Author Topic: Please feel free to ask any questions to learn all about Computer Security.  (Read 189894 times)

Offline Kersti

  • Comodo Member
  • **
  • Posts: 38
   
Hello, I have installed: nod32 2,7, comfortable personnel pro 2.4.18.184, (spyware terminator, avg 7,5) and to spywareblaster, I have passed bariums test of security online and in it gives better spyware terminator me and in others avg. It wanted to know your opinion in as of both he is but trustworthy to put it like resident and if podeis to advise some programs to me of security, thanks in advance.
 Warm greetings,

Hola, tengo instalado: nod32 2.7, comodo personal pro 2.4.18.184, (spyware terminador, avg 7.5) y spywareblaster, he pasado barios test de seguridad online y en unos me da mejor el spyware terminador y en otros el avg. Quisiera saber vuestra opinión en cual de los dos es mas fiable para ponerlo como residente y si me podeis aconsejar algunos programas de seguridad, gracias por anticipado.  Saludos cordiales,

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Hey,

I already used bitdefender and it was a darn good antivirus, but if I scanned some virusses still got in my pc .
Comodo isn't as bitdefender because here the first thing it does is prevention not detection. But I do have 1 problem with your antimalware tool. I'm oke with the virusprotection but the antispyware part is still full of leaks :-[ . So I scanned with superantispyware and found over 100 spywares  :-\, could you please ad some more spyware rules in CAV because I just wonna use comodo. I know its not jet  full operational (especially the spyware part not) but I hate it if i need to use more then 1 protection software (I know I need at least 2 of them but that ... --> fill in that yourself  ;))

Love what you created already, the antivirus is oke. Just the darn antispyware isn't.

For the rest  (R)

Offline LeoniAquila

  • Retired moderator
  • Comodo's Hero
  • *****
  • Posts: 6745
Hi Melih, thank you for a really great product!

I use the 2.4.18.184 version and ever since I tried Comodo the first time (December 2006) I've been curious about the Component Monitor. There has also been a problem with it, I posted a ticket but got no answer.

Now, my question is: Is it possible for a DLL file to access the internet, without a .exe parent? For example there are numerous of DLL's from Microsoft in the list, all set to Allow in the Permission column. Can they, theoretically, be used as some kind of spyware, telling Microsoft all about my computer experiences?

Thanks,
/L

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
In order for the DLL to access the internet, it has to using some other application.  The Component Monitor checks all components (whether DLL, activeX, etc) related to known applications/applications in Application Monitor.  The validity is verified in order to get an approval for it to be part of the connecting application (please note, it's still the application that's connecting, not the component).

If an application is updated (with new files, components, etc), you will get an alert from CFP to that effect (it will say there's a new library, or the application has changed, or there are components to be authorized...).  You can click the "view libraries" link and it will show you all these components, which you can approve individually if you like (or block).  If you block them, it may cause problems with the application connecting (provided everything is indeed legit). 

Further, if a malware tries to hijack an allowed application, you will get an alert to that effect as well, for a DLL Injection (in this scenario).  All these things are part of the Application Behavior Analysis (Security/Advanced).

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline LeoniAquila

  • Retired moderator
  • Comodo's Hero
  • *****
  • Posts: 6745
Thanks Little Mac for your answer. It is, by the way the "view libraries" feature that has caused some problems. I have discussed this earlier in another thread, maybe with you. The problem was (or should I say is) that the view libraries function doesn't remember the choice, so now I've given up the attempts to block some DLL:s.

However, now I now more about the function of the Component Monitor so thanks again :)

/Leo

Offline okramo

  • Newbie
  • *
  • Posts: 6
Could someone please explain me what this means?



What application wants to do?

Should I allow this or not?

Thanks for answers

soyabeaner

  • Guest
okramo, welcome to the forum.

127.0.0.1 is your TCP loopback in this case.  There are lots of legit programs that require this type of internal connection.  You should allow it, otherwise ICQLite might not work.  There's an option to enable the skipping of this check in Security>Adv>Misc>Config>2nd option if you don't run any proxy server.

Offline okramo

  • Newbie
  • *
  • Posts: 6
okramo, welcome to the forum.

127.0.0.1 is your TCP loopback in this case.  There are lots of legit programs that require this type of internal connection.  You should allow it, otherwise ICQLite might not work.  There's an option to enable the skipping of this check in Security>Adv>Misc>Config>2nd option if you don't run any proxy server.

Thank you for quick answer :)

Also, I forgot - welcome to you all at this forum - Comodo is very nice product   (R)

Offline okramo

  • Newbie
  • *
  • Posts: 6
Me again :)

I am trying to create stealth rules for apps that I use so sorry for asking maybe stupid questions, but what window below means?



I previously allowed TCP OUT at port 80 for googletalk so I don't know what now he asks?!

thanks

soyabeaner

  • Guest
Sorry, okramo.  Moderators are only allowed to answer a member's question once per thread. :(

Ok joke's over ;D.  This alert refers to Google Talk trying to connect to the internet, so allow it again.  Did you remember to click on the Remember option at the bottom left corner of the alert?

Offline okramo

  • Newbie
  • *
  • Posts: 6
Sorry, okramo.  Moderators are only allowed to answer a member's question once per thread. :(

Ok joke's over ;D.  This alert refers to Google Talk trying to connect to the internet, so allow it again.  Did you remember to click on the Remember option at the bottom left corner of the alert?

I already allowed googletalk connection to internet - allowed ports 80 and 443, so I wasn't expecting this question...

Why is for ip written : "Listen port" ?

I enabled already usage of specified ports for connection to Internet so I still don't understand :)

soyabeaner

  • Guest
I think listening port is one that is ready to be opened for application/process use.  You should visit the Firewall FAQS.  It has lots of info, like this one: http://forums.comodo.com/index.php/topic,6167.0.html

Offline cc-tje

  • Newbie
  • *
  • Posts: 15
Just registered en already having a problem. I'm using comodo firewall in combination with avg-antivirus (both freeware).
The learning fase in Comodo is already done, but suddenly I'm having problems with msn-messenger. Until now it happened with only one contact. Every time he's trying to send something, msn closes, without accepting the file. Also voice-contact is a disaster. It seems my computer is allergic?? Because I'm administrator of a forum and need this way of contacting it's rather uncomfortable.
AVG free doesn't give more options to configurate and in comodo I can't mark the action as safe.
Any idea what's going on?
Even updates from comodo don't come to finalisation. Is there any disagreement between those two save guards?

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
Hello cc-tje
I am also using AVG and MSN with version 2.4.18.184 CFP.  Both work without a flaw.  Are you using the latest version of CFP and have you followed the install instructions for CFP exactly as posted in this forum?
John

Offline cc-tje

  • Newbie
  • *
  • Posts: 15
I installed CFP with standard features (freeware version). Never changed any of the settings. It's very strange that updates also never get installed. Think I've downloaded the updates already 7 times now.
It's even more strange that it occurs only with one person, other contacts can send and receive anything through msn (8.1) without delay.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek