A Zemana test Defeats Comodo.

Discussion in 'other firewalls' started by LLCoolJ, May 21, 2008.

Thread Status:
Not open for further replies.
  1. LLCoolJ

    LLCoolJ Infrequent Poster

    Joined:
    May 21, 2008
    Posts:
    2
    I downloaded the following Clipboard-Logger Simulation Test Program

    from Here

    -Comodo did NOT passed it!.

    -Outpost Pro and OA Free Both passed it!


    I wonder "Why?"
     
  2. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    You expect us to trust the guy with one post?
     
  3. wat0114

    wat0114 Guest

    Here's my guess:

    because Comodo has been enjoying first place on Matousec's rankings, so they have been feeling good about themselves and consequently let their guard down. But fear not, for they will plug yet another poc hole, their product will grow another couple MB, maybe create another bug elsewhere in the code because of the patch (oh well, that goes with the territory) and they will re-affirm their top-dog ranking :D
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  5. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    I don't understand, what's your point?
    So far the best firewalls I used myself are Outpost Pro, ZoneAlarm Pro, and Jetico2.
    What is your favorite firewalls and what are the reasons?
     
  6. wat0114

    wat0114 Guest

    I'm only trying to have some fun. Two of my favorites are Outpost Pro and Jetico 2, mainly for the ability to create tight, custom rulesets for thorough application control, in addition to clear, detailed logging. Support seems pretty decent for both products as well, but it could be better. However, even those developers are getting carried away trying to constantly plug holes to defeat yet another leaktest. I'm seeing in these products increasing bugginess, possibly as a result of the additional code required to defeat leaktests. I do understand, however, that re-writing the code to support Vista has been a major challenge for some developers, in particular Agnitum, who basically re-wrote the code from the ground up in order to support Vista.
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    Thank you for the answer.
    I'd like to ask you for a favor and give your opinion about what I picked up from Comodo's forums.
    Here is the link where I tried to get the answer from Paranoid, but he seems to be too busy and probably he doesn't have time to read the entire post, if you could drop inside the thread...:
    https://www.wilderssecurity.com/showthread.php?p=1246200#post1246200

    I just hope you'll see my post, and give your opinions if, of course you have time.
    Big thank you.
     
  8. wat0114

    wat0114 Guest

    I'll try to answer the best I can later when I have more time. However, P2K, Stem or someone else with similar qualifications can answer far better than I can, but I'll do my best ;)
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U epople are going way too much offtopic.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I totally agree. Discussions about other firewalls is for other threads not this one.

    Pete
     
  11. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    That wasn't much of a welcome to the forum.

    You can't just ignore the message because it's someone's first post.

    Is he right or is he wrong?
     
  12. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    I tried OA Build 131 Paid and it fails the test (Run Safer or not).
    Mamutu also detects nothing.
     
    Last edited: May 23, 2008
  13. PaulWin98SEUser

    PaulWin98SEUser Registered Member

    Joined:
    May 24, 2008
    Posts:
    5
    It makes no attempt to access any ports.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    When I tried to execute Zemana's clipboardlogger.exe, Comodo D+ popped the alert shown in the screenshot below. It warned that clipboardlogger.exe was attempting to gain debug privileges.

    Debug privilege allows you to hook into other processes. If you let users debug processes owned by other users, then they can debug processes owned by System, at which point they can inject code into the process and perform the logical equivalent of net localgroup administrators anybody/add, thereby elevating themselves (or anybody else) to administrator.

    Now -- why the H*LL would I let an unknown proggie have debug privileges (or even let it TRY to get them)? I wouldn't. Ergo, I slew the bugger. Poof! End of story.

    In any event -- here comes yet another niche POC developed by a niche proggie as a gee-look-at-me sales gimmick -- posted by a mysterious rider in black on a dark & stormy night in May. Wheee! Smells like ><)))°> to me.
     

    Attached Files:

  15. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Misleading alert. Zemana doesn't need to get debug priviledge to use SetClipboardViewer API, which it uses to set clipboard callback.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Privilege pop ups of CFP are so sooo annyoing and irritating. Other HIPS like PS obtain same level of protection without such useless and stupid pop ups.
     
  17. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    I'm not really fussed if Comodo fail a test... overall, its extremly effective against the majority of other tests.
    I'm also sure many other SecuritySuits/BehaviourBlockers miss it as well. Why is it only Comodo being mentioned?

    Its only another test... and its only one test being used. What about Comodo's success in passing many of the others?

    What do you mean "Why?"... Comodo was not programmed/developed to do so I guess... No need to wonder, common sense would have gave you your answer without asking anyone :)
    The question is; Does Comodo intercept the test?... bellgamin's post (#14) answers that :)


    Edit:
    Just tried to use this "test" and as Paul said, it does not attempt to connect to the internet, so its not exactly expected for Firewall to intercept this


    Also, IMO, this test seems pretty lame to me... I don't think the potential of malware doing such things (logging copied text) is too much of a threat.
     
    Last edited: May 25, 2008
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    It matters not what Zemana can or cannot do AFTER Comodo gives me the debug alert. Comodo is a dog that barks when an intruder enters. Where I come from, if you respond to your barking dog, & thereby catch someone trying to pick the lock on your front door, you shoot the bugger on the spot. You don't stand around watching him to see what he might do once he gets inside.

    As soon as I saw the debug alert, I KILLED Zemana's bit of nonsense on the spot. BAM! End of story.

    Comodo did its job. I did mine. Nooooo problema.:cool:
     
  19. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    I have done this test 4x now and find it to be very silly as for this test Defeating comodo. D+ stopped it cold in clean pc mode and would not evan let it execute in paranoid mode. now if i was to allow it to run and look blindly at the D+ alert yes it would log the clip board but as bellgamin stated why would anyone allow a alert that say some thing like that. my guess is they should not be running a FW. this test can not defeat CFW but the user sure can tell comodo to allow it to run and in that case comodo is only doing what the user told it to do. that does not mean CFW failed that's just saying the user should learn what to do with a alert like this.
     
    Last edited: May 25, 2008
  20. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    It is more like a silly puppy that barks every time anybody passes your door. I saw it barking a real lot of completely harmless programs with a completely sensless alerts. And in this particular case you should understand, that a program DOESN'T NEED to elevate priviledges to enable clipboard callback. Not just a single other HIPS I tested alerted about it, but many of them alerted about an attempt to set clipboard callback (which is what the program actually does). So this is either zemana or comodo coding error.
     
  21. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    Hi alex_s comodo does alert at time i'm not saying it does not but as for this test defeating comodo fw i can not see how it could call any thing up if comodo will not evan let it execute unless i'm missing some thing the test would firstly have to execute and if comodo stops that from happening how can it make a call to the clip board. the only way i see it could do that is if the user allowed it to run after comodo alerted to it that would be user error not comodo failure.
     
  22. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
  23. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    Hi, Fuzzfas.
    Here is the thing what really torchers me.
    Comodo Firewall Pro 3.0 was tested by AV-test. de group.
    Comodo Failed to block 2 Trojans of 10 of them.
    CFP 3.0 is supposes to be anti-malware product as they say on Comodo's forums.
    ZoneAlarm freeware 7.0 shouldn't be able to compare with CFP's power and effectiveness when it comes to malware detection and blocking and here we see, ZoneAlarm freeware is more effective than CFP 3.0.
    The same ZA freeware which has done HORRIBLY ON LEAK-TESTS.
    What's the conclusion?
    Leak-tests can't match the power and effectiveness of the real malware.
    Leak-tests are just theoretical, proof of concept tests that every firewall vendor or HIPS vendor should easily ignore, and take a care about real malware!
    These tests support my view that leak-tests are waste of time.
    Yes, leak-tests always do their credibility when you test firewalls or HIPS against real malware!
    And this is the proof.


    And inbound protection
     
  24. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    I meant to say that leakk-tests LOSE heir credibility when you test firewalls or HIPS against real malware!
     
  25. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    One should note that the article of PC Welt is a claim. Also, the poster reports that it is ZA Free (and not Pro). Honestly, i have much difficulty to believe that ZA FREE is capable of stopping anything with HIPS-like mecchanism. Maybe it is about ZA PRO and the poster wrote ZA Free by mistake.

    Even so, what a man can make, another man can outsmart. I think POCs will NEVER end, there will ALWAYS be a way to fool HIPS and this is just another episode of the saga.

    I don't know if the description of the poster is accurate, but honestly, with Comodo i would feel much more secure than with ZAF in general. If not for anything else, Comodo has execution control, so the first step for any malware to run is to give initially permission yourself.

    Said this, i don't care too much about leak tests, that's why i run PC Tools firewall. I wish they would stop racing against leak tests and instead work on cutting down network performance.

    If ZA Free (and not Pro) did actually stop the malware and Comodo didn't , what can i say, congrats to Zone Alarm and maybe people should start looking at leak test with a more critical mind instead of just cheering "My firewall beats yours at Matousec's!".
     
Loading...
Thread Status:
Not open for further replies.