Avast7 web shield (or any other web shield for that matter) is not superior (at stopping known viruses) period.
Always remember what is required for a virus to be effective.
This was pointed out by EricJH above.
CIS Defense+ will stop anything it does not know from running. That includes known AND unknown viruses.
Comodo’s CIS prevents infection rather than looks for a known infection as Avast’s AV does (all AV’s for that matter).
A “web shield” is simply something taking additional resources when it is not necessary.
You want to use Avast 7 with CIS?
Cool. Your choice.
You want to use their web shield? even though it was designed for a different OS?
Again. Your choice.
Just don’t complain to Comodo claiming a security leak when in fact it is not!
Avast’s own website states:
Windows 8 Beta compatible
avast! 7 runs great on Windows 8 and even has some cool new Windows 8 specific features,
It turns out their web shield just happens to be one of them. Designed to take advantage of how the new OS works.
Hey John If you think your OS is safe without an AV maybe you have to do a scan of your drive.
Now I’ve had really enough, even if I prove you that I can reproduce this issue with my own code, you’ll continue to deny the problem.
If you want to ban me, do it, I’'ll never post here again. I’ll switch to another firewall and with me a lot of other people.
I don’t care if you believe me or not.
Good Bye Comodo! Adios! Asta la vista! Sayonara! Addio! This is my last post no matter what you’ll write!
Hi EricJH. I was responding to that very message, although I did not know egemen was the head developer. I was and am simply trying to get more information. Sometimes these types of things happen. An application developer runs into a problem when trying to implement something on a particular platform due to limitations in OS functionality. Things don’t automatically stop there, however. The developer 1) re-accesses the way they are implementing things in order to determine if they can work around the issue, 2) investigates whether it is possible to have the OS limitation fixed, particularly if a good case can be made that the limitation is more along the lines of faulty design rather than conscious choice. Although I can make reasonable assumptions and try to read between the lines, I’d rather not have to and run the risk of making a mistake. I’d very much welcome seeing an an explicit statement on work around attempts and also the viability of having the Windows 7 limitation fixed.
On one hand, that this affects multiple firewalls including Microsoft’s Windows 7 firewall could be a good thing in that conceptually it could increase the odds of Microsoft being responsive and playing an active roll in addressing it. On the other hand, as I was thinking about this today I found myself doubting that this is an issue that completely flew under everyone’s radar until avast 7 rolled out. Briefly, the logic is 1) Windows 7 has been out for quite some time, 2) firewall developers would have intimate familiarity with the networking stacks they are targeting and would frequently be able to recognize a potential issue well before it crops up in the wild, 2) such a vulnerability affecting multiple well-known products and for so long might itself be a “if it hasn’t been fixed by now, it isn’t go to be fixed” sign.
Redirecting traffic through a proxy or “web shield” can be useful for several purposes including blocking malicious file downloads, blocking phishing URLs, and anti-malware scanning of other content being retrieved and “executed” by a browser that already has been granted privileges. So such a thing should not be disabled without careful consideration and verification testing. I would also point at that avast 7 might not be, or might not remain forever, the only anti-malware software that redirects web traffic in the manner required to break these firewalls. Has anyone seen, outside of product specific forums such as this one, a vulnerability advisory and/or other coverage of this issue?
For what it’s worth, I decided to go back and test Avast 6 with Windows 7 firewall and CIS. You can see from the images that Avast 6 has the same effect on the Windows firewall as Avast 7. That is, it allows connections for applications that either don’t have a rule or are explicitly blocked. Clearly, windows 7 firewall is failing miserably with Avast installed.
When using CIS with Avast 6, blocking an application form accessing the Internet, does what it’s supposed to. However, with Avast 7 installed, the connections are allowed.
Every person that can reproduce “what avast did” could prove it right.
Every keylogger that takes advantage of this existing “feature” will prove it right.
my tone of perfect actually, because he came here spouting off at the mouth and did not provide any proof.
You seem the be grouping two very different things together, one is what the user is doing which comodo does no protect against the user doing stupid things. Another thing, just like my past post the only reason avast cn do this is because comodo lets it install a driver, do you really think that D+/sandbox will allow an unknown program like a keylogger to install a driver without it knowing, I highly doubt it.
If you can prove that this happens I will give you all of the credit, but until that day comes which I doubt it will lets leave it at that.
I would like to add that what concerns me as an Avast! AV & Comodo FW combination user is that ‘what Avast! did’ proves in and of itself the fact that backdoor trojans that have latched on or hijacked or that masquerade as approved programs with similar driver cloaking technique features are already doing ‘what Avast! did’.
I’m not an expert but may be a few should consider this for CIS on Windows 7 (both versions) and other programs and especially very suspicious PUP that anyone could download from Cnet or anywhere else almost just as lax about spreading PUP stuff such as unwanted toolbars in programs, real PUP IMHO such as Alfa Auto-run Killer, ZA, Spyware Terminator, anything from IObit, IMGBURN or Privex free scanner and other stuff with hidden key-logging home-dialer backdoor trojans… and who’s to say that Avast! will still prevent such mal-adventurous behaviour beyond Comodo FW & D+, hmm?
What really could be getting through Avast! that Comodo and Windows 7 generic firewall et al can’t see properly to even choose to prevent let alone by other approved or hidden internet connection program drivers?
What if this is already proven but curiously we just don’t know it yet?
Is D+/sandbox the final arbiter of what gets installed, or is it the user? Can D+/sandbox be disabled and the Comodo firewall used by itself?
Naturally, the severity of a issue relates to the prerequisites that are required to create it. If an unsigned, unrecognized, arbitrary program can create this problem when installed on a machine equipped with Comodo and when D+/sandbox are enabled and without any user overrides, that is obviously very bad. However, even if it required a program to be signed by a Comodo trusted source, or even if it required that D+/sandbox be disabled, or even if it required user-overrides, it would STILL be bad just to a lessor lesser extent. Right?
Can someone please advise if the latest update includes anything relating to this problem?
5.10.228257.2253: 12 March, 2012
IMPROVED! Compatibility with other security suites is improved in Windows 7 x64
If not do we have an ETA? Or a workaround - other than uninstalling or disabling either product? The workarounds suggested so far do not work for me please advise if someone does have one.
Maybe i wasnt clear enough.
I speak about “the keylogger which i (theoretically) installed in form of a game, which asked to have access to the keyboard. I need to press the arrow buttons, so it seemed legit”.
Now it could send its traffic through the REPUTATED hole, without any other question.
It was the more actual example (using avast web shield for traffic), so i wrote “will prove it right”,
while a new built exploit “could prove it”, because it would need certificates or the permission to install such a driver first.
It doesnt.
One sure working workaround: Dont use the avast web shield for this time. A lot of antivirus programs dont have any. And you are protected by comodo defense+.
The web shield is the least impacting security feature against infection in this scenario, compared to uninstall a product.
If you download something, scan it before you execute it. To be “sure”.
Any concerns?
A “block all” rule should not be upon an allow rule. Your browser “in the middle” will be blocked then too
Thats why the suggested other workaround didnt work for you. It says, make such a block rule at the bottom of the list.
Wouldn’t disabling websheild expose me to malicious scripts?
I have alerts pop up from websheild on occasion “HTML:Script-inf” and “JS:Iframe-DS [Trj]” virus were the last two blocked recently.
I don’t know if I’m willing to turn off detection before execution function of my antivirus.
I liken that to executing a virus and hoping D+ will fix up the problems later.
Disabling Avast features is not a work around I’m looking for.
I use a firewall not only to block malware/trojan to phone home but also to block legit software to phone home (to protect my privacy).
Now I had to disable avast web shield because blocked legit program where able again to send their companies all sort of information about me.
Further I don’t use Internet explorer than i blocked it to avoid any possible leak by malware that could use it to connect to internet.
But again only with web shield disabled.
That’s exactly because i’d like to see this problem corrected very soon.
With or without web shield enabled there are in both case security and privacy concern.
