Re: Comodo Personal Firewall

Volker Birk wrote:
melih@xxxxxxxxxxxxxxx wrote:
Which question did I miss?

Those questions:


| > I would like to announce that v.2 of Comodo personal firewall is now
| > live. The newsworthy item here is that CPF v2 is the only firewall that
| > has passed all the known leak tests.
| Including my two PoC codes?

CPF 2 passes the breakout leak test. More specifically, it passes all
windows message based tests. Pls try it out yourself. Since we do not
take active desktop based internet connection test( your second test)
as high priority (at this stage), we skipped including the logic in
this version. There are several similar threats for which we are
working to find a generic and smart way to detect and prevent.


| > But i think its important that a Personal Firewall (paid or free)
| > covers as many holes as possible.
| Why do you think so?
| Most people are working with Administrator's rights, and there to secure
| with a "Personal Firewall" is futile anyways.

All systems have a measure of vulnerability. Working with administrator
rights increases the vulnerability. Installing the CPF will greatly
reduce this vulnerability. For example, if you work in Guest account
without CPF, no matter what right you have, your PC would still be
vulnerable to XP UPNP exploit. We are trying to reduce vulnerabilities
by installing the CPF


| Have you implemented a security system for Windows messages and a security
| system for local COM in kernel space now?

Yes we watch for window messages and analyze them in our application
behavior analysis engine (Breakout leak test.). COM analysis is
skipped in this version but it is scheduled for the next one.

| If so, are you using ACLs for it?

Not applicable in our architecture

| Is your "Personal Firewall" enforcing the user not to work with admin rights?

There are alwasy more than one way of solving the same problem, yes you
can solve some of the problem by forcing the user to do things like not
work in admin mode, but we belive in providing security without forcing
user's into different experiences. Watch this space to see how we have
solved some of these issues in our next versions :-)

At first there was the word. And the word was Content-type: text/plain