OLE Automation, Can I stop it? It scares me!

So I've setup the Comodo firewall......after horror with ZoneAlarm free.

Yet I block one app and another uses OLE automation on it.

First what is OLE Automation? I know its implementation of Com+.
Does it allow programs that I have explicitly blocked to get to the internet through another app? (ie Firefox) What can I do about it? I'm worried about it.


An example is apps I've denied ALL access to, and they enact OLE automation on Firefox. When I deny, Firefox is denied too.

Also....I have denied svhost trying to get closer to 100% control to what gets internet access. How can I get closer to 100% control. I don't want even Microsoft integrated apps accessing if I don't let them. How can I get closer to this goal?

 

Unfortunatly there is nothing you can do about OLE comms, it is the way windows is built. You will only know of such comms when you use a firewall/application that can intercept such comms. Before you installed Comodo, all these comms where being made and allowed. It is just that now you can check that only legitimate applications are doing this.

As for svchost, this will make internet connections based on the windows services you have running on your system. Disabling un-needed services can minimize svchost access.

 

Can anybody point in the direction of some good tips in reference to keeping my outgoing traffic under control?

What are good things to block. How do I block windows itself? Can MS suites like Office route through the windows platform and out onto the internet without me knowing about it?

Thx.

 

What's the point of a firewall if this can happen: Comodo Leak Test

Similar to OLE Automation, a trojan/worm can just modify explorer.exe which can just modify firefox.exe and send out my credit card number.

Sure comodo can warn me that explorer has modified firefox.exe, but I need to USE firefox.exe and its an app that I have allowed to go through the firewall. So more often than not, the info is going to get through. As previously stated though, OLE automation can't be disabled in windows, and I don't know think explorer can be prevented from acting like this.

This makes me think that firewalls can't protect you 100%, which defeats the purpose. What gives? Insights?

 

Not all firewalls are going to have protection against memory modification or dll injection as used in the test you link (although some already so). But even so, protection against these types of "leaks" can be prevented, as for example, by using SSM free

 

I gotta check out that SSM Free. However, even though comodo does say "Hey, your firefox.exe has been fiddled with", what am I going to do.....I still need to use Firefox.exe. I'm after ways to prevent Dll injection and memory modifications.

The solution would be to prevent this inter app modifying in the first place. I'll look at that link.Thanks for the feedback.

 

I'm a bit curious about this too. Often, after running an installed program, or updating same (particularly if the program was updated rather than just the database) the firewall gives the same warning that enum described. My response is to allow it if it's a program I know (eg AdAware does this after a def's update, or other program I've installed and done something with recently).
But it is a bit disconcerting...the warning saying "this could be a sign of trojan activity..." and the first time it happened, I blocked it. Then had to restart the browser, of course.
I suppose the main way this could be a threat is if something nasty actually "fiddled with" another parent program, making the threat genuine, yes?
How would one know if that had happened?

 

SSM free will do this.

 

Hi Tarq57,
Most firewall will make a check on an application using a checksum/hash. This basically just checks if an application as been change/modified. So yes, if you update a program then an alert will show if the application as been changed.

 

Thanks Stem.
So then, this is generally nothing to worry about, then?
I guess if I was to see this without knowingly having updated any program it would be a worry. (For stuff that doesn't auto-update, which in my case is most of it.)

 

Hi Tarq57,
It is one reason to manually update, as then you will know of the possibility of an application being changed.

One of the main areas of protection you need, if for memory modification. As not all firewalls will check this.

 

Hello,
Why would you have your credit card number stored anywhere on your PC?
And if you do, why not add another 100 random similar numbers to this list, call the file "calculus 1 extended" and save it in a folder called "polytechnics"?
Mrk

 

I'm somewhat concerned about this also. I have set up my network rules per the comodo forum, and I'm right now just running one computer thru a firewall/router, broadband internet, with dhcp enabled, xp sp2. I have all the updates, and running firefox as my browser. I have auto-updates, and BITS disabled and I update manually. running mcafee AV (auto start) (update manually as 6 of it's programs and countless other subprograms try and access the net every surfing minute). I have all the usuals windows defender (auto start) , avg anti-spyware, spybot, hijack this, Ccleaner, and a couple of rootkit detection programs--all auto updates are configured as disabled (turned off) and scans come up with nothing.

before reformatting and reinstalling xp fresh, I thought it would be a good time to evaluate several FWs (one at a time, as I'm convinced that a SW-FW with outbound protection is needed because xp has so many holes in it, and from what I've read, vista is no better.--btw after dumping the xp FW, the free zonealarm isn't even in the same class as comodo, but it certainly is a lot easier to configure which is understandable since it's protection seems to be extremely limited ). when booting, I also get that firefox is trying to run as a server for ole automation. (I've got my ethernet/router configured as a trusted zone) [p] does all this M$ xp stuff need to be accessing the 'net thru ole automation with the windows auto-updates set to disable and done manually? thx. ​

[hr] http://img212.imageshack.us/img212/1644/screenshot022yo1.jpg