Which Product to develop next?

[Guest]

[AOwL]

Is there a way for a firewall/defence+ to hide your internal IP in your network from getting exposed on internet without blocking all javascript in your browser? Can Defence+ maybe "see" that something suspicious is going on? A lot of navigation buttons and so on is done with java so I don't want to turn it off completely and I would prefer if I don't have to get a popup and approve every website i'm going to...
Here is how it's done.

The point is, you should be concerned that a Java applet ran without your knowledge, found some information and passed it back to the server.

It was cross site leaking of java that gathered this information made possible by passing variables back from the applet and constructing a url in java to a web page using an iframe that contains the data to be collected. The server can then read this information, store and process the internal ip address as needed.

The only way to prevent this that we are aware of, is to disable active scripting in the browser.

The website: http://www.auditmypc.com/internal-ip.html

[Eddoes]

How about software that recovers data from damaged DVDs, Something like BadCopy Pro but alot better and faster if possible. Alot of people have damaged cds and dvds they would like to recover to an iso or some sort to be used again. I would love to see comodo develop software like this. Let me know what you guys think?

[00hmh]

Two suggestions for Comodo, given it's central position in internet technology:

1.  After looking at the troubles users have with the HIPS in CFP, and after seeing the trouble with trying to incoprorate the ideas of CMG, CAVS, BOC, CFP, DEFENSE+(HIPS)  without conflict, and with teh many other non-comodo products out there which overlap, thre is clearly a need to identify functionality with a particular piece of software and to identify when software functionality is duplicated and when it creates compatibility.   Would it not be wonderful to have a security software "meta-security scanner?"    In short, users need to know where their setups are vulnerable and in what way, and what choices they have to address that problem, an automated  trouble shooting guide?    Perhaps a suite of security benchmarks?

2. After reviewing Comodo Forum discussion of virtual machines(and other sandbox techniques) and rootkit threats, both of which change focus of security from application level to kernel level threats, perhaps Comodo needs to provide or expand it's current technology solutions to problems in these two areas.   (Or, perhaps, after reviewing the discussions elswhere, I am not clear how these areas are addressed or not by the current spectrum of security tools.) 

3.  Devote some of your best minds to the development of help files, documentation, and information resources for users(see 1, above).    If there is one thing security experts seem to agree on it is that savvy users have a better chance to survive in the stormy waters.

Can you comment?

[Melih]

Two suggestions for Comodo, given it's central position in internet technology:

1.  After looking at the troubles users have with the HIPS in CFP, and after seeing the trouble with trying to incoprorate the ideas of CMG, CAVS, BOC, CFP, DEFENSE+(HIPS)  without conflict, and with teh many other non-comodo products out there which overlap, thre is clearly a need to identify functionality with a particular piece of software and to identify when software functionality is duplicated and when it creates compatibility.   Would it not be wonderful to have a security software "meta-security scanner?"    In short, users need to know where their setups are vulnerable and in what way, and what choices they have to address that problem, an automated  trouble shooting guide?    Perhaps a suite of security benchmarks?

2. After reviewing Comodo Forum discussion of virtual machines(and other sandbox techniques) and rootkit threats, both of which change focus of security from application level to kernel level threats, perhaps Comodo needs to provide or expand it's current technology solutions to problems in these two areas.   (Or, perhaps, after reviewing the discussions elswhere, I am not clear how these areas are addressed or not by the current spectrum of security tools.) 

3.  Devote some of your best minds to the development of help files, documentation, and information resources for users(see 1, above).    If there is one thing security experts seem to agree on it is that savvy users have a better chance to survive in the stormy waters.

Can you comment?

Excellent points indeed

1) We have re-architected V3 firewall so that all Comodo products could work in harmony. You will see that new versions of all Comodo products will be utilising this architecture and will not suffer from any compatibility issues. The scanner idea you have is great, but a difficult one to build

2) Our V3 already offer kernel level protection! Kiss goodbye to rootkits!

3)Who better than our users to write the documentation for our users! pls check wiki.comodo.com

thanks
melih

[MacGyver8921]

Nothing, only final Comodo AntiVirus 2.0 beta.

Antivirus was so long beta, was it two year beta.


Enough resources to do that job, lots of trojans, malware
coming today. And do daily updates viruses, trojans..

Was this already written, idont read all

[00hmh]

Playing in the sandbox does mean sacrificing some computing power, but OTOH the basic idea is a great comfort if/when your AV or ASW product fails you.  The problem the sandbox doesn't answer of course is that while you are playing in the sandbox, you can still get hurt, with malignant software stealing your privacy and any data you are currently using. 

The sandbox may prevent permanent compromise, but I am not sure how to do the best job INSIDE the sandbox to prevent what can be prevented.   It is not enough comfort to me that the underlying host OS is not infected, if every time I boot into the VM I may be infected by some nasty that is part of my regular setup inside the VM?   

I am better off, it is true, than when I forego the VM and get the Host permanently infected, but isn't it better to operate inside the sandbox AND to have it a very secure Guest OS?   And how do I know WHICH things I have played with in VM are OK for the host environment? 

How is it best I use the Comodo solutions in combination with a VM?   Anyone have a good setup to accomplish that? 

   

[marcos.zy]

The problem the sandbox doesn't answer of course is that while you are playing in the sandbox, you can still get hurt, with malignant software stealing your privacy and any data you are currently using.

Really. If you are infected with some type of malware while browsing the internet inside the sandbox, and access your bank, for example, you will suffer the same damage that would be out of the sandbox.

[deathdr0ne]

As I mentioned in another post; A Peerguardian 2 style plug-in for Comodo Personal Firewall 3 would be f'in sweet. I guess that would also mean that you would have to have a plug-in interface which would be cool as it would open up the doors for other developers to add stuff as well.

[andyman35]

Yes and also perhaps a Comodo HOSTS file plugin,similar in nature to the likes of MVPS,to block the known bad sites at source.

[Albert Einstein]

C.A.V.S. for Vista would be nice!

[Toggie]

How about a real good 'tracks' eraser, something that removes all the personal stuff really really well.

Right now I use a mixture of ccleaner, for the basic crap cleaning, eraser for secure deletion and free space wiping then follow that up with restoration to remove stuff they both leave behind.

It should make sure that files are wiped completely and also completely removed from the disk, after wiping. It should also clean in all those nasty, hard to get to places, like the MFT and ntfs.log. It should also do ADS.

[Soyabeaner]

This leak test issue is off-topic, so I moved the last posts into a new topic in the Leak Testing board:

http://forums.comodo.com/empty-t17579.0.html

[NTxLS]

This leak test issue is off-topic, so I moved the last posts into a new topic in the Leak Testing board:

http://forums.comodo.com/empty-t17579.0.html

I apologize for taking a thread off topic.  Thank you for moving it and letting me know about the move.  Have been busy working on other problems with my system.  Could not get back on the web in Normal mode am using SafeMode/w Networking for now.

Mr. CEO,

Thank you for the reply and other information provided by another poster, I move with the thread, have a HAPPY NEWYEAR and a very prosperous one as well.

TIA,

[Melih]

Mr NTxLS

A very happy new year to you too!
we are always here to help.
thanks
Melih

[NightRider]

Hi,

I would like to see a vulnerability scanner with the ability to download updates and patches when they occur and a secure method for logging on to a PC that also gives you the ability to encrypt the hard drive for security.

 (V)NightRider

[Tags:]