Where does the user get into the help, and why does help crash the product?

Okay, so where does the user open the help for CFP3? Open the UI for CFP3. You see the Summary panel shown by default. Now try pointing to anywhere on that panel or within any frame around it or in the control menu as to where the user can click on a link or icon to bring up the help file. Nope, not there. Instead they have to wander around the panels looking for help. Summary panel? Nope, not there. Firewall panel? Nope, not there. Defense+ panel? Nope, not there. Misc panel? Yep, there be a link to “Help” - but the user should NEVER use that link since it will crash CFP3 (i.e., CFP3 is its own malware killing off the firewall, no help needed from anyone else to kill off CFP3). In the Event Viewer under the Applications log is the following error entry:

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/23/2007
Time: 11:17:53 PM
User: N/A
Computer: ZODIAC
Description:
Faulting application cfp.exe, version 1.0.0.1, faulting module , version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at Microsoft Support.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 63 66 70 ure cfp
0018: 2e 65 78 65 20 31 2e 30 .exe 1.0
0020: 2e 30 2e 31 20 69 6e 20 .0.1 in
0028: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0030: 20 61 74 20 6f 66 66 73 at offs
0038: 65 74 20 30 30 30 30 30 et 00000
0040: 30 30 30 0d 0a 000…

Jesus, don’t you use any boundary checking or overrun test software to verify your code? “fault address 0x00000000”. Pretty much indicates your programmer didn’t bother to initialize a variable (which makes me wonder what language you use and the compiler) or has ■■■■■■■ up logic in a range for a memory pointer that generates a runtime memory access error.

So you have a buried link to the help rather than provide a menu or icon to it on every panel (and I’m not a fan of panelled or tabbed UIs, anyway). And you have that Help link crash the program better than any malware can accomplish. It must be a couple decades since I’ve seen any product whose call to display its help window results in crashing the program itself.

Please do not let your developers do the software QA of your product. They aren’t equipped, unbiased, and broad enough in scope to understand how to test a product which not only includes functional testing but also ease-of-use and UI verification. Developers are NOT good QA testers (and often visa versa, too). Developers aren’t keen on deliberately breaking their code to expose their shortcomings (and they often suck at writing documentation). Here is a case in point where the obvious was forgotten in the UI and just as obvious was the lack of [automated] testing for regression to ensure each function behaves as scripted in the test to verify the product.

Obviously until CFP3 doesn’t self-destruct itself with something non-functionally related like opening the help file, I cannot even contemplated enabling the “Block all unknown requests if the [CFP] application is closed”; that is, I can’t have networking disable if CFP is stopped because right now it is possible that CFP simply crashed itself which would render dead my network connectivity. (This option is the only one that I could find which is closest to “Disable network connectivity if the firewall is not running” but I’m not sure it is exactly the same, along with the option “Disable network connectivity until firewall is loaded” which would prevent network connects during the window of opportunity when Windows was starting up).

this bug is fixed and will be available in an update next week.

thanks

Melih

Thanks for the heads up. Hopefully the beta bugs that were missed will have patches coming out fast and furious. CFP has garnered a strong reputation as an excellent firewall with it being free an added bonus, so a product crashing just by accessing its help makes it look amatuerish.

I’ll be installing CFP3 in a VM under VMWare Server to see if any of the process kill methods available using DiamondCS’ Advanced Process Termination utility will kill off CPF. It will be interesting to see how CPF fares against the malware attacks that try to kill it.

Melih, you say that there is a bug fix update for this available ‘next week’ (24th Nov). I still haven’t had any updates for this. Is it not yet done?

Go to the beta board and download the test version there, which was last weeks update. A new one is scheduled to be out this week in final form-don’t know which day.

here is the link to the post with the beta 3.0.14.273 version

https://forums.comodo.com/cfp_beta_corner/special_test_edition_for_the_users_who_had_problems_with_cfp_3013268-t16824.0.html

OK where’s the help clicking on it like a mad woodpecker still nothing happens got version 3.0.16.295 and why when I allow or block something and tick the remember my answer does it immediately forget, and asks again, and again, etc.

Any help cheers… (:CLP)