A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- What actually happened or U actually saw: If you tick Enable password protection, put in you password and apply. All you need to do is untick Enable password protection and apply and there is no more Password. This is a big exploit especially for malware if you were to have a password it can be easily disabled.
If not obvious, what U expected to happen or see: It to prompt you for your password.
Can U reproduce the problem & if so how reliably?: Yes very easily.
If you can, precise steps to reproduce it. If not say what you did before it happened: Advanced Settings- Tick ‘Enable password protection’- Put in your password- Ok.
Now if you go back to Advanced settings you can just simply untick Enable password protection and continue to do anything without password promts.
If a software compatibility problem have U tried the conflict FAQ?: N/A
Any software except CIS/OS involved? If so - name, exact version, & download link: N/A
Any other information, eg your guess at the cause, how U tried to fix it etc: Password protection in CIS6 not fully implemented / looked over.
B. YOUR SETUP (Likely the same from issue to issue, users can copy forward)
[ol]- CIS version & configuration: Comodo IS Premium 6.0 (Latest). Internet Security Settings.
Modules enabled & level. Defense+/HIPS, Autosandbox/BBlocker, Firewall, & AV: Default, Sandbox on Limited and heuistics on medium.
Have U updated (without uninstall) from a previous version of CIS: No
[li]if so, have U tried a a clean reinstall - if not please do?: N/A
[/li]- Have U imported a config from a previous version of CIS: N/A
[li]if so, have U tried a standard config - if not please do: N/A
[/li]- Have U made any other major changes to the default config? (egs here.): No
OS version, SP, 32/64 bit, UAC setting, account type, & virtual machine used : Windows 7 64bit (No SP1), UAC off, Admin, Host machine (Not virtual).
Other security & sandbox software a) currently installed b) installed since last OS install: Malwarebytes (No realtime protection enabled)
[/ol]
Hi TJ888,
While your time and effort for creating this bug report is greatly appreciated, I feel as if this could be said for any settings within the advanced settings.
IMO it is more for the wishlist, maybe a password prompt when OKing the ‘Advanced settings’ if any changes have taken place.
I also have created a wish here that could cover your issue.
Please allow time for another Moderator to respond before disregarding this as a bug, as the above is based solely on my opinion.
Thanks for your time.
In my opinion, even if this isn’t a bug it’s still something which needs to be passed on to the devs. If the password can be disabled just by clicking on a button that renders it worthless for a computer with children or those who you don’t want changing the settings.
that if you have advanced settings open, a specifically-targeted exploit might find it easy to untick this setting
its easy to inadvertently disable.
if advanced settings is mistakenly left open (easy in CIS 6.0 as it’s not always on top) someone could maliciously change or disable the password without knowing it
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.
You can still untick Enable password protection and click Ok without the need for a password. As stated earlier by another user, if the advanced menu was mistakenly left open, anyone can easily disable the password.
Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.
Not fixed in _2847.
But as I said in a previous post IMO, I feel as if this could be said for any settings within the advanced settings.
I would not want to have to enter the password for every setting change/alteration once I have used the password to enter the advanced settings in the first place.
I do respect others that have a different view on this matter.
Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.
In my opinion if you have advanced settings open and someone gets access to your system then the password is the least of your concern since they could disable Firewall, AV, HIPS, BB etc, however I guess it would be good to need a password in order to disable the password protection because if they do what I said before and set their own password then you’re pretty ■■■■■■■. I guess a good solution would be to require a password in order to apply the settings when you click the final “OK” that way an attacker can spend time setting their settings and disable the password but they would be met with the users password as soon as they click “OK”, if canceled then all settings are discarded.
Can you please check and see if this is fixed with the newest version (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or if you are still experiencing the problem.
That is a good solution and in my opinion how it should be, as still in V7 you can disabled the password without any prompt, if the advanced options were already open.
