After some time of using Comodo Firewall (now merged into CIS), although generally I think it is a really great software (R), I see a few places where there’s a place for improvements. I’d like to send you some of my ideas how to make it an even better product. Here is the first one, other will follow soon
Defense+ intercepts browser spawns
Lots of software tries to open a browser and load a page from some url. Sometimes it’s useful, most of the times - not; it also is a security risk, as the URL can contain confidential information. I would find monitoring and possibly blocking such browser spawning very useful.
software X tries to start a system-default browser and load an url, e.g. “http://www.example.com/mymaliciouspage.html?secret=here_goes_something_from_your_disk”
Defense+ intercepts a “start browser” system call and shows alert window, e.g.:
[i]"This program tries to start a web browser and load following page:
<usual “do you want to allow this action” question and answers here>[i]
similar to other Defense+ alerts, user chooses “allow” - action is allowed (browser starts and loads given URL), “block” - the request is denied.
I think it would be best to place controls for this option in “Process Access Rights” dialog, as an extra item on the access list. It could be called “Web browser” (or similar name) and could have usual options (“Ask”, “Deny”, “Allow”). In a basic version that would basically be all configuration, in an full-blown version the browser-spawning call could be allowed by Defense+ basing on an url being started (e.g. "allow www.allowed.com/, but block www.blocked.com/); these rules could be configured exactly as the other access rules (dialog displayed after clicking “Modify” button, 2 tabs: Allowed URLs, Denied URLs). As with other items on access list, one could find this “spawn browser” privilege in other usual places, such as details dialog for editing predefined security policies.
Do you think it would be possible and feasible to implement such feature?