That custom policy looks awesome. It allows the program to work but also adds an extra layer of security that prevents exploits to be abused.
I believe this level of configuration is possible for many applications.
My suggestion is that we start building a list of custom policies for a bunch of programs. These could be configured to allow and block behaviour for common applications.
A game has no business modifying files other than its save-files, it might want to connect to its site to check for updates or “phone home”
Using the community rules could be built to allow the updater to do its work in the game folder, and allow the game to edit\create\delete its save files. Finally the application should be allowed to update but no phone home.
We could set the exact ip adres that it contacts to, the community would update the IP if it changes.
What do you guys think? Maybe eventually Comodo could add these peer-reviewed profiles to CIS.
I’m not good with the advanced rules yet so all i can do is suggest some applications to start with:
Utorrent and Emule already have nice rules, maybe they need updating?? i believe they don’t have defence+ rules yet
Programms that come to mind are:
-All the browsers(opera,firefox,internet explorer, chrome(ium), safari)
-Foxit reader(had some exploits in the past so could use the extra protection)
-Windows live messenger
-Windows media player
They key idea here is to create rules that:
-Allow the program to do what it needs to do(Defence+)
-Block all other behaviour(Defence+)
-Allow network connections only where needed, preferably restricted to a single ip(Firewall)
-Block all other network connections(Firewall)
The result is programs that are safer from exploits, privacy level is increased but no-phoning home.
The best part though is, no-pop ups from the application! (and a silent CIS is what we’re all looking for right?)
Block everything except:
-Must be able to read\write from all drives including network drives
-access to its settings registry keys
-access to the text clipboard read/write
-access to the printer
Block everything inbound and outbound but still allow read/write to network shares
Yes, that would be great… Then Comodo could set up a database with rules for applications and games, so that people don’t have to configure everything manually.
These could be in a special format or something, so that they don’t totally replace the current rule set.
I think it is a great idea, since sometimes is hard to figure out what does an application need to do, and what it doesn’t need… In special, IM apps, like windows live messenger, windows live messenger plus (a non-microsoft package to extend wlm capabilities), g-talk, skype, pidgin…
Does anyone know how to apply a rule to a program in the firewall when that program is not trying to connect to the network? (trying to create a deny all network access rule for a program that never accesses the network)
Don’t you need to add this rule to make it secure??
Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any
Thast because you are one of the few people who reads and then understands what Comodo is asking.
I hope you add the full block to the profiles you made in this thread, but you are free to leave them out on your local setup. Not having the full block makes the exploit-protection useless for 99% of users
The goal is to create complete and watertight profiles(where possible 0 pop ups ever).