2.3.3.33 (& 2.3.5.62) is failing leak tests [Resolved]

[egemen]

According to your CPIL screenshot, it may be a case that we have a bug detecting the long path names. And if it is so, it is definetly going to be fixed.

EDIT: No. I have just verified it is not.

[xTerminus]

Hi,

The screenshots didn't quite fit into the forums very well that you may clearly see the entire shot of what's going on without using a horizontal scrollbar, so here's a link: Comodo Screens

Wow! Bloody long post :-)

First of all, let me thank you for taking the time to play around CPF. I sincerely appreciate it.

The issue was that this thread started and immediately went south by the following statement you made:

"Anyhow, I like betas & I like to test software, a lot of software. My concern is more in that Comodo is claimed to pass these leak tests, & I have never found this to be true, yet. I'm still waiting for the release that really does pass the leak tests as is claimed."

As I explained in my previous posting, even though I could see your point of view, generalizing it to imply that Comodo does not deliver as it claims was, IMHO, unfair to Comodo, to its developers and to its users!

In your first post you asked if "your reality that is different" in that you had this problem but other's might not have.

but in your second post the tone changed to Comodo not doing as it claims and generalizing it has caused everyone to cry foul! and rightly so!

Maybe you stumbled accross a bug, and we truly are grateful for that, but still this is only a bug and does not invalidate our claims! And anyone who knows Comodo knows very well how responsive we are to our users and bugs!

Neither you nor the Majority of CPF users are lying, when you say you have this leak tests fail and when majority of cpf users say, they pass these tests. But this does not justify calling our claims false!

I really hope you can see our viewpoint and wish that we can put this behind us and work together to build protection for the masses!

Melih

I suppose it's a matter of perspective, but it actually went south before that. Take a look at the junk & false accusations I was having to respond to there in that second post & you will uncover the true source of the problem. My post has nowhere near the antgonistic tone that was taken by others before that. Also it doesn't help that you or possibly 1-2 others try to make this out to be solely my issue. Every PC I've tested on does exactly the same thing with the leak tests & there are many others who get the same results. The people that report passing don't really seem to be very confident that they are really passing, & I most certainly would not call those few a majority, though I havn't taken an official count.

As for false claims, I'd like to see this bug fixed & hope to test the next version release with success. But still to be fair, I must point out, the Comodo website is clearly stating, & I will directly quote here: "No other firewall has passed this test with default setting, does yours?" To be honest, I would never have taken notice of this had I not been so focused on that test while trying to get Comodo to pass it with all manner of settings & fresh formats etc. The truth is there are other firewalls that pass it. Here are some screens of just a few, all taken with default settings: Firewalls Passing

-x

[xTerminus]

According to your CPIL screenshot, it may be a case that we have a bug detecting the long path names. And if it is so, it is definetly going to be fixed.

EDIT: No. I have just verified it is not.

Hi,

I've also run these tests directly from a saved file on various disks that has a much shorter path & without the extended user name etc. Seems to turn up same result whether running from the temp folder straight out of the web page or running the file directly from another drive/partition.

-x

[egemen]

Hi,

I've also run these tests directly from a saved file on various disks that has a much shorter path & without the extended user name etc. Seems to turn up same result whether running from the temp folder straight out of the web page or running the file directly from another drive/partition.

-x

After running the test, does CPF, even though the test failed, show a popup later? Ofcourse I am assuming you do not have outpost or any other firewall installed while testing. Even not disabled bu uninstalled.

[Melih]

Hi,

The screenshots didn't quite fit into the forums very well that you may clearly see the entire shot of what's going on without using a horizontal scrollbar, so here's a link: Comodo Screens

I suppose it's a matter of perspective, but it actually went south before that. Take a look at the junk & false accusations I was having to respond to there in that second post & you will uncover the true source of the problem. My post has nowhere near the antgonistic tone that was taken by others before that. Also it doesn't help that you or possibly 1-2 others try to make this out to be solely my issue. Every PC I've tested on does exactly the same thing with the leak tests & there are many others who get the same results. The people that report passing don't really seem to be very confident that they are really passing, & I most certainly would not call those few a majority, though I havn't taken an official count.

As for false claims, I'd like to see this bug fixed & hope to test the next version release with success. But still to be fair, I must point out, the Comodo website is clearly stating, & I will directly quote here: "No other firewall has passed this test with default setting, does yours?" To be honest, I would never have taken notice of this had I not been so focused on that test while trying to get Comodo to pass it with all manner of settings & fresh formats etc. The truth is there are other firewalls that pass it. Here are some screens of just a few, all taken with default settings: Firewalls Passing

-x

Well
any firewall company with a half a decent developer should fix their firewall for any known vulnerability within hours of finding about the vulnerability. cpil v1.1 has been out for sometime and naturally we should expect even the smaller firewall players to build protection against it.. so no surprises there! Again, you will appreciate the good work that Comodo is doing not only improving its own product, but its competitor's products by finding vulnerabilities ;-)

Comodo is always working in identifying new vulnerabilites before the hackers find and exploit them and protecting against it. For example latest version of CPIL, to be launched with the release version soon, penetrates thru outpost! I was goint to put a screenshot, but the only thing i could post is a web page saying outpost failed. So there was no point.

Of course this should in no way taken as a negative statement against Outpost. They have done an excellent work to date and they are simply not aware of the vulnerabilities that Comodo is able to discover. I am sure as soon as Comodo makese these vulnerabilities available their engineers will get to work and fix their firewall and again Comodo will help them make their firewall better :-) (at no charge ;-) )

So, again, I truly appreciate your efforts and very much wish that we can get to the bottom of the issue you have with your machine!
you must appreciate that its really intriguing to us and we really want to resolve it for you! So I will let, if its ok with you, our guys to ask you few questions to see if we can get to the bottom of the issue you have. In a true Comodo tradition, we will work tirelessly to get to the bottom of the problem.

Melih

[egemen]

Here is what I think:

* If this is a very rare bug, you would not reproduce it each time you run the test. Because you are telling you tested in clean XP install. So this is not a rare bug. But interestingly none of our users reported this before. Those who claim failing were always mistakenly "remembered the answer when allowing the popup". So this was understandable.

*You may have another security software which has not been uninstalled, preventing CPF. If this is so, CPF must also fail thermite and copycat. Is it so?

Egemen

[Melih]

if anyone else is having a similar problem can you pls report it! We really want to get to the bottom of this asap.
thanks
Melih

[kail]

xTerminus nDefinitive

Wow.. BIG post.

I'd like to ask if you have tested the release version at any point. You mentioned that you had tested many versions. But, you weren't specific.

I ask, since I also confirmed your PC-Flank failure report. And when I was asked to test it on the release version, I did & it didn't fail the test.

I'm using W2k-SP4. And since all the XP users seemed to think it was OK & only the W2k-SP4 heros users had reported it, that gave COMODO the false impression that it was a W2k-SP4 specific issue. Now, you didn't seem to have mentioned your OS before you.. fell silent. If you were following the thread, as you said, I really feel you should have jumped in at that point, with a short ( ) message about your OS being XP. That may have helped egemen.

I do not think COMODO make any false claims as you have stated several times. Surely any claims on their web site, concerning CPF, must be about the release version.. not the beta version.


egemen

* If this is a very rare bug, you would not reproduce it each time you run the test. Because you are telling you tested in clean XP install. So this is not a rare bug. But interestingly none of our users reported this before. Those who claim failing were always mistakenly "remembered the answer when allowing the popup". So this was understandable.

Huh???

This must mean my above post is complete rubbish then & the CPF PC-Flank failure I hit on W2k is W2k specific and nothing to do with xTerminus' CPF PC-Flank failure?

[egemen]

This must mean my above post is complete rubbish then & the CPF PC-Flank failure I hit on W2k is W2k specific and nothing to do with xTerminus' CPF PC-Flank failure?

Nope. That was really a 2K specific bug. It can not occur on windows XP because of its nature. I am more concerned with his CPIL report. Because failing in detecting CPIL means failing in detecting many of the basic leak tests like thermite and copycat. If CPF fails them too, then i will have a good idea.
 Btw, we have fixed that 2K PCFlank bug.

[kail]

Nope. That was really a 2K specific bug. It can not occur on windows XP because of its nature. I am more concerned with his CPIL report. Because failing in detecting CPIL means failing in detecting many of the basic leak tests like thermite and copycat. If CPF fails them too, then i will have a good idea.
 Btw, we have fixed that 2K PCFlank bug.

OK, thanks egemen.



xTerminus

I apologise about my dig about you not jumping in. It wouldn't have helped after all.

[stephentony]

I think that Melih said everything I wanted to say in my post, but he did so much more succinctly and diplomatically. I don't want to see this turn into a flame war, and that was not my intent when I posted in response to xTerminus. I've worked in the IT security field for 14 years (I know, big deal) and I've seen posts in security forums in the past that have used tactics that were less than scrupulous in attempting to "poke holes" in a product that is going through beta testing. In fact I've been on the rotten end of that stick and it does not feel good. Especially when, and I'm not sure how many people know this, the huge number of hours at work and at home are spent by team members who are working on a project like this. I will tell you that it feels really bad when you've devoted so much time and sweat to such an effort only to have that effort and intent be questioned. Because that's what was really being questioned here. Not that a bug was found, but what was really being questioned was the honest intent and claims made by the makers of the product. You bring that into question and you had better keep your head low my friend, not to mention having your facts straight!  I felt the tone and tact taken by xTerminus was out of line to say the least, and was not posted where it should have been to start with. Coming back with a multi-page, accusatory rant, days later didn't help either.

I have no blind allegiance to Melih, any of his colleagues, or the CPF. I also know how easy it is to test beta products (many of them as you said, xTerminus) on a home computer in your spare time without having anything real at stake. That said, I have no problem with anyone pointing out what very may well be a bug if found. But that does not necessarily make it a bug! Or even a bug that can be reproduced without going to absurd extremes. And for certain it does not mean a company is attempting to make false claims about their product. Companies will ask for beta testers for projects like this for many reasons. I believe that those who contribute what they have found through testing, do so, for admirable reasons. I also know for a fact that, that type of contribution is always welcome and appreciated. It is NOT taken as a personal attack on the product or the makers of it. Quite the contrary! I assume we all want to help in whatever way we can in making this product better.

xTerminus, I really hope you can understand why people here reacted like they did to your multiple posts, and not take it too personally. That may not make sense to you after some of the posts (mine included (LOL) that took issue with your statements, but that's what I hope anyway. Sometimes you just have to think about what you're saying. Your honest intent may very well have been good at heart but it didn't come out that way.

[sukarof]

if anyone else is having a similar problem can you pls report it! We really want to get to the bottom of this asap.
thanks
Melih

I did report, earlier in this long thread. I didnt get any comments then. Maybe it went unnoticed so I´ll quote it:

To be fair I must join the (few?) whos comodo does not protect against cpil.exe (Pcaudit test nr3 locks up my computer the first two passed) I have tried "out of the box" and I did the registry tweak and have component monitor on (not learning mode) suggested here on this forum.
Funny thing is that the registry tweak did work the first time I tried it (ie Comodo did give a popup warning about cpil.exe. It did however open up the web page but did not display what I wrote. But now it does without any warning Huh

Quote
Your firewall didn't pass the test and transmitted information to our website.
You typed: testing|http://comodo/|http://firewall/|http://against/|http://cpil.exe/

This time it was useless information - next time it could be your credit card number or other sensitive data being passed to a hacker.

Comodo Personal Firewall 2.0 is the only firewall to pass the Parent Injection Leak test with its default settings.
The http:// is added by the web page I guess coz I did not write that in Cpil.exe

I am not to worried and will continue to use Comodo (have no hidden agenda ), but I must agree that it doesnt pass the leaktest on every machine. Default settings or not.

It is the same result on the two latest betas.

Please forget the line about Pcaudit, I mixed up the leaktests .

As for Pcflankleaktest Comodo didnt pass on my machine. The leaktest did send the text I wrote.
I did get a popup but I denied it to late coz the text (that I wrote in Pcflankleaktest) was sent while Comodo was waiting for an deny or allow answer from me.
My specs:
Windows XP Pro SP2 and all the latest hotfixes.
AMD Athlon64 x2
1024Mb RAM

[dg05]

As for Pcflankleaktest Comodo didnt pass on my machine. The leaktest did send the text I wrote.
I did get a popup but I denied it to late coz the text (that I wrote in Pcflankleaktest) was sent while Comodo was waiting for an deny or allow

This also what I am finding with CPF. Apart from failing the leaktests, I  have pop ups occurring and before I have time to read them the connection has gone ahead anyway.

[xTerminus]

After running the test, does CPF, even though the test failed, show a popup later? Ofcourse I am assuming you do not have outpost or any other firewall installed while testing. Even not disabled bu uninstalled.

All testing is done with no other firewalls installed. I have a few extra drives in the main machine & often create a fresh new format/boot for troubleshooting purposes. Other times I will test multiple installations on a single install of Windows, but when I do this I use a very thorough method to clean the registry between installs. CCleaner > RegSeeker > jv16 PowerTools > WINASO, each run multiple times untill they turn up nothing more. Then after these 4 registry cleaners scrub for obvious errors (I've tested many registry cleaners & no others seem to ever turn anything up that these one's don't, hence I've developed this strategy to completely clean a registry, wish it could be accomplished from a single reg cleaner but each misses some that the others don't) I go back through the registry manually & remove all remaining traces of a software & it's parent company... often times it can actually be faster just to use a fresh format/windows install.

I'm not sure exactly what you mean about getting a popup later. Sometimes I get a popup at the time, it just isn't blocking the leak. I don't think I've ever had a popup occur late as another poster has mentioned, indeed that would be very odd behavior to get a  popup regarding cpil 2 minutes afterward. In my case I believe it's always popped up on time or not at all, but then there may have been times where I've rebooted before seeing a delayed popup, I usually reboot often between any of these types of tests to clear memory & get a fresh uncontaminated start on the next.

-----

Ok I've tried some other versions again. I will present my findings in as concise & streamlined a manner as possible while still attempting to be entirely thorough. Some of these issues are seperate & preceed the failure of the leaktests, but I will include them in a quick rundown anyhow:

1) The latest version from the Comodo website does not install properly, 006 type error, problem with launchpad installing & such. I also get this with CAVS.

2) 2.1.0.1 from download.com is installing correctly, but activation key does not work, error during activation type situation. Although 2.2.0.11 won't install directly, after updating to 2.2.0.11 from 2.1.0.1, then I am able to activate the key. Ok, so at this point I'm thinking, although it was somewhat of a troublesome (from the average user's perspective) & roundabout way of arriving here, I finally got a release version installed & maybe I can see the leak tests functionally blocked now.

3) I make sure to turn on all monitors manually, at least one of them was off by default, I believe it was component monitor. Then I go under the settings & make sure to check all things relevant such as block trojans or something as such & maybe there was one or 2 other things that weren't checked by default, I didn't take note of the precise names. This is on the old style where the settings are all one page rather than multiple pages as in the latest beta mind you.

4) This time, opposite as before, cpil did not yield a popup & pcflank did. I'm not sure if these characteristics can be exactly pinned down as to which way this occurs in which version, or if the firewall is just yielding varying inconsistent results in general which are not particular to a specific version or test.

4a) Needless to say, the cpil test with no popup failed & the test text was presented in the browser. However, I think it's important to note that on previous tests with the beta a popup for cpil was being presented (at least sometimes), yet the presence of the popup alone or choice to deny cpil did not prevent the test text from being opened in the browser. So it's not just a matter of whether the popup appears, it's the coding that's going on behind the scenes that is allowing the leak to occur even when the popup comes up as it should. Additionally, the popup continues to come up for other unrelated internet access untill the system is rebooted no matter how many times you hit deny. Possibly after some extended period of time it may desist, but I've never had the patience to wait it out for more than about 5 minutes as it quickly becomes incredibly annoying & a quick reboot always solves the problem.

4b) Now on to pcflank, which did yield a popup this time around. I believe there may be some consistency here within the inconsistency, as I recall similar experiences during previous tests within the last week. When pcflank does yield a popup, it seems to block the entire internet in general (or maybe it's just the browser), however, it doesn't seem to prevent the results page from being called up by copying & pasting the link to the browser, where the test text has indeed been leaked & is clearly visible. If not for copying & pasting the link directly at this step, one would get the impression here that the leak had been blocked. Also, the resulting persistent popup problem exists here too, only this time it is not only continually popping up for other unrelated internet access, it is blocking other unrelated internet access as well. Again, this bahavior continues untill the system is rebooted, or if there is a timer on it, I've never had the patience to wait it out as it quickly becomes not only annoying, but internet is unusable/unaccessible as well.

-----

I often times tend to be overly complex or descriptive, I'm very analytical & redundant by nature, but I hope that was concise & articulated plainly enough to get a full picture of everything that is going on. I know sometimes reading what someone else is going through can make your head swim if you aren't seeing or experiencing it in the first person.

And by the way, the screenshots I've listed in this thread aren't posted at a real website or going to be part of any public display in anyway, I've just stuck them on an extra server for purposes of this thread. I may add a meta tag when I get time to stop the search engine spiders from indexing it, or just remove the files after this issue is resolved.

-x

[XenonG]

Hopefully I read every word in these four pages......
Did you turn on Component Control from Learning Mode to On?
Oh yeah, Avast opens some ports to use even when its shutdown.