i m just learning for an .net exam and wrote an program to analyse the hdd/file access and i saw that there are lots of disk accesses in a very short periode of time to the log file.
It would be great if you could implement an button to switch off the logging or give the user the option to select the log-level to be written down on hdd. maybe caching some MB would help too. i know that the hdd itself caches too, but … i think some addtional options would be great.
i set the “read-only” flag to the logfile to reduce this for the next days - i hope that there are not critical attacks in this time
When viewing the update window, clicking the bar under the title bar allows in dragging the window. This should be applied to all of CPF’s windows.
In the Application Monitor instead of listing the same software multiple times, list the parent from within the Application Control Rule window in a list of parents for each software.
Also, automatically combine ‘in’ rules with ‘out’ rules when possible.
CRC32 is trivially easy to break. MD5 and SHA is nearly impossible to ■■■■■, if we’re talking about runnable binaries.
Either of them is good; question is, which one is faster? We don’t want the use of MD5/SHA to slow down the system.
And yes: Please please please please please put a password-protection for the settings… and uninstallation also ( my deputy-admins will resort to such measures if they can’t change the settings ).
They’ll use different signing algos in different situations I guess.
They already use sha1 in application monitor
crc32 in component monitor and IPC (maybe is loopback aka Interprocess communication)
The issue with crc32 is that the algo is so simple that the dll could be patched on-the fly in realtime.
But reading More MD5 Attacks Devised I got the idea that MD5 is more secure but it is now possible to make a malicious legit like dll.
I would like the user to choose different ALGOs as they see fit from the strongest-slower to the weakest-faster.
gibran: ditto. But i think i recall Melih saying a mix is used. (as long as CRC is dropped lol, i’m fine).
Also, existing SPI is for TCP and pseudo UDP SPI only?
IPv6 is to be supported in v3?
at the Comodo system tray icon, when move the mouse over on it, it should display
the IP address of the NIC cards, and anybody can view the external IP address, and
of course the own internal IP address behind a router.
sweet, fat Buddha, this is a great little firewall.
i really only have a 3 wishes for the application and i’d be thrilled.
when the Allow/Deny popup pops up, give us the ability to tweak the settings. as a developer of intranet ware, i’m constantly having to click Allow until my fingers bleed, THEN open the UI to reset the IP/Port ranges. it’d be nice to do that right @ the popup. having some intelligence to recognize/ask a new version of software and apply the old settings would be utterly splendid.
resizable windows. currently i have two sizes, full screen or dinky-poo. i’d like to stretch the window horizontally to see more columns, but still keep the vertical size. or whatever. resizable windows = cheap-date-class fix.
allow the Application Monitor settings to optionally override the Network Monitor settings. having to set both is a bit of an annoyance, especially if you aren’t fully savvy enough to look in BOTH places. and, really, you shouldn’t have to. having the option to override will at least alert users that the Network Monitor list plays a role in access clearance. i understand and support the use of both sets of settings, just allow us to override the one with the other if we choose. add whatever ‘warning-you-may-explode’ popups if needed.
everything else seems to work brilliantly! i love it, i recommend it to all my friends and none of my enemies. i point those buggers to… um… OTHER bloatware…
thank you again for wonderful software and brilliant support. please keep it up!
Part of what you’re running into is the difference between the detail of your rule (ie, IP/Protocol/Port/Direction) and the detail provided by the Alert Frequency setting. If the AF has either more or less detail that your existent rule, the rule will be changed. Rule creation/editing/tweaking on the fly is in the WishList, and I believe may be offered in Version 3 (due for Beta in May)
Probably one of the top requests, next to password protection for the settings. It should be coming soon, too.
Have a look here: https://forums.comodo.com/index.php/topic,6167.0.html, at the explanation of layered rules. It might change your mind. Then again, it might not; you’ve obviously got a reason in mind for this request.
I still don’t think so. Generating collision-able certs are relatively easy as a cert may contain random(-ly generated) characters. Generating random bytes inside a dll, where each byte stands for a certain CPU instruction? That’ll hose a .dll something quick.
But if 2 hash algorithms are used… suddenly the difficulty level for a collision rise astronomically
Also, mentioned in that conversation as well, I would like a warning about suspicious repeat offenders. For example, if evil.exe has tried to connect outbound at 3am every day for the past 7 days, the firewall could point this out since you probably have some undesired spyware installed.
Interesting observations…
But I would let users choose. COMODO used different algos in different situations to make a security/speed tradeoff. I would not mind to enable a less secure algo for apps/components I choose to gain more speed overall.
But this is a decision COMODO has to make.
I have not a great understanding of crypto and certs other than crc (I’m not a math geek) but adding a 2 new section to a dll would be an easy way to change its hash because one of the section is used only to contain unreferenced garbage. This way a theoric attacker need only a known widespread target and a way to modify it.
The idea of using 2 hashes is nice but is cpu intensive, I would like that as an option.
I did not understand "Generating collision-able certs are relatively easy as a cert may contain random(-ly generated) characters. ".
You’re saying that it is possible to fake a legit cert?
It would a nice thing to know…
I don’t like to patch system DLLs until I’m forced to do so. So I used a patch for tcpip.sys but not another for uxtheme.
Now i’m forced to stick with 3 legit windows skins.
Is there a way to fake the certs for the unlimited number of uncertified skins avaiable?
Agree. Maybe it’s good if Comodo provide user selectable hashing method, e.g. MD5-only, SHA-only, combined MD5/SHA but slow.
Ah yes, I totally forgot about that.
A cert, IIRC, may contain custom fields to be used by an app using the certifying API. Stick a custom field and push some random but carefully chosen bits there, and you can get a collision.
I think so, just put in a .wav file containing gibberish to collide with the hash value.
I’ve had Comodo FW running for about 6 hours now. It’s excellent. Definitely the thinking person’s firewall.
It reminds me of Sygate (which is good). One thing Sygate had was the ability in the tasktray icon right click menu to go straight to the current traffic log. This was quite useful if I wanted to track something that was just happening. Possible in Comodo? (yes, you can do that by leaving Comodo in viewing Connections mode, but a specific link to that mode would be even better)
Also, a time stamp for the most recent connection activities would be useful.
I like Comodo, but with Outpost being regarded as benchmark a few shortcomings should be noted (German version):
missing menu / commands shortcuts (e.g., Ctrl + N to choose network monitor etc.) a critical issue not only for disabled persons and Windows standard!
Navigation ( page down/up, Pos1, end) keys are disabled in all Monitor and control Windows, very annoying, everytime you have to use the scrollbar;
up to date and unlike Outpost and ZA Comodo lacks preset-rules for many common applications, e.g. Free Download Manager, Microsoft Office Update calling Internet Explorer starting from Microsoft Office Word 2007 (even no network dialogue offered to user, though problem is showing up in Network monitor), Mozilla Firefox calling Internet Explorer via ExtrasMenu and vice versa, imho almost every common application calling IE to acess update sites or E-Mail-Links or Forum-Links, …
compatibility problem s with Dragon NaturallySpeaking (Version 7.15/Version 9.0), the most widespread speech to text and desktop control program, including handsfree Internet Explorer-Navigation: Comodo often takes away mouse and cursor focus, respectively, which is necessary to acess Navigation-keys (Page down, end …). Everytime you have to click the mouse to reset window focus or use the scrollbar.
CF should remember full screen size, always starts with half screen
direct way to unblock wished processes/application from activity monitor window via mouse/right click or dedicated button
Any solutions would be gratefully acknowledged, Thank You
