Author Topic: 2.3.3.33 (& 2.3.5.62) is failing leak tests [Resolved]  (Read 59673 times)

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #15 on: August 18, 2006, 04:28:56 PM »
I am not sure about this leaktest. I used a packet sniffer with it to see what happens and as soon as you press the button then there is a transmission as follows:-


(UDP)192.168.0.xx:1421->212.87.64.7:53 ,61 Bytes
(UDP)212.87.64.7:53->192.168.0.3:1421 ,77 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,48 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,44 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,268 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,189 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,40 Bytes

Now maybe no information was sent but there was a communication and no warning from Comodo.

Wallbreaker would also appear not to be blocked since there is transmission before the deny is pressed in Comodo.

To me the best defence against these tests is simply to block IE from even starting.




Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.3.33 is failing leak tests
« Reply #16 on: August 18, 2006, 06:31:58 PM »
I am not sure about this leaktest. I used a packet sniffer with it to see what happens and as soon as you press the button then there is a transmission as follows:-


(UDP)192.168.0.xx:1421->212.87.64.7:53 ,61 Bytes
(UDP)212.87.64.7:53->192.168.0.3:1421 ,77 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,48 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,44 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,268 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,189 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,40 Bytes

Now maybe no information was sent but there was a communication and no warning from Comodo.

Wallbreaker would also appear not to be blocked since there is transmission before the deny is pressed in Comodo.

To me the best defence against these tests is simply to block IE from even starting.


Can you please paste full contents of the packets from the sniffer. It seems to me that you allowed once before and these are the packets from the your previous session.

For wallbreaker, disable "Do not show alerts for the applications certified by COMODO" option and retry.



Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #17 on: August 19, 2006, 05:13:39 AM »
Can you please paste full contents of the packets from the sniffer. It seems to me that you allowed once before and these are the packets from the your previous session.

For wallbreaker, disable "Do not show alerts for the applications certified by COMODO" option and retry.


No, this was the same in every session. As soon as the button is pressed the contact is made. Comodo does not stop the communication.

Can't show you the packets since it is no longer installed. Do not have any confidence in it for this and other things I found.


Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.3.33 is failing leak tests
« Reply #18 on: August 19, 2006, 04:57:45 PM »
No, this was the same in every session. As soon as the button is pressed the contact is made. Comodo does not stop the communication.

Can't show you the packets since it is no longer installed. Do not have any confidence in it for this and other things I found.

Hi David,

According to your packet sniffer logs, data is being sent. So if CPF shows a popup, you can not see such sequence of packets. With this packet sniffer logs, you should be able to see the text you typed.
[/quote]

It is out of question that CPF will not see such a simple COM based ipc. It can even detect chained COM requests. Malware must be much more smarter to bypass CPF. PcFlank test is notoriously difficult to understand for someone who is not accustomed to using CPF. If you believe CPF fils, the ethical thing to do, is to test it correctly and share your findings with us in such a detail that developers can understand the issue and produce a fix in case of any bug to protect the users. For example the case when you allow once and go back and retry is completely different from closing the internet explorer and Pflank and retesting.

Quote
Do not have any confidence in it for this and other things I found.

We are sorry that you do not have any confidence in CPF. You have automatically approve safe applications option enabled and then you wonder why CPF is not asking you about say internet explorer. Without trying to understand what is going on, reaching a judgement would be neither appropriate nor rational. Anyway, what is your favorite firewall which gained your confidence to be remain installed? We would be happy to hear that.

I have been reading your posts in our forums quite sadly. I hope the only reason for your negative attitude is because of being having to activate CPF before using.


Good luck,
Egemen

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #19 on: August 19, 2006, 05:24:32 PM »
Hi David,

According to your packet sniffer logs, data is being sent. So if CPF shows a popup, you can not see such sequence of packets. With this packet sniffer logs, you should be able to see the text you typed.


It is out of question that CPF will not see such a simple COM based ipc. It can even detect chained COM requests. Malware must be much more smarter to bypass CPF. PcFlank test is notoriously difficult to understand for someone who is not accustomed to using CPF. If you believe CPF fils, the ethical thing to do, is to test it correctly and share your findings with us in such a detail that developers can understand the issue and produce a fix in case of any bug to protect the users. For example the case when you allow once and go back and retry is completely different from closing the internet explorer and Pflank and retesting.

We are sorry that you do not have any confidence in CPF. You have automatically approve safe applications option enabled and then you wonder why CPF is not asking you about say internet explorer. Without trying to understand what is going on, reaching a judgement would be neither appropriate nor rational. Anyway, what is your favorite firewall which gained your confidence to be remain installed? We would be happy to hear that.

I have been reading your posts in our forums quite sadly. I hope the only reason for your negative attitude is because of being having to activate CPF before using.


Good luck,
Egemen


Thank you for replying.

There is another firewall that is claiming to pass all the leak tests, namely Private Firewall. I did the self same test with that one and a pop up came asking me to allow or not. Denying prevented any communication to PC Flank. Although the text did not appear to be transmitted with Comodo all the texts were shown when I selected 'Open browser'. So you are not preventing the text/communication being transmitted.

Whether leaktests are valid or not, it is you who are making the claim.

Re activation. I was not referring to that. You have your reasons for using and I have mine for not liking it, but accept that is the way you want it and I have to accept that or not use the program.

The distrust I inferred was that when I opened up another browser there was a pop up to allow/deny and whilst I was reading it I saw that the connection was made anyhow. So if it does it with that then what else will it just allow.

With trusted applications I want to be the one who decides whether or not they connect. I think you should at least say that this is a trusted or not program allow/deny and it should be totally blocked until I decide. The default should be to deny with an option to take the automatic approval on set up or first run.

That is why in its current state I do not feel compfortabe using it.

Hope this gives you a better understanding of my position.


Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.3.33 is failing leak tests
« Reply #20 on: August 19, 2006, 06:28:06 PM »
Thank you for replying.

Re activation. I was not referring to that. You have your reasons for using and I have mine for not liking it, but accept that is the way you want it and I have to accept that or not use the program.

The distrust I inferred was that when I opened up another browser there was a pop up to allow/deny and whilst I was reading it I saw that the connection was made anyhow. So if it does it with that then what else will it just allow.

With trusted applications I want to be the one who decides whether or not they connect. I think you should at least say that this is a trusted or not program allow/deny and it should be totally blocked until I decide. The default should be to deny with an option to take the automatic approval on set up or first run.

That is why in its current state I do not feel compfortabe using it.

Hope this gives you a better understanding of my position.

If you wanted to see the trusted applications, you should have specified it during the setup. You are presented the option to disable it during the setup. Or later you can go and disable. Just you dont understand does not mean it is not working.

About PCFlank test, we and all of our users know what our firewall prevents and we make our claims according to it. As you will also agree, consequences of making false claims would be more painful for us than you writing in a forum.
it is pity that the firewall leak testing site have not retested CPF yet, independently to convince people like you.
CPF so far detected many 0-day trojans thanks to its smart technology which we are proud to claim the BEST in the market.

So  please either ethically give exact steps and the configuration(Your OS, SP, all security software installed, your CPF configuration i.e. export of HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall registry key)  for our developers to reproduce and see what is going on, or stop making inaccurate claims.


Egemen

Offline Scott B.

  • Comodo Family Member
  • ***
  • Posts: 66
Re: 2.3.3.33 is failing leak tests
« Reply #21 on: August 19, 2006, 07:47:43 PM »
Cpf 2.3.3.33 is passing all the leak test I have tried... I think your either misconfiguring something, or you have a bootsector/mbr rootkit which is corrupting your installations.

Just my thoughts...

I my packet filter also detects all the connections beings made, and system safety monitor is catching the processes , so I can see that cpf is doing it's job.




Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: 2.3.3.33 is failing leak tests
« Reply #22 on: August 19, 2006, 08:39:06 PM »
Erm.. there is something strange here.

I just replicated the PC-Flank failure & it's exactly as described above. The data string that I gave the PC_Flank EXE appeared on the PC-Flank web site before I had even answered PCF's Allow/Deny query. I answered Deny. Turned off certified display skip & re-ran the test. It failed again, same as before. This time I told CPF to remember the Deny. The 3rd test also failed. CPF had issued a pop-up again. So, I set CPF to remember the Deny again & I also turned the skip display for certified apps back on. This time CPF was sucesful. No data reached PC-Flank's site. However, the PC-Flank executable was not aware it had failed and acted like it had worked.


Notes/Observations: A new MSIE window was opened for each PC-Flank test. Firefox was used to check PC-Flank's results page. No where is the PC-Flank program name (PCFlankLeaktest.exe) mentioned.. in logs or in the application monitor. In the application monitor there now a block for MSIE where the parent is explorer.exe any-any-TCP/UDP out. That's about it.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.3.33 is failing leak tests
« Reply #23 on: August 19, 2006, 08:51:48 PM »
Erm.. there is something strange here.

I just replicated the PC-Flank failure & it's exactly as described above. The data string that I gave the PC_Flank EXE appeared on the PC-Flank web site before I had even answered PCF's Allow/Deny query. I answered Deny. Turned off certified display skip & re-ran the test. It failed again, same as before. This time I told CPF to remember the Deny. The 3rd test also failed. CPF had issued a pop-up again. So, I set CPF to remember the Deny again & I also turned the skip display for certified apps back on. This time CPF was sucesful. No data reached PC-Flank's site. However, the PC-Flank executable was not aware it had failed and acted like it had worked.


Notes/Observations: A new MSIE window was opened for each PC-Flank test. Firefox was used to check PC-Flank's results page. No where is the PC-Flank program name (PCFlankLeaktest.exe) mentioned.. in logs or in the application monitor. In the application monitor there now a block for MSIE where the parent is explorer.exe any-any-TCP/UDP out. That's about it.

Hi Kail,

While testing, please use a different text each time you run the test. Beause that test stores previous texts on the web site and you may not understand the difference unless you enter a different text each time.

Remembering with answer DENY has no effect on remembering the leak atempt. For leak attempts remembering will only be effective if you press allow.

After verifying that while you always entered a different data with each test, and you still observed the same behavior, we may conclude that in windows 2000 SP4, CPF has a bug causing this issue.


Thank you for the help,
Egemen

Edit : I think this is related to the beta releases. if you can test the stable version and report your results, you would be very helpful.
« Last Edit: August 19, 2006, 09:39:55 PM by egemen »

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: 2.3.3.33 is failing leak tests
« Reply #24 on: August 19, 2006, 10:56:39 PM »
Truthfully, I'm not terribly concerned with Comodo's failure of the leak tests. Most firewalls (except Outpost 4)

Outpost 4?

Outpost 3.5 is the latest rease.

Do you mean the Agnitum Outpost 4 that is only available to Outpost Beta testers?

That one?

Hmmmmmm ....?
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #25 on: August 20, 2006, 05:43:44 AM »
If you wanted to see the trusted applications, you should have specified it during the setup. You are presented the option to disable it during the setup. Or later you can go and disable. Just you dont understand does not mean it is not working.

About PCFlank test, we and all of our users know what our firewall prevents and we make our claims according to it. As you will also agree, consequences of making false claims would be more painful for us than you writing in a forum.
it is pity that the firewall leak testing site have not retested CPF yet, independently to convince people like you.
CPF so far detected many 0-day trojans thanks to its smart technology which we are proud to claim the BEST in the market.

So  please either ethically give exact steps and the configuration(Your OS, SP, all security software installed, your CPF configuration i.e. export of HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall registry key)  for our developers to reproduce and see what is going on, or stop making inaccurate claims.


Egemen

I did not notice any option to see the approved programs, not saying it was not there, just that it was not apparent.

I still fail to understand why the f/w asks for approval to connect and still connects before I have selected the option.

With the PC Flank leat test. All the test messages (different everytime) ended up on the site. That does not look like blocking to me.


Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Re: 2.3.3.33 is failing leak tests
« Reply #26 on: August 20, 2006, 06:30:43 AM »
I did not notice any option to see the approved programs, not saying it was not there, just that it was not apparent.
If you select the advanced option during setup you will see it.
Quote
I still fail to understand why the f/w asks for approval to connect and still connects before I have selected the option.
what are you talking about? Nothing like this happens on mine. (I use win xp pro sp2)
Quote

With the PC Flank leat test. All the test messages (different everytime) ended up on the site. That does not look like blocking to me.
I have tested pcflank with all the versions of cpf the last 2 months (more than 50 times in total) and not once the message ended up at their site!

And this means that or it is a bug of cpf with windows 2000 sp4 or you have modified the default configuration of CPF.

In the first chase you can help the development team solve the bug. Just follow the instructions that egemen gave
So  please either ethically give exact steps and the configuration(Your OS, SP, all security software installed, your CPF configuration i.e. export of HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall registry key)  for our developers to reproduce and see what is going on, or stop making inaccurate claims.
In the second just use the default settings until you understand better how CPF works.
« Last Edit: August 20, 2006, 06:55:35 AM by pandlouk »

Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: 2.3.3.33 is failing leak tests
« Reply #27 on: August 20, 2006, 07:14:54 AM »
Hi Kail,

While testing, please use a different text each time you run the test. Beause that test stores previous texts on the web site and you may not understand the difference unless you enter a different text each time.

I can confirm that I used a different random string each time.

Quote
Remembering with answer DENY has no effect on remembering the leak atempt. For leak attempts remembering will only be effective if you press allow.

Ah.. OK. Since the PC-Flank test required that I open a MSIE window before attempting the test, I assume that it is using MSIE in a way that CPF is not seeing on my OS. The block I added, just stopped anything using MSIE where I started it manually. Oops.


Quote
Edit : I think this is related to the beta releases. if you can test the stable version and report your results, you would be very helpful.

No problem. I'll do this by the end of today & report back.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #28 on: August 20, 2006, 07:19:18 AM »
If you select the advanced option during setup you will see it.what are you talking about? Nothing like this happens on mine. (I use win xp pro sp2)I have tested pcflank with all the versions of cpf the last 2 months (more than 50 times in total) and not once the message ended up at their site!

And this means that or it is a bug of cpf with windows 2000 sp4 or you have modified the default configuration of CPF.

In the first chase you can help the development team solve the bug. Just follow the instructions that egemen gaveIn the second just use the default settings until you understand better how CPF works.

I can only report what happens on my machine and I was using the default settings.

At the moment it is uninstalled as I do not feel a level of confidence with it. I don't have the time to keep installing and removing it all the time.


Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Re: 2.3.3.33 is failing leak tests
« Reply #29 on: August 20, 2006, 07:23:09 AM »
I can only report what happens on my machine and I was using the default settings.

At the moment it is uninstalled as I do not feel a level of confidence with it. I don't have the time to keep installing and removing it all the time.


Then why don't you give us a detailed description of your machine?

Makes me wonder ::)

edit: beta apps are for testing and finding bugs. Testing isn't installing and running for an hour or two. If you are not willing to test them then don't. Just use the stable vesion ;)
« Last Edit: August 20, 2006, 07:30:16 AM by pandlouk »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek