Re: Comodo Personal Firewall

melih@xxxxxxxxxxxxxxx wrote:
Do you do this in kernel space? Because, if you're doing this with
hooks, it's very easy to crawl up the hook chain and kick out your
controlling hooks.
Come on Volker, lets leave somethings to imagination ;-) Just try our
firewall and see :-)

Hm... if I have a look on to your software, then afterwards probably
nothing is left to the imagination ;-)

| If so, are you using ACLs for it?
Not applicable in our architecture
How do you implement that then? Why not using the system of privilieges
and ACLs Windows' kernel is offering?
Are you aware of the security concepts of the Windows kernel?
Yes, surely by now you know we know more than that :)

Why don't you use then these concepts?

| Is your "Personal Firewall" enforcing the user not to work with admin
| rights?
There are alwasy more than one way of solving the same problem, yes you
can solve some of the problem by forcing the user to do things like not
work in admin mode, but we belive in providing security without forcing
user's into different experiences. Watch this space to see how we have
solved some of these issues in our next versions :-)
By design (and this is true for every classical operting system) you
cannot control code which is running in ring 0 of the CPU. I cannot see
how you want to control such code. If a user has administrative rights,
she/he may start code in ring 0. And then you lose.
Some you control some you detect. I never said you can control code at
ring 0. Thats the whole point about what I am saying. Nothing about a
PC is secure (threat model of hacker has access to your pc)

But it is possible to control all other code. So why not enforcing a
user not to work as Administrator, if this is the only way to help with
security? Therefore your "nothing about a PC is secure" is wrong.

May I suggest, that you will enforce users not to work with privileged
rights?
we will implement something interesting in the next version. not what
you are asking but i am sure you will like :)

Why not just using what the operating system is offering?

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
.

Relevant Pages

  • Re: Comodo Personal Firewall
    ... controlling hooks. ... cannot control code which is running in ring 0 of the CPU. ... If a user has administrative rights, ...
    (comp.security.firewalls)
  • Re: The memory could not be "read". Application Crash??
    ... >> is to be able to set up multiple hooks on the same window (like ... I can't think of a reason that you couldn't subclass the ... I had 3 instances of the subclass control all subclass ... that it identifies its clients by the hWnd of the window being subclassed, ...
    (microsoft.public.vb.general.discussion)
  • Re: The memory could not be "read". Application Crash??
    ... >> is to be able to set up multiple hooks on the same window (like ... I can't think of a reason that you couldn't subclass the ... I had 3 instances of the subclass control all subclass ... that it identifies its clients by the hWnd of the window being subclassed, ...
    (microsoft.public.vb.winapi)
  • Re: The memory could not be "read". Application Crash??
    ... >> is to be able to set up multiple hooks on the same window (like ... I can't think of a reason that you couldn't subclass the ... I had 3 instances of the subclass control all subclass ... that it identifies its clients by the hWnd of the window being subclassed, ...
    (microsoft.public.vb.database.ado)
  • Re: The memory could not be "read". Application Crash??
    ... >> is to be able to set up multiple hooks on the same window (like ... I can't think of a reason that you couldn't subclass the ... I had 3 instances of the subclass control all subclass ... that it identifies its clients by the hWnd of the window being subclassed, ...
    (microsoft.public.vb.enterprise)
Quantcast