Comodo passes all leak tests - Page 5

neonSurge · #**101** June 27th, 2006, 06:29 PM

Quote:

Originally Posted by olap

Repost this test I have not access!

http://forums.comodo.com/index.php/topic,737.0.html

olap · #**102** June 27th, 2006, 06:39 PM

Upload file to http://rapidshare.de/

Quote:

An Error Has Occurred!
The topic or board you are looking for appears to be either missing or off limits to you.

aigle · #**103** June 27th, 2006, 06:54 PM

May be u need to be registered there on the forums.

olap · #**104** June 27th, 2006, 06:56 PM

forget for register, this forum is only for Comodo user!
I await of this mystery test to become public!
Or is this new BITS mystery test created only for Comodo user? that make them happy!

Melih-Comodo · #**105** June 27th, 2006, 07:58 PM

here is the file.

pls replace the extension .txt with .zip

to find out how it exactly works pls refer to forums. it shoudl be visible.

thanks
melih

olap · #**106** June 27th, 2006, 08:34 PM

My Browser!

olap · #**107** June 27th, 2006, 08:38 PM

My Jetico answer with Olap rule!

As you see I also pass this mystery test! (You typed:---)!
Don't be so sure, public Olap.rule not and maximum that my Jetico can do!
and "not nominations ITS name not at all!"
Maybe CPIL3!

Have Fun..

PS: I an not get download Comodo now!
If this test is created for me an my rule I am honored! thank you!

olap · #**108** June 27th, 2006, 09:34 PM

How you see!
Oh dear!the show is started. Hang on....
Test notsucceded!
PS: I'm sure, not get download Comodo now!

as I am good with Jetico

Have Fun..

Stem · #**109** June 28th, 2006, 05:31 AM

Hello neonSurge,
I see there is now a new test. But lets go over a few points,.... as there as been some confusion.
Originally we where talking of comms sent by Svchost, well that is how I interpreted at first, and believed that by restricting svchost comms, that the test failed, and it can be easily seen as this. An explantion was given that it was the communication between Bitsadmin and svchost that was the actual test, and that Comodo sees/intercept this. From my own running of this test, Comodo does intercept this, Jetico does not, my conclusion on this is simple, in that, like from info on the Leaktest site, and some basic knowledge of firewall walls, the restriction/limiting of comms by any firewall goes a long way in protecting the system. (even though jetico does not intercept Bitsadmin=>Svchost, from Jetico default ruleset, the data transfer attempt is). That is why, from my post about Jetico, I post only rulesets per application, so as not to give rise to the possiblity of corrupting the flow of rules within Jetico, so that the user is not left more open / or restricted to a point where no promts are given, and comms are simply blocked/dropped.

I see from this latest test "cpil2" that this is an injection attempt?, Jetico will intercept injections by default, no new rules need to be added (in fact no new rules can be added by the user on this part (type of attack) of the rules system within Jetico, they can be renamed but not changed). I did run this test, Jetico intercepted a "network access" attempt by cpil2, I did stop it at this point (for now....but can complete if needed)

Regards,

First prompt from Jetico, when cpil2 is run:-

neonSurge · #**110** June 28th, 2006, 05:34 AM

Quote:

Originally Posted by olap

How you see!
Oh dear!the show is started. Hang on....
Test notsucceded!
PS: I'm sure, not get download Comodo now!

as I am good with Jetico

Have Fun..

If you saw the browser, you failed the test. Where is popup? What is the configuration? Tell us so that we can also test with the settings you set. Or you are just blocking some text to show your results?

J

neonSurge · #**111** June 28th, 2006, 05:37 AM

Quote:

Originally Posted by Stem

Hello neonSurge,
I see there is now a new test. But lets go over a few points,.... as there as been some confusion.
Originally we where talking of comms sent by Svchost, well that is how I interpreted at first, and believed that by restricting svchost comms, that the test failed, and it can be easily seen as this. An explantion was given that it was the communication between Bitsadmin and svchost that was the actual test, and that Comodo sees/intercept this. From my own running of this test, Comodo does intercept this, Jetico does not, my conclusion on this is simple, in that, like from info on the Leaktest site, and some basic knowledge of firewall walls, the restriction/limiting of comms by any firewall goes a long way in protecting the system. (even though jetico does not intercept Bitsadmin=>Svchost, from Jetico default ruleset, the data transfer attempt is). That is why, from my post about Jetico, I post only rulesets per application, so as not to give rise to the possiblity of corrupting the flow of rules within Jetico, so that the user is not left more open / or restricted to a point where no promts are given, and comms are simply blocked/dropped.

I see from this latest test "cpil2" that this is an injection attempt?, Jetico will intercept injections by default, no new rules need to be added (in fact no new rules can be added by the user on this part (type of attack) of the rules system within Jetico, they can be renamed but not changed). I did run this test, Jetico intercepted a "network access" attempt by cpil2, I did stop it at this point (for now....but can complete if needed)

Regards,

First prompt from Jetico, when cpil2 is run:-

Hi Stem,

I dont know honestly how CPIL2 works. It may not be related to BITS at all. I may have tested wrong. But with optimal policy it did not alert anything here. With olap rule, i also did not see anything as well. Let me know i am doing something wrong.

J

neonSurge · #**112** June 28th, 2006, 05:50 AM

Quote:

Originally Posted by Stem

Hello neonSurge,
I see there is now a new test. But lets go over a few points,.... as there as been some confusion.
Originally we where talking of comms sent by Svchost, well that is how I interpreted at first, and believed that by restricting svchost comms, that the test failed, and it can be easily seen as this. An explantion was given that it was the communication between Bitsadmin and svchost that was the actual test, and that Comodo sees/intercept this. From my own running of this test, Comodo does intercept this, Jetico does not, my conclusion on this is simple, in that, like from info on the Leaktest site, and some basic knowledge of firewall walls, the restriction/limiting of comms by any firewall goes a long way in protecting the system. (even though jetico does not intercept Bitsadmin=>Svchost, from Jetico default ruleset, the data transfer attempt is). That is why, from my post about Jetico, I post only rulesets per application, so as not to give rise to the possiblity of corrupting the flow of rules within Jetico, so that the user is not left more open / or restricted to a point where no promts are given, and comms are simply blocked/dropped.

I see from this latest test "cpil2" that this is an injection attempt?, Jetico will intercept injections by default, no new rules need to be added (in fact no new rules can be added by the user on this part (type of attack) of the rules system within Jetico, they can be renamed but not changed). I did run this test, Jetico intercepted a "network access" attempt by cpil2, I did stop it at this point (for now....but can complete if needed)

Regards,

First prompt from Jetico, when cpil2 is run:-

Comodo shows a popup "Cpil2.exe modified the user interface of iexplore.exe". But no memory injections. So it may not be a memory injection. It may be similar to breakout because i always see the same type of popup with breakout test.

J

Stem · #**113** June 28th, 2006, 05:52 AM

Hi neonSurge,
I continued with the test to see,.. there is a "change to physicalmemory" attempt (Jetico missed this, as the attempt is to \device\physicalmemory (I am not sure yet what the "device" is. I will try to find time later is try and find)

Following the Jetico warning "access attempt" I was prompted with:-
(and why does the test say "succeded" before the browser is opened?)

neonSurge · #**114** June 28th, 2006, 05:52 AM

Quote:

Originally Posted by olap

My Jetico answer with Olap rule!
If this test is created for me an my rule I am honored! thank you!

I am sure Comodo is working for you

neonSurge · #**115** June 28th, 2006, 05:59 AM

Quote:

Originally Posted by Stem

Hi neonSurge,
I continued with the test to see,.. there is a "change to physicalmemory" attempt (Jetico missed this, as the attempt is to \device\physicalmemory (I am not sure yet what the "device" is. I will try to find time later is try and find)

Following the Jetico warning "access attempt" I was prompted with:-
(and why does the test say "succeded" before the browser is opened?)

Hi Stem,

If it is accessing \device\physicalmemory, then it is trying to access the physical memory of the computer directly. By the way, after this test, until i restart the PC, jetico does not catch other leak tests as well.

I am not sure but as i understand from the following site http://www.security.org.sg/code/sdtrestore.html the test may be trying to disable protection of the firewalls since after the test my sandbox software also remained unfunctional.

J

neonSurge · #**116** June 28th, 2006, 06:03 AM

Quote:

Originally Posted by Stem

Hi neonSurge,
Following the Jetico warning "access attempt" I was prompted with:-
(and why does the test say "succeded" before the browser is opened?)

I am using internet explorer as my default browser but do not see such an alert.

J

Stem · #**117** June 28th, 2006, 06:04 AM

Hi neonSurge,
This is the alert given by SSM

Stem · #**118** June 28th, 2006, 06:27 AM

Quote:

Originally Posted by neonSurge

I am using internet explorer as my default browser but do not see such an alert.

J

I changed my "default" browser to IE, same alert (attached)
Check you have not allowed this in the Jetico rules: open the "optimal protection" and open the "root", you will see the "Process attack table", look in this to see if you have allowed this attack

olap · #**119** June 28th, 2006, 06:27 AM

Conclusion : Now you have all, popup, image and how you see Jetico pass
all!
This mystery test is created only for Comodo user? that make them happy!

Quote:

Melih-Comodo
Svchost which allows ports 80 and 443 to every IP, can be bypassed!
Comodo with default rules not pass BITS issue, certain not this abuses.!
I pray, not to say lies to the customer, Comodo is the only firewall to pass the test!

ATTENZION to all non experienced user! because?
I have tried to install time ago Comodo_2.0.0.1, same tries to download from the internet, my setup and ended here!
Because I have a simple principle, if I use Pay software The pay this and I want that is usable without conditions, and I want to have full control on the spread out one, this spread out is worth for free software, if that and free he must free be without the conditions!

If stretched software looks for of download or perhaps also upload dates before installing him?
From a firewall this I don't surely accept!Firewall is to protect user from upload/download
not make tihs job by self!

Note, you be maybe infected in the first place, maybe I don't know?

Software with aggressive call home I treat it as Spy-Ware or Trojan!

Discussion, me the lock here!

BiteMe I BiteYou Back!

PS: Jetico ist best!

neonSurge · #**120** June 28th, 2006, 06:32 AM

Quote:

Originally Posted by Stem

Hi neonSurge,
This is the alert given by SSM

Hi Stem,

Since you have SSM I think it blocks the test. You may need to test without any other security software.

Here is my results :

CPIL2 tries to access the \device\physicalmemory and disable all kernel level hooks set by security software. Then it runs the default browser and connect to Comodo site.

Comodo personal firewall either blocks "\device\physicalmemory" access or shows a "user interface change by CPIL2" type alert.

ZoneAlarm Pro 6 catches \device\physicalmemory access as suspicious attempt.

Jetico's advanced security features are completely disabled until system is restarted. After running the test, Jetico fails even thermite.exe leak test.

Sunbelt Kerio also failed this test with advanced security enabled.

ProcessGuard also protects against \device\physicalmemory access.

I did not test other firewalls. If anybody can test, please let us know about the results.

Regards,
J

Stem · #**121** June 28th, 2006, 06:37 AM

Quote:

Originally Posted by olap

Conclusion :

ATTENZION to all non experienced user! because?
I have tried to install time ago Comodo_2.0.0.1, same tries to download from the internet, my setup and ended here!

Comodo did download the "ISscript" installer, as this was needed (for first time installation). This was not liked by many, including myself, but this will no longer be needed as the Comodo installer as been changed.

Quote:

Originally Posted by olap

Note, you be maybe infected in the first place, maybe I don't know?

Software with aggressive call home I treat it as Spy-Ware or Trojan!

This is, I believe to be incorrect, I have installed and monitored Comodo(a number of versions) , and found nothing to make me believe this.

Stem · #**122** June 28th, 2006, 06:39 AM

Quote:

Originally Posted by neonSurge

Hi Stem,

Since you have SSM I think it blocks the test. You may need to test without any other security software.

J

All other type of protection are disabled when I test Jetico, otherwise I would not be testing Jetico.
I ran SSM to see what call is being made.
SSM was disable when Jetico alerted to this.

neonSurge · #**123** June 28th, 2006, 06:49 AM

Quote:

Originally Posted by olap

Conclusion :

ATTENZION to all non experienced user! because?
I have tried to install time ago Comodo_2.0.0.1, same tries to download from the internet, my setup and ended here!
Because I have a simple principle, if I use Pay software The pay this and I want that is usable without conditions, and I want to have full control on the spread out one, this spread out is worth for free software, if that and free he must free be without the conditions!

If stretched software looks for of download or perhaps also upload dates before installing him?
From a firewall this I don't surely accept!Firewall is to protect user from upload/download
not make tihs job by self!

Note, you be maybe infected in the first place, maybe I don't know?

Software with aggressive call home I treat it as Spy-Ware or Trojan!

Discussion, me the lock here!

Have Fun..

PS: Jetico ist best!

Well.. The users who will have patience to follow this topic(ruined by your meaningless posts despite the efforts of the moderator) will see how many times you tried to deceive people with fabricated test results with no proof(some even disproved by another jetico expert, Stem).

We could not discuss anything about Comodo's success against leak tests.
Comodo checks for automatic updates daily. But you are trying to tell people this optional behavior i.e. it can be disabled anytime, is phoning home. Why? Because you dont have anything else against this excellent free product.

http://www.pcmag.com/article2/0,1895,1969207,00.asp is a serious review of Comodo firewall for all users.

Read and enjoy, if you can.

J

neonSurge · #**124** June 28th, 2006, 06:52 AM

Quote:

Originally Posted by Stem

All other type of protection are disabled when I test Jetico, otherwise I would not be testing Jetico.
I ran SSM to see what call is being made.
SSM was disable when Jetico alerted to this.

Hi Stem,

Thank you for all rational replies. Hope to see you around in another topic.

Regards,

J

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search