Reverse DNS lookup and whois for IP in alert windows

[Guest]

[dandv]

I just installed Comodo today, and got the first alerts of applications trying to connect to various IPs. Of course, I wanted to know what domains resolve to those IPs, so I launched nslookup, then whois. Then after a bunch of alerts, I thought, this is a basic feature, Comodo must have it, maybe it's just disabled by default. But nope.

Today we celebrate 3 years since this basic feature request was posted: reverse IP lookup, and whois lookup. It was also proposed in a Plugins thread and again in this Wishlist thread.

Is it really complicated to do a reverse DNS lookup? How do Comodo devs who eat their own dogfood deal with this usability issue?

[panic]

I agree with you and have voted accordingly, but I do hope that other members who are not familiar with the concept of dogfooding don't think you were being derogatory.

Eating ones own dogfood is a term indicating a company that internally uses the software it produces.

Cheers,
Ewen :-)

[dandv]

Why is there NOTHING being done about this issue?

Besides the obvious usability problem, not doing a reverse DNS lookup for the IP is a security risk.

While a process may be deemed safe to connect to the Internet (say, svchost.exe, since it's often used by Windows to get Windows updates), the remote IP is crucial - if you live in the USA and see svchost.exe trying to connect to an IP in Bulgaria, it's probably NOT Windows Updates.

I've attached a screenshot but I feel like shouting in the wind here. Who do I need to poke to have this issue finally addressed?

Also, displaying just "svchost.exe" in the Firewall Alert window is not very helpful. It would be muh more helpful if the name of the actual DLL of the service that tries to connect were displayed. Here is a 2006 post that suggests this was possible at one time in Comodo: http://www.wilderssecurity.com/showthread.php?t=145810. Why was this capability removed?

[panic]

Here is a 2006 post that suggests this was possible at one time in Comodo: http://www.wilderssecurity.com/showthread.php?t=145810. Why was this capability removed?

As far as I can remember, Comodo's firewall's (V2, V3, V4 and now V5) has not displayed the DLL that invoked SVCHOST.EXE. AFAIK, it hasn't been removed because it was never there.

I still agree with you about the reverse DNS though, just not as stridently.

Cheers,
Ewen :-)

[Radaghast]

Having the ability to enable reverse look-ups would be a great idea, but it must be optional, as there can be significant network overhead and packet delay when performing these tasks.

I vote yes with that provision.

[Jebtrix]

The lack of this feature has been driving me nutz for years!! I always laugh when an alert comes up blah blah trying to connect to xxx.xxx.xxx.xxx, yeah like I frikkin know with the info provided.

[dandv]

The lack of this feature has been driving me nutz for years!! I always laugh when an alert comes up blah blah trying to connect to xxx.xxx.xxx.xxx, yeah like I frikkin know with the info provided.

Exactly. WTF. One wonders if Comodo developers actually ever use Comodo themselves.

But besides that, there's a serious security problem with displaying just the IP - see here: http://forums.comodo.com/format-verified-issue-reports-cis/security-risk-remote-ip-is-opaque-to-user-issue-report-t73414.0.html

[pabrate]

It will never happen and I'm sick of it 

This is so simple to implement and almost every firewall has it.

Finally realized what this company really is , a BIG joke !

[wasgij6]

It will never happen and I'm sick of it 

This is so simple to implement and almost every firewall has it.

Finally realized what this company really is , a BIG joke !

its obviously not a big joke if this many people support it and are on this forum discussing it including yourself. if it was a big joke as you stated it wouldnt survive and development would have stopped. idk if you have seen the reviews of cis and all of the recognitions it gets.

[wasgij6]

i agree that this feature needs to be added but it doesnt make comodo firewall a joke just cause it doesnt have it. im sure they will implement eventually. im hoping with v6

[pabrate]

i agree that this feature needs to be added but it doesnt make comodo firewall a joke just cause it doesnt have it. im sure they will implement eventually. im hoping with v6

Well, I asked here almost 2 years ago about the same feature :
https://forums.comodo.com/wishlist-cis/resolve-ip-to-hostname-t54597.0.html

Not a single response from Comodo, absolutely nothing, and from that thread I learned that people actually asked that before me, so who knows for how long this feature has been asked for.
Why is Comodo a joke ?
Because it's a free product and I realized they don't give a "***" about it / their users.
You know, like 20 admins, 30 developers, I mean whatever, there's a huge number of their staff visiting this forum and they just can't say anything about that ? And I mean anything ?
That's a joke buddy ....

Mod Edit: Removed Explicit word.

[captainsticks]

Hi Pabrate. I do agree that not much has been said about, but I think to call Comodo a joke is a bit harsh.
All jokes a side how often would a general user use this function, and if it is deemed totally necessary there are alternative ways to check. IMHO Comodo does have it users best interest at heart, and with that security, reliabilty, and stability come first. Some might call what is asked for a requirement, and others will say it is just another bell or whistle. My FW is to be used as a FW nothing more and nothing less and I myself am quite happy to use alternative measures for lookups etc. I am not against anyones wish, but IMO it is not a priority and would have to be optional or the ability to disable.
Just my thoughts and kind regards.

[dandv]

Hi Pabrate. I do agree that not much has been said about, but I think to call Comodo a joke is a bit harsh.

There's a lot of ridiculous praise for Comodo, serious security risks (this being one of them) are being ignored, so I'm not surprised it's being perceived as a joke.

if it was a big joke as you stated it wouldnt survive and development would have stopped. idk if you have seen the reviews of cis and all of the recognitions it gets.

I've been seeing LOADS of such recognition here in the forum and on the Facebook page, and it comes from, excuse me, uneducated idiots who can't write to save their lives. All they can utter is "omg comodo is da best phirewall evaaaa!!!11". Seriously. Go have a look at the Comodo Facebook page. These were actual gems of Comodo praise you could see on the Facebook page within the last 24 hours:

* BB in DA HOWSE and COMODO iz Keeping my Doorz SECURE WOOT!!!
* i'm installing comodo is beautifool.
* REALLY LOVIN IT!!!! NO MORE HEADACHES, AND WANTING TO THROW MY COMPUTER IN THE DUMPSTER!!!!!! LMBO!!!!

All jokes a side how often would a general user use this function

ALL. THE. TIME. How can you not understand this painfully obvious point?

Let me try to illustrate it again:

You get two alerts from svchost.exe that your computer wants to connect to:
a) 109.237.208.23
b) 207.46.197.32

Which one do you allow, and which one do you block? How do you approach this problem?

[pabrate]

Hi Pabrate. I do agree that not much has been said about, but I think to call Comodo a joke is a bit harsh.

Okay, it was harsh, I might overreacted a bit.
But I've been using Comodo for a long time and didn't even think about changing the firewall.
Like I said, I need that feature, it helps a lot and I don't care what you think about that feature.
I asked nicely two years ago for it, at least someone from Comodo could replied and said something , like you did it now for example.
But then out of curiosity I tried several firewalls in VM looking for a replacement, and to my surprise every one had that feature. So, I finally ditched Comodo yesterday, yeah ... just because of that, got sick and tired of waiting, and to be honest, it's the attitude of Comodo that finally made me uninstall it. Not to say a thing about it, that's not cool. That feature is one line of code, to reverse IP to domain name, then just add that string to the alert window and that's it. If that was too much, well ... good luck

[captainsticks]

To Dandv. I would use alternative bookmarked tools when required.

I've been seeing LOADS of such recognition here in the forum and on the Facebook page, and it comes from, excuse me, uneducated idiots who can't write to save their lives.

Uneducated does not equal idiot, please choose worded expressions carefully.
Whether someone uses good grammer/spelling or not, and is educated/uneducated, does not take away the right for them to have an opinion.
I have had my opinion, and I didn't degrade anyone in doing so.
Kind regards.

[Tags:]