Leak Protection doubt...

Hi,
I ask for mercy, but with my prehistoric dial up 24kbps connection I can’t browse too much in other threads, you should see how it looks the screen when I scroll pages…
Anyway I searched a bit, and I have found nothing really clear (to me, novice) about Leak Protection.
What is the difference with Defense+?
Ok, let’s do it clean:

  1. If I have Windows Defender and Avira free both running with real time protection, and I use Comodo as Firewall, do I need Defense+? What do I gain?
  2. What is this Leak Protection? I installed Comodo without Defense+, and it asked if I wanted at least he Leak Protection for better security. I felt intimidated, as if by answering no I was insecure, so I said yes. And I see no Leak Protection anywhere, I instead see Defense+ once again. SO I did a serch in this forum, and I see that they are the same, just a diffent aspect (or level) of the same thing. Someone wrote that Leak is Network security, Defense is Optimum security.
    Well, I read that, and I understand WORDS, but I have no idea what they are saying…
    Can someone explain me better, to let me understand why I should install Leak protection or Defense+ or nothing?
    If there is a written manual which explain all this in a clear way, where can I download it?

D+ is a behavior blocker and makes Comodo more then a firewall. If you you want the best protection the install D+. I run Comodo with D+ on both my pc’s and see no reason not to. No questions needed. Read here.

Well, thanks for the anwer, but I still do not understand.
I understand that I need time, and I should read carefully the whole help file and browse a bit more the forum.
About the first, it will be easier, as I can do it offline. About the second, as I told you, I ask for mercy as with my connection I need minutes to charge each single page.

I will try to point the situation better:
I decided to use ONE Firewall, ONE (real time) anti spyware-malware, and ONE (realtime) antivirus.
(I have other programs which I do not let run in real time, and I use them only for manual scanning, weekly, just in case…).

So, I would like to choose well.
As firewall, few doubts, it is COmodo.
As antivirus, few doubts, it is Avira.
As antispyware-malware, well, I searched a bit for a good free one. FInally I have read a comment on Gizmo, about Windows Defender. If they are not wrong, it is a very good program.
I am open to suggestion.
BUt, starting from this point, with these three programs running, what exactly does the Defense+ add to my security? I t may be granted to you, but as I am newby, for me it is a mistery.
Possibly I would not need any defender if I would be able to configure well the firewall and the Defense+, but at the moment I can’t. So, the defender protect me (or it should) silently.
The Defense+ confuses me, as I have no idea of what to do, and very most of the time I am offline and I have no internet connection available, so I can’t check to see what the Defense+ is asking me, I have to guess by myself if say yes or not.
It is frustrating.
So I decided to deactivate it.
THere are alternatives, to make it less invasive, without deactivating it?
As I told you, in the last attempt I installed COmodo without Defense+, and it asked me if I wanted Leak Protection. Well, possibly because of çmy connction, but I had found nothing clear about the Leak Protection, and as I see all the Defense+ option activated (apparently), UI ask to myself what do I have to do…
AM I clear?
I need something which does not confuses me when I am offline and I can’t check the web about a certain file or alert message.
Is there a way to configure Defense+ to do this?
Is Leak Protection better?
But, what is Leak Protection??? I do not see any “Leak Protection”, I installed it, but I still see Defense+ and I do not know how to configure it…

Sir Joe.

Welcome to the forums!

COMODO Firewall Pro version 3, As you probably know is pretty much a “new product” that was launched on 20th November 2007. We introduced Defense+, UI Enhancements, Re-Engineered Network Firewall, etc.

There is a difference between Defense+ & AntiVirus/AntiSpyware Software. Defense+ is an Host Intrusion Prevention System Which uses “PREVENTION” Technology instead off “DETECTION” technologies. There is a HUGE difference! Detection would be your Anti-Virus Software (For Example, Avira as you mentioned). What would happen with Avira is that the program needs “malware signatures” which identifies threats as they come out (Researchers of Avira would research these malware, and then they would need to update the signatures!) This take ALOT of time, If the signatures don’t get updated in time for the malware, You will be infected because it was not “detected”.

Prevention (Talking about Defense+), On the other hand, Uses A-VSMART Technology (Virus, Spyware, Trojan, Keylogger, Rookit, etc) Protection & the HIPS don’t need signatures! Defense+ uses behavior type, Therefore for all unknown applications entering your computer Defense+ will Alert you. Infact, It’s proven 60% off UNKNOWN malware is blocked by Defense+.

I’ll try and make it easier for you to understand:

Avira Anti-Virus- DETECTION (It needs malware signatures)
COMODO Firewall Pro with Defense± PREVENTION (No malware signatures).

Please also read the following:
Understanding CFP 3
Prevention Vs Detection
Detection, Prevention & Cure

Read the Help File in CFP 3 too please. Carefully.

If you have further Questions, please ask.

Josh

Thanks! (:LGH)
I am saving those pages to look at them well…

I will let you know…

In the while, tell me, what is the difference between HIPS ant the Heuristic used by many anti-whatever programs?
I also swa a program called ThreatFire, if I remember well, suggested by PC Magazine, which claim to be a new kind of Anti-All, with no signatures, discovering threats from their behaviour…
Their words sound like yours…
I understand perfectly what you say, and please be sure that I am not underestimating Defense+.
I just want to understand better how it works, how to configure it to use is power well, and to not go crazy with popups, and especially, what I am saying is that many times it alerts me about thing which I do not know what to do. While installing Roxio Creator 9 it alerted me all the time. In theory it should be a safe program, but as many programs put strange things in your pc (and I had not liked the invasivenes of their update manager which stay there even after unistalling all), I had no idea if Defense+ was alerting me of something bad or if it was all ok. I mean, it alerted me that the program was trying to change protected registry keys. Maybe because I am newby, but it was scaring…
DO you understand me? Defense+ can be wonderful, but I do not know what to “answer” it, I do not know the 75% of the time… And as I am offline 6.5 days a week, I can’t easily check in the web to see the nature of that file…

But I will read all that material.
In the while, As I had not yet installed it after the last formatting, I will installing it with Defense+ and leave both in learning mode till the next “go in town to chek the internet”…
(:WAV)

Read Info I provided! :slight_smile:

ThreatCast? Is like HIPS, But don’t use it b/c HIPS too conflict. D+ is more powerful. Clean PC Mode will suit your needs for Defense+ (You wont receive ANY alerts for your installed apps, but unknown ones will be alerted to you).

Hysterics TRY to identify unknown malware, While D+ Auto dennys it!

Defense works with: Default Denny… Your name is not on the list your not coming in…
Other HIPS: Default Allow… We will CHECK if your safe, Try to see if your malware and try to stop you.

Also during installation make sure you “Treat this Application as installer/updater” You will get 0 pop ups during installation AND uninstallation :slight_smile:

Josh

ThreatFire, http://www.threatfire.com/.
To be clear, I am asking just to understand better this of HIPS, not to do a challenge.

Anyway, in my actual ignorant point of view, only if I am SURE that I can trust a program I can put Comodo in installation mode.
The matter here, for me, it is not a “I am bored of alerts messages”, but a “I do not know if this attempt to do this or that must be allowed or denied”.
Possibly in the D+ list there is not a program which I am installing, and I am offline, and I do not know what to do. This is what happened to me.

So, possibly this is a limit of the “me and Comodo” relationship… And I must leave with it.

But I’ll read that material first… (:WIN)

If your pc is 100% clean then there is no reason not to trust any program on your pc. Install mode is ONLY for installing something. D+ is very easy to understand if you read the alerts clearly. I know every program running on my pc so I don’t doubt anything.

HIPS: is a term widely used for controlling critical resources like running executables etc. If you have a good hips then, in theory, things can’t execute without your approval, cos it asks you about everything.

Heuristic: its a glorified signature. instead of having a specific signature it uses generic rules to identify a malware. Issues are False Positives and virii authors check their creations against well known AVs out there including their heuristic and make sure their creation is not detected before they release it. Its useful as one of many layers in your defense, but should NOT be your first line of defense.

Prevention should be your first line of defense
Detection is your 2nd line (and in this detection you have AV, heuristic etc etc)
Cure is your last resort.

If you have a clean PC, then lock it down with “Prevention” so that noone can infect it! If you want to run some application you don’t know and you can’t trust, then first check it with AVs etc. Even though checking with AVs is no guarantee that its not a malware (cos AVs can only catch what they know), its better than you running something you don’t know blindly.

hope this clarifies things a bit.

Melih

Good point Melih. Better yet if your pc is clean you want to test something out then simply run ir or install it under a sandbox. When your done then empty the sandbox and there will be no traces of the program you were testing. (R)

Yes, quite much.
Now I understand much more the difference between HIPS and Heuristic.

I usually do what you suggest, when I have to run strange things I scan them with each single anti-something program that I have, but actually I do not even run anymore strange things.
I mean, the only strange things I run are free programs to increase my protection, as A-squared (I call it “strange thing” just because I had never heard about it, and I was afraid it could be a false friend), Sandbox (yeah Vettetech, I have it, but I had not yet learn how to use it), ■■■ (it is an anonimizer. Correct me if I am wrong, but in some way I associated its work to the work of a Firewall. In ZoneAlarm, I remember, there was an option to make you invisible in the web. When I have read ■■■’s functions in Gizmo site, it made me think about that, and I thought that it was good to be invisible. Even if, just now, in this precise moment I am writing, I am realizing that to be “anonimous” is not to be “invisible”… Well, not in the web. Maybe in the society it is! (:TNG)

But I do not visit ■■■■■ sites, I do not use craks, I do not (still) use Emule, I do not use chat or messengers.

Also for this reason I am so impressed (and scared?) about this bloody dwmapi.dl (may I say bloody? In Dell’s forum it was automatically deleted, then I changed for a series of @#! and I was alerted by a moderator -and the funny thing is that I was referring to my bloody slow dial up connection!-)…
I mean, how can I be sure anymore, 100% sure, that my notebook is clean, if even after TEN formatting and clean install I receive alerts about dwmapi.dl?
I mean, I lately was sure that it was just an error in Comodo database, dl for dll, but nor they (in the other topic) are apparently finding something strange in Threaljobe netstat log, and I wonder, if it is related to dwmapi, then I am infected too???

Do you understand me? I do not feel 100% sure, even if in this precise moment I have a notebook freshly formatted ans clean installed, and NOT YET connected to the internet!
It sounds crazy, at least to me… I do not know if I want to keep worrying.
What can they do? Steel my datas? I do not have money, I do not have credit cards, my life is simple and without any scandals, what can they do, steel and read my letters to my friends? If they wish, they are wellcome.

I don’t know. I don’t know… (:SAD)

LOL. Why are you so paranoid? I do visit porn sites. I do visit warez sites. I do download music from Frostwire and still not ONE infection in over 5 years.

(:CLP) (:LGH)
Well, I used to be much less paranoid. This dwmapi started the process of paranoidizing myself. And just when I was sure it was nothing, they are finding something suspicious, and even worse, I am told that yes, malware can be there after a format and clean install.
Anyway, know what?
I go for an Ice Cream, and I bet the malware to try steeling it! (:AGL)

If you write zero’s to the drive there will be no malware left. Then do a low level format. Erasing Windows and then reinstalling it can leave things behind but writing zero’s to the drive will completely erase everything.

Yes, it is what I was told in dwmapi topic, but, as I answered there, how can I write 0 and low level format C, if C is where OS is? I should first backup datas in D, and write 0 and low level format D (if malware can install in D. I have no idea.), then install OS in D, and do the 0 thing in C.
Am I wrong?

Sincerely, does it worth? I mean, we are not even shure that this dwmapi thing is malware…
I would wait a bit. If someone find something, they should probably be able to pubblish some cure.
At the moment, no software has found anything. Ok, AVG antirootkit found something (but not in the other guy pc, so possibly it is not connected), then there is the mistery of the riskware in a s1.tmp file in a Comodo folder, and then I had two gif in a offline page in D, which some program found to be suspicious, and I deleted them.
So, at the moment, I am clean or infected by something not known. I can write 0 till the moon, but if I put back my datas in D, and they can be infected, we all still at same point.

I would wait.
Please tell me that you agree, I am vulnerable in this moment and I need you to tell me that I should wait, so I can turn off this pc, do something else (as I am doing this since a week non stop), Ice Cream, etc…

Should I wait? (:AGL)

I have 2 Seagate hard drives and it comes with a bootbale cd to write zero’s to the drive. What kind of hard drives do you have? Is this the program? The dwmapi.

Leak Protection is a subset of all that Defense+ can do, tuned towards preventing leaking of information.

ThreatFire and Comodo Firewall 3 both work on the concept of behaviors. Comodo lets you decide what individual behaviors to allow or block. ThreatFire, on the default settings, looks at combinations of individual behaviors and prompts you when it appears that malicious activity is occuring.

Nope, I have a notebook, Dell XPS M1530, one HD, seagate 160G 7200rpm.
Configured in ATA, because this is what Dell suggested, even if now a frien told me that AHCI give better performances (even if I have no turbo memory…).

Who is that guy, Cuba G. Junior after a diet?
Anyway, I see you not prepared about the theme (:NRD)
If you have the time and courage to scroll the 4 pages of dwmapi topic, you will understand, if not, I will do a brief sintesis here, just a bit: Comodo (apparently onlythe last release) alerts of some programs (IE, WMP, FIrefox, and some things more) tring to install hook dwmapi.dl (DL, not DLL!!!) in system32. Both if we say allow or deny, no dwmapi.dl is never ever found in the system anywhere.
The other guy, Therealjobe, says that he has got the dwmapi.dll (the good one) always there.
I think to remember, 85% sure, that when I installed Comodo as the first program after a clean install, and it alerted about this, and I said deny, well, I had no dwmapi in s32, nor DL or DLL.
While when I said allow, the DLL appeared in s32.
My theory is that is an error, transcription error, in the database of names which Comodo uses. It should say DLL but for some error it says DL.
But they have lately found some suspicious events in a netstat log from Therealjobe computer.
For this reason I am worrying again.
But, as I have no more time to devote to this, I can’t allow myself to worry anymore.

(:KWL)

Hi MrBrian, you have my attention.
Can you explain a bit more about how ThreadFire proceed, and what is the pro and contra with D+?
Thanks… :slight_smile:

See review on ThreatFire at ThreatFire 3.5 | PCMag for more info about how it works.

I personally use Comodo Firewall 3 on my own machine, because I think i can do a better job than the analysis system of ThreatFire. For another person in my family who is less experienced, I installed Comodo Firewall 2 (not v3) and ThreatFire. See post #5 at Official Site | Norton™ - Antivirus & Anti-Malware Software for advantages of ThreatFire. Comodo Firewall 3 has advantages over ThreatFire, but I never made a list because nobody asked for one.