is the “web browser rule set” in comodo able to avoid this to happen?
as i read about this fact, i noticed some advices about “browsers should not be able to reach other ports than those for http protocolls”.
when i look in the “web browser rule set” in comodo, there are some other allowed protocolls.
am i right, that if i would visit one of those malicious links, comodo would not say a tone, and firefox would connect irc and spam?
my workaround was to add a rule for “ask port 6667 outgoing” in web browser rule set.
example of a news about it : Firefox-based attack wreaks havoc on IRC users • The Register
I just checked the predefine Browser policy in v4 beta. It should protect against outgoing traffic on port 6667. Only it the exploit would use FTP ports it could be effective.
[attachment deleted by admin]
i think, i will make my own web browser rule set. so i can erase all not necessary protocolls, and if i see problems, i have the original rule set still there.
what you dont need, you should not allow.
btw, with the “block and log”, comodo would not ask unexperienced users if they want to join irc. it would just not work. thats a little contra.
maybe a question like this would be userfriendly: browser tries to connect to “port”, this is usually when you try to connect to “()”. if you dont try to connect, you should decide to block this attempt.
like in defense+. just for the main browser port examples beyond the rule set.
EDIT: in the default firefox setting is IRC set to “ask”. this means, if you run irc already, the exploit will work. and then you are lost. in this scenario comodo cant help you. only if it would ask for " another ip to connect". but in your actual channel/network your client will spam for sure. so its a bad idea, to use irc with firefox now.