I know in the post above that Melih said to use Memory Guardian, but I was wondering if Comodo Firewall blocks incoming trojans/worms as I noticed in the logs it points out that port x is used by trojan y does that mean in can figure out when to block something from the rule list its just a lot of these viruses use internet explorer to attack and I just wanted to know if the firewall can tell the difference between a valid connection and one being used to attack (based on packets or something)
Both CFP 2.4 and 3.0 RC1 require you for outbound traffic to specifically authorise unknown applications/components. So, in sense, you’re protected assuming you do not authorise it. Unsolicited connection attempts (inbound traffic) are blocked by default anyway.
As explained in previous posts, drive-by-downloads are caused by BO (Buffer Overflow) exploits. Neither CPF 2.4 or 3.0 RC1 protect directly against BO exploits. They’ll both probably detect the short term impact of a BO attack… a new EXE/DLL/whatever will probably get their attention, and specially so with CFP 3’s Defense+. That would also detect the unauthorised writes to protected areas (both disk & registry) and notice any process terminations/creations and driver creations. Even memory access. Oh yea… whilst CFP 3 cannot stop a BO it would certainly notice it very quickly, if not instantly… and probably before it manages to do anything IMHO.
Now CMG (Comodo Memory Guardian) actually detects & stops BOs from happening. CMG is currently in Beta testing. Once it’s done, it’s technology will be exported to CFP 3. This might be after CFP 3s release, the timing isn’t clear. I Don’t know about 2.4, but they might since W2k users can only run 2.4. So, they may wish to port it to 2.4. Of course, there’s nothing stopping you from using CMG now & get BO protection. CMG is very stable. I’ve had no trouble with it myself. Although your mileage may vary, I think there are some possible conflict issues.
It’s always worth remembering to tell all your security software, if they can be configured so, to ignore each other… no point wasting resources in having them monitor each other & if 2 or more security apps jump on the same thing, at the same time… well, the results are often not very pleasing.
Well kail explained pretty much everithing ;D
The only thing I would like to add is to not use internet explorer for general surfing + in order to look at DLL loaded in a process you ned to set V2 component monitor to on.