I downloaded the following Clipboard-Logger Simulation Test Program

from Here (http://www.zemana.com/list/list.asp?ktgr_id=426)

-Comodo did NOT passed it!.

-Outpost Pro and OA Free Both passed it!

I wonder "Why?"

You expect us to trust the guy with one post?

-{ Quote: "I downloaded the following Clipboard-Logger Simulation Test Program

from Here (http://www.zemana.com/list/list.asp?ktgr_id=426)

-Comodo did NOT passed it!.

-Outpost Pro and OA Free Both passed it!

I wonder "Why?"" }-

Here's my guess:

because Comodo has been enjoying first place on Matousec's rankings, so they have been feeling good about themselves and consequently let their guard down. But fear not, for they will plug yet another poc hole, their product will grow another couple MB, maybe create another bug elsewhere in the code because of the patch (oh well, that goes with the territory) and they will re-affirm their top-dog ranking ;D

-{ Quote: "You expect us to trust the guy with one post?" }-
Why not. Post count does not matter at all. He is correct.

http://www.wilderssecurity.com/showthread.php?t=204941

http://forums.comodo.com/leak_testingattacksvulnerability_research/cfp_fails_clipboard_logger_simulation_test-t21472.0.html

I did not check the latest version though.

-{ Quote: "Here's my guess:

because Comodo has been enjoying first place on Matousec's rankings, so they have been feeling good about themselves and consequently let their guard down. But fear not, for they will plug yet another poc hole, their product will grow another couple MB, maybe create another bug elsewhere in the code because of the patch (oh well, that goes with the territory) and they will re-affirm their top-dog ranking ;D" }-

I don't understand, what's your point?
So far the best firewalls I used myself are Outpost Pro, ZoneAlarm Pro, and Jetico2.
What is your favorite firewalls and what are the reasons?

-{ Quote: "I don't understand, what's your point?
So far the best firewalls I used myself are Outpost Pro, ZoneAlarm Pro, and Jetico2.
What is your favorite firewalls and what are the reasons?" }-

I'm only trying to have some fun. Two of my favorites are Outpost Pro and Jetico 2, mainly for the ability to create tight, custom rulesets for thorough application control, in addition to clear, detailed logging. Support seems pretty decent for both products as well, but it could be better. However, even those developers are getting carried away trying to constantly plug holes to defeat yet another leaktest. I'm seeing in these products increasing bugginess, possibly as a result of the additional code required to defeat leaktests. I do understand, however, that re-writing the code to support Vista has been a major challenge for some developers, in particular Agnitum, who basically re-wrote the code from the ground up in order to support Vista.

-{ Quote: "I'm only trying to have some fun. Two of my favorites are Outpost Pro and Jetico 2, mainly for the ability to create tight, custom rulesets for thorough application control, in addition to clear, detailed logging. Support seems pretty decent for both products as well, but it could be better. However, even those developers are getting carried away trying to constantly plug holes to defeat yet another leaktest. I'm seeing in these products increasing bugginess, possibly as a result of the additional code required to defeat leaktests. I do understand, however, that re-writing the code to support Vista has been a major challenge for some developers, in particular Agnitum, who basically re-wrote the code from the ground up in order to support Vista." }-

Thank you for the answer.
I'd like to ask you for a favor and give your opinion about what I picked up from Comodo's forums.
Here is the link where I tried to get the answer from Paranoid, but he seems to be too busy and probably he doesn't have time to read the entire post, if you could drop inside the thread...:
http://www.wilderssecurity.com/showthread.php?p=1246200#post1246200

I just hope you'll see my post, and give your opinions if, of course you have time.
Big thank you.

-{ Quote: "I just hope you'll see my post, and give your opinions if, of course you have time.
Big thank you." }-

I'll try to answer the best I can later when I have more time. However, P2K, Stem or someone else with similar qualifications can answer far better than I can, but I'll do my best ;)

U epople are going way too much offtopic.

-{ Quote: "U epople are going way too much offtopic." }- I totally agree. Discussions about other firewalls is for other threads not this one.

Pete

-{ Quote: "You expect us to trust the guy with one post?" }-
That wasn't much of a welcome to the forum.

You can't just ignore the message because it's someone's first post.

Is he right or is he wrong?

I tried OA Build 131 Paid and it fails the test (Run Safer or not).
Mamutu also detects nothing.

-{ Quote: "I downloaded the following Clipboard-Logger Simulation Test Program

from Here (http://www.zemana.com/list/list.asp?ktgr_id=426)

-Comodo did NOT passed it!.

-Outpost Pro and OA Free Both passed it!

I wonder "Why?"" }-
It makes no attempt to access any ports.

When I tried to execute Zemana's clipboardlogger.exe, Comodo D+ popped the alert shown in the screenshot below. It warned that clipboardlogger.exe was attempting to gain debug privileges.

Debug privilege allows you to hook into other processes. If you let users debug processes owned by other users, then they can debug processes owned by System, at which point they can inject code into the process and perform the logical equivalent of net localgroup administrators anybody/add, thereby elevating themselves (or anybody else) to administrator.

Now -- why the H*LL would I let an unknown proggie have debug privileges (or even let it TRY to get them)? I wouldn't. Ergo, I slew the bugger. Poof! End of story.

In any event -- here comes yet another niche POC developed by a niche proggie as a gee-look-at-me sales gimmick -- posted by a mysterious rider in black on a dark & stormy night in May. Wheee! Smells like ><)))°> to me.

-{ Quote: "When I tried to execute Zemana's clipboardlogger.exe, Comodo D+ popped the alert shown in the screenshot below. It warned that clipboardlogger.exe was attempting to gain debug privileges." }-
Misleading alert. Zemana doesn't need to get debug priviledge to use SetClipboardViewer API, which it uses to set clipboard callback.

Privilege pop ups of CFP are so sooo annyoing and irritating. Other HIPS like PS obtain same level of protection without such useless and stupid pop ups.

I'm not really fussed if Comodo fail a test... overall, its extremly effective against the majority of other tests.
I'm also sure many other SecuritySuits/BehaviourBlockers miss it as well. Why is it only Comodo being mentioned?

Its only another test... and its only one test being used. What about Comodo's success in passing many of the others?

-{ Quote: "I wonder "Why?"" }-
What do you mean "Why?"... Comodo was not programmed/developed to do so I guess... No need to wonder, common sense would have gave you your answer without asking anyone :)
The question is; Does Comodo intercept the test?... bellgamin's post (#14) answers that :)


Edit: -{ Quote: "It makes no attempt to access any ports." }-
Just tried to use this "test" and as Paul said, it does not attempt to connect to the internet, so its not exactly expected for Firewall to intercept this


Also, IMO, this test seems pretty lame to me... I don't think the potential of malware doing such things (logging copied text) is too much of a threat.

-{ Quote: "Misleading alert. Zemana doesn't need to get debug priviledge to use SetClipboardViewer API, which it uses to set clipboard callback." }-It matters not what Zemana can or cannot do AFTER Comodo gives me the debug alert. Comodo is a dog that barks when an intruder enters. Where I come from, if you respond to your barking dog, & thereby catch someone trying to pick the lock on your front door, you shoot the bugger on the spot. You don't stand around watching him to see what he might do once he gets inside.

As soon as I saw the debug alert, I KILLED Zemana's bit of nonsense on the spot. BAM! End of story.

Comodo did its job. I did mine. Nooooo problema.8)

I have done this test 4x now and find it to be very silly as for this test Defeating comodo. D+ stopped it cold in clean pc mode and would not evan let it execute in paranoid mode. now if i was to allow it to run and look blindly at the D+ alert yes it would log the clip board but as bellgamin stated why would anyone allow a alert that say some thing like that. my guess is they should not be running a FW. this test can not defeat CFW but the user sure can tell comodo to allow it to run and in that case comodo is only doing what the user told it to do. that does not mean CFW failed that's just saying the user should learn what to do with a alert like this.

-{ Quote: "It matters not what Zemana can or cannot do AFTER Comodo gives me the debug alert. Comodo is a dog that barks when an intruder enters." }-It is more like a silly puppy that barks every time anybody passes your door. I saw it barking a real lot of completely harmless programs with a completely sensless alerts. And in this particular case you should understand, that a program DOESN'T NEED to elevate priviledges to enable clipboard callback. Not just a single other HIPS I tested alerted about it, but many of them alerted about an attempt to set clipboard callback (which is what the program actually does). So this is either zemana or comodo coding error.

-{ Quote: "It is more like a silly puppy that barks every time anybody passes your door. I saw it barking a real lot of completely harmless programs with a completely sensless alerts. And in this particular case you should understand, that a program DOESN'T NEED to elevate priviledges to enable clipboard callback. Not just a single other HIPS I tested alerted about it, but many of them alerted about an attempt to set clipboard callback (which is what the program actually does). So this is either zemana or comodo coding error." }- Hi alex_s comodo does alert at time i'm not saying it does not but as for this test defeating comodo fw i can not see how it could call any thing up if comodo will not evan let it execute unless i'm missing some thing the test would firstly have to execute and if comodo stops that from happening how can it make a call to the clip board. the only way i see it could do that is if the user allowed it to run after comodo alerted to it that would be user error not comodo failure.

For leak test fans, in Comodo forum there a new claim, according to which the german PC WELT magazine, found a way to fool Comodo.

http://forums.comodo.com/leak_testingattacksvulnerability_research/programms_with_stolen_rights_can_go_online_in_comodo_v3_with_aktivatet_defense-t21770.0.html

I am sure that with such programs POCs will never end...

-{ Quote: "For leak test fans, in Comodo forum there a new claim, according to which the german PC WELT magazine, found a way to fool Comodo.

http://forums.comodo.com/leak_testingattacksvulnerability_research/programms_with_stolen_rights_can_go_online_in_comodo_v3_with_aktivatet_defense-t21770.0.html

I am sure that with such programs POCs will never end..." }-

Hi, Fuzzfas.
Here is the thing what really torchers me.
Comodo Firewall Pro 3.0 was tested by AV-test. de group.
Comodo Failed to block 2 Trojans of 10 of them.
CFP 3.0 is supposes to be anti-malware product as they say on Comodo's forums.
ZoneAlarm freeware 7.0 shouldn't be able to compare with CFP's power and effectiveness when it comes to malware detection and blocking and here we see, ZoneAlarm freeware is more effective than CFP 3.0.
The same ZA freeware which has done HORRIBLY ON LEAK-TESTS.
What's the conclusion?
Leak-tests can't match the power and effectiveness of the real malware.
Leak-tests are just theoretical, proof of concept tests that every firewall vendor or HIPS vendor should easily ignore, and take a care about real malware!
These tests support my view that leak-tests are waste of time.
Yes, leak-tests always do their credibility when you test firewalls or HIPS against real malware!
And this is the proof.


And inbound protection

-{ Quote: "Hi, Fuzzfas.
Here is the thing what really torchers me.
Comodo Firewall Pro 3.0 was tested by AV-test. de group.
Comodo Failed to block 2 Trojans of 10 of them.
CFP 3.0 is supposes to be anti-malware product as they say on Comodo's forums.
ZoneAlarm freeware 7.0 shouldn't be able to compare with CFP's power and effectiveness when it comes to malware detection and blocking and here we see, ZoneAlarm freeware is more effective than CFP 3.0.
The same ZA freeware which has done HORRIBLY ON LEAK-TESTS.
What's the conclusion?
Leak-tests can't match the power and effectiveness of the real malware.
Leak-tests are just theoretical, proof of concept tests that every firewall vendor or HIPS vendor should easily ignore, and take a care about real malware!
These tests support my view that leak-tests are waste of time.
Yes, leak-tests always do their credibility when you test firewalls or HIPS against real malware!
And this is the proof.


And inbound protection" }-

I meant to say that leakk-tests LOSE heir credibility when you test firewalls or HIPS against real malware!

One should note that the article of PC Welt is a claim. Also, the poster reports that it is ZA Free (and not Pro). Honestly, i have much difficulty to believe that ZA FREE is capable of stopping anything with HIPS-like mecchanism. Maybe it is about ZA PRO and the poster wrote ZA Free by mistake.

Even so, what a man can make, another man can outsmart. I think POCs will NEVER end, there will ALWAYS be a way to fool HIPS and this is just another episode of the saga.

I don't know if the description of the poster is accurate, but honestly, with Comodo i would feel much more secure than with ZAF in general. If not for anything else, Comodo has execution control, so the first step for any malware to run is to give initially permission yourself.

Said this, i don't care too much about leak tests, that's why i run PC Tools firewall. I wish they would stop racing against leak tests and instead work on cutting down network performance.

If ZA Free (and not Pro) did actually stop the malware and Comodo didn't , what can i say, congrats to Zone Alarm and maybe people should start looking at leak test with a more critical mind instead of just cheering "My firewall beats yours at Matousec's!".

-{ Quote: "Hi, Fuzzfas.
Here is the thing what really torchers me.
Comodo Firewall Pro 3.0 was tested by AV-test. de group.
Comodo Failed to block 2 Trojans of 10 of them.
CFP 3.0 is supposes to be anti-malware product as they say on Comodo's forums.
ZoneAlarm freeware 7.0 shouldn't be able to compare with CFP's power and effectiveness when it comes to malware detection and blocking and here we see, ZoneAlarm freeware is more effective than CFP 3.0.
The same ZA freeware which has done HORRIBLY ON LEAK-TESTS.
What's the conclusion?
Leak-tests can't match the power and effectiveness of the real malware.
Leak-tests are just theoretical, proof of concept tests that every firewall vendor or HIPS vendor should easily ignore, and take a care about real malware!
These tests support my view that leak-tests are waste of time.
Yes, leak-tests always do their credibility when you test firewalls or HIPS against real malware!
And this is the proof.


And inbound protection" }-
I am not sure but may be it,s the failure of basic firewall component of CFP. not the HIPS component.

-{ Quote: "I am not sure but may be it,s the failure of basic firewall component of CFP. not the HIPS component." }-

No, it specifically says that Defense+ was activated!

http://forums.comodo.com/leak_testingattacksvulnerability_research/programms_with_stolen_rights_can_go_online_in_comodo_v3_with_aktivatet_defense-t21770.0.html

-{ Quote: "Why not. Post count does not matter at all. He is correct.
" }-

Post count matters if one is saying something bad about the product one is a fan of....