Re: How good is Comodo Internet Security?

nik gr wrote:

Ο "VanguardLH" <V@xxxxxxxxx> έγραψε στο μήνυμα

1) Limited account + web browser
2) Admin account + web browser + LUA token

Very nice and straightforward comparisation.

Same reduced privileges for both 1 and 2.

But PLUS extra functionality in case (2) where all admin tasks such
(install, update, remove.debug) can be performed with ease and without the
hassle of switchign back and forth to deifferent-level accounts.

Just to be sure, I'm just presenting an alternate to having to bounce
back and forth between admin and non-admin accounts. For the majority
of users, the blanket statement to do your work under a non-admin
account is still good advice. It's just not advice that is usable by
all users but for them they need to add more security than what they get
just with Windows.

a) At that point can you please explain to me the GREATEST REASONS of
running under a windows limited account or running under LUA token under
admin account opposed of running as iam now, which is JUST PURE admin level?

While LUA gives added security, it not a panacea. However, it may
eliminate the need to be installing and running more security software
that can cause conflicts between themselves, consumes more memory and
CPU cycles, and overly restrict wanted behavior in applications than
what would occur under a LUA. There is a lot of security software out
there using different protection techniques and a lot of it doesn't work
with each other. Trying to find a entire security suite that is all
compatibile is something akin to alchemy, and what works today might not
work tomorrow due to version changes that alters compatibility.

I would be understanding this better if you can tell me in case of an
ypothetical infection of a malware (i.e.trojan horse) what this can do to an
admin level account that wouldnʼt be able to do in a limited account.

Lets say the infection came place from firefox visiting an infected webpage.

b) One last thing folks I would like to ask is for example lest say I keep
using my admin account running my internet-facsing apps apps full

Why do all the security stuff you mentioned when I have CPF installed on my
admin account which is eligible to notify me on EVERY malicious possible
action a malware thatʼs found its way into my system trying to perform?

The HIPS (Defense+) portion of CFP might prompt when it sees the small
payload delivered by a buffer overrun (assuming the app was allowed to
continue running upon the detected buffer overrun which SafeSurf is
supposed to catch). You would have to allow that code to load and run
by answering OK to the prompt. However, since the payload is running
within the same process or as a child of it, and since you permitted the
parent app to load (it's something you do want to run) then you might
not get a prompt. Back in version 2 of CFP, you could have it alert
when a parent wanted to start a child process. I don't recall if they
carried that forward to version 3. It isn't available in Online Armor.
I do know that when you okay a process, and if you have it in Paranoia
mode, that any additional behaviors detected later for the same app will
get prompted and it'll be up to you to figure out at that time if you
want to allow the additional behaviors. The problem here is that an app
may not exercise all its behaviors during your initial use of it, so as
you continue using the app then CFP will alert when you later trigger
the additional behaviors in that app. That's why HIPS, especially at an
extreme alert level, can be daunting to the typical user to figure out
how to properly configure for a good app. Both Comodo and OA provide
whitelists for many known good apps to reduce this prompting but CFP
doesn't use them in its paranoia mode (because that mode is what you
selected to have it prompt you about every behavior).

If ti tried to put itself on winxp startup it will tell me about it and I
block it, same way if it tries to inject data to another proccess I will be
notified and block it, or if it tries to use windows services to abuse them
and hide it self I will also be notified to blcom it.

So ig I have such good protection with CPF why bother installing software
like DropMyRigths or 'psexec'? CPF is a tough cop and spy as to what happens

Answering all the prompts in paranoia mode can waste more time than you
want to spend. After all, the point of your computing platform is to
get your tasks done, not to tweak the OS and security programs trying to
harden that OS. I've gone that route where I had trialed many security
products trying to achieve the most secure Windows that I could have but
the performance and resource impact was too great, responsiveness of the
host was reduced, and I got tired of doing what seemed more work
securing the OS and apps than of actually using them. Too much security
is itself an interference - and, to some degree, also achieves what the
malware author intended: you spend inordinate resources trying to
protect yourself. Like terrorists, even if they don't attack, they
still get some satisfaction from your fear and all your efforts to
protect yourself.

There's ultimate protection. And then there's good-enough protection.
Do you everyday wear a Kevlar vest, pants, and bullet-resistant helmet
based on the premise that maybe one day someone shoots at you? Not even
SWAT does that. Trying to come up with a "flavor" for a security suite
for everyone just ain't gonna happen. Some are more paranoid than
others. Some users are more thoughtful or educated regarding their use
of their host. Some want someone else to come up with hardcoded
expertise instead of them figuring it out. Even what I like today might
not be what I like tomorrow for my security suite.

Based just on your original question, is CFP good, yes, it is. It is
all that you will need? No, especially in regards to its antivirus
component. How much more do you need? Depends on how badly you want to
choke your system. Over time, I end up with security products that I
eventually decide are beyond my comfort level. Besides, I'm willing to
flatten my host and do a fresh install of the OS and apps if need be,
plus I do incremental image backups that let me snapshot back to before
the infection. I don't spend more than a couple evenings trying to
disinfect my host since that's how long it would take me to rebuild it
(and even shorter for restores).

Security is nice but don't get too carried away with it.

Relevant Pages

  • Re: Out of Process execution and .NET
    ... Also the security issues are much better addressed ... > app, since it calls the COM+ object to do some work, and then ... > than a blanket Domain Admin account), ...
  • Re: Active Directory Security
    ... Although you can lock the admin account as soon as the valid password for the admin account is provided the system automatically unlocks this special account and allows it to log on. ... >> There is plenty of security in place to protect your assets in AD.>> Users ...
  • Re: renaming administrator account
    ... > This is why renaming the administrator account is more security theater than ... it gives more than just a theater. ... i have had sometimes and admin account called "guest" and guest account ...
  • Re: Disk Utility/encrypted images - choices
    ... it means he has chosen to use less security. ... One has to deliberately go in and set this system to not log in to the first account by default. ... Also on my daughter's machine I only have one account (an admin account) for myself, while on machines that I use more frequently, I have two accounts for myself, admin and regular. ...
  • Asp.Net and Webservice using Impersonation/App Pools
    ... webservice everything goes smoothly. ... Now if I move the app in to its own App Pool in IIS set my account ... What I want to do is create another local account (well actually it's ... account will have integrated security for SQL most probably as a DBO ...