Ugly workaround for the legacy (8.3 / DOS-like) filenames bug

Now this should have been obvious and I’m kicking myself for not having realized it sooner, which also means I’m sure it has been posted here before by some and plenty of others just considered it too obvious to mention, but I didn’t bump into it in the threads about this bug, so for any others who also didn’t realize it yet:

If you have Comodo 8.2 and it keeps asking about processes that use legacy file paths / names (and blocks them regardless of the answer), go to the rules in question, edit them and replace any ~1 (or ~2 or whatever else) with an asterisk (*). Should make the rule apply whether the file is called properly of by the legacy path and solve the issue.

Limitation: Obviously, if you have two or more files to which such a mask will apply, you can’t have different rules for them.

Potential vulnerability: As the rule applies to any files that fit any mask so created, if a malicious file ends up doing so, it will also have the permissions of the legitimate file.

Still waiting for this to be patched out though! Was expecting a quick 8.2.1 maybe just to tackle this, since it has a major impact on some users.

I am really surprised that
a) the bug is still not transmitted even though it was reported 2 times with the right format
and
b) they dont care.

Even if you choose to use that workaround, its creating a vulnerability and doesnt fix the hidden things that are related to this bug.
Nice try though.

Remember that the moderators responsible for forwarding bugs aren’t employees but do it out of their own free time, lately it seems they’ve been unable to set aside that free time for Comodo bug reports and personally I can understand that, it’s not their fault really, but we could rather ask ourselves why Comodo doesn’t have official employees for handling bug reports? Either way I have contacted BuketB with the relevant bug reports and she was going to bring it up with QA, I haven’t heard back yet. Oh also, there were many more than 2 bug reports of this issue :wink:

But anyway, the issue has been handled poorly by Comodo, no doubt about that… but really have we come to expect anything else by now?

If someone doesnt handle bugs,
progress
is a step back.

Totally agree!

I can only imagine the tons of problem that this bugged version could cause to a company that uses Comodo on all PC.

It’s absurd. The bug has been reported many times, it’s very common and very critical.

As Sanya has said, remember the volunteer Moderators forwarding bugs have external lives, we need to respect them and appreciate the time they do give.

Thanks.

I would like to add that bug processing takes time and never goes as fast as one would like to.

It goes through stages of reproduction, deciding whether it is a bug, decide at what time scale it should be solved, fix the bug, go through vigorous testing to make sure nothing else breaks before it can get be made part of an update. If the latter would happens people then would be complaining about this.

All I can say is that we will have to practice patience. The world is not going to change because we want something fixed yesterday rather than today.

It’s insane to leave such a mission critical and time sensitive aspect of core security software as bug report escalation to unpaid volunteers who forward bugs when they get around to it. Firewalls protect vital corporate and private information from theft. Every bug is a security vulnerability. Once detected of course hackers are going to move rapidly to exploit bugs. Why wouldn’t they.

I’m looking at the top of this webpage and the tagline under Comodo reads “Creating Trust Online.” Anyone here think Comodo is creating trust in its brand and its software with its approach to bug management. As far as I can tell bugs sometimes languish here for months.

Microsoft fixes security holes in Windows, including its firewall, with great alacrity, often within days, as they jolly well need to to maintain the level of trust in their brand and the security of their software they’ve built.

Microsoft does not fix security holes within days. That would be irresponsible. A bug fix will have to go through extensive testing to see if nothing else breaks and might even cause other security holes. Then Microsoft leaves security holes unfixed for many months. Luckily CIS seems to be pretty solid:Wikileak documents show Governments couldn`t penetrate Comodo Internet Security

You’re right. I was wrong. I was confusing perception with reality. It takes Microsoft several months to fix bugs. The difference is they have a private bug submission process so it only seems like days between when a bug is finally announced to the public and a patch is released.

But what we users care about is security. I.e. Can the hackers exploit the bug. Comodo’s bug submission process is public and the pipeline operated by volunteers who have other priorities in their lives so it’s game on for the hackers before Comodo ever even gets around to looking into the bug. Months can pass with known vulnerabilities just sitting there.

That one particular government-created piece of malware was blocked by one particular version of Comodo doesn’t prove much to me. The government’s own systems are routinely hacked by top flight hackers who diligently try many malware packages and angles of attack before stumbling across one that works. To be effective all versions of Comodo must protect against all attacks - without fail or excuses. Security is binary. One tiny exploitable hole through the firewall and the computer is totally compromised, might as well not have a firewall.

It is no big deal if any of Comodo’s UI features break and take months to get fixed. But when I see core security bugs like these reported and languishing, I don’t feel as confident as you that CIS is necessarily so solid under the covers:

https://forums.comodo.com/bug-reports-cis/apps-that-can-send-lowlevel-packets-bypasses-firewall-without-notice-t110794.0.html
https://forums.comodo.com/bug-reports-cis/cis-doesnt-prevent-buffer-overflow-attacksdetect-shellcode-injections-t111010.0.html
https://forums.comodo.com/bug-reports-cis/some-installersapps-bypass-antiexecutabledefaultdeny-settings-rules-t110645.0.html

Would you trust your financial website passwords, proprietary workplace trade secrets, or whatever sensitive information you hold dear residing on your PC to software with the above bugs? Apparently you would, because you are as we speak.

What should happen is multiple paid Comodo employees should be full time up in the grill of bug reports like these the same day they are reported, actively communicating with the submitter, furiously working to reproduce them, track them down, and fix them in the race to the finish line with the hackers.

The quoted bugs are all recent. Company workplace are behind a different leaque firewall at the gateway. I doubt hackers would be very interested in hacking me. Hackers seem more interested in hacking bigger targets. Even if they would get my password of the bank then my bank transfers requires two factor authentication.

What should happen is multiple paid Comodo employees should be full time up in the grill of bug reports like these the same day they are reported,
There are multiple people working Comodo QA. I don't know the number but the complete CIS team consists of 160+ people.
actively communicating with the submitter,
This will happen only when needed.
It's furiously working to reproduce them, track them down, and fix them
Important bugs are fixed quickly. Often in the next point release
in the race to the finish line with the hackers.
You have a very high sense of urgency while suggesting Comodo would be negligent. There are a lot of people working on CIS and to make them process bugs efficiently it is mandatory that bugs are properly reported (Format verified).

The wheels are working not as fast as your sense of urgency would like to see. Urgency depends also depends on the severity of a vulnerability as well if an exploit is actively being used. Those are industry wide considerations that are there for a reason.

Thx for this part. Delete all entries with ~ and check the shortcuts for this software and correct them to the fullpath.
Bad english i know, but you help me :smiley: