Firewall encryption-based defense against rootkits, keyloggers

Most firewalls do not use encryption-based signature authentication of executables, which means malware can rename itself or its spawn to evade detection. Keyloggers which phone home make sure to conceal themselves in this and other ways.

Perhaps only the former “Tiny Personal Firewall” and current Zone Alarm use the cryptographic signature, but it is a logical and very important feature to have.

Suggestion-- Comodo give serious consideration to use of this feature i

n all Comodo firewall products.

CIS already recognizes files by their file hash.

Thanks, HeffeD.

  1. Where is there a discussion of the Comodo hash system? Internals of this nature are not usually widely discussed. I looked but did not find much even related to it. Is the hash the best security method available?

  2. I need to find on this forum a detailed discussion of best practices on setting up my CIS firewall to be proof against “phone home” unauthorized data extrusions.

(I need to configure CIS to prevent something like Gibson’s “Leak Test” from getting past the firewall-- but without my having to specify that test file.)

HeffeD is right about CIS recognising files by hash. Check Unknown Files: The Sand-boxing and Scanning Processes. There is an error there; hashes are calculated earlier then what is being said there because online and off line safe lists are hash based. And they are one of the first things being checked.

When you want to prevent phoning home of unknown applications set the Firewall to Custom Policy Mode.

For best practices try Guides - CIS.