I’m not experimenting with this right now, let’s hope someone else posts, from Comodo staff if possible. But in the meantime my two cents…
Yes, those are small .ICO files in the same folder. Although I think it’s harder to find software to handle ICOs than other formats.
Can someone confirm to me that CFP has a good skin parsing code that won't allow someone to create malformed skins that could either crash CFP3 or cause buffer overflow errors if they wanted to?
My real question would be - given the existing glitches, can we start using the firewall’s UI customization capabilities without worrying that bad guys could have a go at it too?
As far as I know a buffer overflow attack is always intentional and looking for a known vulnerability. The only theoretical possibility would be that you inadvertently created a skin that ran malicious code by means of a buffer overflow vulnerability unknown to you… Not a practical possibility. Whether someone else could inject malicious skins is equally possible impossible either if you customize or not --and besides Defense+ won’t allow any malware to create new files on your hard disc. So… as far as I know, the short answer is no.
CFP is already using skins, only the default ones. Just make the new ones in the same format, same pixelsize, and same filename, and all should be okay.
I’m not talking about the possibility of INJECTING skins, I’m talking about creating a specially crafted skin which the user could install by mistake and whose result would be arbitrary code execution, DoS, or just crashing the firewall. As far as I can see that little skin bug hasn’t been fixed even in 276.
I’ll be happy when COMODO has a GUI with the default Windows XP or Vista theme (title bar color, default buttons, etc, etc). But for those about who want selectable skins or crafted made skins it’s a good idea, the conclusion, both options are equally fine, they aren’t opposite, they are complementary.
BTW since I reported the cpfres.dll issue in version 22.214.171.1246 and recreated the error I had no more cpfres.dll issues