Comodo passes all leak tests

drmjx · #1 June 12th, 2006, 04:11 PM

Just tested all the leak tests jetico failed at, and the new cpf picked them all up. Could someone confirm that? (the tests on the web site, from March 06 were done with cpf v1)...
Then i retrospectively went and did the other tests and they were all picked up. Edit: Comodo certainly claim all this..

I did have an issue of some sites not loading but I think it's just my machine

zopzop · #2 June 12th, 2006, 05:21 PM

hmm i think jetico passes all the leaktests mentioned on the firewall test site now too. there's only one test that comes to mind that i'm not sure either jetico or comodo has passed yet, the pcflank leak test found here:
http://www.pcflank.com/pcflankleaktest.htm

you could try that

Stem · #3 June 12th, 2006, 05:32 PM

Hi zopzop,
Jetico does pass the pcflank leak test, as Jetico will "popup" the leaktest attempted access. (This is with IE already started / connected to the internet)

I never got as far as to test Comodo with this test.

drmjx · #4 June 12th, 2006, 05:37 PM

Quote:

Originally Posted by zopzop

hmm i think jetico passes all the leaktests mentioned on the firewall test site now too. there's only one test that comes to mind that i'm not sure either jetico or comodo has passed yet, the pcflank leak test found here:
http://www.pcflank.com/pcflankleaktest.htm

you could try that

zopzop, just tried comodo, and it passed it. As for jetico passing all tests, is there a newer version available because the version I downloaded was the one tested?

Stem · #5 June 12th, 2006, 05:40 PM

Hi drmjx,
Which "tests" do you mean. I have not found Jetico to fail a leaktest yet.
I will re-run any tests to check.

khazars · #6 June 12th, 2006, 05:51 PM

well, jumper fails on mine although I had wrote a rule later but I have forgot what it was as I deleted it to retest a few weeks ago!

drmjx · #7 June 12th, 2006, 05:58 PM

Quote:

Originally Posted by Stem

Hi drmjx,
Which "tests" do you mean. I have not found Jetico to fail a leaktest yet.
I will re-run any tests to check.

http://www.firewallleaktester.com/tests_overview.php

bottom of the page, view results; once there, the headers of the tests are linked to binaries. Sorry, it's been a long night

Stem · #8 June 12th, 2006, 06:05 PM

Quote:

Originally Posted by khazars

well, jumper fails on mine ...

Jetico fails on this, as this is a registry "attack", Jetico does not protect the registry. I use SSM to cover this.

Stem · #9 June 12th, 2006, 06:12 PM

Hi drmjx,
Does Comodo (this is now on version 2?) pass the 2 "breakout" tests? (windows_Message) (I had forgotten about these,..I dont use IE, so these tests are of no concern to me, personally)

EDIT,
By the way,.. Jetico does pass the DNStester, as it flags this access

drmjx · #10 June 12th, 2006, 06:41 PM

Quote:

Originally Posted by Stem

Hi drmjx,
Does Comodo pass the 2 "breakout" tests? (windows_Message) (I had forgotten about these,..I dont use IE, so these tests are of no concern to me, personally)

EDIT,
Jetico does pass the DNStester, as it flags this access

Stem,

Comodo passes DNStester, Breakout1, Jumper (identified as non-passable by jetico).

With breakout2 the app manages to set active desktop (fair enough as it's localised), but no web page is set. I'd appreciate if someone could confirm this, have to run to work

Stem · #11 June 12th, 2006, 10:04 PM

Quote:

Originally Posted by drmjx

Stem,

Comodo passes DNStester, Breakout1, Jumper (identified as non-passable by jetico).

From my use of Jetico, I will argue about the DNStester results, but not about the others (its why I use SSM,.. and even SSM, at this time, will not intercept the windows_message leaktest, Thats why I dont use IE, (well one reason))

I am impressed if comodo is passing the "Breakout test",... well done.

Regards

charincol · #12 June 13th, 2006, 07:35 AM

On my system, DNSTester is blocked by Jetico, as I do not run the Windows DNS service. I run treewalkDNS. Breakout1 does nothing as far as I can tell (meaning there is no change, nothing pops up to say it was successful, nothing starts) when I run it, presumably because I have stripped windows messenger out of my XP. Breakout2 tried to change my wallpaper to an active desktop screen but it fails, because active desktop received the same fate as WM before XP made my PC its home. Jumper shuts down windows explorer.exe, but my taskbar never comes back up so IE doesn't open (I'm guessing because of other "vulnerabilities" I've stripped out.) Of course they could be something , but they at least are not successful at producing the results they are supposed to. So my layered protection of not having unneccesary Windows components even installed and Jetico blocks all of them for me, without the resources of Comodo.

I did have to disable AppDefend/RegDefend so the tests would run.

gkweb · #13 June 13th, 2006, 08:04 AM

Hello,

Quote:

On my system, DNSTester is blocked by Jetico, as I do not run the Windows DNS service

Be sure to not base you security on what is disabled, since a malware could start it back. If you anyway want to go this way, ensure that you are asked/warn when a disabled service tries to start.

Regards,
gkweb.

charincol · #14 June 13th, 2006, 08:51 AM

Enabled DNS Client service and ran DNSTester again. Jetico passes. So that does end up being all listed.

gkweb · #15 June 13th, 2006, 09:23 AM

Hello,

My reply was not targetted to Jetico specifically, but more generally to the general argument I have seen many times about the workaround of disabling the Windows DNS client service to prevent the leak from occuring. I wanted to state it was not a good defense, and that if you want to go this way, ensure you block svchost.exe from executing with the following command line "C:\WINDOWS\system32\svchost.exe -k NetworkService" OR install a firewall passing the leak (it's better).

Some users after reading your post could have thought it was that easy and could have thought to be protected like this, hence my post.

About Jetico and DNStester, I wasn't able to have consistent results, sometimes it was passing it, but sometimes not. But it has nothing to do with what I wanted to point out.

To finish, indeed disabling what is not needed is a good baseline, and adding layers to your security is what I've always advised :
http://www.firewallleaktester.com/advices.htm

BTW I very like AppDefend too, especially because you can allow an exe to run (e.g svchost) but deny it to run with a particular command line (e.g the DNS client service above).

Regards,
gkweb.

neonSurge · #16 June 13th, 2006, 04:44 PM

Quote:

Originally Posted by Stem

Hi zopzop,
Jetico does pass the pcflank leak test, as Jetico will "popup" the leaktest attempted access. (This is with IE already started / connected to the internet)

I never got as far as to test Comodo with this test.

Well if you test, you will see that it passes with flying colors....The correct criteria of the test is to give full access right to the internet explorer and then test...The firewall must show PCFlank.exe as the connection initiator. If jetico says PCFlank is trying to connect, then it passes.
In my system, jetico does not pass PCFlank test.

Melih-Comodo · #17 June 13th, 2006, 04:46 PM

Quote:

Originally Posted by Stem

From my use of Jetico, I will argue about the DNStester results, but not about the others (its why I use SSM,.. and even SSM, at this time, will not intercept the windows_message leaktest, Thats why I dont use IE, (well one reason))

I am impressed if comodo is passing the "Breakout test",... well done.

Regards

Thanks STEM ;-)

Comodo Firewall passes all tests apart from breakout-2 (we pass breakout-1). All these are passed using the Comodo firewall out of box, without requiring any intervention from the user.

Also we pass the PCFlank test.

On Thursday 15th June, we will release a new version that will pass the BITSAdmin leak test (that has been revelaed few days ago).

PS: We already are well under way with building the protection in order to pass the breakout-2 test and that should be out soon ;-)

Thanks
Melih

neonSurge · #18 June 13th, 2006, 04:53 PM

Quote:

Originally Posted by Stem

Hi drmjx,
Does Comodo (this is now on version 2?) pass the 2 "breakout" tests? (windows_Message) (I had forgotten about these,..I dont use IE, so these tests are of no concern to me, personally)

EDIT,
By the way,.. Jetico does pass the DNStester, as it flags this access

Breakout tests do not test only internet explorer but any application. I mean the threat exists for any application. www.firewallleaktester.com has its mozilla/firefox version available for download.

J

zopzop · #19 June 13th, 2006, 04:53 PM

melih, excellent job as always. any news on when (if) comodo will be toned down a bit when it comes to resource use? on my desktop it eats up about 30megs of ram (i don't care cause i have 2gigs of ram) but my laptop with a measly 512 megs of ram, every little bit of ram counts

jetico, for example uses anywhere from 8-10megs (last time i checked).

khazars · #20 June 13th, 2006, 05:41 PM

Yea, Jetico fails dnstester, breakout and jumper but it hasn't had an update for nearly a year and the last two leaktests are more recent!

We'll just have to wait for the new release and see how it does then!

Melih-Comodo · #21 June 13th, 2006, 05:57 PM

Quote:

Originally Posted by zopzop

melih, excellent job as always. any news on when (if) comodo will be toned down a bit when it comes to resource use? on my desktop it eats up about 30megs of ram (i don't care cause i have 2gigs of ram) but my laptop with a measly 512 megs of ram, every little bit of ram counts

jetico, for example uses anywhere from 8-10megs (last time i checked).

Thanks.

First week of July we will have the version with really reduced ram usage.

Melih

Melih-Comodo · #22 June 13th, 2006, 06:00 PM

Quote:

Originally Posted by khazars

Yea, Jetico fails dnstester, breakout and jumper but it hasn't had an update for nearly a year and the last two leaktests are more recent!

We'll just have to wait for the new release and see how it does then!

I agree we should wait and see, but I believe that the speed of response is a very important aspect, as any newly discovered leak test is a vulnerability for the Firewall and it must be updated to patch it. This is why we are releasing an upgrade this thursday to protect against BITSAdmin leak test.

thanks
Melih

Stem · #23 June 14th, 2006, 04:05 AM

Quote:

Originally Posted by neonSurge

Breakout tests do not test only internet explorer but any application. I mean the threat exists for any application. www.firewallleaktester.com has its mozilla/firefox version available for download.

J

Hi, yes I have run this before for firefox, but nothing happened. I have just downloaded and run again, SSM intercepts: popup: command line: breakout_mozilla_firefox.exe. So it can be blocked there, but even if I allow this through SSM, (with firefox already running) no connections (or any outbound) are made. (I have been running a network analyzer just to confirm)

Joliet Jake · #24 June 14th, 2006, 06:51 PM

Quote:

Originally Posted by Melih-Comodo

Thanks.

First week of July we will have the version with really reduced ram usage.

Melih

Great news there Melih.

Melih-Comodo · #25 June 25th, 2006, 02:24 PM

Comodo now passes the BITS leak test. (I think the only firewall to pass this leak test fresh out of box)

this is a really nasty leak.
you can read about the leak here http://www.firewallleaktester.com/news.htm#57

(I know the guy who runs this site thinks there is only one way to protect it, well, someone has to break the news to him, his statement is incorrect now that Comodo protects agains this leak test out of box, with no messing around with settings :-) )

thanks
Melih

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search