Anyone else heard of this with Comodo Pro Firewall?

I rest my case.

http://forums.comodo.com/help_for_v..._think_i_just_made_a_huge_mess-t18883.30.html

 

It is the users fault.

 

The mod also said this in their post.

This should be considered as a major issue because a novice user can easily make a mistake and make it's system unusable!
And it has to be fixed as soon as possible.

I think at least the mod agrees that it still needs to be fixed Coolio10. And Dieselman, since I know you'll be posting soon. LOL.

 

Its only a problem if you do not pay attention to what you are clicking. This guys problem did not happen by itself. he clicked and block things without reading them. Things that should not be blocked. What the modder means is that for a novice it can be a problem but it still is user error.

 

The fixing of this issue maybe also reduce security. Taking away the option to block with explorer.exe will take away some parent-child protection.
I am still wondering how this happened because clean-pc mode would of classified the explorer.exe or other processes as clean.....hmmmm

 

"his should be considered as a major issue because a novice user can easily make a mistake and make it's system unusable!"

I rest my case too. Happy clicker case... Some people shouldn't be using certain programs...

Could be. I think some classical HIPS have had a heated debate in the past about trusting or not explorer.exe. I think PG was one of them. It was like usability vs security issue.

 

If I can chime in, I don't use Comodo but I do use System Safety Monitor HIPS. The ss shows just a handfull of "child" applications that explorer.exe controls, where I have changed the child application iexplore.exe from "allowed" to "blocked", just for illustrative purposes. There was/is nothing to stop me from doing this! If I leave this be, IE will not start.

Do we blame SSM for this and, while we are at it, other HIPS and applications (Comodo included) that incorporate HIPS functionality in their products? Of course not. We use a HIPS at our own risk. If we know enough of what we're doing or take the time to learn, then there is less chance of making these semi-catastrophic errors, but they could still happen. It's the risk we take when using these utilities. However, the pay-off in the long run such as preventing malware can be extremely beneficial.

 

Haven't heard of any problems lately, but again when one of the Comodo Mods agrees it needs to be fixed at least for the novice user. Well then maybe there's something more to it, and it should be fixed. The old Comodo website page use to mention the firewall can be used by novices. However, the new and improved website says nothing about novices that I saw. Time will tell if any more problems pop up, but I guess it's time to give the new version a spin. Thanks for everyones input and hopefully Comodo Pro will deliver what has been promised.

 

That's exactly the point. This is a similar screenshot, from Comodo's policy regarding explorer.exe access rights. As you can see, nobody prevents me from idiotically change "run an executable" from ask (default setting) to Block...

http://img175.imageshack.us/img175/1960/99005647uy1.png

If i click "apply", i will have locked explorer.exe from executing any exe on my pc. And who should i blame? The whole point of not giving an always allow option, is for security. If i click modify, i then have an allowed exe list and a blocked one, that i can modify too and block a specific application, like in your SSM setup.

Now, novices, should either stay away from Comodo or learn their lessons. If a leak test comes out that now takes advantages of this new "novice protection mode", which they are imposing to us, the same novice will be thundering in the forum for Comodo's failure to protect effectively explorer.exe from being used to launch X application.

Novices, should start with ZAF, then move to Kerio which has a basic HIPS for example and then move further to SSM . Comodo is the most complicated firewall i have seen. I have also installed 2.4 once and couldn't figure it out. Seems much more complicated than 3.0.

Also, if the novice is a daredevil and wants to swim in deep waters, it is more wise to let him be taught a lesson. I have lost count of the times i have screwed my own pc and for each time, i learnt something new. And didn't blame the software for it when it was my fault. I remember in early SSM betas, i had locked myself out. It is much more educative for the novice to learn to be very careful with explorer.exe and to learn to READ what he clicks on, than tell him "No worries buddy, we will change settings, so that you won't be able to block it anymore".

 

Hi guys,

As I already said over at the comodo forums, that problem most probably was a user mistake and not a bug in CFP. But:

1. Even if you block all actions on explorer.exe and reboot you will be able to enter in the windows enviroment and navigate through the various folders. (This seems a bug to me; CFP should not allow you to do it...)

2. If you use the quarantine to quarantine exlorer.exe you will not be able to enter in windows enviroment (you will see the desktop background and nothing else).

3. CFP should never allow a user to quarantine his sytem files, or explorer.exe or all exes. At least not without a BIG WARNING! If you quarantine your system files and reboot, you will enter in an infinite loop of reboots. CFP should have warned you about this, but it didn't. And this for me is a big issue!

4.The simpliest fix should be just that. A big popup that will recall the users attention that he is doing something wrong. If even after that he decides that he want to proceed, he will now that it was his fault...

Panagiotis

 

Finally. Thank you pandlouck.

 

This can be done with any firewall. I was able to do it using ZA as a test. I was allowed to block explorer.exe. Most novices don't know that explorer.exe is part of Windows hence the happy clicker.

 

Microsoft should also put a big warning with neon lights: "Are you mad?? This is Window's system folder! Are you completely sure?" every time a user tries to delete a file from C:/Windows. Because you can actually delete plenty.

 

So very true.

 

It's not just KAV either. Prolly every HIPS since SSM and Process Guard can create catastrophic results if you make wrong decisions or rules changes.

The question is... Comodo is one of the most complex firewall-HIPS combos out there. If someone isn't capable to recognizing the importance of explorer.exe or other windows processes so to be careful on what he decides, will he really take any advantage of the HIPS? Should he really be using it? A person that doesn't know about explorer.exe and needs a warning to tell him that "this thing is dangerous!" , what is he going to think when he will get a pop up alert like in CPIL leak test for example, that patches explorer.exe? What's is going to understand from "memory access", "global hooks" etc? Nothing! He is going to play russian roulette.

To use Comodo with *some* probability of success against infections, you must be already in the position to know who are the basic windows processes and what are the common attack methods (launchers,process-reg injection, direct physical memory access, global hooks etc). If you don't, it means you must start from lower difficulty programs , because using Comodo without some knowledge only gives you a false sense of security.

It's much better to have a less capable firewall, but which you understand fully and you are aware that it is not "extremely safe", so to take more defence measures, than go to the "complete lockdown" firewall you don't understand, just because it "is much safer firewall".

If you know nothing about weapons and you buy a machine gun , should the manufacturer put a warning pop up flag on the safety pin, when you switch it to "automatic fire"? Then another pop up warning flag saying "Attention! This is automatic gun. Recoil can be severe. Make sure you position firmly the gun on your shoulder to avoid injury?" No. If you shoot your foot, or if the recoil brakes your shoulder,it's your fault. You should be practising with paint ball, then with light hand guns, then with heavy hand guns, then rifles , to finally be able to handle maching guns.

 

So we all are in agreement that Comodo is not at fault for that guys lock out problem. Correct !

 

Personally, i don't think it's Comodo's fault, unless someone manages to recreate a non idiotic way with which i could lock myself out.

For example, apart that guy's case... This "2. If you use the quarantine to quarantine exlorer.exe you will not be able to enter in windows enviroment (you will see the desktop background and nothing else)."

Why would a logical person quarantine explorer.exe?

This is like "If you are driving uphill on a mountain road and you leave the engine rpm to drop too much because you don't know what that "stick"next to you and clutch are for ,then your engine will shut off".

No kidding! That's what driving lessons are for! If you don't know how to use the clutch, you should have bought an auto-transmission car. Don't blame the car!

 

Correct!

Because mistakes do happen. And default groups like Explorer.exe, system files, etc. should not appear in the quarantine dialog! A bad mouse click (not intentional) can give headaches even at the advanced users!

Maybe you do not use defence+ to create your own group of files and to quarantine them with a simple click.

And this can easily happen with a not so responsive mouse, or a wireless mouse in low battery state!

Panagiotis

 

Yes, i have only one folder quarantined. I know mistakes happen, so i have learnt that nobody rushes you with a decision in a hips. And i always read well before i hit apply. After all, is there a time bomb about to explode that forces me to do the happy clicking routine? No.

You can make all changes you like to help newbies, i simply don't regard such things as Comodo's bugs or as outstanding issues.

 

Pandlouk,

Given the opportunity, could you answer my post no. 56, here?

https://www.wilderssecurity.com/showthread.php?p=1177060#post1177060

Because IMHO, this IS an outstanding issue. A new feature - av scanner - is in the new version and nobody seems to able to tell if and when and how it updates.

 

True, but you should consider that a security program should protect also the novice users from themselves.

I never said that it was a bug or that is an outstanding issue. I only said that should be considered as a big issue especially for novice users.

For me the bug (not a big one) is that although I block explorer.exe (not quarantine) it still executes after the reboot...

For that Av scanner: I do not have a clue if and when it updates. But a wild guess is that will check for updates when you will update manually or when CFP checks for automatic updates.

ps.I never discuss critical bugs or outstanding issues in public fora. For those there is the private section for moderators/administrators at the http://forums.comodo.com/ .

 

Ok, acceptable. Simply, being discusses these issues in the same thread with the "lock out" thread, can give the impression that we talk of bugs.

LOL! Yes, i can understand that. But, just immagine. If a newbie does block explorer.exe, then you will have complaints that he got locked out.

Ah, thank you! I haven't seen any updates yet. No big deal, i just wanted to know.

For the history, i asked twice about the av update issue in Comodo's forum, but got no reply, although both threads were read by either Melih or Egemen, who replied to other posts. That's why i disturbed you here.

 

Here's yet another problem I'm wondering if anyone heard about. I started getting the itch to use Comodo again, but I'm glad I checked their forum first as it helped to scratch that itch. I'm also glad ThreatFire is running so smoothly as it scratches the itch even more. LOL.

http://forums.comodo.com/help_for_v3/oh_my_god_security_policy_got_screwed_up-t19609.0.html

 

If you take the time to actually read those posts those are mainly Vista problems with "In place updates" Not full install of a new version.

Those problems are from newbies who do not know how to export and import there settings.