LSP - Layered Service Provider bypass firewall

Over the last little while I have been doing some reading on LSP’s - Layered Service Provider and how by creating an LSP would allow malware to communicate by bypassing basically any software firewall that currently exists. I was wondering if Comodo PF will ever be able to deal with this type of threat?

The concept of a firewall still brings to mind the picture of an impenetrable brick wall, the unsurpassable magic protector of all that is good. The bold statements made by today's security vendors only emphasize this, with claims of complete and automatic security, with a wall able to block all perils dead in their tracks using logic that perhaps didn't exist two years ago. But what if in reality the wall of the firewall is made of straw?

http://www.securityfocus.com/infocus/1839/1 - Part #1
http://www.securityfocus.com/infocus/1839/2 - Part #2

I’d like to hear from egemen on your question and CFPV3

No comment on your Post only that your links are page 1 & 2 of the first part published 2005-06-08
here at the links to part 2 published 2005-06-20. I plan on reading these later I have not time at this moment

Software Firewalls: Made of Straw? Part 2 of 2
http://www.securityfocus.com/infocus/1840/1 - Page 1
http://www.securityfocus.com/infocus/1840/2 - Page 2

I put your question to a dev

Thanks very much Opus Dei for getting a response for this topic. I did not think this post would ever get a reply… ;D I guess the registry monitor would offer some protection for very advanced & knowledged users, but I would bet the average user is unaware of what an lsp is, or what they should do if they were to get such an alert. Also as there are many legitimate lsps that are likely needed by the system, blocking installations of lsps would be bad as they may have been provided by the users isp for example, and without it may not allow them to access the internet. It certainly does appear that including protection at this level is not an easy thing to do for many software firewall companies. Hopefully one day a better solution of handling this protocol will exist, just hopefully before too many of the bad guys take advantage of it… :-\ Thanks again Opus Dei, and also for posting the correct part 2 of the article. :slight_smile: