Firewall Protection and Virtual Machines

Well this thread was really about how comodo wont secure the virtual computer on a host system.

Then it branched out exploded i[/i]. :wink:

So I better not install VM and purposely let loose some malware on a machine with just Comodo protecting the host. Atleast until I get a better understanding. hehe Don’t want to mess things up too much.

Since the VM is basically like a separate machine, it too needs to be protected with a AV and Firewall.

Precisely!

Now that’s what was needed, a short answer straight to the point,lol :BNC

True, IF the VM is set to use its own pseudo NIC and IP.

If, on the other hand, it is set to bridge and use the real hardware’s NIC and IP, the firewall should be able to detect traffic coming from the VM and attempting outbound access via the real hardware.

Ewen

Ewen, As far as the firewall is concerned, you are correct. I should have added that but didn’t. But it would always still need its own AV.
Even back in the dark ages of Double-Dos, we ran dual AVs for sure.

Lee (B)

And as long as we are on the subject of security software protecting host and guest, antimalwares that monitor ports E.G Kaspersky antivirus’s web shield, are capable of detecting malicious downloads in the guest operating system. This is mostly true for antiviruses / antispams and not so much firewalls, but indeed if your firewall can stealth ports, then the guest operating system is stealthed.

That is certainly the most advisable way to run a VM,since running it as removed from the physical computer as possible lessons the risk of cross contamination.

Sir, Comodo Firewall isn’t the only one Security Software that must be installed in your PC, try to put up in your mind that there is also a combination of Security Software in Information Technology, like for example I am using Security Layering in my PC. I combined my NOD32 anti virus with Spyware Terminator, Trojan Hunter and Comodo Firewall and up to know I didn’t experience major problems against malicious softwares. Firewall is only one of thousand of security software, and I am personally telling that this Firewall works perfectly fine.

Course not. Nod32 is a great system. So you wont have to worry about viruses at all. :wink:

Related article…

Virtualization Security

"x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."

Source: An Interview With Linus Torvalds: Linux and Git - Part 1 | Tag1 Consulting

You don’t need a full Virtual Machine, let alone virtual OS. The hacker only needs to write the network portion of something LIKE the Virtual PC software. Remember that owners of botnets make millions on spam each month, so it’s not a problem for them to pay decent developers to write such malware (it’s not that hard really – I develop kernel-level software, so I should know).

The following statement on the official Comodo website is a provable lie:

But our Firewall software is unique in that it passes all known leak tests

Yes, that is a provable lie. It does not pass all known leak tests. It does not pass my leak test and Comodo has known about it for a long time. Yet, they didn’t fix it in any of the Betas and still claim it passes all known leak tests. For extensive details on the leak test see this thread: https://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypassclosed-t12265.0.html
There is no need to discuss it further. Everything has been said in that thread.

And again, please don’t lie to people. Your firewall does not pass all known leak tests. I’ll be watching you.

Hi Debunker

I’ve just re-read all your posts & I can’t find your leak test anywhere… I might have missed it. Can you point it out to me please? Thanks.

I’m assuming, of course, that you don’t mean “Microsoft Virtual PC 2007”… because that would be silly.

What exactly do you find silly about it?

I see. So, Microsoft Virtual PC 2007 is your leak test?

As has been said many times, over and over again (you should actually read the thread I linked to) it’s not about Virtual PC at all. It is about the method that Virtual PC uses for networking. Any Trojan can use that method. And yes, the free MS Virtual PC can be used as a convenient method for anyone to perform this leak test free of charge anytime. I fail to see what is silly about it.

I have read all your posts… 2 or 3 times by now. I suspect that you are guessing that a network-component only version of Microsoft’s Virtual PC 2007 (assuming such a thing is possible) will slip past CFP. If you think it is possible, then write it. Prove it. But, saying something is “provable” when it is not, that is silly.

Now, please answer my direct question: Is Microsoft Virtual PC 2007 your leak test?

Are you trying to mislead the readers? If you read what I wrote, you’ll see that, yes, Microsoft Virtual PC is the program that can be used to perform the leak test (and I use it too). The leak has been proven conclusively, and the Comodo developers acknowledged it (so stop making a fool of yourself).

As to how I know that one doesn’t need a virtual OS and whole VM for the leak, I develop kernel-level software so I know something about it and am qualified to say that. What is your qualification?

I’m misleading? I’m not the person that is calling Microsoft Virtual PC 2007 a recognised firewall leak test & calling Comodo liars on that basis. That will be you, not I.

The VM is a separate instance of the OS and as such needs all the protections that would be applied to any other OS. In short, if your VM does not have a firewall or anti-virus protection then it is unprotected.

But, that is not what you are really saying is it? Your saying… the method the VM uses. What like an OS with a kernel? There’s plenty to worry about just on that (see a previous post of mine, which you obviously have not read - shame… its really good - not actually by me, of course).

My qualifications? What do you need? My certificates or how many decades I’ve been in IT?

Everything. Because virtual PC ISNT a leak test. Your just rambeling on now. I would LOVE for you to prove to me how a hacker can place a VM from outside of the network. It dosnt happen, comodo will block intrustions therefore a VM cant be placed… you make no sense