I just came up with an idea for CFP

Regarding this and this. (:NRD)

It so happens that most firewalls, in their pursuit of leakproof-ness, have added some limited HIPS capabilities; CFP v2 did. Now CFP v3 has changed its approach, since leak protection needed all this HIPS capabilities, why not extending them so they protect the whole system instead of the firewall only? It does make a lot of sense.

But for users it means that they must pay attention to control not only network traffic (which could be already troublesome enough with all this OLE thingy and whatnot), but now also to all other activity in their computers.

I know this is to protect against malware, I understand it and I have Defense+ enabled myself. But for some reason people have been educated that they need (leakproof) outbound protection but not HIPS. Yes it may sound crazy being happy when malware is free to roam your computer as long as it can’t connect back :o --although nowadays vandalizing malware is not of great concern (and is rarely see), being more common the professional, stealthy thieving kind.

I won’t advocate that Comodo changes its approach since it’s a good one. Moreover, Comodo should continue promoting A-VSMART, and of course making it as usable as possible (ThC).
(:CLP)

However I think Comodo should provide a solution in the form of a leakproof firewall without full-blown HIPS. Comodo has done awesome so far, but if now Comodo starts to ignore customer demands, however uninformed they may be, CFP will go downhill. Yes educate about A-VSMART and promote it, but if someone just doesn’t want don’t try to force him because he’ll go away to another solution. The customer is always right, and being a free product doesn’t change this since the aim for Comodo is still being used by the most people possible.

Yes I know v2 would cover what I’m talking about, but since it’s not the current version people will sooner look for other solution. I know that v2 can still work no matter that it’s not in development, but still people will flee.

And still I’m NOT talking about developing a new product separate from CFP v3. One just has to customize Defense+'s settings and define a policy that still checks for everything that could be used to leak out (“run as executable”, “interprocess memory access”, etcetera) as Defense+ currently does and v2 did, but allows anything that can’t be used to leak out on its own (“protected files and folders”, “protected registry keys”, etcetera). And presto, 8) you have a leakproof firewall like v2 or some solutions by competitors, and it won’t annoy users more than the others leakproof solutions do. Again I know this will cause horror to the security experts at Comodo, but Comodo must not neglect customer demands no matter what.

Right now we can already offer such a configuration here at the forum, thanks to the export/import feature of CFP v3. However in the near future the ideal solution would be that the installer gave an additional option, call it leakproof firewall without extended HIPS, well you know what I mean. The product itself needn’t be changed, only the installer and the help file (including “educational” information on why it’s better to use the full HIPS).

What do you think? :THNK

Excellent!!!

But wont TC make it easy for users to use v3, Melih? without HIPS and leak worries?

Josh.

well actually this is not possible. how can a firewall know that an action being taken is not going to end up in leak? If you look at my very first post (in here )then you’ll see that this was probably the thing i DIDN’T like in CPF v2 - it alerted me only on connection attempt! Of course this is because i’m a somewhat power user and demand full control, and this maybe not so suitable for newbie… But hey, CFP v3 is a whole different story!

If an outbound attempt is made directly by a program not in Comodo’s or the user’s safe list, the user will see an alert and get to block it. If the program tries to leak, there aren’t infinite ways how that can be achieved. It will need to take control of another program that is trusted for access by the user. But any fishy activity that doesn’t imply this can’t leak on its own, even if it’s part of a chain of actions, if you block the last action that tries to take control of a legit program, you’ll foil the leak attempt. Again, true that it’s not very smart to let malware roam your computer confident that you can confine it (not to talk about rootkits), but it’s still what many people are demanding right now.

Simply put, v2 didn’t perform all the checks that v3 does, but still it performed enough to be leakproof. Since v3 is plain more powerful than v2, I guess it can be limited to the point where v2 was.

this maybe not so suitable for newbie... But hey, CFP v3 is a whole different story!

But this is the whole point. Comodo is making these security solutions in the hope that they become popular, they’re not interested in becoming a solution for a few power users without getting brand awareness from the 99 per cent of the public.

so you want another configuration mode in CFP where you want just a firewall and just basic functionality of hips, just enough to protect against what is known as “Leak tests”?

Melih

Yes… Well actually I do not want it myself, I’ll continue to use the full HIPS. But I do think that the market is sending clear signals (Scot’s post is one symptom) that if Comodo tries to force either a firewall with full HIPS, or one that doesn’t pass much-regarded leak tests, it will lose a lot of customers.

However I repeat that I think the A-VSMART approach is the right one, and you should still promote it. Right now most users think they need a leakproof firewall but not full HIPS (or no firewall at all besides what Windows has), but they may change their minds some day. After all most really knowledgeable techies either advise to have no outbound firewall at all and don’t worry be happy, or to have full HIPS because otherwise you can always be infected if attacked by something not in your AV’s signatures or whatever. Not many people with a deep understanding of computing (and I don’t of course include myself there) will think that letting malware roam your machine but trying to confine it is a good idea. Leak tests may not be “leakproof” themselves (what if you got yourself a rootkit, it could hide any malware so your firewall can’t see it connecting even if it does so directly, right? :o), but they’re the hype nowadays, somewhat like megapixels in cameras --of course they’re important however.

So in short, I’d advise to follow Comodo’s current approach because it’s the right one. But if people are demanding something else, which besides can be provided with the same powerful program just changing the configuration, and these people will simply change to another solution if full HIPS is forced on them, then by all means Comodo should include this option along with the current ones, including the A-VSMART one which a lot of users already prefer, and which will hopefully be less noisy with ThC so many average joes aren’t so intimidated.

Sorry to repeat myself but with Scot’s post (a lot of people follow his advice) and whatnot, I started to think that Comodo may be in a turning point and may lose hardly earned user base when it deserves the contrary because it’s innovating, precisely because of trying to force these innovations on people who don’t understand it and rely on opinions on-line.

I appreciate that, and we have made it clear in numerous posts we will have that.
However having another option would not have stopped Scott making that ill informed statement.

Because you would still have a simple firewall version. So that wouldn’t have stopped Scott making that statement would it?

Melih

Yes most likely you’re right that if you provided three options (full HIPS, basic HIPS for leak protection only, and no HIPS), he would still complain that one of the options doesn’t pass some leak tests even though he gets to choose two that do, and no matter that the installer made it crystal clear. Marketing is tricky I guess, sometimes a good product can lose ground for stupid reasons, so every reason must be considered. :-\ However if you approach Scot constructively --and I don’t mean you shouldn’t let him politely know that you didn’t like his spooking article–, you may indirectly help the many people who read him and make him understand your ideas better so that he doesn’t misinterpret them again damaging Comodo’s image.

Anyway, this was just because Scot’s article was placed in my head on top of many many posts here in the forum by users who are intimidated by Defense+, or maybe they haven’t even tried it (even though in clean PC mode and used correctly it’s not so noisy, perhaps less so than CFP v2!), but then are spooked by the fact that CFP doesn’t pass leak tests without D+. This is something that has been discussed in the forums really a lot lately in different threads, even in the moderators-only forum.

Anyway I just wanted to offer this idea, even though I wouldn’t use this option myself.

Japo
Your suggestion is a good one.
we will have that mode very soon as per our postings in the past.

thank you

Melih

Melih,

Thank you for being so flexible in your approach. One of the most important aspects to security is it being used by as many people as possible, thereby reducing the number of compromised units on the net.

Now, as we know, most of us here have fairly tight machines and, to varying extents, can handle software. Out in the [un]real world of joe public, the usual ‘boxes from shopses’ have most of the default settings that allow remote control.
Joe public can’t handle pop-ups all the while, so the answer is to provide a f/w that just works unless there is a threat - then make clear what that threat means if allowed.
In this way we can stop millions of zombies and even perhaps deal with dimsh1t reviewers who couldn’t make a choice of 1 from 1!

Let me suggest 3 or 4 installation choices.

1. Pure firewall, no HIPS. This allows those who wish to use other HIPS or no HIPS to elect to do so.

2. Typical Firewall mode, with some HIPS. No reason not to be near the best on this and matching CPF2. The key is to provide a configuration option that is a “version 2” replacement. Might sneak in a few improvements of course, but none that would be very intrusive or require much user intervention. This might include much of what is in CPF3 in a mode that simply did not alert users and took action automatically.

3. State of the art Firewall. CPF3, full HIPS, in the currently “rcommended” default settings.

4. Optional tweaks and power user settings.

I suggest that the additional “version 3” functionality be listed on a checklist. This all might be done with some kind of automated process during installation, and incorporated into the menus, where each feature or added functionality would be labelled and described, with benefits and burdens, but certainly the range of options between steps 1, 2 and 3 need to be explained a little.

Frankly, the majority who do not want vesion 3 functionality are simply not fully aware of what they are gaining, and painfully aware of the costs and burdens of additional user prompts. SOME want flexibility and to substitute their judgment. Personally, I am generally willing to adopt the defaults and then tweak only with care. I strongly suggest you list a disclaimer for any choices that deveiate from CPF3 default.

Essentially, then, as you install you perhaps should be given the option to add incrementally those features that would each be reasonably well defined. Surely most will be happy with either version 2 or version 3 defaults, but you could probably guess by complaints what features are likely to be those that seem to cause inconvenience.

Scott should know better, but there was obviously a failure to communicate well.

Glad you appreciate my suggestion Melih. I just thought it would be good to address this point since it’s been discused here and there for a long time. Good to hear that you’re already on the track.

The funniest (or not funny at all) thing is that tomorrow or the day after someone with a “leakproof” firewall will get a rootkit and his machine will be zombified. And, if he ever finds out, he’ll see how good his protection really was. And if he happens to be using CFP with this limited setting, he will blame Comodo even though a full Defense+ installation would have saved him. Eurgh…

Well I guess you can’t sell someone something he doesn’t want, even for free. 88) However Comodo has made a remarkable job of educating users (of educating me to start with! :D), and you can still achieve further awareness about computer security.
(B)

Actually…

Reading over carefully… That’s a good suggestion Japo… Because I agree. There are currently 2 choices in installation for v3: Firewall & Defense+, and Basic Firewall. Basic Firewall doesn’t pass all leak tests, so its good for only some hips too past the leak tests, to be implemented as a 3rd option during installation (EG: For 3rd option discription you could have- “This option is for those users who want to pass “leak tests”- leak-poof, etc… and still maintain outgoing and incoming traffic, with the Basic Firewall, But if your not too worried about Leak Tests, and some HIPS… Go to Just the Basic Firewall (Which still offers good Network Protection… Even outgoing”

Something along those lines… Good idea! Even though I am too using Full HIPS with CFP, Its good for all users, and you will keep your customers.

Josh.

Melih, BTW willl you be adding an option for “anti leak” installation choice in v3.1 or 3.2 ?

and also CAVS 3 basic engine intergrated into CFP 3 should be released like… now?

Josh.

Anti leak mode is already added to 3.1 as per our schedule… We are launching some new exciting products around 30th of this month and this will be in it… (fingers crossed).
CAVS 3 basic engine will be in it too

So embrace yourselves for the birth of CAV 3! (don’t expect much, its just a simple scanner initially, but it will be expanded in functionality as we go along)

Melih

Outstanding!!!

Cheers for the release date, i will be looking here around the 30th. :BNC

Josh.