Author Topic: 2.3.6.81 is failing pcflank leak test with browser tabs  (Read 22521 times)

Offline xTerminus

  • Comodo Member
  • **
  • Posts: 44
Re: 2.3.6.81 is failing pcflank leak test
« Reply #15 on: September 28, 2006, 10:29:37 PM »
Hi,

None of these replies are quite on track with this issue. I'll reply a few more times & re-explain some things that are already mentioned in the original post & the thread preceeding this one about v2.3.3.33 & 2.3.5.62, but I am not sure how many more times I can reiterate what is already explained in the original post. I know it may be confusing, & especially if one had not been following the previous thread, but it's not really that confusing. It would seem as though some of you may not be reading the original post correctly or thoroughly, I really can't be sure, but most of the replies are quite a distraction & nowhere near relevant to the issue, except where solo originally thought I was speaking of a different version when I called it 2.3.5.81, that was a typo that I needed to clear up.

Please understand this may be obvious but did you know the text does stay on the site? I can download the test and even if blocked it shows the original text. This may have been mentioned but use a different text (completely) each time. They keep the text on there which to me isn't right, it should be deleted as it has fooled many. Just a thought though.

 Paul

I know you probably don't read all the posts regarding this matter, but the answer is yes, I do know that, I have explained this so many times in text as well as pictures, but I will explain once again. If you will note in any of my screenshots that I have ever posted in this thread or others pertaining to this issue, you can see that I always use a format which denotes "firewall-brand_version-number_current-date_current-time." I have also stated numerous times in a previous thread that I am completely aware of this. Thanks for asking though, I know a lot of people become confused regarding pcflank, myself I do not find it confusing.

Repeating? Correct if I'm wrong.. But, I don't believe PC Flank is meant to do that. Failure or not.. it is just not designed to do that (start every time the browser starts).

Designed to or not, this is exactly what it is doing under the circumstances I have listed in the original post & shown in several screenshots in both the original post of this thread as well other threads. It is doing this after Comodo appears to have passed the test & blocked the page from loading. It is not doing this with Outpost.

xTerminus ,

I have run the PC Flank leak test 3 times today and cannot duplicate the results that you are seeing on your machine.  If what you say is really happening, I believe it to bne a local phenomenon on your machine.  My computer passes the PC Flank leak test with the update to 2.3.6.81 as of Sept 29, 2006.  Prior to Sept 29 with earlier versions, my PC failed PC Flank leak test every time.

NOTE 1:  The PC Flank leak test has an error.  Even when you pass it, the little window pops up to say that you failed.  But if Comodo gives you a pop up to deny, rest assured that your text did not get sent.  Again, I took the test 3 times today and each time PC Flank told me I failed, but not once did my text get transmitted.

NOTE 2:  Make certain that each time you take the test, you type something different.  I like to type in the date and time that I took the test.  Remember, the text that you tramsmitted in previous runs of PC Flank Leak test remains on that website and you see that data every time you go to that web page.  So if you use date and time as your text, you will absolutely know if you failed or not. 

In any casem I am sorry that you are still having issues.  The problem is completely resolved on my machine.

Good luck.

This is not specific to a particular machine, these results can be obtained on all machines. Whether you consider your pc or your firewall to be failing the test is a matter of perspective I suppose, but the test is designed to go against your firewall, it is generally the firewall that is considered to be failing or passing the test, not your pc, so I don't think your pc was ever failing the test.

----------

[at] NOTE 1:

It is not necessarily an error in the pcflank test which says the firewall fails when in fact sometimes the leak is blocked, it is a matter of how the test interprets whether the firewall passes or fails. For example, when you run pcflank against Outpost firewall it does not say that it fails, the leak is intercepted before the stage where the test thinks the firewall is failing & the test then proceeds to clearly state that the firewall has passed the test. Outpost also blocks cpil before it gets to that stage of transmitting the data. Anyhow, regardless, my idea of whether a firewall passes or fails is in that it blocks the leak, whether the test officially says the leak is blocked is perhaps not as important, so we are in agreement there.

However, when Comodo gives you a popup to deny you cannot rest assured that the leak is blocked as I am showing here in an effort to get this tightened down a bit more. Sometimes the leak is blocked, but there are circumstances where the popup blocks internet access & appears to be blocking the leak when in fact the data is being leaked silently behind the scenes regardless of the popup. This is not a new phenomenon, there are many threads regarding this. The popup alone does not necessarily mean that you can rest assured that the leak has been blocked, but currently Comodo is getting very close to plugging this pcflank leaktest entirely, it's just not quite there yet. Even though you may be able to get it to pass, that is not entirely conclusive as you are not using all means, I too can get it too pass, but I can also get it too fail & this is what I am attempting to show & explain here in detail so that the firewall can be snug as bug in a rug no matter who, how or what is running the leak test... was that a saying, I have no idea, it just popped into my head, sorry about that...

----------

[at] NOTE 2:

I've explained this a lot of times in the past but you may not have read the posts or looked at the screenshots - I always use a format which denotes "firewall-brand_version-number_current-date_current-time." I suppose it may be a matter of opinion, but again I would consider that the test is running against the firewall & it is the firewall that is passing or failing, not the user.

----------

This can be reproduced on any machine. This problem lies within the firewall software itself, not within your machine or any machine in particular & therefor the problem is not resolved on your machine. Though understandably I can see where you might think the problem is resolved on your machine as we are speaking about a slightly different problem. The issue you are thinking of has been resolved within the firewall, but the issue I am raising here in this thread is not yet resolved. It is very similar in that involves Comodo failing pcflank, but the difference is in the details.

Hi, I deleted my post as I am not sure Kail was talking to me, and would have made no sense then, lol.  I "think" I know what you mean and may be the same issue I have with all denied accesses.

 Correct me if i'm wrong but....

 After denying the test, or other OLE attempts, CPF keeps popping this up every time you try to access the internet\open browser? It won't get rid of the memory of the program unless you do a restart? Is this why you think the test is still in memory? So after running PCflank, it keeps re-popping up?

 Thanks,

 Paul

That is an issue with cpil, but with pcflank it's not actually repopping. What is happening though is that the same text string is getting leaked multiple times when the browser is restarted after concluding the test. Now when I say the same text string I am not talking about how the previous results are saved server side at pcflank... as you can see in the screenshot, the same text is actually being re-leaked multiple times a few seconds or minutes apart each time the browser is restarted after the test has already been concluded.

I'm not sure if any of this further reiteration makes things any clearer or just causes more confusion, anyhow, I would ask that an actual developer that may be trying to work on this refer to the original post as it is all there in fairly simple terms.

One last thing just to be entirely clear, I'm not looking for advice on how to get Comodo to pass or whether others get it to pass, I too can get it to pass. This is about Comodo not passing under certain circumstances which are explained in the original post & I am attempting to inform a developer so that it may become stronger. Again, I have no interest in simply getting Comodo to pass by doing everything just right, that's very easy. I want the program itself to block the leak tests in a variety of situations & I don't think running a tabbed browser which is set to remember previous tabs is all that unsual, in fact a lot of people should be running a browser in such a configuration, it is very convenient.

-x

comicfan2000

  • Guest
Re: 2.3.6.81 is failing pcflank leak test
« Reply #16 on: September 28, 2006, 10:47:05 PM »
 Yes, I see what you mean. While I have to agree to leave it to some others who are more knowledgable, than I, like Panic, <---very smart guy-->or egemen,  etc...This is a very odd problem and whoever helps you, I hope you indeed get it resolved.  ;)

  Sorry I couldn't help,

 Paul

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: 2.3.6.81 is failing pcflank leak test
« Reply #17 on: September 28, 2006, 11:18:20 PM »
Just to make sure I understand the nature of the problem;

1. Despite clicking DENY, the text string you type in IS transmitted to the PC Flank website
2. This same string is being sent whenever you open Maxthon, even if you are not running the PCFlank test (??????????)

The only real way to accurately test this is to install a packet sniffer (like ethereal - I know, it's now got another name), run the PCFlank test, check the results on the PCFlank web site, shut the PCFlank leaktest application window, shut the browser, open the browser, go to any website except the PCFlank one (to ensure connectivity), shut the browser, stop ethereal sniffing, examine ethereal logs.

IF the string is being repeatedly sent, you should be able to see multiuple instance of this.

I can't, for the life of me, see how this could be happening. Not saying it can't, but I just don't understand how a text string entered into application X and transmitted from application X to a web site via a browser, can be releatedly sent via the browser if application X is no longer running.

If the text string is being sent repeatedly AND the PCFlank leaktest executable is not running, I'd love to know what other component has 1) remembered the text string and 2) is communicating via the browser in exactly the same manner as the leak test and 3) not being spotted as a different application/component by the firewall.

There's a lot of if's and and's in here. Hopefully there's a definitive problem and a definitive solution, as well.

Try the packet sniffer and see what you can get from that. Please post the results (positive or negative) back here.

Hope this helps,
Ewen :-)


One thing I forgot to add - as you've said you can achieve this leak on any PC, if you are going to install ethereal and sniif the data flow, can you please ensure that it is installed on a PC that you have not yet run the PCFlank leaktest on.

Ideally, ethereal should be running BEFORE the PCFlank leak test is run on that PC for the first time. This is just to make certain that we are not just capturing the data flow from a "repeat" transmission, and our capture includes - 1) clean start, 2) leaktest app launch, 3) attempted string transmission, 4) (hopefully) cessation of transmission due to CPF blocking, 5) browser startup and shut down, 6) browser startup and web page load, 7) browser shutdown, 8) browser startup.

If data is being surreptitiously retransmitted, I would expect to see it re-appearing at points 6 and 8 in the above list.

Hope this helps,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline xTerminus

  • Comodo Member
  • **
  • Posts: 44
Re: 2.3.6.81 is failing pcflank leak test
« Reply #18 on: September 29, 2006, 01:11:34 AM »
Hi,

Perhaps I did not clarify this enough in the original post. I believe this has to do with tabbed browsing & having a browser set to remember the last tabs when you restart. I did mention this, but perhaps I did not emphasize it enough. Whatever that page is that pcflank fails to open after you hit hit deny on the Comodo popup, it is probably the culprit here, when the browser is re-opened. Please see attached photo & take special note of the way several of my test time stamps are repeated even though the actual server time stamp is later & later each time. To be absolutely certain please listen to this part carefully, I do not rerun the test more than once with the same time stamp (unless the date is different), only the first in a series of any given time stamps is the leak occurring at the time of the actual test... then, after closing the test & re-starting the browser, the same text is apparently still queued up & gets re-transmitted with each browser restart, & there are no popups anymore at this point, nothing after the first popup which gives the illusion of blocking the leak. If you don't manually navigate to http://www.pcflank.com/pcflankleaktest_results.htm or have it tabbed in your browser, you would never realize all these leaks were occurring as the initial popup gives the impression that it is blocking the page from opening & hence blocking the leak from occurring. That's it, the plain & simple facts.

I don't have any more energy for this today myself, but I think any developer should have enough info to work with between this & the original post to take over from here, remember I am only testing Comodo in spare time. I think I've thoroughly explained the basis of the problem & provided the means & now I would expect for someone who will actually change the code to take it upon themselves to reproduce what I have illustrated & go from there in implementing the necessary changes. I'm not going to actually amend the code myself & I don't think it is prudent for me to spend anymore time testing what I have already clearly defined for a developer to look into.

Of course on any given day I may run other tests or variations & report any discrepancies I find, but I think I've done all I can do on this particular matter. The info is all there for you, please pick it from here. It's not fair to keep asking me to go further into it when I've already exhausted all possibilities regarding this & stated clearly how to reproduce it.

Thanks,

-x

[attachment deleted by admin]

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.6.81 is failing pcflank leak test
« Reply #19 on: September 29, 2006, 06:09:50 AM »
Hi Guys,

1 - Run Maxton first
2 - Run Iexplore.exe
3 - Run PCFlank.exe, type some text and press next

Then you will see a new tab in maxton with the URL like following : http://www.pcflank.com/pcflankleaktest/leak1test.php?ID=Q0ZXcm9ja3M=

where, if I am not wrong, ID is the encoded text you typed. CPF will show a popup and block the request. But although it is blocked, Maxton, remembers this failed URL as the last visited URL, and next time you open Maxton browser, given remember my last visited url option is selected, MAxton will ask you if you want to visit the last visited URL, upon pressing YES, the same URL will be submitted.

This leads the data you entered to be sent again and again. Thats why OP sees more entries in pcflank site. Not the leak test is trying to send but everytime the browser is opened, it is sending the data remembered as the last visited URL although not literally visited, again and again.


Egemen

Offline solo

  • Comodo Loves me
  • ****
  • Posts: 153
Re: 2.3.6.81 is failing pcflank leak test
« Reply #20 on: September 29, 2006, 07:03:18 AM »
Hi Guys,

1 - Run Maxton first
2 - Run Iexplore.exe
3 - Run PCFlank.exe, type some text and press next

Then you will see a new tab in maxton with the URL like following : http://www.pcflank.com/pcflankleaktest/leak1test.php?ID=Q0ZXcm9ja3M=

where, if I am not wrong, ID is the encoded text you typed. CPF will show a popup and block the request. But although it is blocked, Maxton, remembers this failed URL as the last visited URL, and next time you open Maxton browser, given remember my last visited url option is selected, MAxton will ask you if you want to visit the last visited URL, upon pressing YES, the same URL will be submitted.

This leads the data you entered to be sent again and again. Thats why OP sees more entries in pcflank site. Not the leak test is trying to send but everytime the browser is opened, it is sending the data remembered as the last visited URL although not literally visited, again and again.


Egemen

So in your opinion, is this a problem with Comodo or Maxton?  Does any firewall pass the test with Maxton running at those parameters?

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.6.81 is failing pcflank leak test
« Reply #21 on: September 29, 2006, 07:20:50 AM »
So in your opinion, is this a problem with Comodo or Maxton?  Does any firewall pass the test with Maxton running at those parameters?

For me, this is more like usage problem. Because Maxton always ask if you want to visit the last visited site. There are many other ways to achieve the same behavior without even using any OLE stuff. The only reliable solution to such usage problems, is to make sure some critical data is never sent unencrypted. CPF will have such a vault in 3.0. Otherwise, users can always press Allow accidentally. Yet if CPF intercepts OLE requests before they happen, this behavior wont be observed. But this does not cease the threat against such a behavior. Have a look at the next message for example.

Egemen

« Last Edit: September 29, 2006, 07:33:04 AM by egemen »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.6.81 is failing pcflank leak test
« Reply #22 on: September 29, 2006, 07:28:49 AM »
Think of the following scenario:

1 -User visits www.moneybank.com
2- www.moneybank.com has been DNS poisoned or domain has been somehow redirected(which is very probable if attacked)
3- User visits the last tab he visited, thus sending his login information to the attacker.

This is more being about security concious. As seen from the example, this type of action, has many more serious security problems.



Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: 2.3.6.81 is failing pcflank leak test
« Reply #23 on: September 29, 2006, 08:23:41 AM »
Hi Guys,

1 - Run Maxton first
2 - Run Iexplore.exe
3 - Run PCFlank.exe, type some text and press next

Then you will see a new tab in maxton with the URL like following : http://www.pcflank.com/pcflankleaktest/leak1test.php?ID=Q0ZXcm9ja3M=

where, if I am not wrong, ID is the encoded text you typed. CPF will show a popup and block the request. But although it is blocked, Maxton, remembers this failed URL as the last visited URL, and next time you open Maxton browser, given remember my last visited url option is selected, MAxton will ask you if you want to visit the last visited URL, upon pressing YES, the same URL will be submitted.

This leads the data you entered to be sent again and again. Thats why OP sees more entries in pcflank site. Not the leak test is trying to send but everytime the browser is opened, it is sending the data remembered as the last visited URL although not literally visited, again and again.


Egemen

Thanks for the explanation egemen.

This has been bugging me all day, trying to understand how an app that wasn't running could be sending data. As you've pointed out, the "remember last visited pages" option has the potential to be a security hole.

Cheers,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline munckman

  • Comodo Family Member
  • ***
  • Posts: 89
Re: 2.3.6.81 is failing pcflank leak test
« Reply #24 on: September 29, 2006, 03:29:22 PM »
I cannot pass PCFlank leak test with IE6 either.

I have tried many many times. Deleting TIFs and restarting between tries.

The closest I get is "page cannot be displayed" or something similar. This is easily accomplished by Comodo. I never get to the results page where text is supposed to be displayed.

In order to completely pass PCFlank, as designed, a drip-less faucet must be displayed. Any thing else and it did not pass the test as designed. If your results are anything less than a Total Pass it  should and must be considered as partially passed.

I realize that the goal is for the text not to be passed on. Comodo achieves this. Saying that Comodo passes the test is not correct and that is where the problem is. If a firewall shuts down IE or the computer itself the result is the same; no text is passed on. In my opinion this is not passing the test either.

I have seen where other firewall testing results have shown PCFlank (and other tests) as partially passing with an explanation as to why this is equivalent to passing. Until Comodo can pass the PCFlank test as designed, with drip-less faucet and all, I think partially should be stated as well by Comodo. I am confident this "passed" will happen with Comodo soon.

My only Comodo leak testing up until last night was with PCFlank. After update I tested all available ones on http://www.firewallleaktester.com/index.html . I downloaded them into a folder first. I began at the top of the list and ran through them one after another ( only non zipped ones ) until the computer became unresponsive, changed background, writing on background from a test, no right click, ect. Restart did not clear up all the problems. This was with clean XpHome sp2 and only enough programs to get online. Nothing else. Started all over from fresh - same results. All default Comodo setting. Please check this out but with caution. One thing to note is that after a test passed I then purposely failed it, just to make sure the test ran OK.

And yes, I do like Comodo Personal Firewall very very much and appreciate all the work put into it by all for all.

Offline xTerminus

  • Comodo Member
  • **
  • Posts: 44
Re: 2.3.6.81 is failing pcflank leak test
« Reply #25 on: September 29, 2006, 03:35:16 PM »
Hi Guys,

1 - Run Maxton first
2 - Run Iexplore.exe
3 - Run PCFlank.exe, type some text and press next

Then you will see a new tab in maxton with the URL like following : http://www.pcflank.com/pcflankleaktest/leak1test.php?ID=Q0ZXcm9ja3M=

where, if I am not wrong, ID is the encoded text you typed. CPF will show a popup and block the request. But although it is blocked, Maxton, remembers this failed URL as the last visited URL, and next time you open Maxton browser, given remember my last visited url option is selected, MAxton will ask you if you want to visit the last visited URL, upon pressing YES, the same URL will be submitted.

This leads the data you entered to be sent again and again. Thats why OP sees more entries in pcflank site. Not the leak test is trying to send but everytime the browser is opened, it is sending the data remembered as the last visited URL although not literally visited, again and again.


Egemen

Thanks egemen, I think that pretty much sums it up in very few words

So in your opinion, is this a problem with Comodo or Maxton?  Does any firewall pass the test with Maxton running at those parameters?

Yes, Outpost passes using a tabbed browser such as Maxthon. Specific reason being, it blocks the leak before it gets to the point of attempting to open the malicious page rather than queing it up then blocking the connection. This is not at all about Outpost vs Comodo, just giving some details since you asked. Outpost blocks the leak perhaps one step earlier where the leak test itself is prevented from launching the page & actually reports that the firewall passed & therfor the leak page is never actually opened, hence there is no page for a tabbed browser to recall, that is all. Whether this is problem with Comodo or Maxthon is more a matter of opinion I suppose. One could ask more generically is it a problem with any tabbed browser or is it a problem with any firewall that lets the leak test proceed to this stage? The results would be the same regardless of branding, these mechanics are very general & not necessarily limited to Comodo or Maxthon persay.

A little deductive reasoning here:

1) It's definitely a scenario which involves running a tabbed browser, which just about all modern browsers are now a days.
2) More specifically it does have to do with recalling previous session tabs, this is a setting which many people probably enjoy, if they are aware of it, though not all will be aware of this option & some will not prefer it even if they know how to use it.
3) Some firewalls are capable of blocking the leak while running with tabs remembered, some firewalls are not.
4) Some firewalls are capable of blocking the leak when not using a tabbed a browser set to remember previous session. For this type to function at it's best would require either a smaller user base that all coincidentally do not use remember tabs, or would require users to specifically sacrifice this very convenient function.

In the end I would say that ultimately it is still a matter of personal opinion whether this is an issue with tabbed browsers or firewalls, because people will have differing opinions & I don't think either opinion would be outright wrong here.

However, more logically, I would be of the opinion that tabbed browsers are here to stay & that most firewall companies will not want to have to try to dictate to their customer base what settings they must use in their browser to achieve the desired level of security, unless it is absolutely necessary & there is no other means. Beyond that, it would stand to reason that since some firewalls are able to provide this level of security without interfering with a user's personal browser setting... well, you can draw your own conclusions there. My opinon is that it is an issue which is able to be produced between both the firewall & the browser, & from experience testing many other software including several firewalls, I know that it is possible for the firewall to change to fix the matter, while tabbed browsing with the option to remember previous session tabs probably will not be changing.

I probably won't be around much for a few days, going to re-tile some of these bathroom floors over the weekend, I'll check back next week.

And thanks again egemen for simplifying this scenario for others, I tend be way over analytical & detailed sometimes, which may become confusing.

-x

comicfan2000

  • Guest
Re: 2.3.6.81 is failing pcflank leak test
« Reply #26 on: September 29, 2006, 03:57:52 PM »
I cannot pass PCFlank leak test with IE6 either.

I have tried many many times. Deleting TIFs and restarting between tries.

The closest I get is "page cannot be displayed" or something similar. This is easily accomplished by Comodo. I never get to the results page where text is supposed to be displayed.

In order to completely pass PCFlank, as designed, a drip-less faucet must be displayed. Any thing else and it did not pass the test as designed. If your results are anything less than a Total Pass it  should and must be considered as partially passed.

I realize that the goal is for the text not to be passed on. Comodo achieves this. Saying that Comodo passes the test is not correct and that is where the problem is. If a firewall shuts down IE or the computer itself the result is the same; no text is passed on. In my opinion this is not passing the test either.

I have seen where other firewall testing results have shown PCFlank (and other tests) as partially passing with an explanation as to why this is equivalent to passing. Until Comodo can pass the PCFlank test as designed, with drip-less faucet and all, I think partially should be stated as well by Comodo. I am confident this "passed" will happen with Comodo soon.

My only Comodo leak testing up until last night was with PCFlank. After update I tested all available ones on http://www.firewallleaktester.com/index.html . I downloaded them into a folder first. I began at the top of the list and ran through them one after another ( only non zipped ones ) until the computer became unresponsive, changed background, writing on background from a test, no right click, ect. Restart did not clear up all the problems. This was with clean XpHome sp2 and only enough programs to get online. Nothing else. Started all over from fresh - same results. All default Comodo setting. Please check this out but with caution. One thing to note is that after a test passed I then purposely failed it, just to make sure the test ran OK.

And yes, I do like Comodo Personal Firewall very very much and appreciate all the work put into it by all for all.



 Hi, I will give you my take as I have others. With OLE automation, an application such as PCFlank test is basing this on communicating with IE. Now, keep in mind, OLE is integrated into windows for applications that cannot\don't have and ability to connect to their server on their own. Not all are bad and many may be needed. IE is not a WEB BASED browser, IE is also integrated into Windows, being a part of. So in fact, when this occurs and PCflank communicates with IE, it's communicating on the OS level, not internet. You would in fact have to disable OLE automation all together. So what PCFlank is saying, because there was communication from two OS based beings, it has failed. Now, I have unhooked my pc altogether, ran the test, still said info was sent. Obviously it wasn't , so , is this a bit misleading?


  Please read what it says on the site,


If your text is not shown, you either didn't take the test, your previous IP address was different from your current one or your firewall successfully prevented the leak of data

 This does not state you should see the box stating it passed. I have emailed them a couple of times waiting for a reply on how they consider a firewall leaky when PCflank uses a natural OLE automation that any application can use, no word back and it's been quite some time, hmmm. When I get info, I am making a post  for others to read.

 I wonder, when I click on the IE icon, that is communication with the browser telling it to open. Is this a leak as well?

 I understand your thoughts on this and very good questions  ;) but just something to keep in mind and perhaps this issue will get ironed out soon, many have wondered the same.

 Take care,

 Paul

Offline munckman

  • Comodo Family Member
  • ***
  • Posts: 89
Re: 2.3.6.81 is failing pcflank leak test
« Reply #27 on: September 29, 2006, 04:40:18 PM »
comicfan2000,

Thanks for explanation. I understand. I don't think the test will be changed when there are now 2 firewalls that pass with a drip-less faucet. This is where it becomes difficult to understand. You have pointed out, quite correctly, three scenarios of test results. There is a fourth, which is a flat out pass.

I agree that Comodo does not pass text info to the webpage. Therefore, it should be conclude that it passed the test. To remove all doubts and confusion among users who compare differences in various firewalls, Comodo should achieved a drip-less faucet. It would take all needed explanations off the table and become a nonissue.

We both agree that Comodo successfully prevented the leak of data. It's just that there will always be needed explanations as to why it doesn't show it like "X firewall" does.


Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: 2.3.6.81 is failing pcflank leak test
« Reply #28 on: September 29, 2006, 04:51:29 PM »
Hi guys,

Let me also summarize the different modes of operations for CFW and almost any other leak test passing firewall:

CFW is a firewall. This means we taught him to watch over network traffic. CFW is not interested in any memory modification or infection or OLE Automation unless such an attempt will result in a network connection. It is this smart analysis capability of CFW which makes us to install it with its full strength by default. And thats why, we can see reports from our users that CFW cathed an unknown virus or trojan variant. Because all of the CFW users, by default, can use it with its full strength and its alerts are quite informative.

Others may have the similar functionality but without giving the user a clear explanation, it has no use. Because not everybody will be able to use any other firewall with its maximum strength.

I have seen many alerts in other firewalls like csrss.exe/explorer.exe is trying to modify iexplore.exe. What a horrifying thing to ask for user's approval for such a vital internal windows operation. Thats why they come with a theoretical pseudo-strength only useful to advanced users and disabled by default.

In case of the other firewalls, this firewall leak testing board will be very promising and surprising soon. We will all together see, how important to be able to pass "unknown" leak tests instead of trying to pass the known ones only.

For starter, I recommend everyone to use BITSTester.exe tool found in www.firewallleaktester.com, to observe how real OLE threats can occur and can be prevented by a real dynamic threat management.


Thank you all for the feedback,

Egemen

**************************************************************
"The perfect personal firewall would be inexpensive and easy to install and use, would offer clearly explained configuration options, would hide all ports to make your PC invisible to scans, would protect your system from all attacks, would track all potential and actual threats, would immediately alert you to serious attacks, and would ensure nothing unauthorized entered or left your PC." This great definition is quoted from Make Your PC Hacker Proof, Jeff Sengstack, PC World, July 21, 2000.


 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek