Hi
If you click the Manage Networks and click Trust Network for your local network, it will automatically create two new global rules; 1: Allow all outgoing requests if target is in XXX 2: Allow all incoming requests if sender is in XXX where XXX is the name of your local network.
At first glance it looks as if these two rules allow your machine to send anything to itself and receive anything if it was sent by itself. But when I test it, other machines on the network is allowed to send packets to my machine when these two rules are allowed. Does it mean it will accept any traffic data from that local network if I trust it?
All traffic from the local network will be accepted.
That is dangerous. If a nearby wireless spoof your mac address and find the password it can connect to my computer. Also, the “Do NOT show popup alerts” is also a dangerous setting. It might confuse users into thinking that it will not take a default action, but rather show an action related to “allow” or “block” and then don’t take any action.
The user might click the checkbox and set it to “Allow” and then thinking it will block messages for allow rules, while in reality it blocks messages and ALLOWS traffic. They should rename this feature, very dangerous.
Did you understand what I was saying? If the user sets it to Allow he may be thinking it only blocks messages for allowed traffic, and if he sets it to Block, he may be thinking it blocks messages for blocked traffic. While in reality it is doing a completely different thing. It’s dangerous naming from Comodo, they should rename it strongly.
“Do NOT show popup alerts” and then Allow requests or Block requests is bad naming. Rename it to:
“Do NOT show popup alerts” “Silently allow requests”
“Do NOT show popup alerts” “Silently block requests”
That’s why it is important to enable ARP spoofing protection and choose a strong password on your wifi. Trusting the local network is a choice of convenience with a certain security risk. It is up to the user to choose what balance between security and convenience is acceptable.
Also, the "Do NOT show popup alerts" is also a dangerous setting. It might confuse users into thinking that it will not take a default action, but rather show an action related to "allow" or "block" and then don't take any action.
The user might click the checkbox and set it to “Allow” and then thinking it will block messages for allow rules, while in reality it blocks messages and ALLOWS traffic. They should rename this feature, very dangerous.
Did you understand what I was saying? If the user sets it to Allow he may be thinking it only blocks messages for allowed traffic, and if he sets it to Block, he may be thinking it blocks messages for blocked traffic. While in reality it is doing a completely different thing. It’s dangerous naming from Comodo, they should rename it strongly
“Do NOT show popup alerts” and then Allow requests or Block requests is bad naming. Rename it to:
“Do NOT show popup alerts” “Silently allow requests”
“Do NOT show popup alerts” “Silently block requests”
I agree the wording could be better. It would make a good wish in
Wishlist - CIS.
Yes, bad naming is just as dangerous as a technical bug in the firewall software, there is no difference in level of danger. User errors accounts for many of hack incidents. Hackers doesn’t usually rely in unknown software, they use system programs and send out secret data as ICMP or UDP packets, using smart techniques. They don’t usually have to bypass the firewall once they are inside.
They simply just send icmp ping requests in a specific order to simulate data on your computer, and then re-create the data on the recieving end, using already trusted ping software on your computer. They don’t need rootkits.
I wonder if Comodo is up and running very early during boot up time, or if it is vounerable during that phase. Because hackers only need one split second of unattention to break in.
CIS starts very early in the boot process.
If that is not enough and you’re really cautious you might want to enable Block all unknown requests if the application is closed:[quote]Block all unknown requests if the application is closed - Selecting this option blocks all unknown execution requests if Comodo Internet Security is not running/has been shut down. This is option is very strict indeed and in most cases should only be enabled on seriously infested or compromised machines while the user is working to resolve these issues. If you know your machine is already ‘clean’ and are looking just to enable the highest CIS security settings then it is OK to leave this box unchecked. (Default = Disabled)/[quote]
Keep in mind that this setting may interfere and you may need some extra tweaking.