I would like to ask about CPF according to this description of BOClean (from Comodo BOClean website):
(Quotation)
…Malware can invade your system without you ever knowing it and are designed to elude firewalls by using ports which are not blocked by network “firewall” security software or proxy servers. Many of them disable the most frequently used antivirus and software firewalls
(End of quotation)
Now I do have BOClean, but if not, could it be possible for malware to somehow elude CPF? I know there is protection for termination of CPF, but suppose I would have only CPF, could malware get into my system and then get around this termination protection? And then use any port for connection because it has messed CPF up? (Also, I’m interested in what impact malware could have on CAVS, but that’s an other topic.)
Malware can get into any system if the user allows it or browses dangerous sites. Use any port? If the malware is more advanced than CFP’s anti-leak system then it’s possible. If you ever encounter such malware I’m sure Comodo would love to know about it. Come v3 with full HIPS this won’t be much of a concern.
This is pretty much what I’m thinking of. But I also know, of course, how well CPF has performed in tests - so I just wanted to make sure that CPF hasn’t missed anything that BOClean is addressing!
The reason why I’m asking, is that I’m thinking of what to install when CPF 3 is here - most likely I will drop CAVS but I’m unsure whether BOClean will be needed… probably I’ll keep it because it seems to be really efficient.
But if your’e referring to the current 2.4, let’s not forget it doesn’t detect malware – only when it attempts any activity at the network level, that is when it connects out. I’ve posted before and I’ll post it again: it depends how comfortable you are and your habits, experience, and so on.
Yep, I’m referring to 2.4 now. But as long as it stops all kinds of unauthorized network traffic, and it thereby isn’t comprised by the description of BOClean (malware behaviour), I have got an answer to my question, and I feel even more safe. Which is great.
2.4 doesn’t detect malware, that’s true, but most of all I whish to block outgoing connections, which 2.4 then obviously handles well. I consider malware that tries to connect to the internet as more harmful than malware that just ruins the local system. It’s easy to backup the system but difficult (no, impossible) to take back information someone has stolen…
You’re right about habits, we’ve discussed it earlier!
It seems most are concerned in & out. In that case, CBAM is a good intermediate between CF and your other software. Since CF hasn’t caught anything suspicous going out from my pc, I have ABA and CM disabled to save resources. My intent is to not have anything bad entering my pc in the first place, so that’s why I’ll be very confident with HIPS in place. What I’m trying to convey is I’m nearly only concerned about in.
Hehe, nothing earth-shattering here either, it’s just a privacy principle :D.
After a minute or two I figured out what you mean by ABA and CM. Sounds pretty bold though, to have them disabled! I think ABA is really one of the most powerful and impressing things about CPF, it has also learned me a little on how connection attempts work. Then I suppose you could almost use Windows firewall, if its ingoing protection was just as good as Comodo’s
CPF is very good at blocking stuff coming in and going out! Just this morning when I was looking at the CPF logs I found it was blocking a lot of IPMG Outbound traffic. I did some digging online and found that there was a Windows Hotfix as it was a Security Related Issue. See my post here: https://forums.comodo.com/index.php/topic,9006.0.html
Yep. Bold :D. I know they are the core of anti-leak system. Yes, I used to have them enabled for a long time, but then noticed they consumed cpu in unusual ways, but I also realize it must be some bug. I’ll enable them once those are fixed in v3 (if lucky 88) :)). I also thought, why not use XP firewall. I still like CFP just because it has the outbound protection capability for backup or whatever, and it has other things that the XP firewall does not: e.g. the advanced attack & detection option that can switch to emergency mode if it suspects a hacker.
Eric, that’s interesting. You remind me of the fact that Comodo to some (large) extent compensate for Windows’ security issues! Strange that you didn’t get the update automatically, I wonder why.
Soya, you scare me a little as you’re even considering to use XP firewall instead!! Now I do know that you’ll install v.3.
Thanks Melih, as I think some people will reinstall their operating systems when upgrading to v.3 (to begin from scratch), we will all be clean from the beginning, and I’m 110% sure that we will stay clean with v.3. If not totally clean, BOClean will fix the rest! ;D
Thank you all for your interest, now I’m convinced that 2.4 takes care of suspicious connections.
Most of Windows XP/2000 security issues are because people run as administrator. Linux has always had it over Windows because of how easy it is to run as non-root (non-Administrator)!!
Windows Vista makes it more like linux in this respect, but lets not forgot the DRM, TPM and many other issues (-:. That is another story…
