one man’s normal is another man’s . so, i guess you are saying that one common virus or breach involves getting winmail to impersonate winmail? which is the real winmail, the one that’s launching winmail, or the winmail being launched? is this a documented breach? i’m not trying to be difficult, but it seems ‘normal behavior’ includes allowing any exe to launch itself, although, hmm, i can see how a chain of winmail’s opening each other, leading to hundreds of winmails, sending out thousands of emails before finally crashing the user’s machine. oops, did i just give somebody an idea?
ok… but if that’s actually happened, or something like it, then, as user, i’d have to choose between never allowing myself to click an email address inside of winmail, or allowing a virus to cripple my computer.
if i choose the first one, then i loose a vital functionality of winmail, and then what? will comodo tell me, or allow my antivirus to tell me what the culprit is, so i can fix it, or will my pc remain in that half-crippled state?
and if i choose the latter, allowing the virus in, well, that’s not so good either.
in my fantasy, my security system would be able to tell the difference between malevolent and benign program execution, defeat bad exe’s, insulate safe exe’s, and all without me even noticing.
i’m sure you’ll explain to me why i’m totally wrong, and you’ll be correct, and i’ll feel like a dope.
i think cpf, or is it pfp, is the most robust, full-featured free personal firewall available. and there’s probably a way to configure it to reduce it’s noisiness, i should head over to the configuration tutorial.
…ok, i read the help file, and i believe i set cpf, so that any “Trusted Application” is allowed to launch any application, without alerting me. is that unsafe?
here’s how:
-double-click the comodo icon in the system tray (notification area on vista).
-click ‘Defense+’ tab, “Predefined Security Policies”, Trusted Application, Edit, Access Rights, “Run an executable”, Modify, Add, File Groups, “All Applications”.
-i also set my Defense+ level to ‘Clean PC mode’, which, according to the Help file, should pre-trust all executables currently now on my PC.
-i’ll also switch to training mode during installs.
if all goes as I expect, i should see a VERY significant drop in alerts. this may be what i was looking for.
i wonder if i should have picked ‘Executables’ instead of ‘All Applications’? not the same thing?
Why did i think ‘Clean PC mode’ will force cpf to treat everything with suspicion?