Comodo Firewall Test Suite

Discussion in 'other firewalls' started by Coolio10, Nov 7, 2008.

Thread Status:
Not open for further replies.
  1. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    See pics.

    I did the test using vista and x64 so some kaspersky security features are missing, so XP users may get a higher score.
     

    Attached Files:

  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    This is ROFL hilarious anymore. Those malware makers have to be pouring on the whiskey & scotch everyday now and that even helps us more since their brain synapses have got to be short circuiting big time anymore.

    Those poor clogs are so woefully confused anymore that even our noble security program conglomerates have now taken it on themselves to devising much better coding then their previous counterparts are capable of anymore, and with the absolute onslaught of such an armada of security research & develoment mega-group of the worlds best minds in computer science that's eons beyond their counterpart's feeble attempts, it falls now to security companies to fashion these engenious test files that must have them sleeping early at night now.

    The tide is now turned heavily in favor of the PC security protectors\crusaders and growing by the hundreds if not thousands in whats soon to be an absolute rout.

    EASTER
     
  3. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    There are no guidelines at the Test My PC Security site, so I have tested all programs with these settings.
    XP: Admin, Windows Firewall deactivated.
    Vista: Admin, Windows Firewall, Windows Defender und UAC deactivated.

    Cheers
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    PC Tools version 4.0.0.45. Vista Admin Account. Application Filtering Enabled; Enhanced Security Verification enabled; Normal Mode

    score- 220/340
     
  5. wat0114

    wat0114 Guest

    Thank you subset. I guess it could be debated as to how these types of tests should be run. There's the argument they should be run under an admin account because this is the condition for which programs need to be installed. However, who in their right mind installs software with their battery of security applications enabled? I suppose with a HIPS like SSM using "Install mode" this is possible, but this partial bypass option is not available on all security software, so running these tests under an admin account does not, in my mind, accurately replicate a real world, common sense situation. But I'm going off on a tangent here which is not really applicable to this thread, so I will not post further on this subject lest it goes ot :)
     
  6. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    I do that with EQS, everything is smooth and there's no "bypass" option!
     
  7. wat0114

    wat0114 Guest

    Using Jetico 2, limited (modified power user) account XP SP2, 300/340, otherwise only 160/340 under admin account.
     

    Attached Files:

    Last edited by a moderator: Nov 10, 2008
  8. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Ok, in order KIS 2009 to pass: "Hijacking: StartupPrograms" you need to add one more key in KIS resources - Startup Settings:
    Code:
    Key: HKLM\SYSTEM\ControlSet???\Control\Terminal Server\Wds\rdpwd
    Value: StartupPrograms
    ;)
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Vista fw = 130
    Vista fw + sandboxie (running test sandboxed) = 210
     

    Attached Files:

  10. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    you bet, does somebody really think that for instance (file drop test) test.exe file is created out of the sandbox?
    I really don't think so...

    and I think this thread is in wrong place, should be in other anti-malware software
     
    Last edited: Nov 10, 2008
  11. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Einsturzende, I didn't look at the details as closely as you. Reading through the thread, Ilya mentioned:

     
  12. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    In case of sandboxie file is not even created in system directory at all, instead its created in sandboxed "clone" ...
     
  13. Stubborn

    Stubborn Registered Member

    Joined:
    Apr 7, 2008
    Posts:
    22
    Location:
    Brazil
    OA 3.0 Free + NOD 32 = 320/340.
    OA 3.0 Free + NOD 32 + Zemana = Test wasn't able to finish.
     
  14. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi


    Can someone explain how you respond to the Comodo Firewall with Defence+ activated pop ups that happen when you first click on clt.exe? And of course subsequent ones? Block?

    Thanks

    Terry
     
  15. wat0114

    wat0114 Guest

    You will probably get an initial alert similar to: explorer.exe --> clt.exe (explorer.exe wants to launch clt.exe) which you will need to allow, even if it's only temporary. The test suite should open, then you hit the "Test" button.

    After that answer "Block/Deny" on all subsequent alerts.

    **EDIT**

    ot, but feel it's incumbent to mention: it is kind of amusing we need to allow the test to run by allowing explorer.exe to launch clt.exe. This same policy applies to other types of leaktesting we see throughout this and other forums. In a real world situation, if we allow the executable to launch especially under an admin account it stands to reason we really want the exectable to launch usually for program installation purposes. So why would we block all other alerts from our HIPS programs? We probably wouldn't because we must have already felt certain the executable is safe in the first place. We launch it in the first place because we trust it. It would take fairly expert knowledge for anyone to recognize something malicious is occurring during the installation by accurately interpreting the alerts that occur during the installation.

    This subject matter has been discussed before but felt it necessary to broach the subject again :)

    I guess in reality maybe only a simple executable blocker is that is really needed.
     
    Last edited by a moderator: Nov 10, 2008
  16. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi Wat0114

    Thank you very much for your most helpful reply

    Regards

    Terry
     
  17. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    @watt

    I understand your point of view, however I disagree with it.

    For instance, I allow my browser to execute, but that does not mean that I trust it at all. I know that a remote website can use a 0-day vulnerability trough it to execute arbitrary code. What if all of a suden my browser tries to install a driver ? I will be sure in that event to deny it.

    Same apply for every internet enabled applications, such as email clients and IM applications.

    That being said, you are right when you say that if an unknown executable tries to run, we would probably block it at first. However one of the usefulness of an HIPS, is that if you allow something to run, you are not yet owned.

    Just my opinion.

    Regards,
    gkweb.
     
  18. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi All

    Did the CLT test. My Comodo Firewall & Defence+ were set on safe mode.

    The results were as follows: Everything was protected except the undernoted labelled as "Vulnerable SCORE 300 out of 340

    Hijacking ActiveDesktop

    Hijacking ChangedDebuggerPath

    Hijacking StartUpPrograms

    Hijacking ChangeDrvPath

    QUESTIONS

    1) How does this score stack up? Poor Good or Very Good?

    2) Can anyone suggest what needs to be done to change the above from "vulnerable" to "protected"

    Thank you for your help

    Terry
     
  19. guest

    guest Guest

    Norton internet Security 2009, updated and all settings default. SO: winXP SP3

    20/340

     
    Last edited by a moderator: Nov 10, 2008
  20. wat0114

    wat0114 Guest

    Thank you for your valuable take on this gkweb. And I guess this is why even 'til this day I can't "let go" of HIPS programs :) I realize there are cases such as you describe where they could alert to the unexpected. I've yet to see it happen on my machines, but definitely the possibility exists. As I've mentioned before I also have benefited from using a HIPS as a nifty system learning aid.

    In the end it just seems odd to run these tests because they are done so in a controlled manner, where we expect to be blocking every alert we see. There is no element of surprise, which could elicit an incorrect response.
     
    Last edited by a moderator: Nov 10, 2008
  21. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    http://forums.comodo.com/leak_testi..._test_suite_ready_with_34_tests-t29687.0.html

    Once again, sorry to upset you, but other people have other results:

    ===
    I just ran the test (Defense+ in Paranoid Mode and firewall in Custom Policy Mode), and of course, CIS passes them all! It's not a surprise, as it would be kinda stupid by a security vendor to release a set of tests that its own product can't pass.
    Also gave it a try with CIS disabled on a limited user account and administrator account (on Windows XP SP3) just to have something to compare it with. I got 80/340 points on the administrator account, and 240/340 on the limited user account. So for safety, CIS > Limited user account > Administrator account.
    ===

    ===
    Just ran the test, scored 280/340. I did miss a few, so how do I go about getting them secured?

    Also I just updated to the newest version of Comodo.

    Tried test with block-all mode and paranoid mode, and I ended up failing the same ones.

    EDIT: haha, looks like the site you linked too missed the same ones I did. And we got the same score.
    ===

    ===
    Well, I re-tried it while changing my configuration to "Optimum security" and I only missed two, and scored 320/340.
    ===

    Amaizing, isn't it ? Which is interesting, why result does depend on default setup ? Shouldn't it give the same security with any setup ?
     
  22. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    He was answering a question..
    My guess is rules, conflicting software, upgrading since version x or reinstalling..
     
  23. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    Got it...thanks. Unfortunately, I have to leave KIS on auto for my wife and sister and it makes some bad choices on auto.
     
  24. Rickster100

    Rickster100 Registered Member

    Joined:
    Sep 29, 2005
    Posts:
    152
    Location:
    United Kingdom
    Alcyon,

    Here are the results I found running EQSecure 3.41 (with your Oct 2008 ruleset) [1st Screenshot] and Malware Defender 1.2 [2nd Screenshot] for side by side comparison. Both score with slightly different results. Running as Admin on XP Pro SP3.

    Its interesting to compare the 2. EQS = 260, MD 1.2 = 230.
     

    Attached Files:

  25. Rickster100

    Rickster100 Registered Member

    Joined:
    Sep 29, 2005
    Posts:
    152
    Location:
    United Kingdom
    Now with SSM 2.4 [1st screenshot] = 260. As someone mentioned earlier, I can also confirm Online Armor Free 3.0 scores very highly; with its firewall enabled = 330, without 320. OA free (no firewall) also failed on the 1: Highjacking : Active Desktop section. Thats very impressive indeed. :eek:
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.