Comodo Firewall Pro 3.0 HIPS and other HIPS applications conflicts question.

Thanks. I don’t know why the reply didn’t appear in the Show new replies to your posts. link. I was searching the forum :stuck_out_tongue:

300,000 with 3,000 a day is not bad, but peanuts really. I’m not quite sure about your definition of Community lists , but there’s always a trade off between size and accuracy. In any case, with just 300,000 or even half a million or million for that matter, it will still be pretty noisy for most people I bet with lots of unrecognized files.

Sorry to be the bearer of bad news…

on what basis do you call 300,000 executables with 3000 new ones a day peanuts pls?
Can you share your calculations that shows that this is peanuts…

Also we would love to see the calculations about how many different exes over 90% of the population use and see if this equates to more than 200,000 files or not?

We eagerly await the calculations. Surely for you to make that “Assumption” you MUST have some real good numbers and calculations to back it up! (:WIN)

thanks

Melih

Meanwhile, it is now April 16 and CFP version 3 should be coming out any hour now!

:BNC (:CLP) :BNC (:CLP) :BNC (:CLP)

:THNK

It’s been delayed to May 14

…ouch! :-X

Not ouch! It’s better to have it released when it’s fit for human consumption, rather than just tossed out the window on a given date, regardless of the build quality.

Ewen :slight_smile:

“Ouch!” as in the validity of my previous post. Not ‘■■■■ it! Hurry up and release v3!’. But yes, i totally agree with you - the more polished and bug free - the better. Especially because it will still be classed as beta. :wink:

Cos your competitors have easily 5 times that last year.

Also we would love to see the calculations about how many different exes over 90% of the population use and see if this equates to more than 200,000 files or not?

Well since you are making the claim that it is enough, shouldn’t you be coming up with the numbers?

Personally my actual experience with Prevx1 is that their whitelist database is big enough to maybe fit that 90% goal you are pointing to, but they definitely have way more than 300,000 lol…

Lusher

Please answer the question.
You are back pedalling and not able to prove your points.
it is your claim its peanuts not mine…
So go ahead and answer the question please.

thanks
Melih

I did not understand If an app is not in the whitelist and it is not considered malicious by the av if I’ll get an option to allow it whitout submitting it to comodo.

I think of tcpip.sys patching or UXTheme patching. Or a resource-hacked app (heck sometimes I localize a discontinued app). Or an hello world app…

Regarding How huge a whitelist is it doesn’t matter now. 3000/day means it will double in 100 days (600000).
But sure It is a huge work to do… What about many monolithic localized builds of an app?

Older whitelist maybe are full of older revision of files too so It would be advisable to look at the file version/language then if it is an outdated known app without a whitelist-signature the hips would suggest updating (and the URL to go too) this way the “smaller” whitelist could cope with bigger ones in “some” cases and suggest a good user behaviour too.

Users with slow net-connection or using a discontinued app branch will still have issues…

But the whitelist is a nice idea. I like it.

Not sure if it is applied to components too…
But another step could be a revoke flag…

A flaw is discovered in a legit app or a component…
What to do? revoke the cert and issue a warning and let the user choose …
when an updated version of the app or component is released let the user know…

And now a bit of marketing…
A feed download option…

Many flaws are discovered and not made public the same day…
If comodo could support a generic alert signature using sha1 some security sites could provide an alert feed before flaw details get public…

Gibran: if i understood correctly, you answer pop-ups just like any other HIPS. You just have the extra option to send it to Comodo for analysis. Whitelist will serve to reduce pop-ups only.

I answered the question, you are the one that needs to answer my question.

If you think cut and pasting the same form reply, will fool anyone who borthers to read the thread you are naive indeed.

Nope…

Where is that?
Granted others use whitelists, but who has those huge numbers? Besides Prevx1.

Our apologies to all for the disruption caused in the forums as a result of violation of Forum Policy. This should no longer be an issue. Please be aware that while we make every reasonable effort (and sometimes beyond) to create a safe place for users to come together in community to ask questions and give feedback on Comodo products, we do still have a Policy for usage. That Policy is in place to help maintain the “safe place for users…” We simply cannot tolerate disrespect and abuse toward other members of the community, whether they be users, Moderators, Admin or Staff.

Regards,

LM

Hiya,
does anyone know if Prevx (www.prevx.com) will conflict with CPFv3’s HIPS?
What’s more, will it become redundant (Prevx2 is supposed to have a sandboxish feature which CPF won’t have) ?
Thanks for your ideas,
grampa.

grampa, just to let you know, I moved your topic here (just so your question doesn’t look out of place in case others wonder what’s going on ;D).

Here’s another thread on that: https://forums.comodo.com/index.php/topic,7050.0.html

Fits well ;D
And thanks for the link(s), very interesting.
Cheers,
grampa.

Unless the network IPS component is IDENTICAL in functionality to either snort (www.snort.org) or especially Blink™ (www.eeye.com) I will be hesitant in using it.

See, this is why the commercial software from Kaspersky Labs has had such an EXPLOSIVE success in the past few years (other then the fact that Russians are usually superior programming engineers). And that is to say, their software is like “puzzle pieces”. This is the most brilliant thing I have ever seen. The engineers (knowingly that their product is superior) decide to SWALLOW that pride and allow compartmentalization of almost every component of their suite of products.

THIS IS SMART. VERY SMART.

Because they understand that no matter HOW ‘superior’ they believe their product is, they’re heads are still in the real-world. And in the real-world, there will ALWAYS be a group of users that think ONE ore MORE of Kasperky’s components “suck” or is not up-to-par with their beloved product that they’ve been using for years for example.

THUS, you’re ALLOWED to NOT install the component(s) that you don’t like, don’t want, don’t need or for whatever reason… For instance I ONLY need the components “proactive defense” and “anti-virus”. I don’t like Kaspersky’s implementation of their firewall component. at all. But guess what?? I DONT HAVE TO INSTALL IT! I can use eeye’s Blink™, or I can install Comodo firewall which I like much better… I can even have snort doing my IDS/IPS duties and leave the AV/PD to Kaspersky.

THIS IS WHAT I CALL TRUE CONSUMER FREEDOM. THIS TO ME IS THE FUTURE OF SOFTWARE. The user can use EXACTLY what he/she needs and combine that software with minimal (preferably none) side effects or conflicts.

Point: Comodo would be well advised to take this route. It is HIGHLY appealing to end-users EVEN if they don’t realize it or have never experienced it before (like me). Puzzle pieces baby. puzzle pieces.

Comodo have been championing this type of thing for over a year now.

Initially people were worried that Comodo would only release a monolithic internet security suite. The CEO of Comodo has stated, several times, that while a suite MAY be offered in the future, all components within the suite will be optional. If you only want components A, C and D, then just select those, and the lack of component B will not impact the effectiveness of the other components.

Modularity, inter-operability and co-operative code make so much sense.

Hope this helps,
Ewen :slight_smile: