Comodo Firewall or Online Armor (full version)

[egemen]

This approach is wrong. If you control "\Device\Afd\EndPoint" you have a lot of the false positives and mislead the users with the wrong alerts (or cause their programs to work incorrectly if this device is blocked).

To handle this situation gracefuly you need to control "\Device\RawIp" at TDI level. Unlike "\Device\Afd\EndPoint" this brings a lot less false positives and much more meaningful security alerts. Usually programs do not need to use this device.

Needless to say this is what OA does for a very long time already

This particular test just passively sniffs the traffic and poses no real risks. Internet Traffic is ASSUMED to be SNIFFED all the time anyway. As soon as your packet leaves your PC, it can be sniffed by anyone else. It is not a threat at all.

There are many ways in windows and recently with windows Vista that can be used to sniff the traffic AND ACTUALLY SEND custom packets bypassing the weak firewalls.  CIS filters the ones that can be used to bypass the firewalls by crafting packets.

Note:
I remember your username from wilders forum. Some of your posts about COMODO, trying to be technical, were misleading (willingly or unwillingly) and clearly wrong. E.g. CLT DuplicateHandle tests with DUPLICATE_SAME_ACCESS being no threat at all(Perhaps because your product was failing?).
I did not pay too much attention but If you are affiliated with the development of the product you are advocating, we can have a technical discussion in detail.

Otherwise you should thank COMODO as a user that because of our leak tests, your company is trying to cover some of the real threats.

[alex_s]

So? What security risk does this pose? Can you show me a termination test which can disable CIS protection including this one? This is not a memory leak test at all.

Egenem, it is allowed to Melih do not understand this, but you should understand this is a kind of a DOS attack. Security should protect system, not just itself. There is no much sense in security that can protect itself perfectly, but cannot protect system from  DOS. And yes, the test itself was designed with somewhat different purpose, but while it is allowed for the users to take things literally, security experts (which I hope you are) should take it not only literally, but to see all the possible outcomes, especially if they claim to be not just "test passers".

[alex_s]

This particular test just passively sniffs the traffic and poses no real risks.

Your approach starts to frighten me. I do not say this is too high risk, still this is the same risk any keylogger/screenlogger/webcamlogger presents. There is no logic in catching screen/webcam loggers while ignoring tcp/ip traffic loggers. Nobody knows in what way a LOT of third-party programs send data over non-crypted connections. Security MUST guarantee this traffic cannot be sniffed at least on a computer it is installed on.

[alex_s]

===
Here, people think that installing Aivra & OA and protecting them, they are totally secured! This is wrong, Why? Because BOTH products have NOT been architecture to work together. This is what I mean by layered Security. Talking about defaults? Then OA by default installed with a recommended AV like Avira (maybe other AVs too) will be bypassed as shown in wilders in the above thread.
===

This is theory and nothing more. In reality they both do their job very well, and even if one of them fails, another one still does the job. On the opposite side if CIS fails, it fails completely, not to say its AV module is far from perfection. So theoretically you are right, but practically you are not.

[Endymion]

Egenem, it is allowed to Melih do not understand this, but you should understand this is a kind of a DOS attack. Security should protect system, not just itself. There is no much sense in security that can protect itself perfectly, but cannot protect system from  DOS. And yes, the test itself was designed with somewhat different purpose, but while it is allowed for the users to take things literally, security experts (which I hope you are) should take it not only literally, but to see all the possible outcomes, especially if they claim to be not just "test passers".

Although it would be interesting to test OA on a system with only 128MB of RAM and see how many DOS will prevent...

It is interesting to note though that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.

[Toggie]

Your approach starts to frighten me. I do not say this is too high risk, still this is the same risk any keylogger/screenlogger/webcamlogger presents. There is no logic in catching screen/webcam loggers while ignoring tcp/ip traffic loggers. Nobody knows in what way a LOT of third-party programs send data over non-crypted connections. Security MUST guarantee this traffic cannot be sniffed at least on a computer it is installed on.

alex_s.

It would appear you a security expert, with an extensive knowledge of the inner workings of firewalls. As such i think it would be very helpful for our readers if you would take a few minutes to post a profile of your experience and affiliations. This way people reading your views will know they are accurate and may store weight by their contents.

Thank you.

[Endymion]

I do not say this is too high risk, still this is the same risk any keylogger/screenlogger/webcamlogger presents. There is no logic in catching screen/webcam loggers while ignoring tcp/ip traffic loggers. Nobody knows in what way a LOT of third-party programs send data over non-crypted connections. Security MUST guarantee this traffic cannot be sniffed at least on a computer it is installed on.

BTW even if I'm not a security expert I'm curious to know if OA catches webcam loggers too...

Still AFAIK there are few details that make keylogger and screenloggers different from webcam loggers.
PS: Even audio loggers ought to be more of a threat than webcam loggers for the same reason...

[alex_s]

Although it would be interesting to test OA on a system with only 128MB of RAM and see how many DOS will prevent...

If it was interesting to me, I'd made a test. So, while it is interesting to you, who should run the test ?

It is interesting to note though that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.

Hm, I'm not sure I understand what you talking about, sorry. Could you put it in more direct way ?

[alex_s]

alex_s.

It would appear you a security expert, with an extensive knowledge of the inner workings of firewalls. As such i think it would be very helpful for our readers if you would take a few minutes to post a profile of your experience and affiliations. This way people reading your views will know they are accurate and may store weight by their contents.

Thank you.

I'd prefer not to slip into discussing my personality, but to stay on a technical ground ONLY. Do you have something to say about the issue ? If not, then sorry, you need to look for someone else to talk with. BTW, when I hire the people I never read their profiles, I just talk to them and I wish to practice this approach to everybody. In any case a profile can be faked, real knowledges never can be.

[alex_s]

BTW even if I'm not a security expert I'm curious to know if OA catches webcam loggers too...

You need not to be security expert, but you can take Zemana WebCamLoggerTest and see that OA intercepts it. Do you know any other tests about webcamloggers ? If yes, then all you need is to gimme a link to and I'll be happy to report the outcome, even if outcome is negative. In the later case I'll report it also to OA team and in a week it will be fixed.

[attachment deleted by admin]

[Endymion]

If it was interesting to me, I'd made a test. So, while it is interesting to you, who should run the test ?

Indeed I'm not going to install OA to test that but I wondered if you were already aware of such negligible details...

Hm, I'm not sure I understand what you talking about, sorry. Could you put it in more direct way ?

Very much.

It worths mentioning that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.

BTW this do not mean you cannot be Mike Nash himself of his official speechperson.

[Endymion]

You need not to be security expert, but you can take Zemana WebCamLoggerTest and see that OA intercepts it. Do you know any other tests about webcamloggers ? If yes, then all you need is to gimme a link to and I'll be happy to report the outcome, even if outcome is negative. In the later case I'll report it also to OA team and in a week it will be fixed.

Yep there are countless of similar PoCs...

Windows Live Messenger
Yahoo messenger
Skype

And for audio loggers windows recorder itself.



Does OA catch that too?


Indeed even audio loggers ought to be more of a threat than webcam loggers as AFAIK there are few details that make keyloggers and screenloggers and audiologgers different from webcam loggers.

Anyhow security experts (which I hope you are) should take it not only literally, but to see all the possible outcomes, especially if some product could be considered just a "test passers" and "paper security"

Although actually there would be no need to be a security expert to notice such details after running (eg.) Zemana's test...

[alex_s]

Indeed I'm not going to install OA to test that but I wondered if you were already aware of such negligible details...

Nope, I'm only aware of the details I personally regard as essential. As far as I remember HW requierements for any modern Windows is higher than 128kb, but sometimes I run the tests in VM with XP and 392kb of RAM. In this config OA feels itself quite comfortable.

It worths mentioning that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.

BTW this do not mean you cannot be Mike Nash himself of his official speechperson.

I can be even Melih himself or Bill Gates. Does it really matter ? Forum rules allow to stay incognito, so asking a person to identify himself is a bit more than you are allowed to ask according to the rules. I hope your question is closed ?

But if you are really qurious I'm from Ukrain and I know some guys from Comodo Odessa office, so it can be said I'm familiar with Comodo not only from outside, but in a way from inside.

[Endymion]

Nope, I'm only aware of the details I personally regard as essential. As far as I remember HW requierements for any modern Windows is higher than 128kb, but sometimes I run the tests in VM with XP and 392kb of RAM. In this config OA feels itself quite comfortable.

That is a wonderful achievement indeed even DOS itself needed more than 392kB

I can be even Melih himself or Bill Gates. Does it really matter ? Forum rules allow to stay incognito, so asking a person to identify himself is a bit more than you are allowed to ask according to the rules. I hope your question is closed ?

I guess you could be Bill gates himself since he once said "No one will need more than 637 kb of memory for a personal computer" long before minimal XP requirements were available.

[Toggie]

I'd prefer not to slip into discussing my personality, but to stay on a technical ground ONLY. Do you have something to say about the issue ? If not, then sorry, you need to look for someone else to talk with. BTW, when I hire the people I never read their profiles, I just talk to them and I wish to practice this approach to everybody. In any case a profile can be faked, real knowledges never can be.

It's very much as i anticipated. You come here and call into question the capability of a product, which you claim to know a considerable amount about, yet when push comes to shove, you refuse to substantiate your technical abilities or affiliations.

Personally I would call into question any comment you choose to make, regarding this or any other product, for which you claim knowledge.

Quite frankly, until you prove you technical prowess with something more than hearsay, I suggest you refrain from posting.