Comodo Firewall Test Suite

of cos, u are running it under DW....
i can run it with Returnil....

so?

 

Not sure what you mean.....perhaps you could explain a bit more.
Thanks.

 

u r running CLT.exe as untrusted......
why not u try it without DW?

 

I use OA and I agree with you to a certain extent. I'm sure that Look'n'Stop is an excellent firewall. The tests are really for HIP's/firewall combinations and it would be interesting to see the test results with LnS alongside a decent HIP's such as EQS, RTD or MD. Think I'll give it a try.

 

threatfire prompted me...

i select " deny" during the first few tests(as good as running it untrusted in DW), it terminates the entire test and quarantine some of the files... cant even continue with the rest of the test.

and if i allow it all the way, then i would fail the test......

 

To all,

these tests can simply be seen as a check of your current security setup rather than a single app. At least, this is the way I look at them. A developer can create whichever app and call it a "firewall" and users will buy that - in most cases. But please, before you claim that an app is bad based on how it passes these tests, reconsider what scope of protection that app covers. Not all developers create suites specially designed to pass leaktests, some of them actually specialize in creating dedicated tools. If you cannot distinguish between the two, take care when you post your false judgements in the open as you may actually seriously misguide less knowledgable users.

bryanjoe, this was not addressed individually to you.

Cheers,

 

Ah OK.
I did most of my tests with CLT.exe as DW Trusted. I had to change it to untrusted in order to pass ActiveDesktop and DupHandles.

All other tests were passed even with CLT.exe DW trusted. With DW Untrusted protection alone, score was 260/340.

 

no problem. learning also.
anyway, for the leak test....a series of events took place..... various prompting coming in all directions from threatfire, SSM, Sygate, twister...etc......

 

Thanks for the explanation, but how can any noob know this? So, what's the use of this leaktest, as I guess, that a lot more folks will throw it at their installed firewalls and there are many around.
But thanks again!

 

If you havn't got your active desktop replaced with unknown html file the test is passed despite of what a test itself does tell. The test can tell it fails in case it was able to get active desktop interface, though this is not enough to exploit. You can get your dektop background removed during a test, but this is not actual fail. Actual fail means active desktop is turned on and it shows injected html.

 

That's a good question and this is exactly what Comodo and OA developers (well, not the developers, but rather their marketing teams) are aiming for. They will create a suite, call it a firewall, knowing that n00bs couldn't possibly distinguish between the two and than they will brag about how they have the best firewall in the world. Very unprofessional and very... I would say misguiding, yes.

Please take a look at my previous post, #31.

Cheers,

 

The first time I tested OA, I scored 470/340

http://img32.picoodle.com/img/img32/3/11/8/f_cltm_dc60862.png

It was a bug, probably

That's weird: with clt.exe in Run Safer of OA, I scored 340/340, with clt.exe not in Run Safer, I scored 290/340.

 

Just curious...anyone try this with the free version of OA 3?

 

NIS2009 fresh install,Result---> score=120/340.
I think a lot of the tests fail due to nlited operating system/services off
Have only just installed to try out so not to familiar with it yet.Delving deeper into the settings during the next week or two,will try again then.Anyone else get the Windows file protection window?

Agree this shouldn`t be called a Firewall leak test,moreover a Firewall/HIPS test trouble is the boundaries aren`t clear any more

Regards,
Mattchu

 

If you take ActiveDesktop as a pass as explained by Alex in post #35, then I also get 340/340 for OA Run Safer.

Have re-checked OA without Run Safer and OA agains scores 330/340 with DupHandles failing. Which version of OA are you using?

 

FileDrop is a bullshit. There is no such a security issue as dropping new file into the system folder. Also, ActiveDesktop test is implemented incorrectly.

 

First test with Outpost and did not so well??

 

Why use such tests against Comodo? It is known it would pass them all, if D+ set to proactive security. Using tests provided by the same company that develops Comodo Firewall Pro/CIS?

Is there really any security company that would develop tests so that their own products could fail? Don't think so.

But, it sure makes you see the capabilities of other firewalls+hips. I don't know if each test is programmed in the best way, as I'm not the one doing them, but if they are, they sure give users of other firewalls+hips a hint on how they are protected.

 

Well, this is not a problem actually. Comodo has an excellent HIPS which will allow it to pass virtually all leaktests ever created. Whether they are created by Comodo or a third- party does not matter as the mechanisms implemented in those leaktests are not invented by Comodo. These are well known inter-process operations, Comodo stops them and there is nothing wrong with it. I would agree with Ilya though that these abilities are somewhat overblown, but this still is not enough to make Comodo's D+ anything less than excellent.

While I agree that Comodo (both the company and the software) has its major shortcomings, I also have to say that this is not the right place to discuss them.

 

very strange.
I got only 20 out of 340 at first run.
How should I set it to pass at least 300 ?

 

All I know is...Without DW I would not have even got close to 310. So thank you for such a wonderful product

 

Don't think this results are weird, I have exactly the same.
But I assume we both used the latest translators version.

Cheers

 

I said in the top of the thread and your result confirms my thought the test results are inconsistent.

But in general test is interesting, because it introduces some new techniques. For example "KnownDlls" injection. Though technique itself was described back in 1999, but until now I saw no test that implemented it

 

I got 340/340 with my CIS setup. Custom Policy Firewall mode and Paranoid Defense+ mode. Not bad Comodo, bring us heuristics for CAVS 3 and it will be a top notch free security suite.

 

LMAO, i only got 30/340 then again im only using Mamutu and KAV 7, no firewall other than Windows Firewall, so i guess thats why.