Can Comodo thwart F.B.I. spyware? [RESOLVED]

First of all I must say, the reason I have decided to join these forums is because I have found an incredible free firewall that I am so impressed by, I felt compelled to join these forums and try other Comodo products.

I got a new pc (XP) last year and it came with a 90 day subscription to Norton Internet Security (2006). I was actually pretty happy with Norton but then my subscription ran out and I was left without virus updates. I procrastinated for three months before finally deciding it was time to uninstall it and get something up to date.

Ive learned quite a bit about computers and internet security and malware and various things in the past year, so I was prepared to make educated decisions about what software to try.

Before I try any new software I always thoroughly seek out reviews and recommendations so I know if something is worth trying or not. I always seek out multiple sources for those reviews and recommendations.

I believe internet security starts with a good quality firewall. I read quite a few really good reviews about Comodo firewall and decided I would try it out.

I have used Comodo firewall for about 5 months now and its incredible. I will not be trying any other firewalls because I simply dont need to. I am very happy with Comodo firewall 3 and feel very protected.

I tried Avast anti virus and it ended up not working out for me. I am on dial up internet and its very slow as it is, but because all HTTP traffic went through Avast’s “web filter” servers it slowed my connection down even more. It would take 5 minutes just to load a freaking web page. I switched to AVG and like it better, though I’d like to find something I like more, as far as anti virus.

As of right now I use Comodo firewall 3, Comodo memory firewall, AVG anti virus free edition, BOClean, Windows defender, Ad-aware 2007 (sucks, so freaking buggy cant even update signatures or software), and firefox with Noscript and Adblock plus. I feel pretty secure but would like to find AV I like more.

Ok, enough with the long introductions.

"The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.

Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect’s computer, other information found on the PC and, notably, an ongoing log of the user’s outbound connections."

“The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique,” Sanders wrote. A reference to the operating system’s registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was “previously connected to.”

"After CIPAV is installed, the FBI said, it will immediately report back to the government the computer’s Internet Protocol address, Ethernet MAC address, “other variables, and certain registry-type information.” And then, for the next 60 days, it will record Internet Protocol addresses visited but not the contents of the communications.

One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence.

Another is that the FBI has found (or paid someone to uncover) unknown vulnerabilities in Windows or Windows-based security software that would permit CIPAV to be installed. From the FBI’s perspective, this would be the most desirable: for one thing, it would also obviate the need to strong-arm dozens of different security vendors, some with headquarters in other countries, into whitelisting CIPAV.

Earlier this week, News.com surveyed 13 security vendors and all said it was their general policy to detect police spyware. Some, however, indicated they would obey a court order to ignore policeware, and neither McAfee nor Microsoft would say whether they had received such a court order."

http://www.wired.com/politics/law/news/2007/07/fbi_spyware

"FBI Spyware in a Nutshell

The full capabilities of the FBI’s “computer and internet protocol address verifier” are closely guarded secrets, but here’s some of the data the malware collects from a computer immediately after infiltrating it, according to a bureau affidavit acquired by Wired News.

• IP address
• MAC address of ethernet cards
• A list of open TCP and UDP ports
• A list of running programs
• The operating system type, version and serial number
• The default internet browser and version
• The registered user of the operating system, and registered company name, if any
• The current logged-in user name
• The last visited URL

Once that data is gathered, the CIPAV begins secretly monitoring the computer’s internet use, logging every IP address to which the machine connects.

All that information is sent over the internet to an FBI computer in Virginia, likely located at the FBI’s technical laboratory in Quantico."

I have a few questions.

1. will any Comodo products protect a computer user against CIPAV or similar spyware? - if so, how? Please elaborate.

I dont think BOClean would protect against this, as it uses signatures to detect known threats. I have not tried CAVS 2 beta, so I have no opinion if it would stop it or not.

The only Comodo product which has a chance to protect against this type of advanced spyware would be Comdo firewall 3, in my opinion.

2. Has Comodo been forced to whitelist CIPAV or any government/FBI/police spyware? - Would Comodo whitelist if requested?

3. If you think any Comodo products would protect against this, how confident are you? 0%-100%

If at all possible I would like to hear from some Comodo people. Employees, Programmers, anyone. I respect the members of these forums but I would like to hear from someone involved in the development of Comodo products, as they know them best.

While this FBI spyware was used for good, necessary purposes, the vast majority of spyware/malware is used for bad reasons. This FBI spyware is very advanced from what I can tell, and if the FBI can create advanced spyware, so can other people. I personally dont want to fall victim to some kind of advanced malware.

Ive read some of Melih’s posts about why he started Comodo and why he offers free products and I wanted to say thank you for making such a great firewall free for everyone. It was actually pretty inspirational reading one of his posts - I am a musician and Im trying to make my way in this world. I want to release my music by myself, without any of the hassles of greedy companies … I mean record companies. Its good to learn of people building an idea from the ground up into a solid, competitive, successful company. Hopefully one day, I can find my own success.

Thank you Melih

Greetings!

Comodo Firewall Pro 3 will prevent it from connecting back to FBI’s IP. Defense+ in CFP3 will even prevent the spyware program to run! I don’t thing BOClean or CAVS are able to identify the FBI spyware.

I’m as close to 100% that I can that the firewall will prevent the program from calling home, tho I don’t know if it runs a .exe, or injects a .dll into let’s say explorer.exe or winlogon.exe, but if it’s an .exe, CFP3 will warn you if it tries to run. If it’s a .dll, CFP3 will warn you if it’s created.

Cheers,
Ragwing

LoL when i read the title, i thought you’d be going on about how the fbi is spying on you or something (no offence) but thats really uncomforting to read & knowing our government it wont be long until they start using that on us to see what we get up to.

However, with cfp installed, i feel confident that it would stop these kind of “advanced attacks”.

Tbh i dont think there is anything to worry about, ‘advanced’ to the fbi probably means being on the same technological level as the wombles.

LirvA,
I think you’d be rather happy with Avira AntiVir 8 (instead of AVG) and SuperAntiSpyware (as opposed to Ad-Aware, which does in fact lag now). These both have excellent detection rates, and you seem like the sort who could appreciate that kind of thing.

Cheers :■■■■

FBI spyware is not any different than regular spyware. Even though it’s been made by paid proffessionals there’s not much superiority or stealthing involved, unless the security software vendor has made a deal not to detect them. One such example is Norton AV and FBI’s MagicLantern. COMODO has made no such deals as far as I know, and even if they had their firewall product has no detection measures to recognize FBI spyware(thus supposedly allowing it) in the first place. If FBI spyware ends up on your computer and does something that would normally trigger an alerf in CFP, Comodo Firewall WILL block it.

“I think you’d be rather happy with Avira AntiVir 8 (instead of AVG) and SuperAntiSpyware”

I actually just downloaded and installed SAS yesterday, so far it seems good. It got about 25 cookies and Bodog Casino, which was classified as spyware - “Golden palace casino”.

I decided to try SAS after reading many different posts by IT security guys in various forums. It stomps Ad-aware 2007 into the ground. Lavasoft needs to step it up, their latest offering is complete garbage.

I actually havent tried it, but I dont think Avira would work out for me. I read quite a few reviews about it being very hard to connect to their update severs and updates taking very very long. I’m on dial up so if they had problems, I would have more problems (assuming they have high speed)

“One such example is Norton AV and FBI’s MagicLantern.”

Norton/Symantec whitelisted MagicLantern?

Its a pretty interesting story - CIPAV. I wonder how the hoaxter got infected. It said it was through myspace, maybe through javascript???

You know, its pretty fing ridiculous that somehow spyware has become a standard for internet business. You have these huge companies infecting pcs with all their spyware, and then nothing happens to the company. If someone writes a virus and releases it, what happens to them? If they get caught then they’ll face pretty severe punishment, wont they? But if some big fing corporation does the same ■■■■ thing with their spyware, they just kinda get rich you know. … their business just keeps pumping along. Its ridiculous.

What browser do you use? Internet Explorer? Not secure enough. Try Opera of Firefox; they are more fun anyway. Check my sig for my favorite.

“What browser do you use?”

who, me? I use firefox - very happy with it.

Firefox with Noscript, Adblockplus, Torbutton and FoxyProxy.

IE is um … um … well, we all know how IE is lol.

I was reading a story somewhere. Apparently Microsoft sent the firefox guys a cake as a show of friendly rivalry. The Firefox guys wanted to send Microsoft a cake with the recipe - open source software

To LivrA,

I am also on dial up and networked, I use the comodo3 and avira antivirus combination. Plus some other security programs. In terms of FBI surveillance, my guess is that the main danger would be after the packets left the users machines, with the FBI able to then intercept and record all packets as they pass from server to server to a final destination and then back to the users PC. With some telco’s giving full co-operation, at least until the whistle was blown, would imply the vulnerabilities would not be addressed by firewalls or any other security inside of the User’s PC.

But my main curiosity is aroused by your comments about Avast. Because that is the antivirus my wife uses. She is
also on dial up networked and we notice none of the slowdowns you report with Avast. The speed at which her web pages load seem no different from my experiences with avira. And a good part of our decision to use Avast on her computer is predicated on the fact that her computer is used to catch the bulk of the families email. And because Avast actively prescans in coming email and the free version of avira does not, somewhat explains why she chooses to run Avast while I can enjoy the slightly superior detection rates of avira without any downsides.

And five minutes to load a webpage seems glacially slow even for dial up. I always monitor both my initial connect speed and then often see what my actual throughput is using various internet speeds tests. We usually get
40 kilobits/sec down and about 21 kilobits/sec up in terms of actual throughput. Not especially slow or fast for dial up. But often people longer distances from a central switch can’t even get half that.

And now I wonder what your throughput is and why you report such a slowdown with Avast?

Osage, I have no idea what my throughput is, I guess im not very familiar with that term.

my AOL usually connects at 28800 kbps

You use the free version of Avira, correct? I looked at their site and the free version doesnt offer POP3 mail protection, so Im pretty sure you use the free version as you mentioned not having mail protection. Have you had any negative experiences trying to update your virus signature updates for Avira? I’d like to try it out but Ive read several reviews saying it was a pain to update the virus signatures with the free version.

To LirvA,

You are correct, I use the free version of avira antivirus. In terms of updating being a pain, its not been an over riding handicap for me. But it is somewhat true that avira does not always have enough servers to handle the load during peak times for the free version. Being some 7 times zones West of their servers helps me and I seem to get their automatic updates daily. And its partly the automatic updates that prompted me to drop Avast. Being the client computer on an ICS network somehow caused fits with the Avast automatic updates. They would only work for a day or two and then I had to do all updates manually thereafter.

In terms of your modem initial connection speed of 28,800, the number means almost nothing unless you are still using a modem where 28,800 is the top speed the modem is capable of. For the last eight years or so, almost all modems are capable of 56K* speeds in a line noise free situation (* US laws and standards actually limit it to 53K )
What matters is actual throughput which is the speed at which your modem and the modem actually exchange data. And that figure is often heavily dependent on the amount of line noise in phone lines. And can vary over time and other conditions. One popular way to gauge throughput is to find a websites that are designed to do just that. Usually what they do is to send a uncompressable file to your PC and then time how long it takes for you to download a file. You can just google modem speed test and find a plethora of such speed test web sites.
I enclose a link to just one of my favorite quick and dirty test sites that only gages download–Modem Speed Test Page

To get a good idea of what your throughput, you will want to run the test a number of times and take an average. And also test on different days. And as I research these type questions, I am finding the the given modem matters because all are not the same even though all say 56 K and V92. Nor is cost of the modem a good predictor. And since the computer modem is the only thing the user can change, its an area worth researching.

But since this is really a forum about comodo and modems is getting pretty far afield, you are also welcome to take more questions to Private messages.

Thank you for the recommendation Osage.

You know, I dont really understand why my 2nd question has not been addressed by anyone from Comodo.

Has Comodo whitelisted any government spyware? Will Comodo do so if requested?

Now, spyware is spyware, no matter who creates it. I want NO SPYWARE on my computer, period.

What are Comodo’s policies on this issue?

Honestly, I think CFP can detect it and stop it. Another thing I think the FBI will use it on users they suspect of being a terrorist, or of doing illegal activities. Also I am aware of security companies that don’t whitelist the FBI’s program. One of which is webroot. Thank you spy sweeper!

Well of course the F.B.I. would use it for those reasons. The problem is, thanks to George W. Bush and his sweet Patriot act, which does nothing but take away our rights and freedoms outlined in The Bill of Rights, they may in fact be doing so unwarranted.

I guess Im just going to send an email. I sure as hell am not getting a response here.

What part of your initial query hasn’t been responded to?

Eric

1. Has Comodo whitelisted any government spyware?

2. Would Comodo do so if requested?

What is Comodo’s policy on this issue?

Thank you.

I think it goes without saying that general members who speculate about their policy is not an adequate answer.

1. Comodo does not whitelist any time of spyware government or otherwise. Comodo’s own malware team analizes each sample sent to them. Specific’s to comodo’s signature base isn’t something I have detailed knowledge of and is based on samples sent to them for a number of years now, apparently thousands are sent daily for analysis.

2. Of course, depending on the analysis of the samples sent to them.

3. Comodo’s policy is to protect you from threats that expose your privacy etc.

You can submit files to comodo for analysis by sending them in a passworded zip file with the password included in the email to: malwaresubmit[ at ]comodo.com

I don’t know why any security software provider would “Whitelist” any “Government Spyware”.

Comodo Firewall 3 with Defense+ allows you to create your own rules to block any application.

If your that concerned about your own activities you should look into computer file encryption software. There are a number of such products about. You’ll also want to look further into anonymous surfing through a proxy server such as ■■■ or Firefox Anonymizer add-on.

Eric

I initially posted about CIPAV, which is an F.B.I. spyware application that has been used to find a bomb threat hoaxter.

www.computerworld.com.au/index.php/id;1605169326;fp;16;fpid;0

www.wired.com/politics/law/news/2007/07/fbi_spyware

Initially McAfee assured the F.B.I. that their products would not detect CIPAV. Also, some anti malware companies have said they would whitelist if requested.

Symantec might also have whitelisted magic lantern (government spyware)

Im not really concerned with my online activities as far as doing illegal stuff, I am just a very private person by nature, and I do lots of financial things online such as shopping, website management online poker, etc.

Also, I am 37,598,153,125 % against all these ■■■■ companies using web tracking cookies. I strongly advocate privacy rights, internet privacy included.

I am well aware of many of those things you mentioned. I use Tor with privoxy, used to use ■■■, use anonymouse.org occasionally, and TrueCrypt and Eraser.

I am not familiar with the Firefox anonymizer add on though, could you please tell me a little about it and possibly provide a link? Thank you.

Also, do you work for Comodo? As I said before, someone just kind of speculating about Comodo’s policy would not be helpful. It would be like me telling someone what Coca-Cola’s policy is on recycling (I do not work for Coca-Cola and know nothing of their policy, but I could surely speculate about it).

Most of us moderators, including me, don’t work for Comodo. Your question, truthfully should be directed to Comodo Staff here: http://www.comodo.com/corporate/contact_dept.html

Firefox add-on - Just Search Addons “Anonymous”

There are a lot of free cookie blockers and filterers out there.

Eric

Thank you sir. Much appreciated.