* Home Help Search Login Register  

Welcome, Guest. Please login or register.
March 22, 2010, 07:54:59 AM

Login with username, password and session length

373658 Posts
41473 Topics
94222 Members
Latest Member: abbbz

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Learn about Computer Security and Interact with Security Experts
| |-+  Leak Testing/Attacks/Vulnerability Research
| | |-+  hacked		 « previous next »
Pages: 1 [2] Go Down Print
Author Topic: hacked  (Read 5521 times)
Sm3K3R
Comodo Member
**
Offline Offline

Posts: 30
« Reply #15 on: September 01, 2008, 06:55:07 AM »
I have a friend that is using Comodo 3 as i advised him ,and his ISP LogIn data were stolen one week ago and some one was using his log in information and accesing internet for free.
Unfortunatelly he is not very skilled with security software ,but on the other hand im wondering how could be hacked that way.
Shouldnt a firewall protect users against hacks?I thought this was the purpose of this tool named firewall.
The only real solution seems to be a hardware firewall at this moments, so you should do the same,take a SPI router and use software firewalls just for a better outbound control.
« Last Edit: September 01, 2008, 06:56:49 AM by Sm3K3R » Logged
DarkButterfly
Guest
« Reply #16 on: September 01, 2008, 07:17:04 AM »
Quote from: Sm3K3R on September 01, 2008, 06:55:07 AM
I have a friend that is using Comodo 3 as i advised him ,and his ISP LogIn data were stolen one week ago and some one was using his log in information and accesing internet for free.
Unfortunatelly he is not very skilled with security software ,but on the other hand im wondering how could be hacked that way.
Shouldnt a firewall protect users against hacks?I thought this was the purpose of this tool named firewall.
The only real solution seems to be a hardware firewall at this moments, so you should do the same,take a SPI router and use software firewalls just for a better outbound control.


Two questions should take place now:

1rst - When you adviced your friend to use this firewall, was his system installed for the very first time, or are we talking about a system where he had no sure that it was clean?
If he wasn't sure the system wasn't clean, he should had set Defense+ to Safe Mode, at least.

2ndly - You said he insn't very skilled with security software. Being so, perhaps Defense+ alerted him for something and he just just allowed it to proceed.

CFP is a very great firewall, and with Defense+ on it, it just gets better. But as everything else, if a person does not know how to properly answer to Defense+ warnings, then it will be the same as not having CFP at all...

One must know how to answer to Defense+ alerts.

When I first started using CFP with Defense+, I wasn't 100% aware how it worked, but I knew that I shouldn't just press Allow every single time it asked to.

I first tried to get some info on the process in cause. If a system process then I would allow it and see what would happen. If it wasn't (and sometimes I still do it) a system process, I would just block it temporarily, by deselecting Remember my choice (something like that  Grin ). Then with time I would get more info on that specific process and later I would know how to answer properly.

A very good site where people can get more info, if a certain process is part or not of Windows system, is www.processlibrary.com

They got a HUGE list of Windows processes. If they say it isn't (note that they don't have all the processes in their database, it is a growing database) I will just block it temporarily and see how the system behaves. If the system still works fine and no error is displayed, then I keep it blocked, until I get more info about it, either by googling or getting back to the site I just mentioned.

CFP and alike tools are no joke. They provide very strong protection, but it may also happen the other way around if people don't know how to find info on what the firewall alerts us for. It is not a matter of knowing how to work with CFP, but how to answer the alerts. And for that, people must know where to get such info. And google is always a good start. 
Logged
Sm3K3R
Comodo Member
**
Offline Offline

Posts: 30
« Reply #17 on: September 01, 2008, 09:19:53 AM »
DarkButterfly,Comodo 3 was installed on a clean fresh XP instalation and the Comodo autoupdate feature was on.His computer seemed to be clean because with just 2 days before his login data were used i advised him to do some virus scans with CureIT ,Spybot Search & Distroy,Malwarebytes Antimalware,SAS and his antivirus Avast 4.8 ,because he often forgets to do regular scans in his cimputer.Those scans found nothing.
I really dont know what are his browsing habits,but he reported that some buddy of his give him on xfire a link towards YouTube,the day before and he is also a user of torrent software.I dont know how he answered to Comodos questions or if there were any and if somehow his data was stolen long before that guy used them.The ISP found the fake user.
He is not skilled in security ,he used Comodo 3 and he was hacked,the conclusion is simple, if you dont know how to use Comodo you can get hacked.I think some automatic features must be implemented in this firewall to protect such hijack.
What do i say to him now after this experience and bear in mind he used the free Sunbelt Firewall version 4 last year and he was satisfied with it,and never got hacked.
Logged
DarkButterfly
Guest
« Reply #18 on: September 01, 2008, 09:41:55 AM »
Quote from: Sm3K3R on September 01, 2008, 09:19:53 AM
He is not skilled in security ,he used Comodo 3 and he was hacked,the conclusion is simple, if you dont know how to use Comodo you can get hacked.I think some automatic features must be implemented in this firewall to protect such hijack.

I have suggested something like that to be implemented into CFP. It is an important feature for situations when people may answer unappropriatedly to Defense+ alerts. If a bad decision takes place, then this feature could simply block it.

Quote from: Sm3K3R on September 01, 2008, 09:19:53 AM
What do i say to him now after this experience and bear in mind he used the free Sunbelt Firewall version 4 last year and he was satisfied with it,and never got hacked.

Nothing tells us that he wouldn't be hacked if he still had Sunbelt's firewall. So, we can't say he got hacked because he has CFP installed on his system.

One question: Does he has CFP's Stealth Ports Wizard set with the last option, which blocks all incoming connections? Under the Firewall section he can find Stealth Ports Wizard, and set it to the last option. It is the most appropriate option to most users.

As everything else, people should first know how to work with something, and then use that very same something. Everything has/should have a instruction manual, and CFP does. Wink Then if the person in cause decides it is too complicated, then should not use it at all.
Logged
Sm3K3R
Comodo Member
**
Offline Offline

Posts: 30
« Reply #19 on: September 02, 2008, 08:11:01 AM »
But i still wondering ,this friend of mine might have been hacked because Comodo 3 doesnt do a proper SPI or is exclusevely because of a bad answer to firewall question?Ive seen somewhere on a forum that even a router can be fooled and UDP packets can be forced into some stream and DNS spoof made.
Or Comodo 3 in latest versions does SPI very well?
Logged
Tags: msn/trojens 
Pages: 1 [2] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.046 seconds with 16 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com