Not sure if this should be a new thread or tacked onto the old thread. That one was getting a bit messy & distracted from the specific issue & turned into whether some were getting the same results or not so heres a new straight to the point report: cpil is now passing with the new update, but pcflank only appears to be passing on the surface, it is still leaking the info if you delve a little deeper. Now this morning I only tested using Maxthon, have not tried with IE as the sole browser & as default yet, so I’m not sure if it is particular to Maxthon or not. I’ll check it out a little later with IE if you havn’t already found a cure for the issue.
What’s happening is:
Run the pcflank test directly from the web with Maxthon (obviously it’s not really running from their server, it saves to temporary internet files locally first, but select run rather than save first)
Either open IE with the pcflank button or manually open an instance of IE
Allow or deny pcflank to open IE (the info seems to be leaked either way) - skip this step if you open IE manually
Type your info & click the button, also try copying & pasting the test results URL in Maxthon and/or IE to be thorough
Deny the popup & close the leak test & browser etc
It appears as though the leak has been blocked initially, but if you go & visit the test results page the info has indeed been leaked. Additionally, & again I’m not sure if this has to do with Maxthon alone or IE too, I’ll check later, but every time the browser is re-opened it seems to transmit the same leak over & over. You can see in the screenshot anytime where the time I’ve typed (last segment in the text) is duplicated, that is not me running the test multiple times during the same minute, that is the leak being re-transmitted, quietly & automatically. I’ve never run the test more than once during the same minute except on different days, generally there is at least 3 minutes between consecutive tests but the old info is being re-leaked whenever the browser is re-opened. I do have Maxthon set to remember my last viewed tabs, not sure if that is a factor, but it’s not only leaking the info once, it continues to leak everytime the browser is opened, & at this point the leaking is happening completely silently behind the scenes with no further popups etc. The popup is only happening the first time when it appears to be blocking internet access, but this sly pcflank keeps transmitting the data silently behind the scenes & evading the popup…
Hope that is enough info to reproduce this & come up with a solution. At least we know now that it’s not hardware or software related or limited to any particular users or machines - that was pretty tough there for awhile…
Goodluck with it, I’ll check back later or tomorrow.
Edit - typoed the wrong version number in the title originally
Edit - added updated screenshot
Edit - updated title to more clearly & accurately represent this thread regarding browser tabs specifically
I finally was curious and downloaded the latest version 18.104.22.168 and ran the PC Flank leak test.
I normally only run Firefox and have IE disabled completely.
With firefox running I was not able to run from the website. however downloaded and ran it.
Comodo picked it up with the suspicious file warning. of course it was blocked.
then enable IE and reran the test several times. including running the test from the website.
Comodo blocks it and asks to either allow or Deny, and no record on the PC Flank site.
you may have something on your system that is allowing it thru. ie. firewall settings . browser settings. etc.
This is still an issue with the firewall itself, even version 22.214.171.124, as the title denotes. It has been partly corrected since the previous version, but not completely. Hopefully the devs will have a look before the thread begins to derail or gain any seemingly contradicting results or confusion on the matter. This time around they know more specifically the troublesome area thanks in part to solo’s other post regarding running the test directly vs saving it first. This was entirely the elusive issue before, it passes when saved first but fails when run directly, & for several weeks nobody realized this specifically. It just needs a few more adjustments to completely plug pcflank as it should not be dependant on saving it first in order to pass.
Was there another update right after the initial update this morning (126.96.36.199>188.8.131.52) or was it 184.108.40.206 to begin? I’m showing 220.127.116.11 now & I thought it was 18.104.22.168 earlier so I will go test again.
XT…The problem has been solved if you are running the latest version of the Firewall. I downloaded the newest version today (22.214.171.124)and passed the PC Flank leak test without saving the file to my computer.
Prior to today, I was running 126.96.36.199 and it did fail the PC Flank leak test. But the newest version passes with flying colors.
I don’t think there was a version 188.8.131.52, the previous version was actually 184.108.40.206. It was just my typo, it is indeed v220.127.116.11 which is still experiencing this issue & is the version I am referring too. As I had stated in the original post the issue has been partly corrected, so you may not experience what I am reporting, but the issue is still there, just slightly less obvious than it was in the previous version. You may have to probe around a little more if you wish to discover the pcflank leak which is still going on behind the scene. Anyhow, if some developers swing by this thread please refer to my original post at the top of this thread which explains it all in detail, the rest of the thread beyond that, including my own replies will only cause much confusion & chaos.
Again, I repeat, please refer to the very top post regarding this matter, anything beyond that is just a series of miscommunication/misunderstanding.
Well, sort of, but not exactly. That was as simple as it was with v18.104.22.168. Now, with the latest update, v22.214.171.124, it has a properly placed/timed popup etc & appears to be blocking internet access initially during the test, however, the text is still being transmitted somehow, & furthermore, the text is being re-transmitted over & over everytime the browser is re-opened after concluding the test, & during those re-transmissions there are no popups. Apparently the browser & memory are still infected with the leak test afterward (untill reboot), but it does not raise any further popups & just sends the text quietly each time the browser is opened, this is of course after hitting deny on the popup during the actual test. As I mentioned in the original post, I have Maxthon set to remember my last opened tabs, so you may want to check into that aspect. I’m not sure if the same result would be achieved running a basic IE6 with no tabs, but I think you have enough info to pick up the test where I left off & troubleshoot it further.
Please understand this may be obvious but did you know the text does stay on the site? I can download the test and even if blocked it shows the original text. This may have been mentioned but use a different text (completely) each time. They keep the text on there which to me isn’t right, it should be deleted as it has fooled many. Just a thought though.
I have run the PC Flank leak test 3 times today and cannot duplicate the results that you are seeing on your machine. If what you say is really happening, I believe it to bne a local phenomenon on your machine. My computer passes the PC Flank leak test with the update to 126.96.36.199 as of Sept 29, 2006. Prior to Sept 29 with earlier versions, my PC failed PC Flank leak test every time.
NOTE 1: The PC Flank leak test has an error. Even when you pass it, the little window pops up to say that you failed. But if Comodo gives you a pop up to deny, rest assured that your text did not get sent. Again, I took the test 3 times today and each time PC Flank told me I failed, but not once did my text get transmitted.
NOTE 2: Make certain that each time you take the test, you type something different. I like to type in the date and time that I took the test. Remember, the text that you tramsmitted in previous runs of PC Flank Leak test remains on that website and you see that data every time you go to that web page. So if you use date and time as your text, you will absolutely know if you failed or not.
In any casem I am sorry that you are still having issues. The problem is completely resolved on my machine.
EDIT: After re-reading your initial post more carefully and looking at your screen shots, it is obvious that you are having a different problem thatn I am. I was failing the PC Flank leak test priot to Sept 29, but not having the text sent over and over. I am not a computer ■■■■ at all, but I think it may be maxthon related.
Hi, I deleted my post as I am not sure Kail was talking to me, and would have made no sense then, lol. I “think” I know what you mean and may be the same issue I have with all denied accesses.
Correct me if i’m wrong but…
After denying the test, or other OLE attempts, CPF keeps popping this up every time you try to access the internet\open browser? It won’t get rid of the memory of the program unless you do a restart? Is this why you think the test is still in memory? So after running PCflank, it keeps re-popping up?
Just to make sure I understand the nature of the problem;
Despite clicking DENY, the text string you type in IS transmitted to the PC Flank website
This same string is being sent whenever you open Maxthon, even if you are not running the PCFlank test (???)
The only real way to accurately test this is to install a packet sniffer (like ethereal - I know, it’s now got another name), run the PCFlank test, check the results on the PCFlank web site, shut the PCFlank leaktest application window, shut the browser, open the browser, go to any website except the PCFlank one (to ensure connectivity), shut the browser, stop ethereal sniffing, examine ethereal logs.
IF the string is being repeatedly sent, you should be able to see multiuple instance of this.
I can’t, for the life of me, see how this could be happening. Not saying it can’t, but I just don’t understand how a text string entered into application X and transmitted from application X to a web site via a browser, can be releatedly sent via the browser if application X is no longer running.
If the text string is being sent repeatedly AND the PCFlank leaktest executable is not running, I’d love to know what other component has 1) remembered the text string and 2) is communicating via the browser in exactly the same manner as the leak test and 3) not being spotted as a different application/component by the firewall.
There’s a lot of if’s and and’s in here. Hopefully there’s a definitive problem and a definitive solution, as well.
Try the packet sniffer and see what you can get from that. Please post the results (positive or negative) back here.
None of these replies are quite on track with this issue. I’ll reply a few more times & re-explain some things that are already mentioned in the original post & the thread preceeding this one about v188.8.131.52 & 184.108.40.206, but I am not sure how many more times I can reiterate what is already explained in the original post. I know it may be confusing, & especially if one had not been following the previous thread, but it’s not really that confusing. It would seem as though some of you may not be reading the original post correctly or thoroughly, I really can’t be sure, but most of the replies are quite a distraction & nowhere near relevant to the issue, except where solo originally thought I was speaking of a different version when I called it 220.127.116.11, that was a typo that I needed to clear up.
I know you probably don’t read all the posts regarding this matter, but the answer is yes, I do know that, I have explained this so many times in text as well as pictures, but I will explain once again. If you will note in any of my screenshots that I have ever posted in this thread or others pertaining to this issue, you can see that I always use a format which denotes “firewall-brand_version-number_current-date_current-time.” I have also stated numerous times in a previous thread that I am completely aware of this. Thanks for asking though, I know a lot of people become confused regarding pcflank, myself I do not find it confusing.
Designed to or not, this is exactly what it is doing under the circumstances I have listed in the original post & shown in several screenshots in both the original post of this thread as well other threads. It is doing this after Comodo appears to have passed the test & blocked the page from loading. It is not doing this with Outpost.
This is not specific to a particular machine, these results can be obtained on all machines. Whether you consider your pc or your firewall to be failing the test is a matter of perspective I suppose, but the test is designed to go against your firewall, it is generally the firewall that is considered to be failing or passing the test, not your pc, so I don’t think your pc was ever failing the test.
@ NOTE 1:
It is not necessarily an error in the pcflank test which says the firewall fails when in fact sometimes the leak is blocked, it is a matter of how the test interprets whether the firewall passes or fails. For example, when you run pcflank against Outpost firewall it does not say that it fails, the leak is intercepted before the stage where the test thinks the firewall is failing & the test then proceeds to clearly state that the firewall has passed the test. Outpost also blocks cpil before it gets to that stage of transmitting the data. Anyhow, regardless, my idea of whether a firewall passes or fails is in that it blocks the leak, whether the test officially says the leak is blocked is perhaps not as important, so we are in agreement there.
However, when Comodo gives you a popup to deny you cannot rest assured that the leak is blocked as I am showing here in an effort to get this tightened down a bit more. Sometimes the leak is blocked, but there are circumstances where the popup blocks internet access & appears to be blocking the leak when in fact the data is being leaked silently behind the scenes regardless of the popup. This is not a new phenomenon, there are many threads regarding this. The popup alone does not necessarily mean that you can rest assured that the leak has been blocked, but currently Comodo is getting very close to plugging this pcflank leaktest entirely, it’s just not quite there yet. Even though you may be able to get it to pass, that is not entirely conclusive as you are not using all means, I too can get it too pass, but I can also get it too fail & this is what I am attempting to show & explain here in detail so that the firewall can be snug as bug in a rug no matter who, how or what is running the leak test… was that a saying, I have no idea, it just popped into my head, sorry about that…
@ NOTE 2:
I’ve explained this a lot of times in the past but you may not have read the posts or looked at the screenshots - I always use a format which denotes “firewall-brand_version-number_current-date_current-time.” I suppose it may be a matter of opinion, but again I would consider that the test is running against the firewall & it is the firewall that is passing or failing, not the user.
This can be reproduced on any machine. This problem lies within the firewall software itself, not within your machine or any machine in particular & therefor the problem is not resolved on your machine. Though understandably I can see where you might think the problem is resolved on your machine as we are speaking about a slightly different problem. The issue you are thinking of has been resolved within the firewall, but the issue I am raising here in this thread is not yet resolved. It is very similar in that involves Comodo failing pcflank, but the difference is in the details.
That is an issue with cpil, but with pcflank it’s not actually repopping. What is happening though is that the same text string is getting leaked multiple times when the browser is restarted after concluding the test. Now when I say the same text string I am not talking about how the previous results are saved server side at pcflank… as you can see in the screenshot, the same text is actually being re-leaked multiple times a few seconds or minutes apart each time the browser is restarted after the test has already been concluded.
I’m not sure if any of this further reiteration makes things any clearer or just causes more confusion, anyhow, I would ask that an actual developer that may be trying to work on this refer to the original post as it is all there in fairly simple terms.
One last thing just to be entirely clear, I’m not looking for advice on how to get Comodo to pass or whether others get it to pass, I too can get it to pass. This is about Comodo not passing under certain circumstances which are explained in the original post & I am attempting to inform a developer so that it may become stronger. Again, I have no interest in simply getting Comodo to pass by doing everything just right, that’s very easy. I want the program itself to block the leak tests in a variety of situations & I don’t think running a tabbed browser which is set to remember previous tabs is all that unsual, in fact a lot of people should be running a browser in such a configuration, it is very convenient.
Yes, I see what you mean. While I have to agree to leave it to some others who are more knowledgable, than I, like Panic, <—very smart guy–>or egemen, etc…This is a very odd problem and whoever helps you, I hope you indeed get it resolved.
One thing I forgot to add - as you’ve said you can achieve this leak on any PC, if you are going to install ethereal and sniif the data flow, can you please ensure that it is installed on a PC that you have not yet run the PCFlank leaktest on.
Ideally, ethereal should be running BEFORE the PCFlank leak test is run on that PC for the first time. This is just to make certain that we are not just capturing the data flow from a “repeat” transmission, and our capture includes - 1) clean start, 2) leaktest app launch, 3) attempted string transmission, 4) (hopefully) cessation of transmission due to CPF blocking, 5) browser startup and shut down, 6) browser startup and web page load, 7) browser shutdown, 8) browser startup.
If data is being surreptitiously retransmitted, I would expect to see it re-appearing at points 6 and 8 in the above list.
Perhaps I did not clarify this enough in the original post. I believe this has to do with tabbed browsing & having a browser set to remember the last tabs when you restart. I did mention this, but perhaps I did not emphasize it enough. Whatever that page is that pcflank fails to open after you hit hit deny on the Comodo popup, it is probably the culprit here, when the browser is re-opened. Please see attached photo & take special note of the way several of my test time stamps are repeated even though the actual server time stamp is later & later each time. To be absolutely certain please listen to this part carefully, I do not rerun the test more than once with the same time stamp (unless the date is different), only the first in a series of any given time stamps is the leak occurring at the time of the actual test… then, after closing the test & re-starting the browser, the same text is apparently still queued up & gets re-transmitted with each browser restart, & there are no popups anymore at this point, nothing after the first popup which gives the illusion of blocking the leak. If you don’t manually navigate to http://www.pcflank.com/pcflankleaktest_results.htm or have it tabbed in your browser, you would never realize all these leaks were occurring as the initial popup gives the impression that it is blocking the page from opening & hence blocking the leak from occurring. That’s it, the plain & simple facts.
I don’t have any more energy for this today myself, but I think any developer should have enough info to work with between this & the original post to take over from here, remember I am only testing Comodo in spare time. I think I’ve thoroughly explained the basis of the problem & provided the means & now I would expect for someone who will actually change the code to take it upon themselves to reproduce what I have illustrated & go from there in implementing the necessary changes. I’m not going to actually amend the code myself & I don’t think it is prudent for me to spend anymore time testing what I have already clearly defined for a developer to look into.
Of course on any given day I may run other tests or variations & report any discrepancies I find, but I think I’ve done all I can do on this particular matter. The info is all there for you, please pick it from here. It’s not fair to keep asking me to go further into it when I’ve already exhausted all possibilities regarding this & stated clearly how to reproduce it.
where, if I am not wrong, ID is the encoded text you typed. CPF will show a popup and block the request. But although it is blocked, Maxton, remembers this failed URL as the last visited URL, and next time you open Maxton browser, given remember my last visited url option is selected, MAxton will ask you if you want to visit the last visited URL, upon pressing YES, the same URL will be submitted.
This leads the data you entered to be sent again and again. Thats why OP sees more entries in pcflank site. Not the leak test is trying to send but everytime the browser is opened, it is sending the data remembered as the last visited URL although not literally visited, again and again.