Re: Comodo Personal Firewall




Volker Birk wrote:
melih@xxxxxxxxxxxxxxx wrote:
Which question did I miss?

Those questions:

1st:

| > I would like to announce that v.2 of Comodo personal firewall is now
| > live. The newsworthy item here is that CPF v2 is the only firewall that
| > has passed all the known leak tests.
| Including my two PoC codes?

CPF 2 passes the breakout leak test. More specifically, it passes all
windows message based tests. Pls try it out yourself. Since we do not
take active desktop based internet connection test( your second test)
as high priority (at this stage), we skipped including the logic in
this version. There are several similar threats for which we are
working to find a generic and smart way to detect and prevent.


2nd:

| > But i think its important that a Personal Firewall (paid or free)
| > covers as many holes as possible.
| Why do you think so?
| Most people are working with Administrator's rights, and there to secure
| with a "Personal Firewall" is futile anyways.

All systems have a measure of vulnerability. Working with administrator
rights increases the vulnerability. Installing the CPF will greatly
reduce this vulnerability. For example, if you work in Guest account
without CPF, no matter what right you have, your PC would still be
vulnerable to XP UPNP exploit. We are trying to reduce vulnerabilities
by installing the CPF


3rd:

| Have you implemented a security system for Windows messages and a security
| system for local COM in kernel space now?

Yes we watch for window messages and analyze them in our application
behavior analysis engine (Breakout leak test.). COM analysis is
skipped in this version but it is scheduled for the next one.


4th:
| If so, are you using ACLs for it?

Not applicable in our architecture


5th:
| Is your "Personal Firewall" enforcing the user not to work with admin rights?

There are alwasy more than one way of solving the same problem, yes you
can solve some of the problem by forcing the user to do things like not
work in admin mode, but we belive in providing security without forcing
user's into different experiences. Watch this space to see how we have
solved some of these issues in our next versions :-)


Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

.



Relevant Pages

  • [NT] Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Tiny Personal Firewall 3.0 for Windows platform contains Denial of Service ... crash the operating system consuming 100% of your CPU resources. ... 1] DoS vulnerability with Tiny Personal Firewall 3.0 Default Installation ...
    (Securiteam)
  • [NT] Kerio Personal Firewall Denial of Service Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Kerio Personal Firewall 2.x.x for the Windows platform contains a Denial ... This vulnerability allows an attacker to cause ... the host to hang-up and to cause its CPU utilization to jump to 100%. ...
    (Securiteam)
  • Kerio Personal Firewall DOS Vulnerability
    ... NSSI-Research Labs Security Advisory ... Kerio Personal Firewall 2.x.x Denial of Service Vulnerability ... Vendor Status: Vendor inform us to release new version and hopefully it would patch the vulnerability. ...
    (Bugtraq)
  • NSSI-2002-tpfw: Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities
    ... NSSI-Research Labs Security Advisory ... Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities ... Vendor Status: No Response for 1 1/2 weeks after the notice. ... 1] DoS vulnerability with Tiny Personal Firewall 3.0 Default Installation ...
    (Bugtraq)
  • Re: Query
    ... because I might be running this "personal firewall" at home myself and i'd ... > which, with the use of some tools, disables a well known personal firewall. ... > ability to disable the firewall remotely a vulnerability or does it fall ...
    (Vuln-Dev)