We just have to send a little mail
“Hey, look this new application to synchronize your pictures with facebook. I try it and it’s great !”
Once executed, it takes web browser informations and send it. We just hoping to have some cookies or saved passwords to steal some facebook accounts in this example.
Why you want we find a way to infect the computer whereas the user will do it for us ? >:-D
There are reasons behind why CIS by default allows outgoing connections… Which Melih did clarify.
The risk profile is VERY low. In order for a Trojan to steal data, it MUST infect first. And with the current CIS 4 architecture in CIS this is pretty much virtually impossible. Off course there will be a Trojan that is non-infecting and tries to read protected files/keys, but screen capturing/key logging is not possible.
So basically, for a trojan to steal data, it will need to infect the PC first. D+ & Sandbox together prevent the trojans from infecting in the first place.
Ok granted the dev’s reason “can’t infect so allow all oubtound”; then why should I use CIS’s firewall? XP’s does the same. It allows all outbound and stops all inbound. 7’s is one step ahead (and I think msft have done a wonderful job on this); it has outbound and inbound. CIS’s firewall is redundant, turn it off.
It doesn’t make any sense to use CIS’s firewall with this rule setup. Its a waste of code/cpu cycles/ram/read-write cycles and what not. I don’t use CIS to filter inbound, I have a router and windows own wall…what I do need is outbound. And by I, I mean all users using Comodo products since v2 days. Remember it was just a firewall back then… 8)
I love the direction Comodo’s heading in=AV+BB+Sandbox, oh wait we already have another product like that… :-TD
We just have to send a little mail“Hey, look this new application to synchronize your pictures with facebook. I try it and it’s great !”
Once executed, it takes web browser informations and send it. We just hoping to have some cookies or saved passwords to steal some facebook accounts in this example.
Why you want we find a way to infect the computer whereas the user will do it for us ?
It is precisely the issue: CIS V4 was aimed at novice users, with a default friendly minimal alerting behavior, whereas most often this novice user wants to use facebook and more largely speaking whatever gaming or p2p ■■■■ thinking he will be silently protected:
you won’t keep these people infecting themselves, and such a silent behavior is therefore not an argument for the protecting software qualities.
CIS V4 would lose in market share but gain in credibility if setting the defaults tighter, with the evident counterpart of more alerts and customization: a very good product is under attack here (and elsewhere…) not because of its lack of quality, but because its default behavior is not.
I don't use CIS to filter inbound, I have a router and windows own wall...what I do need is outbound. And by I, I mean all users using Comodo products since v2 days. Remember it was just a firewall back then...
Not serious.
Not speaking of windows firewall (it is, by the way, lousy in its default xp version) and i have it personnally disabled, most end users do not have a reliable router firewall, or even no router firewall at all.
I have used Comodo 2.x (no other choice under, at the time, windows 2000) and i am now using V3, i don’t want to hear about V4 at the time speaking.
But i definitely want both inbound and outbound, and i suppose i am not the only one.
Umm. I haven’t been programming for very long, But without hooking\installing anything I can make an application to read data, store it within a list. and If I was knowledgeable enough… Could send it somewhere.
OK Melih,
As another user in the forums has already posted. There is indeed forms an app can steal data. For example a test key/sound/etc.logger. The following app can bypass CIS sandbox and take a snapshot, also it can record sounds from the microphone, and it can capture video.
Try it,
http://www.spyshelter.com/download/AntiTest.exe
In screenshot log, the test 4 is the one that is able to take screenshot.
With the rule in default allow all outgoing traffic, auto-sandboxed malware using this methods can:
-send screen captures
-send sound captures (using mic)
-send video (using camera)
if you just want the firewall, then you can download and install just the firewall version of Comodo and you can tweak it to your liking.
Melih
Melih, Can your Devs test my latest post, so they can fix the issues of the screen grab, and sound logging?
Even in Proactive Mode, it cant block the app, if its auto.sandboxed.
You don’t understand what a sandbox is meant to do… please use Wikipedia… Sandboxing is NOT mean’t to protect you from those things. It’s meant for Virtualization and software restriction.
mouse1 had a good intro into sandbox on the forum.
thx
melih
So, using CISwith autosandbox is less safe thanusing CIS without autosandbox?
I only trust CIS to protect against inbound.
After a few years using only Comodo firewall protection (v.2) I was given a Netgear router / modem.
I liked the higher speed its modem obtained from my ISP.
I liked the hardware firewall taking the strain when a trojan army was hammering my IP Address.
I retained all Comodo protection because I trusted it, and Netgear protection was unproven .
Even though set to block all incoming, Netgear protection FAILS against incoming.
I needed to upgrade software from a remote site.
Netgear had no objection to the download.
Comodo protected me from potential malware because what started as an IP OUT that should have returned the download to the originating Port number, was instead taken by the remote site as an invitation to attempt an unauthorised IP IN to a Port number I had not sanctioned.
That remote site has a good reputation, and I do not believe the owners intend to supply malware,
but I only had that experience once, which suggests the site may have been hacked.
Netgear gave zero protection.
Netgear is configured to block ICMP incoming.
If I initiate a TCP out connection via a specific port to a specific site,
Netgear will still allow that site to respond with a connectionless (no Port) ICMP transaction.
Could be a privacy violation,
could actually allow infection by ICMP protocol messages and a total take-over by hackers.
Netgear seems to protect against any incoming from sites to which I have not established communication,
but if I do communicate with a site then Netgear allows them to throw any form of malware onto me.
I name Netgear because that is what I experienced.
I have no reason to believe that any hardware based firewall is superior
I require 100% incoming protection from a software firewall,
a mere 99.?% incoming protection from Windows Firewall + hardware will not let me sleep at night.
Alan
What makes u think that software inbound is any stronger than a hardware inbound firewall?
What makes you think that anything on Earth,hardware or software will offer 100% protection?
+1
Alan - No Software, No Hardware, can offer 100% protection today. It simply does not exist.
How can a ‘hacker’ get me if they can (A) not see me and (B) my ports are closed with no unsolicited access allowed?
I fully accept that there is no perfect guarantee of protection.
BUT - PLEASE NOTE :-
When I visit a web-site to view something, or to download something,
it really does not matter if “my ports are closed with no unsolicited access allowed”,
that web-site will have my IP address and the number of the OPEN port I have provided for its reply.
My netgear router firewall is happy to permit anything which comes out of a site,
which may be ridden with malware introduced to it by hackers,
even if it uses the wrong protocol and/or aims at one of my ports that I did not authorise to it,
In this situation I rate Netgear protection at 0%,
whilst Comodo is 100% effective against rogue ICMP protocol infections,
and also 100% effective against anything incoming to a port I have not opened.
I accept that the Comodo Firewall will not prevent a malware download if :-
I asked that web-site for data ; and
It responded with the correct protocol to the port I opened.
My layered defence is :-
Comodo Firewall may not be fully effective against malware which is supplied upon my request,
but it is very much better than a hardware Firewall that thinks I deserve whatever and however that site responds.
Regards
Alan
I could of said your comparing apples to oranges… but I’d probably get a flame and demanded to explain why… so I might as well dissect and reply now. 
I fully accept that there is no perfect guarantee of protection.BUT - PLEASE NOTE :-
When I visit a web-site to view something, or to download something,
it really does not matter if “my ports are closed with no unsolicited access allowed”,
that web-site will have my IP address and the number of the OPEN port I have provided for its reply.
Thats not a firewalls job to tell which websites and what IP addresses to connect to. That would be a website blocker kinda like WOT, and an IP blocker like PeerGuardian and Malwarebytes IP blocker.
A firewalls job is to be default deny and allow on exception (Like when u goto google.com) and deny all others connections that u didn’t initiate.
My netgear router firewall is happy to permit anything which comes out of a site, which may be ridden with malware introduced to it by hackers, even if it uses the wrong protocol and/or aims at one of my ports that I did not authorise to it,Same as Above.
In this situation I rate Netgear protection at 0%,I'd rate my T.V ZERO for not washing my car today too. But I can't, Cause that isn't what they are designed to do. Apples and oranges.
whilst Comodo is 100% effective against rogue ICMP protocol infections, and also 100% effective against anything incoming to a port I have not opened.A closed port is a closed port. No matter what way u look at it. Hardware\Software. Both the same.
I accept that the Comodo Firewall will not prevent a malware download if :- I asked that web-site for data ; and It responded with the correct protocol to the port I opened.Replace 'Comodo' with Firewall as a generalization and your on the right path :-TU
I won’t go anymore… I think I made my point clear enough…
The “All application” rule also deny inbound connection for some trusted/safelisted applications and related help requests began to accumulate in these forums (I assume LivePC technicians will have to address similar requests as well)
Users might manually define those application as trusted (Firewall common tasks) or switch to Proactive config but all in all wouldn’t be reasonable to ask the end users installing both the FW and the AV if they wish to get alerts for unrecognized applications (and no default inbound deny) right off the box? ???
If related choice is provided during installation the current settings might also be opted-in (ticked) by default whereas users can change it if they actually wish so (with or without 3rd party advice) during install.
Post-installation related changes might also be made easier by means of wizards (which provide an easy shortcut for help requests as well)
@ Alan Borer:
[ I totally get you. Inbound is important, or more correctly was important. Windows 95/98/ME came with open ports which allowed for file/print and what-not sharing. This was to make the users life easy, it did that; along with making a hackers job easier. Not because ports were open, but because these open ports represented protocols which had vulnerabilities. One of the most successful worms, Sasser exploited this and we all know the results.
As of XP and specially of 7, the firewall is pretty darn strong. Ubuntu (a linux mint) has no firewall primarily because it has no open ports. Lets say that port 12345 is open. What would a hacker do? There needs to be exploitable code which can be used for privilege escalation and running arbitrary code.
If a port has no known vulnerabilities you are safe even if you never use a firewall. Firewalls are so 2001. Incidentally Confliker (one of the biggest worms of last year) Infected via USB pen drives and emails (that is social engineering). The firewall we get nowadays is good for filtering outbound. Inbound is, imo, redundant. ]
I bet anything that in the future, CIS will be AV+Sandbox+Behavioural Blocker. The firewall and D+ will be neutered and or removed. The firewall business was the rage 2-3 years ago, when everyone and his uncle wanted to score on matousec. Now, sandboxing is the craze. ;D
Thankfully for us, Microsoft has realized that to make a good OS security is important. Windows 7 out of the box, will protect 90% of users (i.e. normal browsing habits and what not… and no please don’t tell me that google.com can get infected… … yeah sure and i’d hit a $1billion lottery tonight 88) ) For those 10% who are part of the dark side… well there’s a lot to choose from. :a0
Another thing on firewalls: Hackers NEVER (except personal vendeta) hack an individual, they will always go for corporations & government. More ■■■■ for the buck.
ps. wanna see some real routers with firewalls… http://www.tribecaexpress.com/ciscoprice.htm :o