Re: Comodo Personal Firewall


Volker Birk wrote:
melih@xxxxxxxxxxxxxxx wrote:
CPF 2 passes the breakout leak test. More specifically, it passes all
windows message based tests. Pls try it out yourself. Since we do not
take active desktop based internet connection test( your second test)
as high priority (at this stage), we skipped including the logic in
this version.

OK, so you included a security system for Windows messages, and you did
not include a security system for COM, right?

right. (for the time being)


So your "Personal Firewall" does not remove every possibility to phone
home. If a program wants to phone home, and the programmer was clever,
the program will phone home in spite of your "Personal Firewall".

| > But i think its important that a Personal Firewall (paid or free)
| > covers as many holes as possible.
| Why do you think so?
| Most people are working with Administrator's rights, and there to secure
| with a "Personal Firewall" is futile anyways.
All systems have a measure of vulnerability. Working with administrator
rights increases the vulnerability. Installing the CPF will greatly
reduce this vulnerability. For example, if you work in Guest account
without CPF, no matter what right you have, your PC would still be
vulnerable to XP UPNP exploit. We are trying to reduce vulnerabilities
by installing the CPF

Hm... I take this as an confirmation for what I said ;-)

to a level yes. We can ask the user to disconnect the network cable,
they'll be even safer than your suggestion of restricting them into
guest mode :-) but there are practicalities and user habits/behaviours
that we have to fit around.


| Have you implemented a security system for Windows messages and a security
| system for local COM in kernel space now?
Yes we watch for window messages and analyze them in our application
behavior analysis engine (Breakout leak test.).

Do you do this in kernel space? Because, if you're doing this with
hooks, it's very easy to crawl up the hook chain and kick out your
controlling hooks.

Come on Volker, lets leave somethings to imagination ;-) Just try our
firewall and see :-)


How are you implementing this?

COM analysis is
skipped in this version but it is scheduled for the next one.

Let's see... You're very courageous to try to tinker every hole Windows
has for communication between applications. Sometimes Windows seems to
have as many holes as a fishing net ;-)

thanks for the compliment ;) We are very bold in our approach to
security!



| If so, are you using ACLs for it?
Not applicable in our architecture

How do you implement that then? Why not using the system of privilieges
and ACLs Windows' kernel is offering?

Are you aware of the security concepts of the Windows kernel?

Yes, surely by now you know we know more than that :)


| Is your "Personal Firewall" enforcing the user not to work with admin
| rights?
There are alwasy more than one way of solving the same problem, yes you
can solve some of the problem by forcing the user to do things like not
work in admin mode, but we belive in providing security without forcing
user's into different experiences. Watch this space to see how we have
solved some of these issues in our next versions :-)

By design (and this is true for every classical operting system) you
cannot control code which is running in ring 0 of the CPU. I cannot see
how you want to control such code. If a user has administrative rights,
she/he may start code in ring 0. And then you lose.

Some you control some you detect. I never said you can control code at
ring 0. Thats the whole point about what I am saying. Nothing about a
PC is secure (threat model of hacker has access to your pc)


May I suggest, that you will enforce users not to work with privileged
rights?

we will implement something interesting in the next version. not what
you are asking but i am sure you will like :)


Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

.

Relevant Pages

  • [NT] Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (MS03-045)
    ... A vulnerability exists because the ListBox control and the ComboBox ... Windows messages provide a way for interactive processes to react to user ... elevated level of privileges (for example, Utility Manager in Windows ...
    (Securiteam)
  • Re: older games dont work
    ... the support of my work have it and will burn a CD to me. ... and any other tips to make this game works will be great. ... Windows 95 including but not limited to: ... to map a pedal as a control ...
    (microsoft.public.windowsxp.games)
  • Re: Listing of XP tools commands
    ... All files with a .cpl extension are normally invoked via the Control ... IP Configuration - ipconfi/all ... Logs You Out Of Windows - logoff... ... System File Checker Utility - sfc /revert ...
    (microsoft.public.windowsxp.general)
  • Re: Listing of XP tools commands
    ... All files with a .cpl extension are normally invoked via the Control ... IP Configuration - ipconfi/all ... Logs You Out Of Windows - logoff... ... System File Checker Utility - sfc /revert ...
    (microsoft.public.windowsxp.general)
  • Re: Listing of XP tools commands
    ... [I found that page in a few seconds by Googling "run commands winxp", ... All files with a .cpl extension are normally invoked via the Control ... Logs You Out Of Windows - logoff... ... System File Checker Utility - sfc /revert ...
    (microsoft.public.windowsxp.general)