Jetico vs Comodo

Thank you.

JJ

 

Correct. I have created exactly the same rules as Stem. without touching anything. And it is blocking. Thats why i am trying to tell you play with your own configurations. Because it works for me.

Cheers,
J

 

And here is the log view

 

Hi Stem,

Yes what you describe is the issue. Application rules in Comodo are not like network rules. This means we can not make an assumption that the rules are being read from top to down. When you play with the rules, you will see that it tries to merge the overlapping rules into a single one. It is confusing. Why dont you post this issue in the Comodo forums and get the answers from one of the developers? They are quick to reply.

Joe

 

I still hadn’t had the pleasure to download/install and use.

Are you using Comodo on Win XP?

 

Hi joe,
I have already been blanked on this question. But at least I now have confirmation that there is no predictable layer of outbound defense at the application rules/layer for applications such as Firefox/IE

 

Hi Stem,

Though i do not agree with you about the outbound defense capabilities of Comodo(i agree with the outbound defense definition at the site www.firewallleaktester.com. And Comodo 2 peforms the best on those tests), i will post a request to Comodo forums about this overlapping application rules issue. I believe this is a bug but not a feature of it. I will try to update this topic whenever i am replied.

Joe.

Edit : You can also follow the topic at http://forums.comodo.com/index.php/topic,212.0.html

 

This as I said is at the rules/layer (rules filtering), this as nothing to do with leaktests (application filtering), but I will re-word to "unpredictable outbound packet filter capablities at the application rules/layer"

 

This has been very educational reading. I don't think this has been updated for a while. Have there been any changes worthy of note?

Did CPF fix this bug? Did CPF fix the Fast User switching issue?

Stem, does the current version of Jetico running as an application and not as a service trouble you?

I was sorry to see Stem and Mehli sorta get in a huff in the discussion. I found it to be interesting, even though I didn't understand it all.

 

Hello,..

I thought this thread was gone/dead (well I had forgotten about it)

The application rules problem as not yet been addressed. They appear more concerned with "Leaktest prevention"

I still keep an "eye", I have seen posts to say this is addressed on the next release (but cannot confirm)

No, not at all,...

There was, unfortunately, a disagreement,... but this happens from time to time on any forum about any subject,... no sleep lost.

 

Stem,

Let me ask about the application vs service issue. By running as an application, isn't there a period of time that your computer is vulnerable to attack when you first boot up? Perhaps I misunderstand how the firewall works, but that is sorta my understanding. I seem to recall ZA undergoing scrutiny some time back about possibly leaving the computer unprotected for a short while during the boot process.

Regarding the disagreement... sure, it happens. But in this case it also served to shut down an interesting and educational discussion. That was what I was lamenting.

FWIW, I run ZAF/Avast Free on my laptop and KIS 6.0 on my PC. But I'm looking to possibly replace ZAF.

XP/home and pro/sp2 for all.

 

There as always been the issue of protection on startup/shutdown. My question on this would be:- The firewalls that "run as a service" have a need on boot to allow the possibility for DHCP, how many distinguish,.. how many allow only the DHCP? (I simply cut off my internet on shutdown/reboot)

I was,.. and still am willing to continue,...

Firewalls, AV`s,.. always end as "personal",.. It can be a case of "how they look",.. "reports",.. or "how they are on the users PC",... Its always a toucy subject. If you want my peronal opinion,.. PM me.

Regards,..

 

We have a new beta out next tuesday (fingers crossed) that addresses fast user switch and other few issues.

Heated discussions are part and parcel of these forums I really appreciate the good work Stem is doing for everyone though!

Melih

 

Stem,

One quick follow-on question about a firewall running as an application vs service:
What is the firewall application or service doing if the PC has been booted to the log-in screen of XP but no one has logged in yet? (the screen where you choose which account you wish to use).

Thanks.

 

If the firewall is running as a service, then the TCP/IP filtering will be active (But can depend on the firewall settings / config). As an application startup, this will wait for loggin.

 

Stem,

Would it seem logical that an application firewall would leave the PC vulnerable in that scenario?

Or maybe a better question: is a PC vulnerable at the signon screen? Can a virus/trojan attack a PC in that situation or do firewalls/AV programs protect even there?

 

To your question is a PC vulnerable at the signon screen?

This depends on the program you install. There are some spyware/trojan makes use of this chance to communicate but please take note your computer svchost.exe need to make a request to a DHCP if there's any or to your router to establish a connection and assigning your computer an internet protocol (IP). From this point what I know is that during signon screen only winlongon.exe and userinit.exe is loaded active, therefore the change of getting it during signon screen is impossible.

The only way of getting a virus/trojan is user unintentionally install.

 

shaunwang,

So what you're saying is that even if you're connected to an always on (cable) internet connection, a computer sitting at the XP logon screen is not vulnerable to external attack. Do I understand correctly?

Thanks for the information.

 

Hi, I have set up to have a look. (I normally have DHCP / netBios etc disabled and harden the system with WWDC and sat behind a router).
Anyway:- DHCP / netBIOS enabled (wwdc blocks removed). Booted to logon screen. and showing:-
All pings replied to,
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds

So yes, there is the possibility of problems at this stage. Of course a fully patched OS goes a long way in preventing inbound attacks. But you do also have to consider the possibility of something on you PC would have the ability to connect out (or be connected in to).

I had Jetico installed. But this does not run untill after login


EDIT: I ran the same config with Comodo installed (the latest full version I have 2.1.1.1) Installed with default settings, and showing:-
All ports Filtered. This was during boot, and on the login screen.

 

Interesting results, Stem.

I am mostly concerned about external attacks, believing my systems to be clean (I could be wrong, but haven't gotten any suspicious alerts from my existing FWs).

If we can extrapolate from your tests, it sounds like the FW running as a service offers protection during the boot process/while the signon screen is showing while a FW running as an application leaves the doorway open during that same period of time.

But doesn't that conflict with the information shaunwang posted? Or did I misunderstand one or the other?

...scratching my head a bit...

 

I think shaunwang is refering to active comms at login?, and mentions a router.

From my install/post, I am refering to a direct Internet connection, and the ports that are showing on a scan.

Yes,... from a service installed firewall there can be the protection at boot/login, as shown with Comodo. This can sometimes cause problems with DHCP, as the comms can be blocked. With the Application install firewall, ports can show as open.
(basically, as I mentioned post#90)

 

Very good info, Stem.

At home, I am behind a NAT router. But on the road with the wireless laptop, anything goes. That's the one I currently run ZAF on.

I think I would be more comfortable with a FW that runs as a service, based on the info disclosed in this thread.

Other than Jetico, I don't know which ones run as an application and which ones run as a service.

Or maybe this is not that big a deal. Hard for me to know.

ZAF I'm reasonably sure runs as a service
Comodo runs as a service but no Fast user switching
Jetico runs as an application
Outpost?
Tiny?
Look 'n Stop?
Kaspersky AH?
Kerio 4.x?

 

While you are behind a router, you are o.k.
The time between boot / login with a fully patched / updated windows is not a big risk, but possibly not somthing you or others would want.
You mention Comodo,.. there was a mention by Melih that the next version would be addressing the "user switch" problem (post#88 on this thread). Maybe worth a wait for this next version?

 

Could be worth the wait. I'm in no hurry but am researching right now.

Thanks for your input.

 

Well the wait is over..
http://forums.comodo.com/index.php/topic,1047.0.html
you can try this if you like...

Melih