Author Topic: Here is another leak test for our BETA testers - CPIL2  (Read 33566 times)

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Here is another leak test for our BETA testers - CPIL2
« on: June 27, 2006, 11:09:41 AM »
Hi guys,

We have just created a simple leak test, CPIL v.2. CPIL2 is an example leak test whose bypassing techniques are actively being used by many trojans in the wild. This is not a new technique that we found. It was there in the wild. So we wanted to give the community a chance to see how strong their firewalls are, and allow them take an immediate action if necessary.

CPIL2 is still in its early BETA stage and will be developed more in the future. So feel free to share your opinions.

Good luck,

Egemen

[attachment deleted by admin]
« Last Edit: June 27, 2006, 11:13:01 AM by Melih »

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #1 on: June 27, 2006, 12:10:20 PM »
You need OSMODE=3 for this to pass the test, right?

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #2 on: June 27, 2006, 12:30:13 PM »
You need OSMODE=3 for this to pass the test, right?

No that does not matter. CPF should pass it both modes.

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #3 on: June 27, 2006, 12:30:35 PM »
CPF 2.2 does not pass this test I tried it, or am I doing something wrong?

Offline Shemp Howard

  • Comodo Loves me
  • ****
  • Posts: 174
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #4 on: June 27, 2006, 12:31:15 PM »

Well I tried but test failed to run.

[attachment deleted by admin]

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #5 on: June 27, 2006, 12:33:44 PM »
The instructions state:

If the test succeeds, you will see your data on the Comodo website

However when I get to your site with the data I entered it says I failed the test.

Which way is it?

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #6 on: June 27, 2006, 12:35:53 PM »
Well I tried but test failed to run.

This means you passed the test.No problems.

Offline Shemp Howard

  • Comodo Loves me
  • ****
  • Posts: 174
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #7 on: June 27, 2006, 12:40:45 PM »
This means you passed the test.No problems.

Thanks egemen for the reply. Running CPL 2.3 beta with os 3 enabled. Love it. ;D

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #8 on: June 27, 2006, 12:41:38 PM »
The instructions state:

If the test succeeds, you will see your data on the Comodo website

However when I get to your site with the data I entered it says I failed the test.

Which way is it?

If the test suceeds, internet explorer will be opened and you will be redirected to comodo site which should show you the data you entered.

If program fails to start or CPF shows you a popup, this means test fails. CPF 2.0-2.3 should be passing this test with no problems. It may be a case that with OSMode = 3, CPF may not detect this because it is problematic. But i dont think this will be a case.

Egemen

Egemen

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #9 on: June 27, 2006, 12:47:41 PM »
For me:

OSMODE=0  The test succeeds.

OSMODE=3  The test fails.

btw... Shouldn't 'succeed' mean CPF stopped the threat and 'failed' means it did not?

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #10 on: June 27, 2006, 01:00:54 PM »
For me:

OSMODE=0  The test succeeds.

OSMODE=3  The test fails.

btw... Shouldn't 'succeed' mean CPF stopped the threat and 'failed' means it did not?

To pass the test,

You should see either of the screenshots in the attachment. The test may say it suceeded, but if you see an alert from CPF like the attachment, you pass the test. If you see "can not initiate the instance" message, it also means you passed the test.

Egemen

[attachment deleted by admin]
« Last Edit: June 27, 2006, 01:03:30 PM by egemen »

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #11 on: June 27, 2006, 02:28:00 PM »
With OSMODE=0 the threat is not blocked.  I get to your website with the text I entered.

Using  OSMODE=3 the threat is blocked.  I get the message in the DOS box that the 'Test Failed'.  I do NOT go to your website.  In fact my browser doesn't even open.

An earlier post of mine questioned whether I needed to set OSMODE=3 for the threat to be blocked.  You said it didn't make a difference whether I used OSMODE=0 or 3.

In my case I had to set it to 3.  OSMODE=0 did not block the threat.

Offline Arkangyal

  • "There is nothing impossible to him who will try." - Alexander The Great, ancient Greek King of Macedon, 356 BC-323 BC.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1340
  • [ Visit Hungary ] www.hungary.hu
    • My blog
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #12 on: June 28, 2006, 12:07:09 AM »
Interessting, it missed the first letter from the sentence. Right now, i've tried with another firewall, which may come in hand when you wanna compare: Rising Personal Firewall.

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #13 on: June 28, 2006, 12:19:47 AM »
With OSMODE=0 the threat is not blocked.  I get to your website with the text I entered.

Using  OSMODE=3 the threat is blocked.  I get the message in the DOS box that the 'Test Failed'.  I do NOT go to your website.  In fact my browser doesn't even open.

An earlier post of mine questioned whether I needed to set OSMODE=3 for the threat to be blocked.  You said it didn't make a difference whether I used OSMODE=0 or 3.

In my case I had to set it to 3.  OSMODE=0 did not block the threat.

Hi,

Something must be wrong with your CPF. Can you test your CPF with OSMode = 0 against all other leak tests? Lets see what is wrong.

Thx,
Egemen

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
Re: Here is another leak test for our BETA testers - CPIL2
« Reply #14 on: June 28, 2006, 02:47:17 AM »
I rebooted with OSMODE=0 and everything seems to be working now!

I ran CPIL2, leaktest1.2, tooleaky, firehole, and yalta.  All were blocked by CPF via popups where I replied DENY.

One thing of note was that when I was using OSMODE=3 I did not get any popups from CPF at all.  However the threat was blocked as indicated by the 'test failed' message in the DOS box and the fact that no browser window came up.

When I ran CPIL2 using OSMODE=0 I got 2 popups when the test started to which I replied DENY to both of them.

All the other tests resulted in popups no matter if I used OSMODE=0 or 3.  It was only CPIL2 that behaved a little differently depending on the OSMODE I chose.

I would imagine that there is still cause to be concerned.  OSMODE=0 was letting the threats get by yesterday when I reported the problem.  Why they cleared up today is a mystery.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek