Ability For CIS To Analyze The Type Of Info Which Apps Would Transmit [M1014]

1. What version of CIS, or Comodo Firewall, are you currently using:
7.0.313494.4115

2. What actually happened or you saw:
When an unknown application tries to connect to the internet currently the user is only presented with information about where it is trying to connect.

3. What you wanted to happen or see:
In addition to this I would also like to see information related to the type of information which the application is trying to transmit. (For example, is it only pinging the IP address, or is it transmitting pictures, text, encrypted files, …)

4. Why you think it is desirable:
Having more information about what the applications intentions are would allow the user to make better decisions as to whether to allow the connection or not.

5. Any other information:
I’m not sure exactly how this could be implemented, but perhaps there is some way for CIS to trick the application into thinking it has already connected with the intended address. Then CIS could analyze the type of information which it would have transmitted.

What do you mean when you say that it would “allow those applications to connect to it’s target virtually to clarify their intents”? What does virtually mean in this situation?

Thanks.

Hi there! I meant something like this: app asking to connect to 1.2.3.4, our sandbox says okay, go. And pretends itself as 1.2.3.4. App sending data, which may be analyzed. Seems this is impossible, sorry, i’m wasting Your time :-[

Are you essentially saying you would like it to intercept the data which unknown apps try to send and instead send garbled information of its own? If so, what is the advantage of doing this rather than just blocking the connection? I’m trying to fully understand this wish.

Thanks.

Data interception on demand - yes. But i mean all the data from foe (let’s call it like this?) app, stay inside this sandbox, nothing (even garbled digital noise) is going out. Just small network (with all big network’s attributes) inside the sandbox, thats it. In that case we got more info than when we just blocked the foe. My english is pretty bad, sorry.

I suppose I’m still confused. If the Firewall was able to tell you which domain, not just IP address, an app was trying to connect to (this is what another wish asks for), wouldn’t the user already have this information. If the firewall makes it seem like the app is sending garbled information, I don’t see how this would provide the user with more information, as they are already told where the information is transmitted.

Am I misunderstanding, or is the proposed benefit probably not worth all the coding necessary to accomplish this?

Thanks.

The user doesn’t know the actual data being sent, which I think this is all about, analyzing the actual data sent.

Sanya, thanks for the input.

So, is this wish essentially for the Firewall to not only let the user know where the app is trying to send the data, but to also have the ability to analyze the type of data being sent, and present the user with some sort of summary?

If that is correct, than I think this is an interesting wish.

Thanks.

I have just updated the title of this Wish Request, and also edited the first post. Please look them over and let me know if you see any problems.

If there are no problems I will forward this to the Waiting Area for Voting.

Thanks.

Thanks, guys. I agree with such edit. Let it be as it now. Maybe in the future it’ll grow to something real?
To be frankly i almost understand how it may be implemented. Via IP emulation. It’s easier to draw than write, so take a look at attachment please. Funny picture, isn’t it? At position #2 we may get all the data, which “foe” trying to send to “chief” to analyze it and decide do we really want to allow such conversation. Somehow like this, hope i amuse all of you today ))) Bye!!!

[attachment deleted by admin]

Thank you for submitting this Wish Request. I have now reset the poll and moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

I think this wish is very unclear. That should make the programmers? To give a piece of TCP package?
What can they do at the stage of establishing the connection, when data is still not transmitted any?

Inside any data format, intruder can send anything intruder want. This wish will not increase security but will require a lot of programming.

Therefore, I vote No.

I voted “Maybe”. It’s a nice idea but I don’t know if it can be done.

I suppose if CIS will work as sort of a proxy, it can show the user contents of a packet, but I doubt this will make much sense to the user, if any.

Nice idea, I would love to know what data an application is sending. For example program X may be a trusted program and supposedly only sending annonumous program stats text data and Comodo with this feature could analyze that data and find out its sending personal information and present this information to you and now you you can easily make the decision to block the program from sending this data.

I would like to thank everyone who has voted on this particular enhancement. As this wish has accumulated the necessary 15 points I have added this to the tracker for consideration by the devs. However, do note that even though this wish will be considered by the devs, it does not necessarily mean that it will be implemented. I will update this topic when I have any additional information.

Thank you.