Author Topic: 2.3.3.33 (& 2.3.5.62) is failing leak tests [Resolved]  (Read 59674 times)

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #30 on: August 20, 2006, 11:59:20 AM »
Then why don't you give us a detailed description of your machine?

Makes me wonder ::)

edit: beta apps are for testing and finding bugs. Testing isn't installing and running for an hour or two. If you are not willing to test them then don't. Just use the stable vesion ;)

Why do you get so protective when someone mentions that it does not work as claimed?

I know it is a beta but it has been claimed in the forum is stable and a release candidate and everyone is being encouraged to try it. I emphasise try and not keep. I tried it, found it did not work as claimed and removed it. What is wrong with that?

For your info I am running 2k sp4 with PG disabled, Avast. AMD Athlon 2200.

I have given you the info that was sent out and also told you that all the texts I put in were presented on PC Flank. Why should I be making this up?


Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: 2.3.3.33 is failing leak tests
« Reply #31 on: August 20, 2006, 12:22:28 PM »
egemen

OK. I just tried the PC-Flank test on the CPF release version & it passed, no data was transmitted to the PC-Flank site. PC-Flank thought that it had suceeded (which it always seems to do).

Since this was a clean install of CPF, I re-ran the PC-Flank test on a clean install of 2.3.3.33. The BETA failed the PC-Flank test. Despite CPF detecting the OLE attempt, the data was transmitted to the PC-Flank site anyway.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Re: 2.3.3.33 is failing leak tests
« Reply #32 on: August 20, 2006, 12:34:20 PM »
Since this was a clean install of CPF, I re-ran the PC-Flank test on a clean install of 2.3.3.33. The BETA failed the PC-Flank test. Despite CPF detecting the OLE attempt, the data was transmitted to the PC-Flank site anyway.
kail can you check one more time with the "component monitor" turned on?
On the last beta this was necessary. (For this version at the xp is not needed).

Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: 2.3.3.33 is failing leak tests
« Reply #33 on: August 20, 2006, 12:54:05 PM »
kail can you check one more time with the "component monitor" turned on?
On the last beta this was necessary. (For this version at the xp is not needed).

I've assumed you meant on 2.3.3.33.

At first I thought switching the Component Monitor from Learn Mode to Turn On had worked. It generated different pop-ups on other programs wanting their library usage confirmed. In any event, it did eventutally display the PC-Flank OLE message. But, unfortunately, the data had already arrived at the PC-Flank web site by that time. I tried it again (to avoid all the other pop-ups). But, once again PCF failed to stop the data getting to the PC-Flank web site, despite detecting the event.

Anything else I can do?
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: 2.3.3.33 is failing leak tests
« Reply #34 on: August 20, 2006, 01:02:20 PM »
pandlouk

You might also want to check this topic. I had the distinct impression that things were possibly slipping past CPF there as well.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Re: 2.3.3.33 is failing leak tests
« Reply #35 on: August 20, 2006, 01:21:11 PM »
I've assumed you meant on 2.3.3.33.

At first I thought switching the Component Monitor from Learn Mode to Turn On had worked. It generated different pop-ups on other programs wanting their library usage confirmed. In any event, it did eventutally display the PC-Flank OLE message. But, unfortunately, the data had already arrived at the PC-Flank web site by that time. I tried it again (to avoid all the other pop-ups). But, once again PCF failed to stop the data getting to the PC-Flank web site, despite detecting the event.

Anything else I can do?
Thx kail. This means that there is definitly a bug at the beta when installed at a win2k sp4
pandlouk

You might also want to check this topic. I had the distinct impression that things were possibly slipping past CPF there as well.
If you can make an online scan at pcflanc or another security related site. (just for being sure that there isn't any problems with the stealthing/blocking abilities of cpf).

Offline kail

  • Randomly Appearing
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11361
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: 2.3.3.33 is failing leak tests
« Reply #36 on: August 20, 2006, 01:29:55 PM »
If you can make an online scan at pcflanc or another security related site. (just for being sure that there isn't any problems with the stealthing/blocking abilities of cpf).

I've already peformed several of these.. GRC, PC-Flank, Sygate, etc.. and there does not seem to be any problems with stealthing and/or blocking in CPF. Inbound doesn't seem to be a problem.

I hope that helps.
My System Details: W10Px64 with CIS 10 Beta, Firefox & Becky!
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: 2.3.3.33 is failing leak tests
« Reply #37 on: August 20, 2006, 07:13:55 PM »
Why do you get so protective when someone mentions that it does not work as claimed?

I know it is a beta but it has been claimed in the forum is stable and a release candidate and everyone is being encouraged to try it. I emphasise try and not keep. I tried it, found it did not work as claimed and removed it. What is wrong with that?

For your info I am running 2k sp4 with PG disabled, Avast. AMD Athlon 2200.

I have given you the info that was sent out and also told you that all the texts I put in were presented on PC Flank. Why should I be making this up?


dg05

We really do appreciate your efforts in testing CPF.

I think the issue has arisen not that CPF might not have a bug, as we all know bugs are part of software development and sometimes part of the software :) but because the way this potential bug has been reported here.

There is a big difference in

1)a company making claim that is false
2)a company making a claim and only in certain scenerios, due to a bug one user is not seeing that claim.

Of course from your point of view you are seeing what you are seeing, but from other's users' point of view they are seeing what they are seeing.

So insinuating  that company's claim is wrong is obviously the wrong way to report this bug as you would be upsetting all the people the product works for!

I don't think anyone would have any problem if you were to say: "hey guys, somehow this doesn't work on my machine, what gives?", rather than "it does not work as claimed". As, the first statement does not offend all the other users for whom the CPF work for!

I hope we all can understand eachother view point and move forward to building this beutiful product to be in every PC!

Melih

Offline SpacemanPT

  • Comodo Family Member
  • ***
  • Posts: 68
Re: 2.3.3.33 is failing leak tests
« Reply #38 on: August 20, 2006, 08:34:37 PM »
I've jus tried about all the leak tests on Firewallleaktester... CPF managed to block all of them except in my case for Yalta and cpil... for cpil it gave me the warning 2 minuts too late...

using a compaq presario 1525 about to burst into flames, with a operating system seriously in need of reinstall, totaly messed up windows XP with SP2 comodo still manages to pass almost all the tests

Maybe it would be a good idea for every-one to start to make your own tests and create a topic only on results


Sooo all I got to say is  (R)

Offline amano

  • Newbie
  • *
  • Posts: 18
Re: 2.3.3.33 is failing leak tests
« Reply #39 on: August 20, 2006, 09:09:43 PM »
Remember to NOT use the default IP address for yalta since it is your local machine. Try another one (eg. 131.112.212.11) and see if there is a popup. The yalta information itself (`data successfully sent`) isn`t an inidcator if the leak test is passed or not.

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #40 on: August 21, 2006, 04:40:21 AM »
dg05

We really do appreciate your efforts in testing CPF.

I think the issue has arisen not that CPF might not have a bug, as we all know bugs are part of software development and sometimes part of the software :) but because the way this potential bug has been reported here.

There is a big difference in

1)a company making claim that is false
2)a company making a claim and only in certain scenerios, due to a bug one user is not seeing that claim.

Of course from your point of view you are seeing what you are seeing, but from other's users' point of view they are seeing what they are seeing.

So insinuating  that company's claim is wrong is obviously the wrong way to report this bug as you would be upsetting all the people the product works for!

I don't think anyone would have any problem if you were to say: "hey guys, somehow this doesn't work on my machine, what gives?", rather than "it does not work as claimed". As, the first statement does not offend all the other users for whom the CPF work for!

I hope we all can understand eachother view point and move forward to building this beutiful product to be in every PC!

Melih

Melih

If you look back in this thread at my first posting you will see that I brought the subject up very gently. Others here have taken a more aggressive stance against me and so I have upped the anti. I have no need to slam this product but I see a need to point out its failings where I see them - I am sure you are in agreement with that.

I do feel that it will be difficult for you to maintain that this f/w will resist tests in all conditions because they are being installed on machinces that you have no knowledge of. Maybe you should say that it will resist if installed on a clean install of Windows. If you can get it to work in all conditions, then credit to you.

I do have a worry that you will give users a false confidence that they can go anywhere without getting into trouble. This is presumably being aimed at the mass market where people have little knowledge of the vulnerabilities they may expose themselves to.

I hope you can now get everyone back on track and accept there is a problem instead of attacking those who find fault.


Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.3.33 is failing leak tests
« Reply #41 on: August 21, 2006, 07:43:38 AM »
Melih

If you look back in this thread at my first posting you will see that I brought the subject up very gently. Others here have taken a more aggressive stance against me and so I have upped the anti. I have no need to slam this product but I see a need to point out its failings where I see them - I am sure you are in agreement with that.

I do feel that it will be difficult for you to maintain that this f/w will resist tests in all conditions because they are being installed on machinces that you have no knowledge of. Maybe you should say that it will resist if installed on a clean install of Windows. If you can get it to work in all conditions, then credit to you.

I do have a worry that you will give users a false confidence that they can go anywhere without getting into trouble. This is presumably being aimed at the mass market where people have little knowledge of the vulnerabilities they may expose themselves to.

I hope you can now get everyone back on track and accept there is a problem instead of attacking those who find fault.




Hi David,

I think your unluckiness was mostly because of the thread you reported the bug. Since the starter of this thread did not aim to report a bug but was aiming something else, you received the same attention.

We did appreciate your feedback and are on the issue to fix it.

Egemen

Offline dg05

  • Comodo Family Member
  • ***
  • Posts: 71
Re: 2.3.3.33 is failing leak tests
« Reply #42 on: August 21, 2006, 08:05:25 AM »

Hi David,

I think your unluckiness was mostly because of the thread you reported the bug. Since the starter of this thread did not aim to report a bug but was aiming something else, you received the same attention.

We did appreciate your feedback and are on the issue to fix it.

Egemen



Thanks Egemen

Glad to see that battle lines have been withdrawn.

Don't what the OP's issue was, but at least he brought to light a problem with the f/w. Surely the more that find faults the better whatever their motive might be, and it was posted in your own forum rather than in some newsgroup.

Just my thoughts



Offline xTerminus

  • Comodo Member
  • **
  • Posts: 44
Re: 2.3.3.33 is failing leak tests
« Reply #43 on: August 22, 2006, 08:57:39 PM »
Hi,

If you're wondering why I havn't replied for awhile, I've been watching this thread in dismay. I find the tone of some of the responses to be in a different spirit than I would care to participate in.

Let me further clarify what the issue is. The issue is that Comodo is not passing the main leak tests (cpil & pcflank are the only 2 tests I'm using as they seem to be very popular). Of course logic dictates that the basis in my decision to report the issue lies in the fact that Comodo is supposed to be passing these leak tests. If that's what some of you are taking such high offense to, my apologies. If it were not intended to pass these leak tests, then I would consider it normal behavior & not report this as a bug or malfunction during the beta.

For further clarification, this is an issue with the firewall software coding in it's current state not passing 2 particular leak tests (cpil & pcflank, not sure about others as I am not using them). It's not really specifically my issue persay, though I do not take offense at that viewpoint since I did open this thread & some unscrupulous posters have been trying their best to invalidate it ever since by turning it into my issue & my agenda etc, rather than acknowledge the problem & make any attempt to fix it, as is done in most betas. This issue is certainly not mine alone, there are plenty of people on these forums & elsewhere on the net experiencing the same (google & download.com are beginning to turn this issue up). To those of you whom have tried to be helpful in finding a solution, I appreciate that. But at this point I can confidently say that this is indeed a coding issue, there is nothing more that can be done on my end as a beta tester regarding this matter.

I don't mean to offend any developers by pointing this issue out, & if a software developer or ravenous delusional fan cannot hear about anything wrong with a software during a beta without turning it into a conspiracy theory to derail the project... I don't know what else to say on this matter. Well, actually, I could say, it would much more likely be those very kinds of attitudes & unprofessionalism that would be the cause of any problems the project may experience. And please try to understand, if you sense any kind of attitude from me in my reporting of this matter, Comodo is telling me that it passes these leak tests (one of which is it's own test found on the Comodo site), but I've tried a few versions of Comodo & it has never passed, so I might be getting a little frustrated with it. You know how the saying goes "fool me once, shame on you, fool me twice, shame on me." It would be different if it wasn't telling me it could do it, I wouldn't expect it of it for no reason. And then to top it off it's trying to lower my confidence in other products by telling me that other firewalls cannot pass these tests, which even if Comodo is only not passing due to a bug in beta rather than a false claim, the part about other firewalls not passing is simply untrue. By logical process... hmm, now if half of what it's telling me is definitely untrue, & the other half remains untrue through multiple version releases, & when I report the matter all I get back is a bunch of flak & denial with no acknowledgment of the problem & the issue is said to be mine rather than the beta software... what would you conclude? Only Comodo (or it's developers etc) know for sure whether they're being honest or not. By simple deductive reasoning one can conclude that either Comodo is lying, or Comodo honestly doesn't realize that it's claims are false. I suppose the jury is still out on that? Hence I am still waiting to test the version of Comodo that passes the leak tests. I prefer to give it the benefit of the doubt, but if you're telling me no changes will be made & that the problem doesn't even exist when I & so many other users no that it does, what do you expect me to think? The vast majority of people after running your cpil test & realizing it fails rather than take any interest in the beta & report any bugs or discrepancies just uninstall it never saying anything & never look back, or worse yet, they begin to say plenty & word will spread, but it won't all be in your own forums where you have the power to hit the delete post button. As for claiming that others don't pass leak tests when they do, that should probably be rectified, that kind of false advertising can earn you a bad rep even if you can succeed in coding Comodo up to pass the leak tests.

Here's a link for whomever had mentioned something regarding truth in advertising or some such: http://www.ftc.gov/bcp/conline/pubs/buspubs/ad-faqs.htm

I am a person of honesty, integrity & competence. And though a few antagonists have replied to this thread & attacked my character & motives personally, rather than spend any further time defending my honor & in doing so exposing them more personally & embarassing them beyond recoverability, I'll allow them to save face, I'll keep a cool head & stick to the facts & issues at hand here.

I went ahead & tested again on a freshly formatted drive to be sure. Was thinking perhaps some of the stubborn registry entries could be the cause, can't always delete all the old registry keys as they seem to get locked up. It still flat out fails the 2 leak tests I'm using (cpil & pcflank), & it does this for many others too. Sometimes it does yield a popup, but the text goes right through whether instantly hitting the deny button before the page loads or waiting a few seconds while reading the popup as one would do in a real situation while deciding whether to allow or deny.

There's nothing unusual about the main test system being used. It's a fairly standard P4 3Ghz, 1GB RAM, Windows XP SP2 (all updates). Now this was done on a freshly formatted drive with a fresh XP install, so there's no chance of old Comodo registry entries contaminating the installation or testing process. I've also tested on a few other similar Intel/XP SP2 systems, same results. I honestly don't believe the hardware configuration plays much of a role in this type of test as long it's all up to date standard modern equipment. Of course older OS's can be a common cause of variables when people are using previous versions of windows, as developers don't always take this into consideration or sometimes make the decision to discontinue support. But in this case everything is standard & up to date, I really can't be sure why people are coming up with different results, or they might simply be thinking it passes due to the popup that tells them about the leak.

Indeed there does seem to be much confusion regarding this matter, & in all honesty, both in this thread & several others, I've seen a similar number of people reporting that Comodo is not passing the leak tests as well as those that say they do pass the leak tests, but not cpil or pcflank, which are the only 2 I'm using just to be clear. I've also seen a number of people that while in the end may concede that it must be passing, it's as if they know it's not really passing but they've finally just been beaten & worn down & defeated, not unlike a false confession. It's not as though I am one isolated individual Comodo fan experiencing this against an army of raging mad Comodo fans that are experiencing otherwise & are all too upset that I have, god forbid, mentioned something wrong with our precious Comodo during a beta test phase which is supposed to be used for bug testing & feedback. We all know what a beta is, right?

I think an all too common scenario may be taking place here, the classic "hate the messenger" rather than "hate the message." And I think some people may be losing sight of the fact that we're not here to argue about whether an issue is occurring or not, the issue is a fact. Rather we're here to report our findings in an attempt to come up with solutions, & sometimes those solutions have to be implemented in the program itself, not at the users end. Keep in mind, it's a beta.

Here's some screenshots to help pinpoint the problem, perhaps this can help lift the blanketing fog of denial surrounding this issue. Disregard the test text making mention of failing all leak tests, I'm only using cpil (Comodo's own found on the main Comodo website) & pcflankleaktest.exe (found at pcflank.com). I don't have time to continually test all tests & these 2 are the main current tests.

The first 3 screenshots are Comodo on a completely fresh install of Windows XP SP2 with all current updates

Here's cpil.exe:


As you can see it does yield a popup here, but it does not block the leak. The same result is achieved whether I hit deny or just do nothing, which should be the same as deny, pending my decision. The test itself mentions something along the lines of "a big well done if your firewall has alerted you that so & so is attemtping to connect to such and such" but I beg to differ. To my firewall I would say this, "gee, thanks for informing me that my information is being leaked while going ahead & leaking it, why do you even bother to ask me if I want to allow or deny it when you've already made the decision to let my info through?" The test should be giving a big well done to the firewall if it successfully stops the transmission of data, not just if it tries to tell you about it while deciding on it's own to allow the leakage & disregard any choice you make, & then to further keep taunting you about it with every subsequent internet access.

Here's the popup again after the test has already been executed & the browser has been closed & reopened:


This popup persistently comes up about cpil with any internet access untill the system is rebooted, even if it is another program accessing the internet for entirely unrelated business.

Here's pcflankleaktest.exe (I've covered my IP in the picture)


Now this time on this fresh format/install, Comodo did not yield any popup for pcflank. This seems to be inconsistent though, I believe it may have yielded a popup for this one in previous tests or previous beta versions (the release version has never been installable, always with the launchpad error & such, I believe it's error 006 on every system that I've attmepted to install to, same with the CAVS, uninstallable so untestable), but it has never blocked the leaks. And vice versa, it may not have yielded a popup for cpil during some previous tests, I can't remember for certain. The only thing that is completely consistent is that the information is always leaked on both tests, I've never witnessed it block the leak like some people have reported where they think it may be blocking sometimes but not every time. Usually I just run cpil, because it is quicker & with fewer steps involved to get through the test. Also, if I recall correctly, there was a time or 2 where pcflank would cause a popup, perhaps after running the test more than once where denying it would seem to stop the page from loading, but if the link was copied & pasted to the browser it would still show the leak. And before you ask, no I wasn't using the same test text. To be sure, this is an issue with the firewall itself, not the testers, the tests or the test systems. It just needs a little more coding to nail this issue down. We're not beta testing the testers here, it's the firewall software that needs some adjustments. If this very real issue is continually denied than I suppose it may never be fixed. But that's not on me, I've done my best to get through & only get flak & false accusations in return. Sometimes I wonder why I bother to try to help, but then this beta is not the norm, this has been unusually unprofessional in comparison to most betas. I guess that old phrase can be true sometimes "you can lead a horse to water... but you can't make it drink" - especially if it insists that the water isn't there.

Here are a few other miscellaneous screenshots:





I've snapped a bunch of screens of other firewalls successfully putting a cork in these leaks, but I'm not here to advertise or for any other agenda so I won't post those up here. Unless of course a moderator wishes me to do so, sometimes it can be helpful to look at what others are doing that is working so well to get an idea of how to emulate it. Several firewalls I'm currently testing, some betas & some having been in release for quite some time are passing these leak tests with no issues whatsoever. I'm sure there are others both currently released & in the works, I don't have the time to test every latest version of every firewall out there.

The good news is, this is just a beta, & someone, not just one someone but many someones have reported the problem. The first step in correcting a problem is to be aware that there is a problem, so that part is out of the way, right? Beyond that it requires some troubleshooting & implementation of the proper code. But if it's never acknowledged that anything is wrong than what's to fix? Hopefully we've made some progress here & aren't still stuck in an infinite loop at that step 0 of official denial & blame the messenger, it's all his fault type of mentality...

Now if I were developing Comodo myself, I'd be busy correcting the matter rather than arguing that the matter doesn't exist, but unfortunately I am not & therefor cannot provide you with the neccesary code. Since I'm merely a beta tester in this case, my duty as such is simply to report the problems I find, & I feel I've done my part here as best as I can, you'll have to implement the necessary code on your own. Though I have to note, I've never encountered this much paranoia, conspiracy theories, accusations, stonewalling & unprofessionalism in any other beta, hopefully this can be a learning process for all parties involved, myself included.

Please, for Comodo's sake & all the users that are taking your word for it & trusting it not to leak their info, try to look past the messenger here & see the message itself. Being quite the perfectionist I may be rather blunt or harsh in my wording sometimes, I mean no harm by it. I expect a lot of myself & am often times disappointed by others' incompetence or lack of core principles as fellow human beings, I'm sure we can all relate to that on some level. But I really think Comodo is a great firewall & you're all doing an excellent job on it. I'd like to use at as my own personally, not just for testing, but common sense dictates that I will use the one that proves to provide the best protection, not just which procliams the loudest that it can while telling me others can't, yet fails when put to it's own test. I think more what's beginning to get to me after following this & other threads for awhile is the defensive misplaced attitude & general denial regarding the failure of the leak tests. The leakage itself is just a matter of a little coding, no biggie. And I appologize if I have come off as merely critical, accusatory, or in anyway condescending while attempting to relay this beta bug, but part of this has probably developed from reading other threads regarding this matter as well as some of the responses in this thread, which to be quite honest, are downright ugly & disgusting, not to mention paranoid/delusional & completely unprofessional to boot. At the end of the day, I think everyone involved could agree that there is definitely something strange going on here anytime this subject is brought up, like it is perhaps a real sore spot, for whatever reason. I havn't been around here long enough to know the history, but even in some other unrelated threads I was reading in, it seems as though people are often times walking on egg shells when trying to bring up any issue they might be having with anything regarding the firewall. I guess when you become familiar enough with these forums you begin to anticipate the inevitable attacks that will come if you find any flaw that needs addressed with Comodo or need any help figuring out how to get something to work right that seems to be malfunctioning. I even saw where one one person was pre-emptively fending of the "zealots" before even trying to speak on the bug he was encountering. But on the flipside, I have also seen a handful of helpful folks as well, that do their best to try to troublehoot & generally help out. But with software like this (especially betas but even release versions) the problem is not always something that can be fixed on the user's end, sometimes the program itself needs a little coding to correct matters.

Anyhow, I'll sum this up & cut it down to size as best as I can without all the extra details.

1) Comodo beta v2.3.3.33 (as well as the last beta release just before this one, I can't be sure on the release version because it won't install correctly) is not passing 2 major leak tests, Comodo's own cpil.exe & pcflankleaktest.exe. By not passing I mean that it is leaking the info. The test text can be seen in the browser, plain & simple. Please don't turn it into another argument about the definition of what passing means as I've seen in other threads, or whether I use the same text for pcflank everytime etc. And just to be clear, I could care less if the test itself says the firewall doesn't pass, even though at least 3 known firewalls are actually causing the test itself to fail & say the firewall passes, that's no concern, simply blocking the leak is the bottom line, but Comodo is currently leaking like a sieve for some reason.

2) The popup continues to popup for other unrelated internet access untill the system is rebooted.

3) The test system is a completely standard P4 3Ghz, 1 GB RAM /w Comodo running on a freshly formatted drive /w a fresh install of Windows XP SP2 /w all updates. Consistent results are achieved on other similar machines by myself & others around the world. This is not an isolated incident that I own all the rights too, regardless of what some may believe or be lead to believe by those with perhaps, "different agendas..." as one poster puts it.

xTerminus: Are you saying that all these people who run the tests and then come to this forum and tell us that it passes are lying?

Melih

Melih: Are you saying that myself & all these people who run the tests and then come to this forum & others and say that it fails are lying?


Hi David,

I think your unluckiness was mostly because of the thread you reported the bug. Since the starter of this thread did not aim to report a bug but was aiming something else, you received the same attention.

We did appreciate your feedback and are on the issue to fix it.

Egemen


Egemen: Would you care to elaborate on what you speculate that I may have been aiming for if not reporting a bug? Or should we just put all these silly conspiracy theories behind us & try to get some real work done on this real issue?

I've never participated in a beta where bug reports were blown out of proportion & even suggested to be part of some elaborate conspiracy theory where some people don't want the product to succeed & have a mysterious "different agenda" etc, this is most unusual indeed. Everyone loves a good conspiracy theory though, perhaps there is some entertainment value to be found in this thread.

You guys are really kidding yourselves if you think I am the only one that Comodo doesn't pass leak tests for. Most people just uninstall & tell their friends or others on the open internet about the issue rather than take time to send emails & report beta bugs in a forum.

Looking forward to testing release v2.3 to see if maybe this issue can be resolved.

Have a nice day,

xTerminus nDefinitive ("One amongst many, I am many of one.")

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: 2.3.3.33 is failing leak tests
« Reply #44 on: August 22, 2006, 09:14:36 PM »
Hi,

If you're wondering why I havn't replied for awhile, I've been watching this thread in dismay. I find the tone of some of the responses to be in a different spirit than I would care to participate in.

Let me further clarify what the issue is. The issue is that Comodo is not passing the main leak tests (cpil & pcflank are the only 2 tests I'm using as they seem to be very popular). Of course logic dictates that the basis in my decision to report the issue lies in the fact that Comodo is supposed to be passing these leak tests. If that's what some of you are taking such high offense to, my apologies. If it were not intended to pass these leak tests, then I would consider it normal behavior & not report this as a bug or malfunction during the beta.

For further clarification, this is an issue with the firewall software coding in it's current state not passing 2 particular leak tests (cpil & pcflank, not sure about others as I am not using them). It's not really specifically my issue persay, though I do not take offense at that viewpoint since I did open this thread & some unscrupulous posters have been trying their best to invalidate it ever since by turning it into my issue & my agenda etc, rather than acknowledge the problem & make any attempt to fix it, as is done in most betas. This issue is certainly not mine alone, there are plenty of people on these forums & elsewhere on the net experiencing the same (google & download.com are beginning to turn this issue up). To those of you whom have tried to be helpful in finding a solution, I appreciate that. But at this point I can confidently say that this is indeed a coding issue, there is nothing more that can be done on my end as a beta tester regarding this matter.

I don't mean to offend any developers by pointing this issue out, & if a software developer or ravenous delusional fan cannot hear about anything wrong with a software during a beta without turning it into a conspiracy theory to derail the project... I don't know what else to say on this matter. Well, actually, I could say, it would much more likely be those very kinds of attitudes & unprofessionalism that would be the cause of any problems the project may experience. And please try to understand, if you sense any kind of attitude from me in my reporting of this matter, Comodo is telling me that it passes these leak tests (one of which is it's own test found on the Comodo site), but I've tried a few versions of Comodo & it has never passed, so I might be getting a little frustrated with it. You know how the saying goes "fool me once, shame on you, fool me twice, shame on me." It would be different if it wasn't telling me it could do it, I wouldn't expect it of it for no reason. And then to top it off it's trying to lower my confidence in other products by telling me that other firewalls cannot pass these tests, which even if Comodo is only not passing due to a bug in beta rather than a false claim, the part about other firewalls not passing is simply untrue. By logical process... hmm, now if half of what it's telling me is definitely untrue, & the other half remains untrue through multiple version releases, & when I report the matter all I get back is a bunch of flak & denial with no acknowledgment of the problem & the issue is said to be mine rather than the beta software... what would you conclude? Only Comodo (or it's developers etc) know for sure whether they're being honest or not. By simple deductive reasoning one can conclude that either Comodo is lying, or Comodo honestly doesn't realize that it's claims are false. I suppose the jury is still out on that? Hence I am still waiting to test the version of Comodo that passes the leak tests. I prefer to give it the benefit of the doubt, but if you're telling me no changes will be made & that the problem doesn't even exist when I & so many other users no that it does, what do you expect me to think? The vast majority of people after running your cpil test & realizing it fails rather than take any interest in the beta & report any bugs or discrepancies just uninstall it never saying anything & never look back, or worse yet, they begin to say plenty & word will spread, but it won't all be in your own forums where you have the power to hit the delete post button. As for claiming that others don't pass leak tests when they do, that should probably be rectified, that kind of false advertising can earn you a bad rep even if you can succeed in coding Comodo up to pass the leak tests.

Here's a link for whomever had mentioned something regarding truth in advertising or some such: http://www.ftc.gov/bcp/conline/pubs/buspubs/ad-faqs.htm

I am a person of honesty, integrity & competence. And though a few antagonists have replied to this thread & attacked my character & motives personally, rather than spend any further time defending my honor & in doing so exposing them more personally & embarassing them beyond recoverability, I'll allow them to save face, I'll keep a cool head & stick to the facts & issues at hand here.

I went ahead & tested again on a freshly formatted drive to be sure. Was thinking perhaps some of the stubborn registry entries could be the cause, can't always delete all the old registry keys as they seem to get locked up. It still flat out fails the 2 leak tests I'm using (cpil & pcflank), & it does this for many others too. Sometimes it does yield a popup, but the text goes right through whether instantly hitting the deny button before the page loads or waiting a few seconds while reading the popup as one would do in a real situation while deciding whether to allow or deny.

There's nothing unusual about the main test system being used. It's a fairly standard P4 3Ghz, 1GB RAM, Windows XP SP2 (all updates). Now this was done on a freshly formatted drive with a fresh XP install, so there's no chance of old Comodo registry entries contaminating the installation or testing process. I've also tested on a few other similar Intel/XP SP2 systems, same results. I honestly don't believe the hardware configuration plays much of a role in this type of test as long it's all up to date standard modern equipment. Of course older OS's can be a common cause of variables when people are using previous versions of windows, as developers don't always take this into consideration or sometimes make the decision to discontinue support. But in this case everything is standard & up to date, I really can't be sure why people are coming up with different results, or they might simply be thinking it passes due to the popup that tells them about the leak.

Indeed there does seem to be much confusion regarding this matter, & in all honesty, both in this thread & several others, I've seen a similar number of people reporting that Comodo is not passing the leak tests as well as those that say they do pass the leak tests, but not cpil or pcflank, which are the only 2 I'm using just to be clear. I've also seen a number of people that while in the end may concede that it must be passing, it's as if they know it's not really passing but they've finally just been beaten & worn down & defeated, not unlike a false confession. It's not as though I am one isolated individual Comodo fan experiencing this against an army of raging mad Comodo fans that are experiencing otherwise & are all too upset that I have, god forbid, mentioned something wrong with our precious Comodo during a beta test phase which is supposed to be used for bug testing & feedback. We all know what a beta is, right?

I think an all too common scenario may be taking place here, the classic "hate the messenger" rather than "hate the message." And I think some people may be losing sight of the fact that we're not here to argue about whether an issue is occurring or not, the issue is a fact. Rather we're here to report our findings in an attempt to come up with solutions, & sometimes those solutions have to be implemented in the program itself, not at the users end. Keep in mind, it's a beta.

Here's some screenshots to help pinpoint the problem, perhaps this can help lift the blanketing fog of denial surrounding this issue. Disregard the test text making mention of failing all leak tests, I'm only using cpil (Comodo's own found on the main Comodo website) & pcflankleaktest.exe (found at pcflank.com). I don't have time to continually test all tests & these 2 are the main current tests.

The first 3 screenshots are Comodo on a completely fresh install of Windows XP SP2 with all current updates

Here's cpil.exe:


As you can see it does yield a popup here, but it does not block the leak. The same result is achieved whether I hit deny or just do nothing, which should be the same as deny, pending my decision. The test itself mentions something along the lines of "a big well done if your firewall has alerted you that so & so is attemtping to connect to such and such" but I beg to differ. To my firewall I would say this, "gee, thanks for informing me that my information is being leaked while going ahead & leaking it, why do you even bother to ask me if I want to allow or deny it when you've already made the decision to let my info through?" The test should be giving a big well done to the firewall if it successfully stops the transmission of data, not just if it tries to tell you about it while deciding on it's own to allow the leakage & disregard any choice you make, & then to further keep taunting you about it with every subsequent internet access.

Here's the popup again after the test has already been executed & the browser has been closed & reopened:


This popup persistently comes up about cpil with any internet access untill the system is rebooted, even if it is another program accessing the internet for entirely unrelated business.

Here's pcflankleaktest.exe (I've covered my IP in the picture)


Now this time on this fresh format/install, Comodo did not yield any popup for pcflank. This seems to be inconsistent though, I believe it may have yielded a popup for this one in previous tests or previous beta versions (the release version has never been installable, always with the launchpad error & such, I believe it's error 006 on every system that I've attmepted to install to, same with the CAVS, uninstallable so untestable), but it has never blocked the leaks. And vice versa, it may not have yielded a popup for cpil during some previous tests, I can't remember for certain. The only thing that is completely consistent is that the information is always leaked on both tests, I've never witnessed it block the leak like some people have reported where they think it may be blocking sometimes but not every time. Usually I just run cpil, because it is quicker & with fewer steps involved to get through the test. Also, if I recall correctly, there was a time or 2 where pcflank would cause a popup, perhaps after running the test more than once where denying it would seem to stop the page from loading, but if the link was copied & pasted to the browser it would still show the leak. And before you ask, no I wasn't using the same test text. To be sure, this is an issue with the firewall itself, not the testers, the tests or the test systems. It just needs a little more coding to nail this issue down. We're not beta testing the testers here, it's the firewall software that needs some adjustments. If this very real issue is continually denied than I suppose it may never be fixed. But that's not on me, I've done my best to get through & only get flak & false accusations in return. Sometimes I wonder why I bother to try to help, but then this beta is not the norm, this has been unusually unprofessional in comparison to most betas. I guess that old phrase can be true sometimes "you can lead a horse to water... but you can't make it drink" - especially if it insists that the water isn't there.

Here are a few other miscellaneous screenshots:





I've snapped a bunch of screens of other firewalls successfully putting a cork in these leaks, but I'm not here to advertise or for any other agenda so I won't post those up here. Unless of course a moderator wishes me to do so, sometimes it can be helpful to look at what others are doing that is working so well to get an idea of how to emulate it. Several firewalls I'm currently testing, some betas & some having been in release for quite some time are passing these leak tests with no issues whatsoever. I'm sure there are others both currently released & in the works, I don't have the time to test every latest version of every firewall out there.

The good news is, this is just a beta, & someone, not just one someone but many someones have reported the problem. The first step in correcting a problem is to be aware that there is a problem, so that part is out of the way, right? Beyond that it requires some troubleshooting & implementation of the proper code. But if it's never acknowledged that anything is wrong than what's to fix? Hopefully we've made some progress here & aren't still stuck in an infinite loop at that step 0 of official denial & blame the messenger, it's all his fault type of mentality...

Now if I were developing Comodo myself, I'd be busy correcting the matter rather than arguing that the matter doesn't exist, but unfortunately I am not & therefor cannot provide you with the neccesary code. Since I'm merely a beta tester in this case, my duty as such is simply to report the problems I find, & I feel I've done my part here as best as I can, you'll have to implement the necessary code on your own. Though I have to note, I've never encountered this much paranoia, conspiracy theories, accusations, stonewalling & unprofessionalism in any other beta, hopefully this can be a learning process for all parties involved, myself included.

Please, for Comodo's sake & all the users that are taking your word for it & trusting it not to leak their info, try to look past the messenger here & see the message itself. Being quite the perfectionist I may be rather blunt or harsh in my wording sometimes, I mean no harm by it. I expect a lot of myself & am often times disappointed by others' incompetence or lack of core principles as fellow human beings, I'm sure we can all relate to that on some level. But I really think Comodo is a great firewall & you're all doing an excellent job on it. I'd like to use at as my own personally, not just for testing, but common sense dictates that I will use the one that proves to provide the best protection, not just which procliams the loudest that it can while telling me others can't, yet fails when put to it's own test. I think more what's beginning to get to me after following this & other threads for awhile is the defensive misplaced attitude & general denial regarding the failure of the leak tests. The leakage itself is just a matter of a little coding, no biggie. And I appologize if I have come off as merely critical, accusatory, or in anyway condescending while attempting to relay this beta bug, but part of this has probably developed from reading other threads regarding this matter as well as some of the responses in this thread, which to be quite honest, are downright ugly & disgusting, not to mention paranoid/delusional & completely unprofessional to boot. At the end of the day, I think everyone involved could agree that there is definitely something strange going on here anytime this subject is brought up, like it is perhaps a real sore spot, for whatever reason. I havn't been around here long enough to know the history, but even in some other unrelated threads I was reading in, it seems as though people are often times walking on egg shells when trying to bring up any issue they might be having with anything regarding the firewall. I guess when you become familiar enough with these forums you begin to anticipate the inevitable attacks that will come if you find any flaw that needs addressed with Comodo or need any help figuring out how to get something to work right that seems to be malfunctioning. I even saw where one one person was pre-emptively fending of the "zealots" before even trying to speak on the bug he was encountering. But on the flipside, I have also seen a handful of helpful folks as well, that do their best to try to troublehoot & generally help out. But with software like this (especially betas but even release versions) the problem is not always something that can be fixed on the user's end, sometimes the program itself needs a little coding to correct matters.

Anyhow, I'll sum this up & cut it down to size as best as I can without all the extra details.

1) Comodo beta v2.3.3.33 (as well as the last beta release just before this one, I can't be sure on the release version because it won't install correctly) is not passing 2 major leak tests, Comodo's own cpil.exe & pcflankleaktest.exe. By not passing I mean that it is leaking the info. The test text can be seen in the browser, plain & simple. Please don't turn it into another argument about the definition of what passing means as I've seen in other threads, or whether I use the same text for pcflank everytime etc. And just to be clear, I could care less if the test itself says the firewall doesn't pass, even though at least 3 known firewalls are actually causing the test itself to fail & say the firewall passes, that's no concern, simply blocking the leak is the bottom line, but Comodo is currently leaking like a sieve for some reason.

2) The popup continues to popup for other unrelated internet access untill the system is rebooted.

3) The test system is a completely standard P4 3Ghz, 1 GB RAM /w Comodo running on a freshly formatted drive /w a fresh install of Windows XP SP2 /w all updates. Consistent results are achieved on other similar machines by myself & others around the world. This is not an isolated incident that I own all the rights too, regardless of what some may believe or be lead to believe by those with perhaps, "different agendas..." as one poster puts it.

Melih: Are you saying that myself & all these people who run the tests and then come to this forum & others and say that it fails are lying?

Egemen: Would you care to elaborate on what you speculate that I may have been aiming for if not reporting a bug? Or should we just put all these silly conspiracy theories behind us & try to get some real work done on this real issue?

I've never participated in a beta where bug reports were blown out of proportion & even suggested to be part of some elaborate conspiracy theory where some people don't want the product to succeed & have a mysterious "different agenda" etc, this is most unusual indeed. Everyone loves a good conspiracy theory though, perhaps there is some entertainment value to be found in this thread.

You guys are really kidding yourselves if you think I am the only one that Comodo doesn't pass leak tests for. Most people just uninstall & tell their friends or others on the open internet about the issue rather than take time to send emails & report beta bugs in a forum.

Looking forward to testing release v2.3 to see if maybe this issue can be resolved.

Have a nice day,

xTerminus nDefinitive ("One amongst many, I am many of one.")

Wow! Bloody long post :-)

First of all, let me thank you for taking the time to play around CPF. I sincerely appreciate it.

The issue was that this thread started and immediately went south by the following statement you made:

"Anyhow, I like betas & I like to test software, a lot of software. My concern is more in that Comodo is claimed to pass these leak tests, & I have never found this to be true, yet. I'm still waiting for the release that really does pass the leak tests as is claimed."

As I explained in my previous posting, even though I could see your point of view, generalizing it to imply that Comodo does not deliver as it claims was, IMHO, unfair to Comodo, to its developers and to its users!

In your first post you asked if "your reality that is different" in that you had this problem but other's might not have.

but in your second post the tone changed to Comodo not doing as it claims and generalizing it has caused everyone to cry foul! and rightly so!

Maybe you stumbled accross a bug, and we truly are grateful for that, but still this is only a bug and does not invalidate our claims! And anyone who knows Comodo knows very well how responsive we are to our users and bugs! Afterall, we all are talking about the Beta version and its expected that beta version could have bugs. Even though you obtained the the cpf from the beta forum, but you posted your feedback on the general forum, which was not the right etiquette and hence got few people questioning your motives.

Neither you nor the Majority of CPF users are lying, when you say you have this leak tests fail and when majority of cpf users say, they pass these tests. But this does not justify calling our claims false! Afterall, we invited our users, including you, to test a beta version of software and we fully expect it to have bugs hence why its beta!

I really hope you can see our viewpoint and wish that we can put this behind us and work together to build protection for the masses!

Melih

« Last Edit: August 22, 2006, 09:50:16 PM by Melih »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek