Comodo passes all leak tests

[olap]

Now, when you run test with "cmd.exe" Jetico answerer see my post #43,#44

[Stem]

Hi neonSurge,
I have just installed Comodo (latest Beta), but am getting exactly the same results (running bitadmin for the download) as I did with Jetico. Should there be some alert from Comodo?

[neonSurge]

Quote:

Originally Posted by Stem

Hi neonSurge,
I have just installed Comodo (latest Beta), but am getting exactly the same results (running bitadmin for the download) as I did with Jetico. Should there be some alert from Comodo?

Hi stem,

It should show some popup like this.

[Stem]

Quote:

Originally Posted by neonSurge

Hi stem,

It should show some popup like this.

Hi neonSurge,.. Thanks,.. but no alert here at the moment. I will try a re-installation

[neonSurge]

Quote:

Originally Posted by Stem

Hi neonSurge,.. Thanks,.. but no alert here at the moment. I will try a re-installation

Hi Stem,

I am not using the BETA by the way. 2.2.0.11 is my version. I dont know if beta has this ability or not. You can try to add another JOB than firewallleaktester.com site. It may be because that site is down.

J

[djg05]

Quote:

Originally Posted by neonSurge

FYI, I dont use Bitstester. I run bitsadmin from the command line.

Could you explain what bitsadmin is please. I had a quick look around and this seems to apply to XP and Server 2003.

I think with my Win 2k it is not applicable.

[Stem]

Quote:

Originally Posted by neonSurge

Hi Stem,

I am not using the BETA by the way. 2.2.0.11 is my version. I dont know if beta has this ability or not. You can try to add another JOB than firewallleaktester.com site. It may be because that site is down.

J

Hi neonSurge, The beta is not picking this up, have just sucessfully downloaded a file. I have a version 2 somewhere (what version was this "bits" protection applied?)

[neonSurge]

Quote:

Originally Posted by Stem

Hi neonSurge, The beta is not picking this up, have just sucessfully downloaded a file. I have a version 2 somewhere (what version was this "bits" protection applied?)

Hi Stem,

The version 2.2.0.11 of Comodo should detect this.

J

[olap]

hi,neonSurge, say correctly what succeed when you clik "Allow" (refer to post #78]

[neonSurge]

Quote:

Originally Posted by olap

hi,neonSurge, say correctly what succeed when you clik "Allow" (refer to post #78]

Hi Olap,
I am afraid I did not get your question. You mean when you press "Allow", it goes and downloads the file ofcourse if it is what you ask. But let me try and post the result.

J

[Stem]

Quote:

Originally Posted by djg05

Could you explain what bitsadmin is please. I had a quick look around and this seems to apply to XP and Server 2003.

I think with my Win 2k it is not applicable.

BITS: Background Intelligent Transfer Service... Yes it is in W2K (pro version anyway) : start menu / settings / control panel / administrative tools / services / Background Intelligent Transfer Service

[Stem]

Quote:

Originally Posted by neonSurge

Hi Stem,

The version 2.2.0.11 of Comodo should detect this.

J

Thanks,

[neonSurge]

Quote:

Originally Posted by olap

hi,neonSurge, say correctly what succeed when you clik "Allow" (refer to post #78]

When you press "Allow" button, ot does not ask you any further. This is when svchost.exe has FULL access right.

J

[olap]

Quote:

Originally Posted by neonSurge
When you press "Allow" button, ot does not ask you any further. This is when svchost.exe has FULL access right.

This is all story, with Jetico and Olap.rule, is identical if you "Allow" or "Deny" test not pass. Do you understand now difference!
potential malwares for example first create only job, and your schost.exe resume this job
by next win update without firewall alert!
and read this:

Quote:

Originally from http://www.firewallleaktester.com/
You should never "Allow all" an application, even if you trust it, and especially for the system processes. Always restrict it to the ports AND IP addresses it needs, it includes your ISP DNS servers IPs for instance. SVCHOST.EXE on WindowsXP is a proxy for many features and it can be abused (like with this BITS issue, and also remember the DNStester leaktest).
Consequently you must restrict it tightly to not open doors to potential malwares. Every firewall, coming with a rule for svchost which allows ports 80 and 443 to every IP, can be bypassed.

[djg05]

Quote:

Originally Posted by Stem

BITS: Background Intelligent Transfer Service... Yes it is in W2K (pro version anyway) : start menu / settings / control panel / administrative tools / services / Background Intelligent Transfer Service

Thanks Stem. Was set to manual and not running - now disabled.

[neonSurge]

Quote:

Originally Posted by olap

this is all story, with Jetico and Olap.rule, is identical if you "Allow" or "Deny" test not pass. Do you understand now difference!
and read this:

What do you expect? It is asking you and you approve? Should it still block?
You are still at the same point. We are not talking about restricting IP addresses. The scope of this test is that the firewall must alert me about the guilty application. And svchost.exe is not guilty here. bitsadmin.exe is the guilty application and Comodo warns you giving the exact activity details(Not mentioning about other detailed popups ).

BITS service is not just used for microsoft updates. Many new software will also use it since it is started being documented.

Here is another quote for you :

The perfect personal firewall would be inexpensive and easy to install and use, would offer clearly explained configuration options, would hide all ports to make your PC invisible to scans, would protect your system from all attacks, would track all potential and actual threats, would immediately alert you to serious attacks, and would ensure nothing unauthorized entered or left your PC." Jeff Sengstack, PC World, July 21, 2000.

J

[neonSurge]

Quote:

Originally Posted by olap

potential malwares for example first create only job, and your schost.exe resume this job
by next win update without firewall alert!
and read this:

Ofcourse. Thats another topic and more suitable if we talk about "How to harden the security of your PC" or "Good practices for hardening your PC". This is not just valid for Jetico but all other firewalls. You can start another topic in which your olap rules are presented in a generic form so that all of us can use in our own firewalls.

Good luck,

J

[olap]

Every firewall, coming with a rule for svchost which allows ports 80 and 443 to every IP, can be bypassed.
I know this very well!

Good luck, to you too!

[neonSurge]

Quote:

Originally Posted by olap

I wait demanded answer, on my post #45 and Stem post #32

I think you have problems understanding english. Stop rambling on and read Message #48, 51, 57, 74.

What other answer are you waiting? Should I put flowers beside the messages?

If you are not satisfied from the answer, please restate your question.

[olap]

not from you! is OK?

[Bubba]

To All:

There definetly seems to be a problem with failing to communicate for whatever reason. Unfortunately it has also reached a point that splitting off of the Jetico off topic discussion from the original topic concerning Comodo passes all leak tests would not serve the members well.

Having said that....I'll repeat what was asked of earlier by a Moderator....Lets try to keep the replys civil please. If this can not be accomplished and if We still continue with the I wait demanded answer type posts....We'll have to consider this thread for closure or at the least start removing posts.

This can be a very inlightening thread and with co-operation it might be able to continue.

Bubba

[olap]

Hi, neonSurge and all, answer to your post

Quote:

Originally Posted by neonSurge
The scope of this test is that the firewall must alert me about the guilty application. And svchost.exe is not guilty here.

Read this an you can see that svchost.exe is only guilty here!

Quote:

Originally from http://www.firewallleaktester.com/
BITS_tester is NOT a leaktest, it is simply a GUI to control the utility from Microsoft.
- Solution :

The only way to prevent abuses is to restrict in your firewall the IPs svchost.exe (or services.exe) is allowed to access. On my side, I need to allow these IP ranges (text file) :

Conclusion :

You should never "Allow all" an application, even if you trust it, and especially for the system processes. Always restrict it to the ports AND IP addresses it needs, it includes your ISP DNS servers IPs for instance. SVCHOST.EXE on WindowsXP is a proxy for many features and it can be abused (like with this BITS issue, and also remember the DNStester leaktest). Consequently you must restrict it tightly to not open doors to potential malwares. Every firewall, coming with a rule for svchost which allows ports 80 and 443 to every IP, can be bypassed.

Also notice that the IP ranges given may not be complete, it might be possible that on your country svchost needs to access other ranges. If your firewall warns you about an access to an IP not being in the given ranges, to know the range to which the IP belongs, you can use the "IPWHOIS Lookup" from the website http://www.dnsstuff.com/. Simply enter the IP in the box, the website will give you the associated IP range and CIDR.

Until now, I've talked only about downloading, but the BITS service (last version) can be used to upload files as well if you have a machine where the IIS web server service is running.

As a side note, about those who say you shouldn't be infected in the first place, they are of course right. But a firewall is still needed to control legit Windows components or unwanted application behavior (e.g MS Word acessing the net). Also, in case something got planted in your PC, having restricted anything to what it needs only will mitigate the consequences. It's like the airbag of your car, theoretically you shouldn't need it, because you drive well and not too fast. But if anyway you have an accident, having an airbag will decrease the damages.

Finally, disabling all together the automatic update service and BITS service is not a solution. Indeed, a malware could start them back before using them. I do not advise at all to disable Automatic Windows Updates, but if you go that way, do not forget to also block svchost.exe or services.exe in your firewall (if you are using DHCP, create a rule to allow local port 68 to communicate in UDP to the remote port 67, IP 255.255.255.255).

And I must say, Comodo with default rules how I see from Stem "Attached Images" not pass
this abuses, certain!

Have Fun..

[neonSurge]

Quote:

Originally Posted by olap

Hi, neonSurge and all, answer to your post



Read this an you can see that svchost.exe is only guilty here!



And I must say, Comodo with default rules how I see from Stem "Attached Images" not pass
this abuses, certain!

Have Fun..

Just in time... I can not feel happier
They have released a new leak test, which, most probably, uses BITS service(though I am not sure) and with your so-called OLAP rule, jetico failed. It simply opens the web browser and send data. Are you going to restrict IP addresses for the web browser Olap?

http://forums.comodo.com/index.php/topic,737.0.html

Now you have fun.

J

[neonSurge]

Quote:

Originally Posted by olap

Hi, neonSurge and all, answer to your post
And I must say, Comodo with default rules how I see from Stem "Attached Images" not pass
this abuses, certain!

Test and see if it fails or not...

This discussion ends here for me...

J

[olap]

Repost this test I have not access!

Quote:

The topic or board you are looking for appears to be either missing or off limits to you.