matousec and comodo

(:SAD)

This is Matousec conclusion :

"The positive on the security of Comodo Firewall is its excellent ability to fight against leak-tests. It probably was a priority of its vendor to pass all leak-tests. Only the Coat test was able to bypass its protection but we have been informed that the next version of Comodo Firewall will handle this one too.

The implementation of the security design is very superficial. Today’s malware creators would not have problems to bypass the protection of Comodo. The development of this firewall probably missed independent betatesting of its security features because the number and the nature of bugs we have found in it is alarming. This is why we can not recommend Comodo Personal Firewall as a personal firewall solution to anyone who require the real protection against today’s malware."

Any comments on that ? I hope this is old news ? ???

Well we did discuss this in the forums earlier…

however, we are still listed as the Best firewall! So by using Comodo you have the best possible available firewall… i think this is good enough :wink:

Melih

Yes it is…search in the forum after “Matousec” and you will see some threads about this subject!

In the forum “Firewall Leak Testing” there are some discussions about Matousec-tests.

What Matousec said is as valid today as it was in November. Comodo does a good job as a FW. No two ways about it. But it is easily defeated, and as a consequence you have to ask yourself if satisfactory for your needs. If you aren’t behind a router and connected directly to the net… well you are stepping into a mine field unless you have a strong AV (KAV or NOD32) and HIPS such as SSM or PG. I realize my saying this probably grates on some of the Comodo people.

Part of the problem is the apparent lack of a proper Beta testing program. Some very knowledgeable people have evaluated Comodo and found it wanting in many areas. A good read with all the pros and cons can be found over in the firewall forum at Wilders.

Maybe it is just me, but I get the impression negative comments and evaluations are taken as heresy by the Comodo staff. Certainly nothing is perfect, and as I and others have pointed out, Comodo has many good features. But it lacks some of the basics, No configuration back up (There is a script to do that that was written by Rotty. No password protection. Yes it is free and Comodo has been clear about their reason for offering this as a free product. But from a marketing point of view… I wonder if they are perhaps shooting themselves in their collective foot, given the serious security issues as Matousec and others have pointed out. If this is suppose to be a flagship firewall. It seems passing the leaktest has been the be all and end all, and in trying to accomplish this goal much was left undone that is coming back to haunt them. I realize they are planning on adding HIPS by March… but come-on guys… not even something as basic as password protection yet.

hillsboro

That’s totally unfair!

I would like to challange you to show us another firewall provider who has listened to its users and implemented user’s wishes as quickly as we have! Positive or a negative wish, we have been working through that wishlist constantly and building the product to be better and more efficient and we continue to improve every day.

Some examples: Our first version did not do too well on the leak tests and our users said we want the best protection against leak tests, and we delivered it! First version did not do well on the termination tests, our users said we want the best protection against termination tests, and we delivered it! Matousec said we don’t pass COAT, and we fixed it! Our users said they want a firewall that consumes less memory, and we delivered it. Our international users said they want the firewall translated into their own languages, and thanks to all the great help we got from our translators in this forum, on 4th Jan we will deliver over 13 new languages. Please note that, all of this, and much much more, was achieved under 12 months!

Negative or positive, we have been always responsive and its very discouraging to me, personally, to our developers and to our community to have people not appreciate and recognise all the good work we have done.

Comodo firewall is one of the best firewalls around! From leak tests to termination tests to its optimised engine design! It simply is one of the best!

of course now with ver 3 you will have everything you need/want plus more. Just look at the progress we have made under 1 year from an unknown firewall to one of the best firewalls in the world. This Research & Development Engine will not stop and continue its momentum. All our users will have their wishes!

Melih

Dear Hillsboro,

you can see the answer at your statements here. ::slight_smile:

Melih,

I am very sorry you feel I have been unfair. It was not my intent to cause a flap for the sake of starting a debate or causing ill will. A question was asked and I sited some examples I found regarding Matousec’s assertions regarding Comodo’s weaknesses in some basic areas.

Melih, I have said nothing that hasn’t been said by some of your most loyal and staunch supporters. The OLE/COM issues is one of the sore points that others have mentioned that isn’t being addressed, as is the password matter. If it would help, I will discuss this by PM or email with you and will cite the points that have been made by some of your supporters since day one and as recently as 3 days ago. I didn’t bring it up to you directly, because I am sure you are aware of it too. I used the term heresy because when I have seen the matter of the OLE/COM problems brought up they were either ignored or pointed out that is wasn’t a flaw, but a “feature.” I am sorry Melih, but the OLE?COM reporting an application trying to gain access to the net when in fact it isn’t, is, in my estimation not a feature. It is a flaw.

I use Mediamonkey to play MP3’s… I have blocked Media Monky and all the DLL’s from accessing the net. Yet if I open Firefox or Opera to access the bet, Comodo’s OLE/COM throws up an alert that MediaMonkey is trying to connect to the internet through Firefox/Opera when infact it isn’t. I have logged it through process explorer and portexplorer. It doesn’t happen even if I give it permission. This is a feature? How is it a feature? And that was what I was told by one of your staff when I complained about it 2 days ago, along with the vulnerabilities opened up from a human interface aspect (the cry wolf scenario).

I complained about an obvious flaw and was told it was a “feature”, as if I didn’t have sense enough to realize it was a feature. It was if what I said was heresy. Hence my choice of term.

Again I am sorry if you took what I said as a personal affront, Melih. All I would ask is you put what I said in context with the reply I received. To me that isn’t listening, and I am not alone.

If you care to I will be happy to PM or email you and cite examples of constructive criticisms by others that were either ignored or rebuffed by Comodo Staff and others who have voiced much the same as I have here on this forum. I am not against Comodo… I would like to see you succeed with your endeavors. I do realize that there are a lot of man-hours invested in this project. I would even be willing to purchase a solid no nonsense firewall. You are very close to what Jetico had going with their 2.0 beta, but without the very steep learning curve.

Happy New Year!

Yes I am aware of those stats. See my reply to Melih. It isn’t what Comodo is doing right… it is what it is doing wrong that undoes so much of it. Sorry if this is found to be offensive. That is part of the problem here, Comodo lost some very good people who could have helped but their constructive criticisms were unwelcome and they, like me have moved on. What Matousec said is very valid regarding the serious flaws in Comodo (what good is the lock on the door if you leave the key in the lock). Yet I haven’t seen any of the “loyalists” or staff even acknowledge the merits of those issues… A couple of days ago I called that approach as Ozzian (the pay no attention to that man behind the curtain, scene from “The Wizard of Oz”)

What good does it do to have the best lock in the world if you leave the key in it? The lock becomes useless.

I will go away now as all I seem to be doing is spreading discontent here

Well the problem is not, spreading or not discontent. The problem is making statements like:

  1. Can you please explain it a little better? How will a router save you?
  2. How will a strong AV will prevent it?
  3. How can hips prevent a script to run from a webpage?

CFP has bugs and it can be taken down. But in the worst chase possible it will leave you without connection!

For 1), i think he is talking about routeur with SPI enabled.

ALG

(R)

Moderator removed comments could have been interpreted as offensive. Ewen

Heck I play with HIPS such as prosecurity, SSM, PG (■■■■ outdated ****), sandboxes like defensewall,geswall,sandboxie,bufferzone so i know them all inside out. I tell you they are nice toys but totally unnecessary if you know what you are doing. And they are full of security bugs as well for the same reason as comodo firewall because no one carries out a security audit on them.

Why do I say that? Because my friend who is a security vulnerability researcher took just 30 minutes to find multiple vulnerabilities in some of the HIPS that wilders people love so much…
He told me that the number of buffer overflows exploits in them was astonishing and it was obviously coded by people who had no conception of coding defensively.

Of course, all the ‘experts’ in wilders are totally clueless, the only thing they know how to do is to run stupid leak tests.

Part of the problem is the apparent lack of a proper Beta testing program. Some very knowledgeable people have evaluated Comodo and found it wanting in many areas. A good read with all the pros and cons can be found over in the firewall forum at Wilders.

*** *** I **** *** *** ****** ******** (Mod edit). Wilders has many pros and knowledgable people but they are all in the Antivirus forums. There is nobody of that caliber in the firewall sections.

The only two people who are somewhat competent are Stem and Paranoid2000, and even they are just at system administrator level and not outright security pros.

But it lacks some of the basics, No configuration back up (There is a script to do that that was written by Rotty. No password protection.

I do agree about the password thing. You don’t need to be knowledgable to write a script that can shut comodo firewall down so easily using this method. It’s a pity they don’t add it, since it’s such an easy thing. Particularly since they have done all the hard work of armoring it against anti-termination attacks. Seems to make all that hard work pointless if they don’t block such a simple attack.

But really if you think comodo firewall is easily bypassed and that you need a router, kav/hips to protect you from the super hacker, please point out how obvious weaknesses of commodo fw besides the password thing.

Matousec

To do well in Matousec test you need to have a full blown HIPS. It’s obvious in the methodology they are expecting a fully locked down local system. Without that there is no way any firewall will get a decent rating. Comodo firewall is as close as you can get without hips.

Wow… I am awed and humbled by the eloquence of your arguments and incisive observations. Your insights and command of the English language in truly inspirational. Your approach has a rather quaint way of getting one’s attention and gaining thoughtful consideration for your compelling arguments regarding the depth and breadth of your internet security knowledge while others are so sorely lacking.

Your observations about me and the people who frequent Wilder’s and use Paul’s site as a customer support base leaves me at a loss for words that would adequately express my feelings. No one from the firewall end of security is there eh? For starters maybe you should tell that to Nail, from Jetico, or Don from Kaspersky, or Paranoid from Agnitum… who are there quite often and seem to have the ability to discuss issues, differences and problems without the need to compensate for limited vocabulary by name calling.

You are the ideal spokesperson to come rushing to Comodo’s defense against my loathsome, mindless and let’s not forget “Stupid and Clueless”attacks on Comodo. Perhaps they could appoint you director emeritus of their public relations department, and debate team.

Suffice it to say I will take your compelling observations about me and others under advisement.

Yes that is what I meant… NAT and SPI. Thanks for clarifying it. Basically a router will, among other things sealth you. Without a router you have to rely totally on your firewall to protect you from scripts being sent from the outside, … Actually many of the DSL and cable modems/gateway boxes, have a built-in NAT router. If you run any of the stealth tests with a NAT router in place it is the Router that is stopping the traffic.

Firewalls, like Comodo, are meant keep nasties out but more importantly they are meant to keep a nasty from calling home in the event you become infected by mal/spyware… Much of the falp here is how well Comodo does that job, I and everyone else says it does a good job of that… It protects the user, but it doesn’t protect itself from being shut down by a script that may infect your system. That is one of the first thing any malware is going to try to do; shut down your security. Once that is done, any information on your computer is theirs. They own anything on your computer. Think Identity theft for starters…

That is what I and some other have been debating about here. Comodo needing to protect itself. I am not a programmer, but I wouldn’t think it would be that hard to passowrd protect it from shutdown

Here is a page that tested the same version as Matousec did checking for termination of the firewall. This might shed some light on how far along Comodo is when it comes to termination of the firewall processes since this seems to be what this discussion and related concerns are about. Comodo comes in 3rd in this test.

http://www.firewallleaktester.com/termination.php

I think that everybody would consider this outfit to be reputable and respected. This has been posted before but I think it has been forgotten and needs to be pointed out again.

jasper

Apologies Hillsboro - I editied out the blatantly unfair bits, but left the rest. It’s just his opinion and the opinion of his “friend who is a security vulnerability researcher”. ::slight_smile:

Cheers,
Ewen :slight_smile:

The truth hurts. And yes I apologise for being rude but the truth hurts.

No one from the firewall end of security is there eh? For starters maybe you should tell that to Nail, from Jetico, or Don from Kaspersky, or Paranoid from Agnitum…

#1 Don is from Kaspersky? Check your facts. Don is the #1 fanboy of kaspersky, but he is not a developer. And the last time i checked he loves the AV component anyway more.

#2 I already mentioned Paranoid who is competent, but even he isn’t a developer , just a mod on their forum.

#3 Nail? wow 2 posts on wilders posting Jetico updates makes him an active member of wilders?

Want to try again? My oh so eloquent friend? Maybe you can bring more facts to the table? Rather than to assume that people who know more than you (not difficult obviously) are experts…

You are the ideal spokesperson to come rushing to Comodo’s defense against my loathsome, mindless and let’s not forget “Stupid and Clueless”attacks on Comodo. Perhaps they could appoint you director emeritus of their public relations department, and debate team.

LOL, I don’t support comodo at all, I just like to call you on your BS. I love Wilders, being a member since way back , but really members in wilders really should realise in the grand scheme of things wilders is really nothing more than a intermediate level site. Pointing to it vaguely as some standard and saying that knowledgable people say it is bad is just funny.

Suffice it to say I will take your compelling observations about me and others under advisement.

If you say so. But your post as already being exposed long before I posted as being full of nonsense and short on facts. When challenged by people to expand on your statements, you couldn’t say anything. A clear sign of someone who just repeats what he reads without understanding.

I’m ready to backup my statements on security vulnerabilities in ProcessGuard, SSM are you?

Yes, but it is the opinion of one who is considered “knowledgable” on the precious forum that he loves… lol.

Just want to throw another article into the mix for those who may not have much info on HIPS and sandbox. No preference on the products it evaluated; no opinion on the results - but I think the premise of the evaluation is quite informative.

Interesting read - should take a look if you haven’t read it before. :slight_smile:

http://www.techsupportalert.com/security_HIPS.htm
http://www.techsupportalert.com/security_virtualization.htm

Wow!

I shouldn’t have gone to bed! I missed all that fun :slight_smile:

We all are here because we all want to improve Comodo Firewall! :slight_smile:

So why don’t we simply identify the most urgent issues that people are raising and prioritise them for a fix!

Hillsboro seems to have a list. Perhaps he can share with us the list so that we can get them actioned!

I also agree with a statement made by Lusher regarding what is an Ideal Firewall according to Matousec: Its a HIPS enabled Firewall! That is what they call Ideal!

Lusher, your input is greatly appreciated, you have brought a very credible insight and a very knowledgable point of view. We would love to hear more from you as to how we can improve our firewall please.

I think this is a very healthy discussion that will result in even a better firewall. Thanks to you all and lets continue with this discussion.

thanks
Melih

Hillsboro

You have raised 2 issues so far:
1)OLE issue: Which was clearly explained by Egemen and its workings (pls read that post again where he explains why this happens and its not a bug)

2)Password issue: This has been in our Wishlist will be implemented very shortly.

So far, all I see is: you think OLE issue is a bug and want something on our wishlist to be prioritised as a high priority!

Are you raising any other issue?

thanks
Melih