eh? how did i do that?
melih
So much for that theory. 
Only kidding. terry, please check your PM’s.
Ewen 
what we’re trying to do in our testing team is to post the best results we can and minimize errors the best we can to provide to users results with the less errors possible.
we’re not here to show that comodo is the best firewall but to inform customers about products the best we can.
now if people dont trust our work, and pretend we post false results cause we’re just comodo fans, they insult the work we do as it took me like a week to test completly OA 95, jetico 2 and comodo 3(not the last build).
first u need to learn what the exploit is trying to do, how the firewall is reacting to exploits, then u need to retest your results where u’re not sure of u, and u got to look at any rules then be sure u deleted all rules that affect the exploit to retest it. u need other testers to alert u about an error u made with some exploit, like running comodo in clean mode when u’re testing an exploit so u got no alert and post wrong result.
so to release a good test about a firewall it takes time, and testers of comodo are not paid to do that.
so when i see tests posted fast on some sites as we find different results cause we take more time to test a product to be sure of our results, i wonder if it’s not time to stop believing results eyes closed and wake up to ask right questions to yourselves. where is the interest for comodo to try to shout an other firewall team by lying on our tests as comodo is a freeware? there’s no money interest, people got to trust me when i say that comodo testing group just want to give customers the right infos for any product. we’re not protected against mistake, it can happen to anyone but those last days, we threw a paving in the pond and all would be settle if people concerned admitted their errors instead of trying to drown the fish.
it seems the story is not over yet as we disagree again on some points.
so i think we should open a topic on any prob we face with some other testing group to let people react about it, that way we’ll have the thoughts of people that dont belong to any team, so comodo testing team impartiality about their testing work will not be put in doubt, and our work got his place now. i’m proud to be part of this group and the job that is done. now there’s an alternative for users, as firewalls need to be tested by others with the last events of these days. i invit people to join the testmypcsecurity.com site to post their own results about their firewalls or they can disagree our results with some real prooves and not just a blablabla to minimize the level of comodo testing team in ability to bring serious results when we test a product.
there are facts now, so our work cannot be ignored anymore. we got members that know what they’re talking about, and when they alert me on some problem they detected with a test on a firewall, i know that i can trust them as they got a serious knowledge about security, way better than me.
so before taking this team as a some little team made of incompetent members in term of security, some people should think again about the credibility of our testing group.
i don’t say that we’re the best team in the world but we will no more inform others about our work to help them as we see how it is now, and reactions we received that we dont share about how a test should be done, like bugs found are not same thing as security failure if the firewall cant protect the user in some test.
except that a bug can be so important that u’re not safe at all.
imagine your pc is running 24h/24, when u sleep, u got an alert but u’re not here to set the rule so the attack runs on your pc cause of a bug that doesnt block the alert if there’s no answer from you. so your machine is not protected at all if u’re not in front of your screen 24h/24.
if u answer to the alert, the attack is blocked so the firewall is able to protect u in this case.
so as this problem is a bug, and when u’re testing it if u answer to all alerts, the firewall can block the attacks, the fact that if u’re not in front of your screen when u got the alert so after maybe less than 1 minute your firewall lets the attack run, for some testing people this bug is not integrated in their results as they’re not here to find bugs but launch exploits to try to bypass the firewall protection.
when u read that, u seriously wonder if the man is not taking u for an idiot or if he’s trying to find a way to escape from a real failure that would have a big impact on his reputation.
instead to admit some facts, he found an answer to skirt around the problem.
so he says that the problem doesnt affect the product in most of tests.
so u list all the tests that affect the product and send this to him. at this time, what he said about the impact on tests became just totaly false.
cause, yes mister, we tested all again to know which test is affected or not. and 8 more tests are affected as for u, when we read your results, there’s no problem and the product passed most of tests.
but, ok, now your new tests made with updated product show that the team fixed this prob, what is a good new, but a member of comodo found a new prob with some test showing u can bypass the product.
but for u as the product pass the test in most of cases, the result is 100%.
how can it be 100% if the product pass “most” of tests?
100% means ALL of tests.
so i wonder about the credibility of your method tests like said a member of our team that found this prob.
anyway, i already imagine the answers about the fact that we’re not impartial about our tests and our credibility.
or that we’re just trying to looking for troubles as we’re just doing our job in a logical way.
If you say that the problem with NtcreatePort and the Kill5 method are not a threat to the user then why the problems were fixed rather than simply stating that they are not a problem? That tells me either that they were actual problems and comodo is giving excuses acting as a victim or that CFP development is driven by marketing. I don’t think that protecting users from “marketing hype” is the reason (BTW if the user is not smart enough to check the vendor comments then choosing the “wrong” software is the smallest of his problems).
Anyway I don’t know why there is so much commotion because a product was retested and got 2% more than comodo.
Thanks horrified, but I can make a big enough git of myself without your help.
You said
as Panic puts it, the ugliness of Melih that I object toand then immediately retracted it.
If you are referring to a statement I made in a public post, then I’d rather you simply include a link to my statement. If you are referring to anything I’ve said in a PM (and I can’t find one in the last three months) then you should have both the nuts and the courtesy to tell me that you were going to quote off-forum data before doing so.
I imagine you are now going to bleat
"Ok, that was a bit twisty. Sorry in advance, Panic"
If you were going to immediately retract your statement before issue was taken with it, then why in God’s name bother to make the statement in the first place.
As I said previously, I make enough mistakes here without anyone else’s assistance. I do not need you to make false quotations and attribute them to me.
I hang around here to help.
Why the #&$% are you here?
Please, either accurately QUOTE me, link to me and do nothing at all.
Thank you and hopefully goodbye.
Ewen
P.S. check your PM
I agree on this. That’s why I linked your profile posts in my previous reply. All member should acknowledge your contribution to this forum and form an opinion about that if they have time to spare.
As I don’t consider Wilders a reference site for Moderation Best Practices there is only one thing that coud be inferred from that. Wilders policies are way more strict than the ones we have here. That’s why we attempt attempt to create a dialogue with misbehaving members and limit the censor to spamming posts or foul words. What is staggering is to find someone that is able to neglect even a loose policy like this.
I expected that much from you. Evading those tenuous argument and mentioning misinformation. It’s easy to carve words without a context as many reader will not bother to track down what I wrote.
Do you think that leveraging on a generic sentiment of fear to express an opinion can be regarded as Misinformation, don’t you?
I don’t have to believe. I’m not a believer.
If you even bothered to consider those tenuous points I made in my previous post you got already a reply.
I’ll post a new one here for those who are genuinely interested about this topic.
Having a bunch of test results means nothing without reading about the methodologies followed to take these tests.
It would be the same thing for an individual expressing himself using a series of arbitrary postulates.
However when a suite of tests is public and the same holds for the test methodologies everyone can check the results or spot methodological weakness.
Everyone has to be responsible about his information or they’ll have no way to tell the difference from a tenuous argument and a solid one.
Having a public test suite and a public set of methods and letting everyone join (like testmypcsecurity) make even more easy to improve and find flaws.
No one is granted to be infallible and honest questioning is always welcomed.
As is way too easy to spot deceitful questioning, even such contribution are allowed here.
Anyway as long you follow the forum policies and respect personal boundaries enjoy your stay.
…that’s all? I’m surprised none of you have commented on this yet http://www.matousec.com/projects/firewall-challenge/results.php Personally I don’t care one bit wether it was free or paid. Good job Comodo, and thumbs up.
Thank you for that Searinox.
however, it was a quick job for us to do that (around 40 min to add that the code) and it was done purely for marketing gains (:SAD), because we were put in that position. It was first and last time we will do such a thing and we don’t like doing things like that. We care about building good and solid security products. Good people will appreciate and spread the word!
We have architected our software from ground up to be secure rather than trying to bolt on security to provide leak protection afterwards!
thanks
Melih
Melih don’t think of it as a marketing gain too much okay? Afterall it WAS a flaw! 40 mins to patch up a security flaw in the firewall, even if it was for marketing reasons, is a good thing.
Think of the guy who sells bread at the local store - he doesn’t do it because he feels it’s his duty to keep people from starving, he’s doing it because he needs the money. That’s economy for ya. Ethically speaking the reasons WHY you’re doing it may be less noble, but the act itself remains noble nonetheless. People need to understand that. And you need to come to terms with it: you did nothing wrong. Great job again.
the difference though: It was NOT a practical security flaw! Failing that test did not make cpf less secure!
Don’t you think we would have fixed it if we thought it was insecurity!!! Of course we would have!
Melih
Hmm… you got a point. I guess that does indeed make it nothing more than a marketing ploy. Oh well, so what if it is? I don’t mind it as much as to start a crusade for it. I guess even the best free products need good publicity huh? And that costs. It doesn’t really matter if it’s in the form of paying to have banners put up on a site or paying a test site to rate your program, it’s still the same thing in essence, even though the latter costs much more. As long as the facts are genuine I don’t see anything wrong with it, and CFP’s genuine facts are full of praise. 40 minutes for a perfect score? Certainly worth it.
Thanks Searinox!
Melih
Don't you think we would have fixed it if we thought it was insecurity!!! Of course we would have!The way I see it should have comodo done the paid retest yes/no. why let's start with Comodo at first start unless you have used this GREAT FW from the start of it you can not under~stand what this FW has been threw. Melih has stood behind this FW from day 1 and has been in here on this forum asking what do you need next tell us we will fix it!. know body brought this Wallbreacker3 thing out in the open did [u][b]Melih/Comodo team fell...NO[/b][/u] why It was not a major area to cover. do i be-leave if Melih knew that this was of a major issue that it would have been fixed way back before Comodo 3 [i][b]YES [/b][/i] so now the paid testing am i for it [u][b]YES[/b][/u] why this FW has taken a beating from many major brands and alot of bad mouthing from all over the net.. just to be proved wrong!! in test after test and. I commend Melih for showing the users and this community that he can be trusted to set it strait and show that this piece of soft wear is truly just as strong as any on the market now the [u][b]NO[/b][/u] in short I do not need for Melih/comodo Team to prove that this FW will now pass a WB3 all I needed was a simple it's fixed. {Thank You Melih/Team Comodo for the great FW You do have my TRUST}
Really appreciate it Frosty Port!
thanks
melih
Comodo prefers to secure the users, rather than making a firewall that looks good in tests. That’s a fine approach, I think. But wouldn’t a firewall that scores 100% (in other words, a firewall that both secures the users completely, and wins tests) be even better for the brand of Comodo? Everybody knows that 98% is excellent, but everybody wants the 100% firewall if it’s available…
I have no problems with Comodo making updates in CFP just to reach the level of 100% instead of 98%!
LA
Well, I’ve been using Comodo since version 2.4, I have it on three home computers (both XP and Vista) and so far it provided good protection. And I appreciate it, this is my own experience and not a story someone tells me. Thank you Melih, thank you Comodo Team. You guys are great :BNC (L)
Hmmm… it is very strange that Matousec doesn’t stick with his own rules:
“Every vendor has a right for its product to be tested in Firewall Challenge for free two times in six months period and this right is valid only for stable and publicly available versions of the products”
According to above rule Agnitum’s Outpost shouldn’t be in testing program at all (or not that version), version tested on Firewall Challenge is not publicly available, it is an internal Augnitum build…
Tested version: Outpost Firewall Pro 2008 6.0.2302.264.0490
Publicly available version: Outpost Firewall Pro 2008 6.0.2284.253.0485
And the Tallemu guys are a bunch of lairs :-\
http://www.tallemu.com/online-armor-matousec-security-rating.html
Greetz, Red.
What a crock.
easy guys, I am sure that is not the case. I am sure its merely a case of them not getting around to update their site…
thanks
melih