Comodo passes all leak tests

Discussion in 'other firewalls' started by drmjx, Jun 12, 2006.

Thread Status:
Not open for further replies.
  1. neonSurge
    Offline

    neonSurge Registered Member

  2. olap
    Offline

    olap Registered Member

    Upload file to http://rapidshare.de/

    Last edited: Jun 27, 2006
  3. aigle
    Offline

    aigle Registered Member

    May be u need to be registered there on the forums.
  4. olap
    Offline

    olap Registered Member

    forget for register, this forum is only for Comodo user!
    I await of this mystery test to become public!
    Or is this new BITS mystery test created only for Comodo user? that make them happy!
    Last edited: Jun 27, 2006
  5. Melih-Comodo
    Offline

    Melih-Comodo Former Poster

    here is the file.

    pls replace the extension .txt with .zip

    to find out how it exactly works pls refer to forums. it shoudl be visible.

    thanks
    melih

    Attached Files:

  6. olap
    Offline

    olap Registered Member

    My Browser!

    Attached Files:

  7. olap
    Offline

    olap Registered Member

    My Jetico answer with Olap rule!

    As you see I also pass this mystery test! (You typed:---)!
    Don't be so sure, public Olap.rule not and maximum that my Jetico can do!
    and "not nominations ITS name not at all!"
    Maybe CPIL3!

    Have Fun..


    PS: I an not get download Comodo now!
    If this test is created for me an my rule I am honored! thank you!

    Attached Files:

    Last edited: Jun 27, 2006
  8. olap
    Offline

    olap Registered Member

    How you see!
    Oh dear!the show is started. Hang on....
    Test notsucceded!
    PS: I'm sure, not get download Comodo now!


    as I am good with Jetico :D

    Have Fun..

    Attached Files:

    Last edited: Jun 27, 2006
  9. Stem
    Offline

    Stem Firewall Expert

    Hello neonSurge,
    I see there is now a new test. But lets go over a few points,.... as there as been some confusion.
    Originally we where talking of comms sent by Svchost, well that is how I interpreted at first, and believed that by restricting svchost comms, that the test failed, and it can be easily seen as this. An explantion was given that it was the communication between Bitsadmin and svchost that was the actual test, and that Comodo sees/intercept this. From my own running of this test, Comodo does intercept this, Jetico does not, my conclusion on this is simple, in that, like from info on the Leaktest site, and some basic knowledge of firewall walls, the restriction/limiting of comms by any firewall goes a long way in protecting the system. (even though jetico does not intercept Bitsadmin=>Svchost, from Jetico default ruleset, the data transfer attempt is). That is why, from my post about Jetico, I post only rulesets per application, so as not to give rise to the possiblity of corrupting the flow of rules within Jetico, so that the user is not left more open / or restricted to a point where no promts are given, and comms are simply blocked/dropped.

    I see from this latest test "cpil2" that this is an injection attempt?, Jetico will intercept injections by default, no new rules need to be added (in fact no new rules can be added by the user on this part (type of attack) of the rules system within Jetico, they can be renamed but not changed). I did run this test, Jetico intercepted a "network access" attempt by cpil2, I did stop it at this point (for now....but can complete if needed)

    Regards,

    First prompt from Jetico, when cpil2 is run:-

    Attached Files:

  10. neonSurge
    Offline

    neonSurge Registered Member

    If you saw the browser, you failed the test. Where is popup? What is the configuration? Tell us so that we can also test with the settings you set. Or you are just blocking some text to show your results?

    J
  11. neonSurge
    Offline

    neonSurge Registered Member

    Hi Stem,

    I dont know honestly how CPIL2 works. It may not be related to BITS at all. I may have tested wrong. But with optimal policy it did not alert anything here. With olap rule, i also did not see anything as well. Let me know i am doing something wrong.

    J
  12. neonSurge
    Offline

    neonSurge Registered Member

    Comodo shows a popup "Cpil2.exe modified the user interface of iexplore.exe". But no memory injections. So it may not be a memory injection. It may be similar to breakout because i always see the same type of popup with breakout test.


    J
  13. Stem
    Offline

    Stem Firewall Expert

    Hi neonSurge,
    I continued with the test to see,.. there is a "change to physicalmemory" attempt (Jetico missed this, as the attempt is to \device\physicalmemory (I am not sure yet what the "device" is. I will try to find time later is try and find)

    Following the Jetico warning "access attempt" I was prompted with:-
    (and why does the test say "succeded" before the browser is opened?)

    Attached Files:

    • fail.JPG
      fail.JPG
      File size:
      64.2 KB
      Views:
      383
  14. neonSurge
    Offline

    neonSurge Registered Member

    :)I am sure Comodo is working for you:)
  15. neonSurge
    Offline

    neonSurge Registered Member

    Hi Stem,

    If it is accessing \device\physicalmemory, then it is trying to access the physical memory of the computer directly. By the way, after this test, until i restart the PC, jetico does not catch other leak tests as well.

    I am not sure but as i understand from the following site http://www.security.org.sg/code/sdtrestore.html the test may be trying to disable protection of the firewalls since after the test my sandbox software also remained unfunctional.

    J
  16. neonSurge
    Offline

    neonSurge Registered Member

    I am using internet explorer as my default browser but do not see such an alert.

    J
  17. Stem
    Offline

    Stem Firewall Expert

    Hi neonSurge,
    This is the alert given by SSM

    Attached Files:

  18. Stem
    Offline

    Stem Firewall Expert

    I changed my "default" browser to IE, same alert (attached)
    Check you have not allowed this in the Jetico rules: open the "optimal protection" and open the "root", you will see the "Process attack table", look in this to see if you have allowed this attack

    Attached Files:

    • IE.JPG
      IE.JPG
      File size:
      32.5 KB
      Views:
      363
  19. olap
    Offline

    olap Registered Member

    Conclusion : Now you have all, popup, image and how you see Jetico pass
    all!

    This mystery test is created only for Comodo user? that make them happy!

    ATTENZION to all non experienced user! because?
    I have tried to install time ago Comodo_2.0.0.1, same tries to download from the internet, my setup and ended here!
    Because I have a simple principle, if I use Pay software The pay this and I want that is usable without conditions, and I want to have full control on the spread out one, this spread out is worth for free software, if that and free he must free be without the conditions!

    If stretched software looks for of download or perhaps also upload dates before installing him?
    From a firewall this I don't surely accept!Firewall is to protect user from upload/download
    not make tihs job by self!

    Note, you be maybe infected in the first place, maybe I don't know?

    Software with aggressive call home I treat it as Spy-Ware or Trojan!

    Discussion, me the lock here!

    BiteMe I BiteYou Back!

    PS: Jetico ist best! :D
    Last edited: Jul 1, 2006
  20. neonSurge
    Offline

    neonSurge Registered Member

    Hi Stem,

    Since you have SSM I think it blocks the test. You may need to test without any other security software.

    Here is my results :

    CPIL2 tries to access the \device\physicalmemory and disable all kernel level hooks set by security software. Then it runs the default browser and connect to Comodo site.

    Comodo personal firewall either blocks "\device\physicalmemory" access or shows a "user interface change by CPIL2" type alert.

    ZoneAlarm Pro 6 catches \device\physicalmemory access as suspicious attempt.

    Jetico's advanced security features are completely disabled until system is restarted. After running the test, Jetico fails even thermite.exe leak test.

    Sunbelt Kerio also failed this test with advanced security enabled.

    ProcessGuard also protects against \device\physicalmemory access.

    I did not test other firewalls. If anybody can test, please let us know about the results.

    Regards,
    J
  21. Stem
    Offline

    Stem Firewall Expert

    Comodo did download the "ISscript" installer, as this was needed (for first time installation). This was not liked by many, including myself, but this will no longer be needed as the Comodo installer as been changed.

    This is, I believe to be incorrect, I have installed and monitored Comodo(a number of versions) , and found nothing to make me believe this.
  22. Stem
    Offline

    Stem Firewall Expert

    All other type of protection are disabled when I test Jetico, otherwise I would not be testing Jetico.
    I ran SSM to see what call is being made.
    SSM was disable when Jetico alerted to this.
  23. neonSurge
    Offline

    neonSurge Registered Member

    Well.. The users who will have patience to follow this topic(ruined by your meaningless posts despite the efforts of the moderator) will see how many times you tried to deceive people with fabricated test results with no proof(some even disproved by another jetico expert, Stem).

    We could not discuss anything about Comodo's success against leak tests.
    Comodo checks for automatic updates daily. But you are trying to tell people this optional behavior i.e. it can be disabled anytime, is phoning home. Why? Because you dont have anything else against this excellent free product.

    http://www.pcmag.com/article2/0,1895,1969207,00.asp is a serious review of Comodo firewall for all users.

    Read and enjoy, if you can.

    J
  24. neonSurge
    Offline

    neonSurge Registered Member

    Hi Stem,

    Thank you for all rational replies. Hope to see you around in another topic.

    Regards,

    J
Thread Status:
Not open for further replies.