Comment about using “Unblock Applications” from the widget in Comodo Firewall v10. I like to maintain control of the internet no matter what, but I noticed that unblocking from UA on the widget creates allow rules for Firewall, HIPs, and Containment. I also like to monitor the HIPs activities of programs. For me, the most troubling aspect of this is that the file rating is moved from Unrecognized->Trusted, meaning (as I understand things) not even command lines will be examined (heuristic command-line analysis).
I made a suggestion at MalwareTips, so I decided maybe I should also post it here. First of all, I don’t see any reason for Comodo to use the “Unblock Applications” element as a reason to declare a file “Trusted”. So to start with why not just leave the file rating at “Unrecognized”? Rules can still be set for it. Honestly, this would mean that a user would be less likely to make a mistake manually declaring from the files list files as “Trusted”. Moreover, and this part really gets me, in my opinion it would be an opportunity for Comodo in that Comodo could create a “User Trust” type of rating that carries the same weight as “Trusted” (is even seen in the monitoring code as “Trusted”) and then the company not once be on the record about the choice of a user. This is huge in my mind. Think about the user being easily able to see their choices for the “User Trusted” files in the files list. Also, Comodo can grab easily grab this information from customers who are allowing their statistics to be monitored. This should help with determining what users are allowing and considering safe. Wow. Add an “are you sure” to the option in the files list area required to change a file from Unrecognized->“User Trusted” and user will think twice. Anyway, “Trust” is not required to create allow rules for Containment/HIPs/Firewall. Even without using a “User Trust” designation in the files list (just normal trust as it is now), there isn’t any need for Comodo products to use user UA choices as a reason to say a file should be “Trusted”. This is an important fact and brings me to the second part of the idea.
This part is to separate rules creation for an unblock in the widget. The pic below explains a little bit:
http://i640.photobucket.com/albums/uu127/AtlBo/Comodo%20Concept_zpsdbrqvmtf.png
This pic illustrates how this might be done. So now when an allow is chosen a rule is set up for the specific element which is not requiring monitoring (i.e. “run uncontained”). Moreover, this rule can be set for an unrecognized file rather than for a Trusted one, the file rating being left intact. In this case then the rule would be XYZ.exe->Containment->Unrecognized->Ignore. The same would apply for HIPs and Firewall (XYZ.exe->HIPs->Unrecognized->All set to Ask, etc.) and these rules could be created automatically just as easily as they are now.
This simple settings change I feel could really bring to the front the available flexibility of the containment/HIPs/Firewall controls and would make it possible for anyone to be taught to use the program. Thanks for taking the time to read this. I had to get it off my chest. V10 is great but I see the difficulty users are having sometimes. After studying this issue long and hard it all came down to the unblock mechanism.
BTW, an optional password to unblock would be great. Maybe that’s for pay and maybe it could be set uniquely for system accounts.
Thanks again.