Major UI usability improvements

Some of these are Defense+ as well but they are critical additions IMO:

  1. Firewall popups should have a link to WHOIS for the IP address.
  2. Firewall popups should allow you to easily choose a mask/range of IP addresses to allow. I shouldn’t have to go to my Network Policy and go consolidate them myself (208.111.0-255.0-255].
  3. Registry Defense+ popups should allow you to easily choose a parent key to allow all sub keys/values: For instance I shouldn’t have to deal with 6 popups when something tries to update the ‘Policy’ registry settings.

Select trusted application in the popup.

LMAO. Now this is serious!

Firstly, how will you benefit knowing results from a “whois” search? Viruses, malware, trojans, and badware in general do not discriminate, and are not racist, therefore, all such occurrences can come from any country on Planet Earth.
-Malicious coders can release arbitrary code behind proxies.
-If a botnet is used then results from a “whois” search will be useless.
-Badware (i.e. worms and malware) are generally hosted away from the actual author’s and/or releaser’s website, then collaborated.

Secondly, the .exe “phoning home” should already give you insight to whom it is trying to connect to.
Adobe, for example, have IP addresses in various countries.

This is unwise. This is also a sure way of allowing badware to render your OS useless. Every child/sub key should still be reviewed, irregardless of the parent key. Do note that even (so called) “trustworthy” vendors (such as Sony in the past) at times install hooks which only compromise your system.
It pays off to evaluate every entry occurring and changing in your registry, for example.

Cheers. O0

[at]HeffeD: I know you aren’t actually trying to help, but just so we are clear I don’t trust my applications. I don’t think anyone should. I do not like apps that phone home. I do not trust apps, I only allow them to do things I want them to. Then if they are compromised I can actually do something before they try and add something to the ‘RunAtStartup’ registry.

Examples:

  • SvcHost/DllHost: being able to block or allow a range of IPs would be very helpful, especially in the context of Whois. Specifically, Microsoft has recently started using Limelight CDN for
    windows updates…Whois allows me to just allow their ranges of IPs for SvcHost.
  • I plug in my WinMo PDA/Mobile…what happens? Windows tries to contact some server on their network.
  • I install some application like ‘Handbrake’…tries to phone home.
  • Logitech Game Profiler tries to hook every application repeatedly.
  • World of Warcraft tries to get Debug privileges for it’s warden. (Yes, mock all you want)
  • Java…tries to phone home and do stuff all the time. I need it for Eclipse, but I definitely don’t want to ‘trust’ it.

[at]Aberrant: You seem to think I am worried about keeping people out…I am worried about keeping things in. As far as your registry observations…not sure how being able to
'Allow HKLM\Software\SomeSoftware\SomePolicy'
rather than having to do 6x that for:
‘Allow HKLM\Software\SomeSoftware\SomePolicy\Policy1’
‘Allow HKLM\Software\SomeSoftware\SomePolicy\Policy2’
‘Allow HKLM\Software\SomeSoftware\SomePolicy\Policy3’
‘Allow HKLM\Software\SomeSoftware\SomePolicy\Policy4’
‘Allow HKLM\Software\SomeSoftware\SomePolicy\Policy5’
‘Allow HKLM\Software\SomeSoftware\SomePolicy\Policy6’
isn’t a helpful option.

Point is, if I allow it, then it is on me. I am asking Comodo make my job easier while still maintaining the level of control and security I desire. If you aren’t running at least at the Custom Policy Mode, with the Alert Settings set at Very High, and Defense+ at Safe Mode, then I doubt we have the same goals.

???

Well, I thought I was trying to help… That’ll teach me… :frowning:

Sorry if you were serious, but ‘Select trusted application in the popup’ is probably the most overused reply in these forums. It is like killing a fly with a shotgun. You may get the fly, but you do a lot of damage in the process.

The point is to maintain security while reducing the number of popups, not reduce the number of popups at any cost. For instance, if Adobe Reader or Firefox or Outlook decided to to modify some registry settings, it may make sense in certain cases, but they should NEVER be ‘trusted applications’.

It already annoys me to no end that I have to leave Windows Messenger and Skype pretty open as it is since they are all over the place port-wise.