OLE Help

Hi All,

I’d like to find out what relationship OLE and security have between them. I understand the OLE is a distributed object system and protocol whose primary use is to manage compound documents in a FAT format. However, what i’m not sure of is how this relates to security. I mean is it always bad for apps wanting to connect to the internet using OLE, and what implications does this have?

To give an example, the other day at work i got an OLE popup saying Lotus Approach (a databse program) wanted an outbound connection via Outlook Express. Of course since this database program doesn’t connect to the internet i clicked deny, but unfortunately this blocked Outlook, which i then had to resolve by deleting the app rules and rebooting the system. So, is there a way to block the original calling app instead of the parent app which in this case was Outlook?

Rucia,

the OLE-warning message is a known bug/nuisance: many people have noticed it, you can do a search on it here.
We just hope that it goes away in the next release.

Hi giri

Rucia’s correct. The OLE message is considered by some to be an “issue” & it is, however, improved in latest CFP betas. But, it still isn’t as quiet as some wanted I believe. Egemen (the developer) recently pointed everybody at this topic for his take on the OLE issue.

By the way, on your original question… It is a security issue, since whilst OLE generally does what you describe, it is basically a way for programs to control other programs. It is a threat. There are known trojans that take advantage of OLE & it is also used by firewall leaktests to demonstrate how poor firewalls are.

Hi kail,

Thanks for the info. I read egemen’s post on OLE and i understand a bit more about it now, and i can use the rule of thumb he he suggests, which seems simple enough ;D

Following on from this, i don’t really see the OLE popups as an issue. After all, since installing Comodo i’ve become a lot more interested in what my programs are doing, and why. My previous firewall Outpost Pro which i had been using for a few years just didn’t give me the insight Comodo does (R)

Perhaps for known applications the OLE message is unnecessary, but for the unknown’s i’d consider it essential as you mention it is a security threat. However, i have every confidence in egemen and the dev team to sort it out, and produce a workable solution.

Thanks again.

I sure hope they fix this issue. I too have been plagued by these annoying alerts and when I choose to deny, my connection is blocked. I had to reboot my PC a total of 10 times yesterday just to get it working again.