.

[egemen]

Moderator removed comments could have been interpreted as offensive. Ewen

I do agree about the password thing. You don't need to be knowledgable to write a script that can shut comodo firewall down so easily using this method. It's a pity they don't add it, since it's such an easy thing. Particularly since they have done all the hard work of armoring it against anti-termination attacks. Seems to make all that hard work pointless if they don't block such a simple attack.

Yes we have already improved the self defense significantly again. On tuesday, we will provide the BETA so that you can test it. Previously, it was possible to simulate some mouse clicks.

"Password" protection is useful for parental controlling. Namely, to protect a human being to change your CPF settings. It is not a defense against malware tampering and should not be.

To do well in Matousec test you need to have a full blown HIPS. It's obvious in the methodology they are expecting a fully locked down local system. Without that there is no way any firewall will get a decent rating.  Comodo firewall is as close as you can get without hips.

Yes i agree. Many of the test parameters are targeted for an anti-malware product like HIPSs. Yet for desktop users, according to their feedback, such a distiction is hardly tolerable.  We would add all such checks in CPF 2.4 but we planned to provide a full HIPS instead of partially implemented solutions related to internet accessing. Thats why CPF 3.0 will come with a HIPS and will act as an anti-malware solution too.


Thanks for the feedback,
Egemen

[alg]

What about the *reality* that governments have close contact with Microsoft about the undocumented "features" no single firewall in existence will block.

Now, still, have a happy and "secure" New Year 

Hi,

i think "little green men" on Mars have hacked Microsoft last year. Since then, black out on this issue ! (joke  ).

ALG

 

[panic]

"Password" protection is useful for parental controlling. Namely, to protect a human being to change your CPF settings. It is not a defense against malware tampering and should not be.

And the hard bit in writing a script that would shut the UI, thereby allowing unfettered access would be what ??

[egemen]

And the hard bit in writing a script that would shut the UI, thereby allowing unfettered access would be what ??

Someone can write a visual basic script which sends simulated mouse clicks to the GUI and shutdown the protection as if you do it manually. Password protection would *help* in this case unless you have a defense against such sort of things.

The password protection is not the correct way to handle this because it is not always activated by the user. So if it is not password protected, it can be shutdown anyway. But this is not it should be.

Thats why it must be used for human interference control. Not for malware tampering.

Egemen

[Tags:]