Re: Password vault software

"Sebastian G." wrote in message news:5irkvdF3oip2fU1@xxxxxxxxxxxxxxxx
Vanguard wrote:

"Ed" wrote in message news:L3Oxi.119$JD.54@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"Vanguard" wrote ...
same host. Very nasty malware can circumvent firewalls but you aren't talking about malware.
What would you call a little piece of code embedded in a passworad vault
that shipped the passwords back to the software provider? Sounds "mal" to me.

The malware has to target the specific software firewall.
Why? No need.

So you expect malware to kill every process hoping to hit those for the firewall? You think all firewalls respond to a common method called via API or CLI so they can all be asked to disable or unload? Yes, malware can target multiple firewalls to terminate them but they are still targeting specific firewalls based on vulnerabilities of each.

Most malware doesn't even check for a firewall. They just try to connect.
No. They just hook a trusted process like iexplore.exe or firefox.exe.

Not if you use a firewall that checks who is the caller process. Comodo does that. Some others, too, but not all. I said most don't *check* for a firewall and instead just connect. I didn't say HOW they try to connect. Many firewalls don't include IPS. Some do.

Comodo is better than many in that it can block any network connects until it loads (to eliminate that window of opportunity) provided you enable that option.
Ehm... isn't that a triviality?

That a process can connect before the firewall loads? So it can connect before any rules from the firewall can be applied against that process? If it is so trivial, why don't all firewalls provide this function?

I was suggesting personal software firewalls based on the OP's question. He certainly doesn't look to be searching for an enterprise-level solution or a firewall appliance (which is still separate and doesn't have app control on the host).

It is also more difficult for malware to kill Comodo but not impossible
Nonsense, it's always trivial. Hooking some little kernel functions won't help ever.

DiamondCS has their tool to attempt several different methods to kill a process. The testing mentioned used it and some other kill tools. So what are YOUR *specific* tools that go beyond these recognized tools? Apparently you think there is a long list of other kill methods not touched by these tools.

Did I say that Comodo passed every kill test? You actually saw me say that somewhere? It's a *software* firewall so obviously it is not absolutely impervious to every attack. The idea was to provide some level of app control that a separate firewall appliance cannot provide.

For example, if you visit http://www.firewallleaktester.com/termination_overview.php (click on the Results button at the bottom) for the termination testing, you'll see the free Comodo firewall fared equally or better to the paid firewalls (and other free firewalls fared worse than Comodo).

For example, if you visit this website, you'll see that Comodo firewall is listed. Thus, it's obviously a highly defective software.

Oh, I see. If I had recommended Outpost then the results for Outpost are somehow obvious in showing Outpost is defective software. Since a large number of personal software firewalls are listed, they must all be defective, uh huh. Did you miss the part that they are *software* firewalls which means they are also running on the SAME host as the malware? I wasn't discussing separate firewall appliances.

I use Comodo because it's hard to beat free unless the product's quality and effectiveness equates to its price.
LOL? Even the Windows Firewall is better.

This from someone claiming "Even further, there's no need for running Windows Firewall with a proper network configuration" but never addresses application control. The Windows firewall does nothing regarding outbound control for any apps. The Windows firewall is what you start with during and just after the Windows install. Then you get something *better*.

So beyond all this hoopla over malware, has anyone yet declared that the vault software mentioned by the OP is actually malware? If not, it's just another normal application that could easily be controlled by a software firewall with app rules.

I don't want a firewall that can be easily terminated.
Then don't run with admin rights, you stupid fool.

Sure, uh huh, no one ever needs to run under administrator rights under any situation. For example, try using WinRunner for install and uninstall testing. If the malware is there, and since there ARE times when users need admin rights to do something, like installs or manage user profiles or take ownership of files, BOOM, the malware is still there when the user has to go into an admin account. Those accounts don't stop users from downloading files, or stop them from running them when logged on even if only occasionally under an admin account. Users can always thwart security. You think the user that believes they are downloading some security software which turns out to be rogueware won't be logging in under Administrator to then install that rogueware? The user will circumvent that protection at the earliest inconvenience. Relying on a non-admin account to protect you from malware is like relying on "Do Not Enter" sign to keep the pets from escaping through an unlocked door. Whether the user or admin, the Administrator account is unlocked to anyone with the password who then runs the infected software to install it.

> I also want one that can block connections until the full firewall > is
> loaded.
Well, isn't that trivially a standard behaviour?

No, since many software firewalls do NOT include this functionality.

> For the mediocre leak protection, I rely on a layered approach to > prevent
> malware getting on my host in the first place,
<img src="https:// www. malware. org/ malware. exe">

Did you have a point here? That there is no such file to download from there? That even this guy recommends using a firewall (http://www.malware.org/faq/faq.htm#how_protect)?

.