Kaspersky Internet Security

The only recomended firewall from Matousec. (:TNG)


I read that 3 days ago when it was published. I bet even the small password protection feature would decrease CFP’s score by a big amount :P. We’ll get our #1 spot again when V3 is out.

I trully doubt that. Unless comodo pays them for promoting CFP. :stuck_out_tongue: :wink:

KIS does not check at all Parent process control and matousec recommends it as a software firewall? This thing only makes me laugh. (:LGH) (:LGH) (:LGH)

p.s. And they say they are independent testers? 88)
They promoted ZoneAlarm because ZA bought the results of the bugs they found. :wink:
They advertised KIS a week earlier: “Will KIS be the first secure product reviewed in our project? You will see soon.”
Maybe hey should revision what indipendent means. :stuck_out_tongue:

well, matousec always made it clear that it likes HIPS in the firewall…

ours is a humble firewall at the moment (:WIN) it will soon blossom into a real hot product with v3 with HIPS built in :slight_smile:

Lets not forget… ours is still v2… we only have been doing this last 2 years… We got a world beating product in 2 versions (:NRD) and under 2 years!

We only started… (:NRD)… we are having fun (:KWL)


I’m disappointed, pandlouk. Have you no faith in Comodo? (:AGY)

I don’t know about that…I remember when they first published the ZA results (this was way before they bought the bugs) the negative review was already there and hasn’t changed.

I don’t know if that’s advertising or just a hint, but IMO Matousec must realize that it’s nearly impossible to achieve his definition of an ideal firewall. Maybe he’s tired now ;D. Here it states he’ll only recommend a firewall if the score is less than 2000 points, and yet KIS has a score of 11916:



KIS implements a very interesting security related feature called Rollback. The Application Activity Analyzer component closely tracks the actions of any programs that runs in the system. If the application is to make something dangerous, the prompt appears. The users are able to check the list of all actions the application made and base their decision on this information too. Moreover, if the dangerous action is blocked, Rollback can be performed, which means that all tracked activities like registry modifications, new file creations etc. are reverted by KIS back to the state before the blocked application started.

I thought this was interesting.

Well, it looks like they’re stilling comparing, as far as their “reviews” go, rather than 2.4. But their leaktests show it passed the Coat on default settings, so that must be 2.4. Hmm… At any rate, we’re still in #1 on Leaktests, and in #2 next to KIS overall (which is at least in part, 2.3). Can’t wait for v3, since that will satisfy their HIPS requirement.

I was just pleased to see that the firewall on my wife’s 98SE machine is only rated “Poor” on leaktests, rather than “Very Poor.” What a relief! ;D Still, that’s better than nothing, I guess. It’s definitely better than the XPFW!


I’ve been looking at Matousec’s site a little more, and found something somewhat disturbing…

You can check out this page, for what I mean:


Look down to the “References” at the bottom of the page. You will see an entry for Securiteam. Following that link, Securiteam gives credit to Matousec for revealing to them, this bug in the firewall. Then they go on to give code to specifically invoke the bug…

Now, I only looked at Matousec’s Advisory entries on Comodo, but each one of them had a link to Securiteam, where code to invoke the bug was given.

Have I missed something here, or is Matousec/Securiteam actually teaching users how to bypass Comodo FW? Or has Securiteam just bought this info from Matousec and are reproducing it on their own? Or, have I just completely misconstrued this, and it’s actually entirely innocent?


mac, without visiting those links you provided I’m not surprised if Securiteam did buy those bugs because Matousec already announced it on his site that he does sell to inquisitive parties (but not hackers/crackers) for research: http://www.matousec.com/projects/windows-personal-firewall-analysis/top-five-comparison.php

R: You sell the information to hackers, they have enough resources to buy your findings. M: This is not true. We always contact and deal with the vendor in the first place. The possibility to buy our product is open to everyone because we think that this can be an indication for vendors that our findings are real. Moreover, if we sell our reports we always require to know who the buyer is, so there is no chance to buy our reports anonymously. We also want to offer the possibility to buy our reports for independent researchers who are interested in this field. If any of our results are misused we will always cooperate with authorities if they contact us..

Oh I’m aware of that; there was a bit of a hubbub here when they first tested Comodo, wherein users were concerned about them selling it without concern for who might be getting it.

I don’t know enough about code to know what was posted on Securiteam’s site would do, but it seems as if they were posting the methodology to invoke the condition/bug. That said, if these details are publicly posted on some website, wouldn’t that be inviting trouble? It would seem (to me) that in order to maintain respect/trust amongst vendors, that Matousec would put some caveats on how the information could be used if sold to someone other than the vendor in question.

Granted, I do not know anything about any agreements between any of the parties involved, but it kinda made me wonder…


If you want to know you can email them.

I have nothing against the man, but his site raises red flags everywhere (read doubts). He does seem to know his business, but ethics… hey, this is subjective, i can’t say more that’s for sure.

Every FW has a comment basically stating it’s crap. Now there’s a suite, not a FW, that has all the right things. The others have vulnerabilities for sale…

I don’t know about you guys, but red flag!

Comodo’s part is: passes everything, but, fundamentally, buggy…

Okay, so I emailed Matousec Transparent Security, to see what (if) they would respond with.

Here’s my email to them:

> Dear Matousec Transparent Security, > > I have been using Comodo firewall for a while, and have recently been > digging through your site a bit, reading your Advisories on version > Quite naturally, there's some partying going on about the > leaktest results on version > > Something about the Advisories concerns me, though, and I wanted to ask > about this. At the bottom of each one, there is a section titled > "References." Within this section on each Comodo Advisory (Comodo were > the only ones I looked at), there is a link to an organization called > Securiteam. > > I followed the link to Securiteam, where they give you (Matousec) credit > for bringing this bug to their attention. Then they have, publicly > displayed on their website, what appears to be code to invoke these > vulnerabilities. > > I realize that your organization sells the results of your testing to > pretty much whomever wants them. What concerns me is that IF that is > indeed code (I'm not a programmer) to invoke the vulnerability, why is > someone you sold it to publicly displaying it? Would that not invite > hackers? If indeed that is such code, do you not stipulate on the sale > thereof, some guarantees of usage? > > Thanks for your time,

And their reply:

Thank you for your email and your question.

At first, let us assure you that our results are meant for the product vendor in the first
We do not sell the results to ‘whomever wants them’ as you write. We publish a
report every 14 days that is true. We publish it with full source code that makes it easy
to third party security teams lke SecuriTeam to verify the vulnerability.
For all vulnerabilities we publish, the code is always downloadable from our site
and this is where SecuriTeam got it from. They did not buy it. The code has been available
free for everyone, since we publish the vulnerability.

We do not share your concern about inviting hackers. We are sure that computer criminals
have enough knowledge to find vulnerabilities on their own. Moreover, they exploit
similar vulnerabilities for very long time. The main effect of publishing the
is not that some less skilled criminals gain a weapon to use, the effect is that the
becomes aware of the vulnerability, fixes it and closes at least one way that could be
used by
malware writers.

For malware writers, it is alwas bad if a vulnerability is described and published.
They mostly use those vulnerabilities that are not publicly known because only such
vulnerabilities are not going to be fixed in the near future. On the other hand are
vulnerabilities. These are not much interesting for malware writers because that is a
chance that these vulnerabilities will be fixed soon. So, very likely, the problem is not
in what we publish, but in what we do not.

This is our point of view and we are sure you can find many people with different
But we believe our arguments are valid and our approach will result in our goal, which is
to make desktop security products more secure.

Kind Regards,

Matousec - Transparent security Support

That clears things up a bit, for me at least.


Ok, i don’t hide my head in the sand, i admit it has logic.
So why do we have the impression that he sells it? By his reply, it seems that it’s freely available.
Anyone is aware of what exactly he does?
I do recall that he sold the bugs, but now i’m lost.

ZoneAlarm and Sunbelt (I’m surprised you didn’t know about this, Someone) purchased the entire bug package from Matousec.

As I see it, about once every 2 weeks he publishes a bug from each of his extensive FW reviews. He notifies the vendor a couple weeks ahead of time before they are public. If this pattern continues eventually all of his bugs will be released without the need to pay him, but that could take years. 88)

Comodo is the number 1 in leaktests and 2 in overall rating, but Comodo is FREE, i musn’t pay for install this great FW, but KIS, is it FREE?.. 60€ of payment :smiley:
With CFW v3 it will be THE BEST and STILL FREE