Something about the PC Mag review of CIS

Here’s the part I’m talking about:

http://www.pcmag.com/article2/0,2817,2333812,00.asp

It says Comodo firewall failed one of the exploit tests while most of the other products tested passed it. Has this been fixed, or does Comodo know about it?

We do NOT fail leak tests that easily (:NRD)

We would be more than happy to confirm if you can tell us exactly what leak test this may be.

However, I would be confident to say that, there is no leak test that most of other products pass that we don’t!

Melih

Unfortunately, Comodo proved vulnerable to attack from another direction. Some Web sites host code that tries to breach security by taking advantage of vulnerabilities in a visitor’s browser or operating system. If your system is vulnerable, just visiting the Web site is enough to trigger the attack. I used the Core Impact penetration tool to unleash a number of exploits on a test system protected by Comodo. Defense+ noticed one of them, and all but one of the rest quietly failed. But one of the exploits managed to inject an agent into the test system. I verified that the agent could view and manipulate files.

this one?

Yes, that’s what I was concerned about. For the actual leak tests, I do not believe the tester had the right settings.

If this is a Buffer Overflow attack then we have the Comodo Memory Firewall (or safe surf). CIS will alert you even if you don’t have the BO.

Melih

From experience even if an exploit is found in your browser etc CMF\Safesurf should prevent this, And if they don’t - The program that slips past will not be allowed to execute by Defense+

AFAIK maybe the reviewer intended to specifically address users that are not qualified to make security decisions and didn’t update their system.

Average users aren't necessarily qualified to make security decisions. They can easily cause problems by denying access to necessary but obscure programs. After being burned once by that mistake they'll probably switch to allowing everything.
Some Web sites host code that tries to breach security by taking advantage of vulnerabilities in a visitor's browser or operating system. If your system is vulnerable, just visiting the Web site is enough to trigger the attack

If I have to guess the reviewer likely used Internet explorer (still the most widespread web browser).

I would have been interested to know the details about the specific leaktests and even tough it looks at least Core Impact penetration tool could be maybe tested signing for a FREE, LIVE phone- and Web-based demonstration of CORE IMPACT guided by a technical expert there is no way an end user could fully reproduce his tests to confirm if that review was not meant for him.

Anyway regardless of PCMag review I would like to suggest everyone to:

  • Avoid to use Internet explorer on non Microsoft owned sites (better to not use IE at all and rely on Firefox + Noscript Firefox plugin or Opera)
  • Always update the OS and all installed applications and plugins. (Comodo Vulerability Analyzer or Secunia Personal Software Inspector would help this task)
  • Never assume any security software to be fool-proof and take time to learn about using their product of choice properly (also running leaktests on their own account)
  • Take their time to learn about security related issue in general (even asking about and digging to find the truth behind many hacker related articles featured on online news resources is useful)

I do use Firefox most of the time, so I don’t know if I’m vulnerable. Not once has Comodo failed to block a leak test when I block it. But that Core Impact vulnerability has me concerned.

There is no leak tests that everyone passes that we fail…

we are one of the best, if not the best out there for protection!

Melih

Oh I agree… Comodo is one of the best with leak tests, despite what the review says. Why did that tool work on Comodo but not others, though? Is this something that you will look into?

It appears that if the tester did not have the right configuration for the leak tests, he might not have had the right configuration to block this. I feel secure with Comodo.

Also you can add the IeTab add-on to Firefox, so you never need to use Internet Explorer.

You see, our model is prevention as your first line of defense model not detection. The battle has been lost to malware with detection based technologies. We prevent more malware than likes of Mcafee or Kaspersky or Norton can detect! Reason for that is because we are based on “prevention based security model” and not just detection.

Here are some articles I have written that might give you some background on this

http://www.melih.com/2007/12/04/detection-vs-prevention-your-first-line-of-defense/

http://www.melih.com/2008/05/05/a-door-a-burglar-alarm-and-insurance-all-you-need-for-computer-security/

and here is virustotal website http://www.virustotal.com/estadisticas.html showing statistics about how dismal “detection” based technologies are when faced with new malware, which happens on daily basis.

I hope you can see that we have a totally new way of protecting our users and its not about a “default allow” system which then tries to find baddies and that is only if it recognizes them! It’s a “default deny” system where only authorized applications can execute while everything else is denied access to valuable resources like CPU.

Comodo is the leader in this new security model. Its a new way of protecting users. Its a new Security model of “Prevention as your first line of defense” model!

thanks
Melih

That would be nearly the same thing as using Internet Explorer which I explicitly suggested to avoid.