Option of having specific file(s) stay in My Own Safe Files (even after change)

Option of having specific file(s) stay in My Own Safe Files (even after modification of file)

Would appreciate having the option to have particular file(s) stay in My Own Safe Files and not reappearing constantly over and over again in Pending Files even when the executable is modified every time it is used.

Examples of this type of files with full pathname, user names and profile names are obfuscated (below):

G:\Documents and Settings\User_Name1\Application Data\Mozilla\Firefox\Profiles\ixbwyok1.default\FlashGot.exe

G:\Documents and Settings\User_Name2\Application Data\Mozilla\Firefox\Profiles\5u1hnnok.default\FlashGot.exe

G:\Documents and Settings\User_Name3\Application Data\Mozilla\Firefox\Profiles\tl32tfm1.default\FlashGot.exe

The files (above) are modified every time Firefox launches and this causes the file(s) reappearing over and over again in Pending Files even if it moved to My Own Safe Files every time after review and selecting “Move to - My Own Safe Files”.

More info about this FF extension/add-on can be found at https://addons.mozilla.org/en-US/firefox/addon/220

It is a very popular FF extension, 62,136,343 total downloads (by Monday April, 20 2009), so would expect other users have the same combination of SW (CIS, Firefox with FlashGot extension).

Peter

This would introduce a serious problem: If a virus modified one of your ‘Safe’ applications, then you would not now about it.
I am fully against this wish :-TD

John,

Thanks for reply.

Understand and thought of the point you made already prior to posting this specific wish.

Having given the wish a second thought, I would now strictly limit the wish to this specific type of files only.

Am talking about this whish for a specific file that is nominally “modified” every time Firefox launches. (And that of course takes place frequently.)

How does CIS’s behaviour increase security in regards to this specific file in your opinion?

Do you assume that any user would review the file’s content for malicious alteration?

How would verification be done? The content of the file is mostly garbled.

The Option of having specific file(s) stay in My Own Safe Files (even after modification of file) would of course have to be implemented automatically for this type of file(s) only.

Please note that the file is not actually altered, it would appear it is merely opened in modify state. The MD-5 and SHA-1 hashes for the file are constantly the same. The file is also actually modified sometimes of course, but that happens seldom and only then should the file be moved to Pending Files.

CIS could look deeper into the file(s), so that it would distinguish between real modification and the files merely being opened in modification mode?

As CIS functions now, it leaves the unnecessary and redundant research of the nominal “modification” to the weakest link, the user.

Even with programs calculating MD-5 and SHA-1 hashes, it takes time for the user to review whether the file has actually changed or not. In addition the user would have to take notes of the file size or at least the hash values. Memorising the hash values would in my opinion fit a lot better to a security application, such as CIS, instead of a human being (the user).

Personally do not think it would lower security in a defence in depth environment with redundant security applications monitoring for unauthorized intrusion, access and, e.g. alteration of executables.

Implemented this way automatically, would in my opinion increase security, since the user would only be alerted for review of file, when the file has actually changed.

It would best be implemented as an automatic calculation whether the file has changed or not by CIS using, e.g. MD-5 or SHA-1 algorithms.

Will consider rephrasing the wish if necessary in order to avoid further confusion.

Peter

Will consider rephrasing the wish if necessary in order to avoid further confusion.

Rephrased the wish (at https://forums.comodo.com/defense_wishlist/cis_should_distinguish_actual_file_change_vs_file_just_being_opened_for_writing-t38167.0.html) in order to avoid further confusion.

Peter